Abstract: Systems and methods are described for encrypting amounts and asset types of a verifiable transaction on a blockchain ledger. For each asset, an asset tag is blinded, multiplied by the amount of the asset, and the product is blinded again to create an encrypted amount of the asset. Both encrypted amount of the asset and a corresponding generated output value are within a value range, and the sum of the encrypted input value and the encrypted output value equals zero. Rangeproofs for each of the encrypted output values are associated with a different public key. Each public key is signed with a ring signature based on a public key of a recipient. A second ring signature is used to verify each asset tag, where the private key of the second ring signature for each asset is a difference between a first blinding value and an output coefficient.

Abstract: Systems and methods are described for transferring an asset from a parent chain to a sidechain. A simplified payment verification (SPV) proof associated with the parent chain asset may be generated. The SPV proof may include a threshold level of work. The SPV proof associated with the parent chain asset may be validated, and a sidechain asset corresponding to the parent chain asset may be generated. If no reorganization proof is detected, the sidechain asset is released. To redeem the sidechain asset in the parent chain, a SPV proof associated with the sidechain asset may be generated. The parent chain may validate the SPV proof associated with the sidechain asset. The parent chain asset associated with the sidechain asset may be held for a second predetermined contest period. The parent chain asset may then be released if no reorganization proof associated with the sidechain asset is detected.

Abstract: Embodiments present a virtual disk image to applications such as virtual machines (VMs) executing on a computing device. The virtual disk image corresponds to one or more subparts of binary large objects (blobs) of data stored by a cloud service, and is implemented in a log structured format. Grains of the virtual disk image are cached by the computing device. The computing device caches only a subset of the grains and performs write operations without blocking the applications to reduce storage latency perceived by the applications. Some embodiments enable the applications that lack enterprise class storage to benefit from enterprise class cloud storage services.

Abstract: Embodiments present a virtual disk image to applications such as virtual machines (VMs) executing on a computing device. The virtual disk image corresponds to one or more subparts of binary large objects (blobs) of data stored by a cloud service, and is implemented in a log structured format. Grains of the virtual disk image are cached by the computing device. The computing device caches only a subset of the grains and performs write operations without blocking the applications to reduce storage latency perceived by the applications. Some embodiments enable the applications that lack enterprise class storage to benefit from enterprise class cloud storage services.

Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.

Abstract: Systems and methods are described for transferring an asset from a parent chain to a sidechain. A simplified payment verification (SPV) proof associated with the parent chain asset may be generated. The SPV proof may include a threshold level of work. The SPV proof associated with the parent chain asset may be validated, and a sidechain asset corresponding to the parent chain asset may be generated. If no reorganization proof is detected, the sidechain asset is released. To redeem the sidechain asset in the parent chain, a SPV proof associated with the sidechain asset may be generated. The parent chain may validate the SPV proof associated with the sidechain asset. The parent chain asset associated with the sidechain asset may be held for a second predetermined contest period. The parent chain asset may then be released if no reorganization proof associated with the sidechain asset is detected.

Abstract: A method of pairing an unregistered device with a virtual identity may include, at a first repository: receiving a request from the unregistered device, sending a pairing code and an identifier to the unregistered device, receiving the pairing code from a registered device, and sending the identifier to the registered device. The method may also include, at a second repository, receiving the pairing code and secret information from the registered device, receiving the pairing code in a transmission associated with the unregistered device, associating the unregistered device with the virtual identity using the pairing code, and sending the secret information to the unregistered device.

Abstract: A technique controls access to a file. The technique involves creating a file encryption key based on (i) a user input parameter (e.g., a user password) from a user of the client device and (ii) an automatically generated salt parameter (e.g., a random number). The technique further involves encrypting the file using the file encryption key to form an encrypted copy of the file, and providing the salt parameter to an external storage system to externally store the salt parameter. Access to data within the encrypted copy of the file requires the salt parameter provided to the external storage system.

Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.

Abstract: Embodiments present a virtual disk image to applications such as virtual machines (VMs) executing on a computing device. The virtual disk image corresponds to one or more subparts of binary large objects (blobs) of data stored by a cloud service, and is implemented in a log structured format. Grains of the virtual disk image are cached by the computing device. The computing device caches only a subset of the grains and performs write operations without blocking the applications to reduce storage latency perceived by the applications. Some embodiments enable the applications that lack enterprise class storage to benefit from enterprise class cloud storage services.

Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.

Abstract: Storing data includes encoding the data using an erasure encoding to provide encoded data, separating the encoded data into a number of components, and providing each of the components to separate data sites. The data may be encoded using a Reed/Solomon encoding. The data may be encoded using a 3-1 Reed/Solomon encoding and the encoded data may be separated into four components that are provided to four separate sites. The data may be encoded by a site that receives the data prior to encoding. The data may be encoded by a client that provides the data to a plurality of sites coupled thereto. Storing data may also include each of the separate data sites providing an additional encoding for the components. The data and the components may be encoded using a Reed/Solomon encoding.

Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.

Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.

Abstract: Systems and methods for providing signatures are described. In an implementation, a system includes a backend configured to generate a plurality of incomplete signatures using an offline portion of an online/offline signature algorithm, storage configured to store the plurality of incomplete signatures and a front end configured to process a plurality of messages using the plurality of incomplete signatures to form a plurality of digital signatures such that each of the messages has a corresponding one of the digital signatures.

Abstract: Detecting an attack on an authentication service. A first memory area is configured to store data relating to a plurality of requests communicated to an authentication service from a plurality of user agents. A second memory area is configured to store a predefined pattern of one or more requests. The predefined pattern characterizes an attack. A processor searches the stored data as a function of a query variable to identify at least one of the plurality of the requests communicated from at least one of the plurality of the user agents and compares the stored data associated with each of the identified requests with the predefined pattern to determine whether the identified request indicates the attack characterized by the predefined pattern. Other aspects of the invention are directed to computer-readable media for use with detecting the attack on the authentication service.

Abstract: Securely roaming private data from one client computer to another in a network. A home client application generates a first key in response to a password, and encrypts designated private data as a function of the first key. A server receives and stores the encrypted private data. A roaming client application generates the first key in response to the password, and decrypts encrypted private data transferred from the server to obtain the private data. The invention further provides users the ability to retrieve encrypted private from the server even when the user cannot remember the password associated with the first key. Also, the server has no knowledge of the private data or the keys.

Abstract: Systems and methods for providing signatures are described. In an implementation, a system includes a backend configured to generate a plurality of incomplete signatures using an offline portion of an online/offline signature algorithm, storage configured to store the plurality of incomplete signatures and a front end configured to process a plurality of messages using the plurality of incomplete signatures to form a plurality of digital signatures such that each of the messages has a corresponding one of the digital signatures.

Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.

Abstract: A system and method for securely roaming private data from a first client computer to a second client computer linked via a communication network. A user of the first client computer executes a home client application and designates private data for roaming. The home client application generates a first key in response to a password, and encrypts the designated private data as a function of the first key. The server receives and stores the encrypted private data. A user of the second computer executes a roaming client application and requests transfer of the encrypted private data from the server. The roaming client application generates the first key in response to the password, and decrypts encrypted private data transferred from the server to obtain the private data. The invention further provides users the ability to retrieve encrypted private from the server even when the user cannot remember the password associated with the first key. Also, the server has no knowledge of the private data nor the keys.