Abstract: Disclosed herein are system, method, and computer program product embodiments for providing a diversified cryptographic Root of Trust for application instances installed on different user devices. After installing an application, a client device transmits, to a cryptography server, (1) an application identification corresponding to a key from an operating system key store on the client device and (2) a device identification specific to an instance of the application on the client device. The cryptography server uses this data to generate and transmit a unique device fingerprint to the client device. The client device then diversifies a white-box cryptography (WBC) library using the application identification, the device identification, and the device fingerprint. The diversified WBC library protects the storage of cryptographic keys obtained from the cryptography server. These keys protect sensitive data on the client device and sensitive data sent to the cryptography server and other application servers.

Abstract: Disclosed herein are system, method, and computer program product embodiments for providing a diversified cryptographic Root of Trust for application instances installed on different user devices. After installing an application, a client device transmits, to a cryptography server, (1) an application identification corresponding to a key from an operating system key store on the client device and (2) a device identification specific to an instance of the application on the client device. The cryptography server uses this data to generate and transmit a unique device fingerprint to the client device. The client device then diversifies a white-box cryptography (WBC) library using the application identification, the device identification, and the device fingerprint. The diversified WBC library protects the storage of cryptographic keys obtained from the cryptography server. These keys protect sensitive data on the client device and sensitive data sent to the cryptography server and other application servers.

Abstract: Systems and methods for fraud management using a distributed database are disclosed. The system may receive a payment request and generate a payment request hash by cryptographically processing the payment request using a hashing algorithm. The system may invoke a fraud reporting smart contract by passing the payment request hash and a public blockchain address to the fraud reporting smart contract. The system may query a local blockchain database to locate a fraud report matching the payment request hash to determine whether the payment request has been previously reported as fraud. In response to the payment request hash not matching the fraud report, the fraud reporting smart contract is configured to write the payment request hash to the blockchain as a second fraud report.