Abstract: The present invention generally relates to computer systems, methods and program products for non-custodial trading of digital assets on an exchange.

Abstract: Particular systems, methods, and program products for web-based security systems for user authentication and processing in a distributed computing environment are disclosed. A computing sub-system may receive an electronic processing request and a first signed data packet having a first payload that was hashed and encrypted using a first private key. The first payload may comprise first processing output and a first timestamp. The sub-system may verify the first signed data packet by decrypting it using a first public key. The sub-system may execute computing operations to satisfy the electronic processing request, producing second processing output. The sub-system may configure a data packet with a second payload comprising at least the second processing output and a second timestamp. The sub-system may encrypt the second payload using a second private key producing a second signed data packet. The sub-system may transmit to a second sub-system the second signed data packet.

Abstract: Particular systems, methods, and program products for web-based security systems for user authentication and processing in a distributed computing environment are disclosed. A computing sub-system may receive an electronic processing request and a first signed data packet having a first payload that was hashed and encrypted using a first private key. The first payload may comprise first processing output and a first timestamp. The sub-system may verify the first signed data packet by decrypting it using a first public key. The sub-system may execute computing operations to satisfy the electronic processing request, producing second processing output. The sub-system may configure a data packet with a second payload comprising at least the second processing output and a second timestamp. The sub-system may encrypt the second payload using a second private key producing a second signed data packet. The sub-system may transmit to a second sub-system the second signed data packet.

Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.

Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.

Abstract: A re-programmable wireless device can store data securely and use near field communication (NFC) to exchange functionality data and/or program code from a central server system through a mobile device. A user requests a new re-programmable wireless device or a new re-programmable wireless device function via an application on the mobile device. The central server system transmits program code and a public key used to identify the re-programmable wireless device to the mobile device, which functions as a pass-through conduit for the information, storing it until the devices are synced. A NFC communication channel is created, and the mobile device authenticates the re-programmable wireless device by cross-referencing the public key received from the central server system with the public key transmitted by the re-programmable wireless device once the communication channel is established.

Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.

Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.

Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.

Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.

Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.

Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.

Abstract: A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points.

Abstract: Systems and methods can secure personal identification numbers associated with secure elements within mobile devices. A host application of the mobile device can receive a personal identification number (PIN) or user PIN from a user. The application can generate one or more random PIN components. The application can compute a PIN for the secure element based upon the user PIN and each of the one or more random components. The SE can be configured using the PIN computed for the secure element. Each of the one or more random components may be stored in one or more distinct, diverse locations. In addition to entering the correct user PIN, each of the one or more random components must be retrieved from the diverse locations in order to reconstruct the PIN for the secure element whenever performing a transaction using the secure element.

Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.

Abstract: Systems and methods can secure personal identification numbers associated with secure elements within mobile devices. A host application of the mobile device can receive a personal identification number (PIN) or user PIN from a user. The application can generate one or more random PIN components. The application can compute a PIN for the secure element based upon the user PIN and each of the one or more random components. The SE can be configured using the PIN computed for the secure element. Each of the one or more random components may be stored in one or more distinct, diverse locations. In addition to entering the correct user PIN, each of the one or more random components must be retrieved from the diverse locations in order to reconstruct the PIN for the secure element whenever performing a transaction using the secure element.

Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.

Abstract: A re-programmable wireless device can store data securely and use near field communication (NFC) to exchange functionality data and/or program code from a central server system through a mobile device. A user requests a new re-programmable wireless device or a new re-programmable wireless device function via an application on the mobile device. The central server system transmits program code and a public key used to identify the re-programmable wireless device to the mobile device, which functions as a pass-through conduit for the information, storing it until the devices are synced. A NFC communication channel is created, and the mobile device authenticates the re-programmable wireless device by cross-referencing the public key received from the central server system with the public key transmitted by the re-programmable wireless device once the communication channel is established.

Abstract: A re-programmable wireless cryptographic device can store data securely and use near field communication (NFC) to exchange functionality data and/or program code from a central server system through a mobile device. A user requests a new cryptographic device or a new device function via an application on the mobile device. The central server system transmits program code and a public key used to identify the cryptographic device to the mobile device, which functions as a pass-through conduit for the information, storing it until the devices are synced. A NFC communication channel is created, and the mobile device authenticates the cryptographic device by cross-referencing the public key received from the central server system with the public key transmitted by the cryptographic device once the communication channel is established. Upon authentication, the cryptographic device is synced with the mobile device, and the mobile device passes the program code to the cryptographic device.

Abstract: An online computer system including a database uses an encrypted table that allows for write protection its contents. Middleware logic operating on the system acts as an interface for access to the database, so that any business logic on the system accesses the database through simple procedural calls to the middleware rather than directly to the database itself. The middleware logic abstracts logic that helps implement write protection with the encrypted table. Data to be encrypted that has been traditionally written to other tables is migrated to the encrypted table, where the data encrypted using an authenticated encryption with additional data (AEAD) algorithm. To implement AEAD, the original table, column, and primary key indicating where the data would have otherwise been stored are together used as additional authenticated data (AAD). This tuple of information is also stored in the encrypted table.