Abstract: A key-value store for storing and retrieving user files based on key-value pairs, hereafter referred to as KVPs. For each user of the key-value store, each file of a set of files of said each user is stored as one or more pairs of KVPs. Each of said one or more pairs comprises a KVP of a first type and a KVP of a second type. The KVP of the first type comprises at least a part of contents of said each file, whereas the KVP of the second type comprises metadata (and possibly attributes) of said each file. Each KVP of the second type links to one or more KVPs of the first type. Further provided are related method and computer program products.

Abstract: A multi-tiered file locking service provides file locking at the thread and process level, and can optionally include locking at the file system level. A local locking mechanism maintains a list of local locks for threads within a process. When a thread requests a lock for a file, and a local lock is obtained, a process lock for the file may be requested. When no file system locking is used, when the process lock is obtained, the thread receives the lock for the file. When file system locking is used, when the process lock is obtained, a file system lock for the file may be requested. When the file system lock for the file is obtained, the thread receives the lock for the file. The result is a file locking service that functions across threads, processes and nodes in a distributed computing environment.

Abstract: Embodiments relate to processing streams of encrypted data received from multiple users. A received encrypted data stream is separated into one or more encrypted data chunks, placing the data chunk(s) into a sub-stream, and decrypting the data chunks into plaintext. One or more advanced data functions are applied to the plaintext, thereby effectively transforming the plaintext. The transformed plaintext is organized into one or more data units, and each data unit is encrypted with a wrapped encryption key. The aspect of encrypting the data unit includes creating a fixed size encryption unit, whereby the wrapped encryption key comprises a master key and a private key.

Abstract: The system, method, and computer program product described herein may provide the capability to handle a variety of types of transactions, not just payment transactions. In addition, system, method, and computer program product described herein may provide the capability for users to be able to control the confidentiality of their transactions, for the system to control access to transactions, for the system to be capable of auditing transactions, and to provide accountability of the validating entities.

Abstract: Embodiments relate to processing streams of encrypted data received from multiple users. As a stream is received, smaller partitions in the form of data chunks, including a first data chunk, are created and subject to individual decryption. The first data chunk is placed into sub-stream according to a first master key associated with a first owning entity. Prior to processing, the first data chunk is decrypted into plaintext, and the plaintext is transformed by applying one or more advanced data functions. The transformed plaintext is organized into a first data unit, and a first encryption unit is created from the first data unit. The first encryption unit has a space allocation in persistent storage. Accordingly, confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported.

Abstract: Embodiments of the present invention may provide techniques by which replay attacks in a blockchain network may be efficiently resisted, while preserving valid user permissions and privacy in the blockchain network. For example, in an embodiment of the present invention, in a network of computer systems, a method of communication may comprise at a user computer system, generating a security value that is to be used only once, generating a message signed with a security certificate and including the security value, and transmitting the message over the network of computer systems.

Abstract: Embodiments of the present invention may include issuing certificates in a network of computer systems by receiving a request for a certificate from a user, the request including a public key having a private key having at least one other corresponding public key, determining a user of the public key is authorized using the private key, incrementing a count of certificates for the user, generating a message including the incremented count of certificates for the user, encrypting the generated message, and issuing and transmitting to the user a certificate have the encrypted message as a serial number.

Abstract: Embodiments relate to processing streams of encrypted data received from multiple users. As a stream is received, smaller partitions in the form of data chunks, including a first data chunk, are created and subject to individual decryption. The first data chunk is placed into sub-stream according to a first master key associated with a first owning entity. Prior to processing, the first data chunk is decrypted into plaintext, and the plaintext is transformed by applying one or more advanced data functions. The transformed plaintext is organized into a first data unit, and a first encryption unit is created from the first data unit. The first encryption unit has a space allocation in persistent storage. Accordingly, confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported.

Abstract: Embodiments relate to deduplication and compression on data performed downstream from where the data is encrypted. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. Encrypted data to be written to a storage system is separated into one or more data chunks. For a data chunk, a master encryption key for an owning entity associated with the data chunk is retrieved. The data chunk is decrypted into plaintext, and the plaintext is transformed by performing one or more advanced data functions. A private key is created and used to encrypt the transformed plaintext, which is stored as a first encryption unit. A wrapped key is created by encrypting the private key with the master key, limits data access to the owning entity, and is stored as metadata for the encryption unit.

Abstract: Embodiments relate to deduplication and compression on data performed downstream from where the data is encrypted. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. Encrypted data to be written to a storage system is separated into one or more data chunks. For a data chunk, a master encryption key for an owning entity associated with the data chunk is retrieved. The data chunk is decrypted into plaintext, and the plaintext is transformed by performing one or more advanced data functions. A private key is created and used to encrypt the transformed plaintext, which is stored as a first encryption unit. A wrapped key is created by encrypting the private key with the master key, and is stored as metadata for the encryption unit to limit data access to the owning entity.

Abstract: Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.

Abstract: The present invention is notably directed to methods, systems and computer program products for securing data operations in a computerized system comprising interconnected nodes, wherein the nodes are configured to transmit, receive and store data, and wherein the method comprises executing computerized cryptographic methods to implement two or more proofs of work that comprises: provably crawling, from each node of at least a subset of the interconnected nodes, a respective subset of data stored on nodes of the system; and provably acquiring, at each node of the subset, data in the subset of data.

Abstract: Embodiments relate to deduplication and compression on data performed downstream from where the data is encrypted. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. Encrypted data to be written to a storage system is separated into one or more data chunks. For a data chunk, a master encryption key for an owning entity associated with the data chunk is retrieved. The data chunk is decrypted into plaintext, and the plaintext is transformed by performing one or more advanced data functions. A private key is created and used to encrypt the transformed plaintext, which is stored as a first encryption unit. A wrapped key is created by encrypting the private key with the master key, and is stored as metadata for the encryption unit to limit data access to the owning entity.

Abstract: Embodiments of the invention relate to processing streams of encrypted data received from multiple users. As the streams are processed, smaller partitions in the form of data chunks are created and subject to individual decryption. The data chunks are placed into sub-stream based on a master key associated with its owning entity. Prior to processing, the data chunks in each stream are decrypted, and advanced functions, including but not limited to de-duplication and compression, are individually applied to the data chunks, followed by aggregation of processed data chunks into data units and encryption of the individual data units including use of a master key from the data's owning entity. Individual encryption units are created by encrypting the data unit(s) with an encryption key, thereby limiting access to the data unit. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported.

Abstract: Embodiments of the invention relate to processing streams of encrypted data received from multiple users. As the streams are processed, smaller partitions in the form of data chunks are created and subject to individual decryption. The data chunks are placed into sub-stream based on a master key associated with its owning entity. Prior to processing, the data chunks in each stream are decrypted, and advanced functions, including but not limited to de-duplication and compression, are individually applied to the data chunks, followed by aggregation of processed data chunks into data units and encryption of the individual data units including use of a master key from the data's owning entity. Individual encryption units are created by encrypting the data unit(s) with an encryption key, thereby limiting access to the data unit. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported.

Abstract: A user computing device generates a token while the user computing device is in an offline mode and not connected to an external network. The token includes information of an amount of cryptocurrency to be transferred from a user account to a receiving account and information of a first password for enabling the transfer. The token is signed by the user computing device with a private key while in the offline mode and the signed token is stored by the user computing device on a portable device. A receiving device receiving the signed token from the portable user storage device, authenticates a user corresponding to the user account based on the signed token, receives a second password, compares the first and second passwords for enabling the transfer, and transfers the amount of cryptocurrency from the user account to the receiving account based on the information included in the token.

Abstract: Embodiments of the invention relate to deduplication and compression on data performed downstream from where the data is encrypted. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. Data to be written to a storage system is separated into data chunks. Each data chunk is decrypted into a plaintext data format with a master encryption key of an owning entity. Once decrypted, one or more advanced data functions may be performed on the plaintext. A private key is created and used to encrypt the plaintext of the data chunk(s), which are stored as an encryption unit. Thereafter, a first wrapped key is created by encrypting the private key with the master key. The wrapped key is stored as metadata of the data chunk. Access to each data chunk is limited to one or more entities that have been granted access.

Abstract: Embodiments of the invention relate to processing streams of encrypted data received from multiple users. As the streams are processed, smaller partitions in the form of data chunks are created and subject to individual decryption. The data chunks are placed into sub-stream based on a master key associated with its owning entity. Prior to processing, the data chunks in each stream are decrypted, and advanced functions, including but not limited to de-duplication and compression, are individually applied to the data chunks, followed by aggregation of processed data chunks into data units and encryption of the individual data units including use of a master key from the data's owning entity. Individual encryption units are created by encrypting the data unit(s) with an encryption key, thereby limiting access to the data unit. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported.

Abstract: Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.

Abstract: Methods, media, and systems for detecting attack are provided. In some embodiments, the methods include: comparing at least part of a document to a static detection model; determining whether attacking code is included in the document based on the comparison of the document to the static detection model; executing at least part of the document; determining whether attacking code is included in the document based on the execution of the at least part of the document; and if attacking code is determined to be included in the document based on at least one of the comparison of the document to the static detection model and the execution of the at least part of the document, reporting the presence of an attack.