Abstract: A verifier device in one embodiment is configured to communicate over one or more networks with a client device and a server device. The verifier device participates in a three-party handshake protocol with the client device and the server device in which the verifier device and the client device obtain respective shares of a session key of a secure session with the server device. The verifier device receives from the client device a commitment relating to the secure session with the server device, and responsive to receipt of the commitment, releases to the client device additional information relating to the secure session that was not previously accessible to the client device. The verifier device verifies correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session, based at least in part on the commitment and the additional information.

Abstract: A verifier device in one embodiment is configured to communicate over one or more networks with a client device and a server device. The verifier device participates in a three-party handshake protocol with the client device and the server device in which the verifier device and the client device obtain respective shares of a session key of a secure session with the server device. The verifier device receives from the client device a commitment relating to the secure session with the server device, and responsive to receipt of the commitment, releases to the client device additional information relating to the secure session that was not previously accessible to the client device. The verifier device verifies correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session, based at least in part on the commitment and the additional information.

Abstract: A system and method in which a network of offchain oracle nodes are used to provide dynamic information to consuming smart contracts in a decentralized computing environment. The off-chain oracle network and a corresponding protocol reduces the likelihood of damage from rogue oracles acting in concert. Periodically, the oracle nodes, jointly and in concert, run the protocol to sign a report containing observations from many of the oracles in the network. The report is transmitted to a smart contract C running on a DLT. The smart contract C can validate the report, pay each oracle node that contributed an observation to the report and expose the median, or other calculated value, of the reported values to the on-chain consuming smart contracts.

Abstract: Systems, methods, and storage media for implementing a secure state machine implemented as computer logic in a networked computing environment are disclosed. Exemplary implementations may: generate a public key/private key pair for each of multiple participants respectively; provide a switch parameter for the state machine; specify time parameters for reporting, by an offchain oracle, the value of the switch parameter; and specify terms for reporting, by the offchain oracle, the value of the switch parameter to executable logic recorded on the distributed ledger. The executable logic making payment to pseudonymous wallet addresses associated with the keys in response to a value of the switch parameter received from the off-chain oracle.

Abstract: A verifier device in one embodiment is configured to communicate over one or more networks with a client device and a server device. The verifier device participates in a three-party handshake protocol with the client device and the server device in which the verifier device and the client device obtain respective shares of a session key of a secure session with the server device. The verifier device receives from the client device a commitment relating to the secure session with the server device, and responsive to receipt of the commitment, releases to the client device additional information relating to the secure session that was not previously accessible to the client device. The verifier device verifies correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session, based at least in part on the commitment and the additional information.

Abstract: In one aspect, authentication information is received from a first processing device in a second processing device, and a digital signature is generated in the second processing device by signing data that incorporates at least a portion of the received authentication information. The received authentication information is generated at least in part from a secret seed stored in the first processing device. The received authentication information may be combined with the digital signature generated by the second processing device to form a joint signature that is transmitted to an authentication server. In an illustrative embodiment, the received authentication information comprises a tokencode and the digital signature is generated by signing data that incorporates the tokencode. The data that is signed to generate the digital signature may comprise an electronic document having the tokencode appended thereto.

Abstract: Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.

Abstract: An apparatus in one embodiment comprises a processing platform having at least one processing device. The processing platform implements a trusted bridge configured for at least temporary coupling between one or more data sources and a smart contract program of a blockchain. The trusted bridge comprises a secure enclave component and a relay component. Data obtained from a given one of the data sources via the relay component of the trusted bridge is authenticated in the secure enclave component of the trusted bridge. Information based at least in part on the data authenticated in the secure enclave component of the trusted bridge is provided to the smart contract program of the blockchain via the relay component of the trusted bridge. The secure enclave component illustratively receives a request for authenticated data from the blockchain smart contract program via the relay component, and responds to the request via the relay component.

Abstract: Systems, methods, and storage media for interfacing at least one smart contact stored on a decentralized architecture with external data sources are disclosed. Exemplary implementations may: receive service level information from a user; publish, by an on-chain order-matching contract, a log representing the required attributes; receive, by the on-chain order-matching contract, bids from plural external data sources based on the log of the required reputation attributes; and select, by the on-chain order-matching contract, more than one of the plural external data sources as selected data sources and notifying the selected data sources, whereby the selected data sources can be used collectively to provide information requested by the at least one smart contract.

Abstract: An apparatus in one embodiment comprises a processing platform having at least one processing device. The processing platform implements a trusted bridge configured for at least temporary coupling between one or more data sources and a smart contract program of a blockchain. The trusted bridge comprises a secure enclave component and a relay component. Data obtained from a given one of the data sources via the relay component of the trusted bridge is authenticated in the secure enclave component of the trusted bridge. Information based at least in part on the data authenticated in the secure enclave component of the trusted bridge is provided to the smart contract program of the blockchain via the relay component of the trusted bridge. The secure enclave component illustratively receives a request for authenticated data from the blockchain smart contract program via the relay component, and responds to the request via the relay component.

Abstract: Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.

Abstract: Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.

Abstract: A verifier device in one embodiment is configured to communicate over one or more networks with a client device and a server device. The verifier device participates in a three-party handshake protocol with the client device and the server device in which the verifier device and the client device obtain respective shares of a session key of a secure session with the server device. The verifier device receives from the client device a commitment relating to the secure session with the server device, and responsive to receipt of the commitment, releases to the client device additional information relating to the secure session that was not previously accessible to the client device. The verifier device verifies correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session, based at least in part on the commitment and the additional information.

Abstract: An apparatus in an illustrative embodiment comprises a processing platform that includes one or more processing devices each comprising a processor coupled to a memory. The processing platform is configured to communicate over at least one network with one or more additional sets of processing devices associated with at least a first blockchain-based cryptocurrency system. Each of at least a subset of the one or more processing devices of the processing platform comprises a trusted execution environment, such as a secure enclave.

Abstract: Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.

Abstract: Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.

Abstract: In one aspect, authentication information is received from a first processing device in a second processing device, and a digital signature is generated in the second processing device by signing data that incorporates at least a portion of the received authentication information. The received authentication information is generated at least in part from a secret seed stored in the first processing device. The received authentication information may be combined with the digital signature generated by the second processing device to form a joint signature that is transmitted to an authentication server. In an illustrative embodiment, the received authentication information comprises a tokencode and the digital signature is generated by signing data that incorporates the tokencode. The data that is signed to generate the digital signature may comprise an electronic document having the tokencode appended thereto.

Abstract: In one aspect, one or more key-encapsulating ciphertexts are generated and stored in a processing device. The processing device receives authentication information from another processing device, and utilizes the authentication information to decrypt at least one of the key-encapsulating ciphertexts to recover an associated key. The authentication information may comprise, for example, a tokencode. In an illustrative embodiment, the authentication information may comprise a plurality of gradually rotating keys with overlapping refresh intervals. As a more particular example, the authentication information may comprise a plurality of hash chains wherein successive ones of the hash chains overlap one another in a designated number of time steps.

Abstract: Systems and methods are provided for protecting the privacy of wireless enabled medical device (WEMD) communications, particularly against traffic-analysis attacks. In an exemplary method, a WEMD measures a physiological parameter and conveys that physiological parameter to a WEMD-receiver using messages that simulate at least one message from a cover device, for example by embedding physiological data in a message from a simulated cover device. In some embodiments, the WEMD sends messages that simulate traffic patterns of the cover device. The cover device may be a device not associated with serious medical conditions, such as a fitness-oriented heart rate monitor. In some embodiments, the simulation is discontinued under emergency conditions or in particular regions that are deemed to be safe.

Abstract: An apparatus in one embodiment comprises a processing platform having at least one processing device. The processing platform implements a database configured to store bindings between user identity information and respective cryptocurrency addresses for users of an address-based cryptocurrency, and an account-identity service system accessible to at least one cryptocurrency vendor. The account-identity service system is configured to utilize the stored bindings to respond to queries from the cryptocurrency vendor. A given one of the queries from the cryptocurrency vendor identifies a particular one of the users and a corresponding cryptocurrency address for which the particular user has requested to purchase an amount of the address-based cryptocurrency.