Abstract: Individually identifiable data units, making up a global set of such units, are each associated uniquely with one of a group of nodes, which form shards of a logical global blockchain. Each node maintains a subledger for each data unit associated with it, the subledger keeping track of at least the current ownership state of the data unit. Different mechanisms are provided to enable multiple data units to be transferred atomically, for example, to logically join the data units to form a new unit designating and amount equal to the sum of the amounts of the transferred data units. For example, in implementations in which the data units represent money, with a plurality of denominations, smaller units may be exchanged for a single larger unit. Sharding enables multiple transfer orders to be processed in parallel.

Abstract: Methods and systems are disclosed for a digital signature system using scalable servers. The system includes scalable frontend servers to communicate with applications servers and scalable backend servers to communicate with remote security devices. When a user, and their remote security device(s), is registered with the system, the remote security device(s) is/are assigned to a backend server. A total public key is generated by cryptographically embedding the unique identifier of the assigned backend server into a combined public key associated with the remote security device(s). When a signature request including the total public key is received at the frontend server, the unique identifier is extracted and the signature request is forwarded to the backend server that corresponds with the unique identifier.

Abstract: Method and apparatus are disclosed for attack tolerant implementations of public key digital signatures based on a cloud of dedicated local devices. A system includes a first security device, a second security device, and a computing device remote from the first and second security devices. The first security device stores a first private key and, in response to receiving a message, generates a first signature based on a message received from the computing device and the first private key. The second security device stores a second private key that is independent from the first private key and, in response to receiving a message, generates a second signature based on a message received from the computing device and the first private key. The computing device generates a composite cryptographic signature based on the first signature and the second signature.

Abstract: Methods and systems are disclosed for a digital signature system using scalable and reliable servers. The system includes multiple frontend servers that are each in communication with multiple backend servers. A remote application server sends a signature request to one of the front end servers. The signature request includes at least two public keys that each have a different server identifier embedded in them. The backend server extracts one of the server identifiers and tries the signature generating process with the corresponding back end server. If that that backend server does not respond, then the frontend server extracts the server identifier from another public key and initiates the signature generation process with that backend server. In some systems, the remote application server has a predefined relationship with multiple frontend servers so that if one frontend server is down, the application server can communicate with a backup frontend server.

Abstract: A global set of transferrable value items is represented as a set of individually identifiable data units, the state of each of which is encoded in a respective data structure, such as a blockchain, that has a series of linked blocks maintained in one of a plurality of nodes determined as a function of an identifier of each data unit. A transferor submits a transfer request that indicates a quantity. The request may indicate which data unit it wishes to transfer, or, in an alternative embodiment, the node may select one or more data units owned by the transferor. If the selected data unit's value does not equal the quantity to be transferred, the node logically splits the (or one of the) data unit(s) to satisfy the request, and creates corresponding blocks in the data structure. Data units may, as one example, correspond to digital cash.

Abstract: Exclusive ownership of data units, such as monetary units, is transferred by inputting a request from a transferor, to transfer to a transferee at least a designated one of the data units, said request including an identifier of the transferor, an identifier of the designated data unit, and an identifier of a transferee. The identifier of the transferor is verified and the absence of any other request to transfer the designated data unit is confirmed. A designation of ownership of the designated data unit is then changed from the transferor to the transferee in a ledger, which is comprised of a group of subledgers, each configured as a blockchain.

Abstract: Exclusive ownership of data units, such as monetary units, is transferred by inputting a request from a transferor, to transfer to a transferee at least a designated one of the data units, said request including an identifier of the transferor, an identifier of the designated data unit, and an identifier of a transferee. The identifier of the transferor is verified and the absence of any other request to transfer the designated data unit during an update period is confirmed. A designation of ownership of the designated data unit is then changed from the transferor to the transferee in a ledger, which is comprised of a group of subledgers, each configured as a blockchain. Ownership is thereby processed per-unit instead of per-account.

Abstract: Method and apparatus are disclosed for attack tolerant implementations of public key digital signatures based on a cloud of dedicated local devices. A system includes a first security device, a second security device, and a computing device remote from the first and second security devices. The first security device stores a first private key and, in response to receiving a message, generates a first signature based on a message received from the computing device and the first private key. The second security device stores a second private key that is independent from the first private key and, in response to receiving a message, generates a second signature based on a message received from the computing device and the first private key. The computing device generates a composite cryptographic signature based on the first signature and the second signature.

Abstract: Transformations of digital records are used as lowest level inputs to a tree data structure having nodes computed as digital combinations of child node values up to a current calendar value. Signature vectors are generated for each of the digital records and have parameters that enable recomputation of the respective current calendar. Recomputation yields the same calendar value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value. Either the current calendar value, or a function of a plurality of calendar values over a period, is encoded in a transaction value that is stored in a block of a blockchain.

Abstract: A client system is configured to obtain signatures for digital input records. An application program interface reformats each digital record, and this is used as an argument to a cryptographic hash function, from which a signature request is formed. The signature request is then submitted to a keyless, distributed hash tree infrastructure system, which returns a signature that includes recomputation values enabling recomputation from the result of the cryptographic hash function upward through the hash tree infrastructure to a root hash value at a calendar period corresponding to a time during which the signature request was originally submitted. An arbitrary subsequent test digital record is considered authenticated if, applying the cryptographic hash function to it, along with any other parameters included in the original computation, and recomputing an uppermost value using the recomputation values, the same composite calendar value is attained as when it was originally computed.

Abstract: A client system is configured to obtain signatures for digital input records. An application program interface reformats each digital record, and this is used as an argument to a cryptographic hash function, from which a signature request is formed. The signature request is then submitted to a keyless, distributed hash tree infrastructure system, which returns a signature that includes recomputation values enabling recomputation from the result of the cryptographic hash function upward through the hash tree infrastructure to a root hash value at a calendar period corresponding to a time during which the signature request was originally submitted. An arbitrary subsequent test digital record is considered authenticated if, applying the cryptographic hash function to it, along with any other parameters included in the original computation, and recomputing an uppermost value using the recomputation values, the same composite calendar value is attained as when it was originally computed.

Abstract: Transformations of digital records are used as lowest level inputs to a tree data structure having a root in a core system and having nodes computed as digital combinations of child node values. Signature vectors are associated with the digital records and have parameters that enable recomputation upward through the tree data structure to either a current calendar value or onward to a composite calendar value that is a function of calendar values in a calendar, which comprises a set of computed calendar values, such that the calendar values have a time correspondence. Recomputation yields the same value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value, indicating authentication of the candidate digital record. The authentication process as such is independent of any trust authority that issues cryptographic keys.

Abstract: A method of generating a keyless digital multi-signature is provided. The method includes receiving multiple signature generation requests from one or more client computers, building subtrees based on the signature generation requests, and constructing a search tree including the subtrees. The method also includes assigning explicit length tags to leaf nodes of the search tree to balance the search tree and applying a hash function to each of the search tree nodes. The root hash value and the height of the search tree make up a generated aggregate signature request, followed by receiving an aggregate signature based on the aggregate signature request. The keyless digital multi-signature is generated based on the aggregate signature and contains an implicit length tag to verify that the number of signature generation requests is limited. The aggregate signature is generated if the height of the search tree does not exceed a predetermined height limitation.

Abstract: Transformations of digital records are used as lowest level inputs to a tree data structure having a root in a core system and having nodes computed as digital combinations of child node values. Signature vectors are associated with the digital records and have parameters that enable recomputation upward through the tree data structure to either a current calendar value or onward to a composite calendar value that is a function of calendar values in a calendar, which comprises a set of computed calendar values, such that the calendar values have a time correspondence. Recomputation yields the same value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value, indicating authentication of the candidate digital record. The authentication process as such is independent of any trust authority that issues cryptographic keys.

Abstract: Transformations of digital records are used as lowest level inputs to a tree data structure having a root in a core system and having nodes computed as digital combinations of child node values. A combination of root values is published in a permanent medium. Signature vectors are associated with the digital records and have parameters that enable recomputation upward through the tree data structure to either a current root value or to the published value. Recomputation yields the same value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value.

Abstract: Transformations of digital records are used as lowest level inputs to a tree data structure having a root in a core system and having nodes computed as digital combinations of child node values. A combination of root values is published in a permanent medium. Signature vectors are associated with the digital records and have parameters that enable recomputation upward through the tree data structure to either a current root value or to the published value. Recomputation yields the same value only if a candidate digital record is an exact version of the original digital record included in the original computation of the value.

Abstract: A system and method for generating a digital certificate is provided wherein a new digital record is received and is assigned a sequence value. A first composite digital value is generated by applying a first deterministic function to the digital records stored in a repository. The sequence value and first composite digital value are included in a first certificate. After the digital record is added to the repository, a second composite digital value is generated by applying a second deterministic function to the digital records in the repository. This second composite digital value, and a composite sequence value, are published. An interval digital value which is based upon the first and second composite digital values, and the sequence value, are included in a second certificate which thus verifies the authenticity and sequence value of the digital record.

Abstract: A method of generating a keyless digital multi-signature is provided. The method includes receiving multiple signature generation requests from one or more client computers, building subtrees based on the signature generation requests, and constructing a search tree including the subtrees. The method also includes assigning explicit length tags to leaf nodes of the search tree to balance the search tree and applying a hash function to each of the search tree nodes. The root hash value and the height of the search tree make up a generated aggregate signature request, followed by receiving an aggregate signature based on the aggregate signature request. The keyless digital multi-signature is generated based on the aggregate signature and contains an implicit length tag to verify that the number of signature generation requests is limited. The aggregate signature is generated if the height of the search tree does not exceed a predetermined height limitation.

Abstract: A system and method for generating a digital certificate is provided wherein a new digital record is received and is assigned a sequence value. A first composite digital value is generated by applying a first deterministic function to the digital records stored in a repository. The sequence value and first composite digital value are included in a first certificate. After the digital record is added to the repository, a second composite digital value is generated by applying a second deterministic function to the digital records in the repository. This second composite digital value, and a composite sequence value, are published. An interval digital value which is based upon the first and second composite digital values, and the sequence value, are included in a second certificate which thus verifies the authenticity and sequence value of the digital record.

Abstract: A system and method for generating a digital certificate is provided wherein a new digital record is received and is assigned a sequence value. A first composite digital value is generated by applying a first deterministic function to the digital records stored in a repository. The sequence value and first composite digital value are included in a first certificate. After the digital record is added to the repository, a second composite digital value is generated by applying a second deterministic function to the digital records in the repository. This second composite digital value, and a composite sequence value, are published. An interval digital value which is based upon the first and second composite digital values, and the sequence value, are included in a second certificate which thus verifies the authenticity and sequence value of the digital record.