Abstract: Techniques of authenticating a first device of a user to a second device are disclosed. The method enables the second device to perform authentication using a biometric template stored on the first device and a biometric measurement. Homomorphic encryption may be used by the first device to encrypt the biometric template and the second device to determine an encrypted similarity metric between the biometric template and the biometric measurement. The second device can also determine an encrypted code using an authentication function and the encrypted similarity metric. The second device sends the encrypted code and the encrypted similarity metric to be decrypted by the first device. The second device can receive a response from the first device, indicating whether a decrypted similarity metric exceeds a threshold; and whether the decrypted code matches a test code. The second device can then authenticate the user based on the response.

Abstract: Systems, methods, and devices described herein can configure a cryptocurrency wallet or other blockchain-based account to be self-aware and alert the owner of the wallet to one or more potentially fraudulent situations occurring with at least one account they own. The wallet may be a hardware-based cryptocurrency wallet or may be a blockchain-based account operating by an external financial institution that allows for the management of cryptocurrency assets. The self-aware wallet can be configured to track all relevant previously known and/or approved transactions associated with a user's private cryptocurrency key. A subsequent scan on one or more blockchains is performed to detect new transactions associated with the user's private key. If a newly detected blockchain transaction is not in the list of previously known or approved user transactions, a potential compromise may be occurring. Once detected, the wallet can generate a notification to the user alerting them to the issue.

Abstract: Embodiments disclosed herein are directed to methods and systems of password-based threshold authentication, which distributes the role of an authentication server among multiple servers. Any t servers can collectively verify passwords and generate authentication tokens, while no t?1 servers can forge a valid token or mount offline dictionary attacks.

Abstract: Disclosed is a method, system, and computer program product for determining solvency of a digital asset exchange system. The method includes identifying a plurality of blockchain addresses corresponding to a plurality of users of a digital asset exchange system, generating a first commitment to an amount of digital assets corresponding to the plurality of blockchain addresses, and generating a second commitment to a balance of each user of the plurality of users. The method also includes generating a first component of a zero-knowledge algorithm that is configured to receive, as input, the first commitment. The method further includes generating, with at least one processor, a second component of the zero-knowledge algorithm that is configured to receive, as input, the second commitment. The method further includes determining that the digital asset exchange system is solvent based on the zero-knowledge algorithm.

Abstract: A method includes a validation computer receiving an authorization request message comprising a user state and a user proof from a user device. The user state comprises first and second user state elements. The user proof comprises first, second, and third user proof elements. The validation computer computes a first verification value by multiplying the first user proof element raised to the power of the second user state element, and the second user proof element raised to the power of the first user state element. The computer computes a second verification value by raising the second user proof element to the power of the second user state element. The computer compares the first verification value to a first accumulated state element of an accumulated state. The compares the second verification value to a second accumulated state element. The validation computer authorizes the authorization request message based on the comparison steps.

Abstract: At an authorization server, a shared secret electronic key may be shared with a second computer. A selection to use a system to complete a transaction may be received from a first computing device. An image may be communicated to the first computing device. A digital representation entered by the user representing the image and a PIN based on the copy of the shared electronic key may be received from the second computing device. The system and method may determine if the digital representation entered by the user on the second computing device matches the image communicated to the first computing device. The system and method may determine if the PIN based on the copy of the shared electronic key from the second computing device is as expected. In response to determining the digital representation entered by the user matches the image and the PIN the second computing device is as expected, the user may be authorized.

Abstract: Blockchain systems operate over a network of computing devices. Proof of space blockchain consensus systems utilize data stored in storage devices across the computing devices within the network. These storage devices are utilized to generate and store proof of space consensus data. This data is then accessed at a later time to respond to challenges issued across the blockchain network. In order to limit successful submissions of these challenge responses, one or more filters are utilized. These filters result in only a fraction of the stored data on a storage device to be useable for solving the blockchain challenge. Attackers may attempt to circumvent this filter to increase their odds of submitting an approved solution to the blockchain challenge. In order to address this, additional data structures are stored within the storage device and are registered at the time of creation on the blockchain to make these filters more robust.

Abstract: Certain aspects of the present disclosure provide techniques for proving possession of data in a storage device participating in a distributed data storage network. An example storage device includes a storage circuitry and a trusted circuit. The storage circuitry is configured to store a plurality of data blocks. The trusted circuit generally has a private signing key securely stored thereon. The trusted circuit is generally configured to compute a hash over data stored in a plurality of data blocks and to generate an anonymous digital signature for the data stored in the plurality of data blocks based at least in part on the private signing key and the computed hash. The trusted circuit may be interposed on a write path to the storage circuitry such that data written to the storage circuitry is processed through the trusted circuit.

Abstract: At an authorization server, a shared secret electronic key may be shared with a second computer. A selection to use a system to complete a transaction may be received from a first computing device. An image may be communicated to the first computing device. A digital representation entered by the user representing the image and a PIN based on the copy of the shared electronic key may be received from the second computing device. The system and method may determine if the digital representation entered by the user on the second computing device matches the image communicated to the first computing device. The system and method may determine if the PIN based on the copy of the shared electronic key from the second computing device is as expected. In response to determining the digital representation entered by the user matches the image and the PIN the second computing device is as expected, the user may be authorized.

Abstract: Disclosed is a system, method, and computer program product for determining solvency of a digital asset exchange system. The method includes identifying a plurality of blockchain addresses corresponding to a plurality of users of the digital asset exchange system, generating a first commitment to an amount of digital assets corresponding to the plurality of blockchain addresses, generating a second commitment to a balance of each user of the plurality of users, generating a first component of a zero-knowledge algorithm configured to receive, as input, the first commitment, and to output a value generated based on each public key, generating a second component of the zero-knowledge algorithm configured to receive, as input, the second commitment, and to output a value generated based on each user balance, and determining, with at least one processor, that the digital asset exchange system is solvent based on the zero-knowledge algorithm.

Abstract: A method includes a validation computer receiving an authorization request message comprising a user state and a user proof from a user device. The user state comprises first and second user state elements. The user proof comprises first, second, and third user proof elements. The validation computer computes a first verification value by multiplying the first user proof element raised to the power of the second user state element, and the second user proof element raised to the power of the first user state element. The computer computes a second verification value by raising the second user proof element to the power of the second user state element. The computer compares the first verification value to a first accumulated state element of an accumulated state. The compares the second verification value to a second accumulated state element. The validation computer authorizes the authorization request message based on the comparison steps.

Abstract: A method is disclosed. The method includes receiving, by a user device, an encrypted message from a server computer. The encrypted message is a message encrypted with a master secret key or a key derived from the master secret key. The user device signs the encrypted message with a secure element private key. The user device, using a whitebox, cryptographically recovers a secure element public key from a certified key using a server computer public key. The certified key is certified by the server computer and based on at least the secure element public key. The user device, using the whitebox, cryptographically recovers the encrypted message from the signed encrypted message using the secure element public key. The user device, using the whitebox, decrypts the encrypted message using the master secret key or the key derived from the master secret key in the whitebox to obtain the message.

Abstract: Systems and methods for threshold authenticated encryption are provided. A collection of cryptographic devices may encrypt or decrypt a message, provided that a threshold number of those devices participate in the encryption process. One cryptographic device may generate a commitment message and transmit it to the other selected devices. Those devices may each perform a partial computation using the commitment message, and transmit the partial computations back to the encrypting or decrypting device. The encrypting or decrypting device may use those partial computations to produce a cryptographic key, which may then be used to encrypt or decrypt the message.

Abstract: Embodiments disclosed herein are directed to methods and systems of password-based threshold authentication, which distributes the role of an authentication server among multiple servers. Any t servers can collectively verify passwords and generate authentication tokens, while no t-1 servers can forge a valid token or mount offline dictionary attacks.

Abstract: Systems and methods for threshold authenticated encryption are provided. A collection of cryptographic devices may encrypt or decrypt a message, provided that a threshold number of those devices participate in the encryption process. One cryptographic device may generate a commitment message and transmit it to the other selected devices. Those devices may each perform a partial computation using the commitment message, and transmit the partial computations back to the encrypting or decrypting device. The encrypting or decrypting device may use those partial computations to produce a cryptographic key, which may then be used to encrypt or decrypt the message.

Abstract: Systems and methods for improved distributed symmetric cryptography are disclosed. A client computer may communicate with a number of cryptographic devices in order to encrypt or decrypt data. Each cryptographic device may possess a secret share and a verification share, which may be used in the process of encrypting or decrypting data. The client computer may generate a commitment and transmit the commitment to the cryptographic devices. Each cryptographic device may generate a partial computation based on the commitment and their respective secret share, and likewise generate a partial signature based on the commitment and their respective verification share. The partial computations and partial signatures may be transmitted to the client computer. The client computer may use the partial computations and partial signatures to generate a cryptographic key and verification signature respectively. The client computer may use the cryptographic key to encrypt or decrypt a message.

Abstract: Embodiments disclosed herein are directed to methods and systems of password-based threshold authentication, which distributes the role of an authentication server among multiple servers. Any t servers can collectively verify passwords and generate authentication tokens, while no t?1 servers can forge a valid token or mount offline dictionary attacks.

Abstract: Systems, methods, and apparatuses of using biometric information to authenticate a first device of a user to a second device are described herein. A method includes storing, by the first device, a first key share of a private key and a first template share of a biometric template of the user. The second device stores a public key, and one or more other devices of the user store other key shares and other template shares. The first device receives a challenge message from the second device, measures biometric features of the user to obtain a measurement vector, and sends the measurement vector and the challenge message to the other devices. The first device receives partial computations, generated using a respective template share, key share, and the challenge message, from the other devices, uses them to generate a signature of the challenge message and send the signature to the second device.

Abstract: A method includes a validation computer receiving an authorization request message comprising a user state and a user proof from a user device. The user state comprises first and second user state elements. The user proof comprises first, second, and third user proof elements. The validation computer computes a first verification value by multiplying the first user proof element raised to the power of the second user state element, and the second user proof element raised to the power of the first user state element. The computer computes a second verification value by raising the second user proof element to the power of the second user state element. The computer compares the first verification value to a first accumulated state element of an accumulated state. The compares the second verification value to a second accumulated state element. The validation computer authorizes the authorization request message based on the comparison steps.

Abstract: Techniques of authenticating a first device of a user to a second device are disclosed. The method enables the second device to perform authentication using a biometric template stored on the first device and a biometric measurement. Homomorphic encryption may be used by the first device to encrypt the biometric template and the second device to determine an encrypted similarity metric between the biometric template and the biometric measurement. The second device can also determine an encrypted code using an authentication function and the encrypted similarity metric. The second device sends the encrypted code and the encrypted similarity metric to be decrypted by the first device. The second device can receive a response from the first device, indicating whether a decrypted similarity metric exceeds a threshold; and whether the decrypted code matches a test code. The second device can then authenticate the user based on the response.