Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for establishing a proof of storage over a specified period of time. One of the methods includes: (a) receiving, at a prover, an input challenge at a start time; (b) producing a proof responsive to the input challenge, wherein the proof is based at least in part on a proof of storage; (c) generating a new input challenge based at least in part on the proof; (d) repeating steps (b)-(c) a number of times resulting in a final proof; (e) receiving a proof result based at least in part on the final proof from the prover within a specified period of time from the start time; and (f) forwarding, to the verifier, the proof result.

Abstract: A method and system for automatically connecting one customer device with another over a Bluetooth or similar connection. The automatic connection may be made by generating a unique identifier to store on a new customer device and a backend system associated with an existing customer device and connecting the new customer device with the existing customer device using the unique identifier.

Abstract: A blockchain of transactions may be referenced for various purposes and may be later accessed by interested parties for ledger verification. One example operation may comprise one or more of identifying determining a shared file is being edited by one or more entities, identifying one or more changes to the shared file while the shared file is being edited, signing the one or more changes with one or more public keys, and adding the one or more changes to a blockchain.

Abstract: A method includes, with a computing system, exiting a context of a virtual machine, the exiting in response to a request from a guest operating system of the virtual machine to switch from a first encryption key identifier for the virtual machine to a second encryption key identifier for the virtual machine. The method further includes, with the computing system, loading the second encryption key identifier into a virtual machine control module of a virtual processor of the virtual machine and after loading the second encryption key identifier, entering the context of the virtual machine.

Abstract: Multiple edits to a hierarchical data structure may be atomically applied. A request to perform modifications with respect to a portion or the entire hierarchical data structure may be received. A copy of the requested portion of the hierarchical data structure may be created separate from the hierarchical data structure. The portion of the hierarchical data structure may remain available for read access. Modifications may be applied to the copy of the portion of the hierarchical data structure. In response to a request to commit the modifications to the portion of the hierarchical data structure, the copy of the portion of the hierarchical data structure may atomically replace the portion of the hierarchical data structure.

Abstract: In one embodiment, a first apparatus includes a processor and an interface, wherein the interface is operative to receive a request from a second apparatus to commence a keyed-hash message authentication code (HMAC) computation, the processor is operative to perform a first computation computing a first part of the HMAC computation using a secret key K as input yielding a first value, the interface is operative to send the first value to the second apparatus, the interface is operative to receive a second value from the second apparatus, the second value resulting from the second apparatus processing the first value with at least part of a message M, the processor is operative to perform a second computation based on the second value and the secret key K yielding an HMAC value, and the interface is operative to send the HMAC value to the second apparatus.

Abstract: Embodiments provide a web-based editing tool that intelligently leverages certain functionality of a browser, web client, desktop client, and native software at the client side to provide seamless user experience when editing a file over a network. Responsive to a user selecting a file for editing, the web client may send a passive content request to a web server embedded in the desktop client at a specific address on the client device. If no response, the web client prompts the user to start or install the desktop client on the client device. If a response is received, the web client sends a request to the desktop client with a user identifier and authorization to download the file from a server. The desktop client downloads the file, opens it in the native software, monitors the file being edited, and updates a delta associated with the file to the server.

Abstract: A computer-implemented service uses information associated with a client device to generate a first shared secret. The service receives, from the client, a claim of access to a second shared secret and determines whether the first shared secret and the second shared secret match. If the shared secrets match, the service uses the first shared secret to encrypt a one-time password. The service provides the encrypted one-time password to the client device. The client device transmits a claim of access to the one-time password, which the service uses to determine whether the claim of access to the one-time password indicates access to the one-time password. If the claim of access to the one-time password indicates that the client device has access to the one-time password, the service allows the client device to access the service.

Abstract: A method and a device for information system access authentication are disclosed. The method includes: performing anonymous authentication to a random verification code generated according to a login request for accessing an information system of a client, and authenticating acquired user name and password information when the anonymous authentication is successful. The device includes an verification code authentication module and a user name and password authentication module connected to the verification code authentication module, wherein the verification code authentication module is configured to perform anonymous authentication to a random verification code generated according to a login request for accessing an information system of client; and the user name and password authentication module is configured to authenticate acquired user name and password information when the anonymous authentication is successful.

Abstract: A method of sharing collaborative data between registered users in an online collaboration system. The collaboration system has a server and one or more electronic user devices that are capable of data communication with the server over a data network. Each registered user is allocated a unique asymmetric key pair comprising a user public key and a user private key for encryption and decryption of shared data content. The server is able to modify uploaded encrypted data content to enable access by multiple authorized users, and is able to convert uploaded data content into alternative formats, typically to enable web-browser viewing.

Abstract: A charger base station includes at least one of a security system, home automation system, life safety system, a PER system and a tele-health system, the charger base station including a housing having a charger port for charging an electronic device with the housing having a compartment for a microprocessor, a memory, a firmware, a transceiver, a cellular communicator, Wi-Fi, and hardware, and software producing a security system supporting IP video, at least one peripheral device taken from the group of 319 MHz, 345 MHz, 433 MHz, 868 MHz and 900 MHz wireless peripherals, a home automation system serving as controller of z-wave or zigbee devices, life safety devices, a PERs device and tele-health device capable of measuring, recording and wirelessly transmitting physiological data of a connected tele-health product, life safety device and a PERs via at least one of a backend device, a central station device and local and remote user devices.

Abstract: Various systems and methods for initiating a communication session are provided herein. A system for initiating a communication session includes a transmitter disposed in a housing of the system; a controller coupled to the transmitter, and disposed in the housing; a communication controller to interface with the controller and cause the transmitter to transmit a first signal to a receiver device, the first signal including a public key associated with the system; and a radio coupled to the communication controller to receive a response from the receiver device, the response including an encrypted public key of the receiver device and a unique identifier that identifies the receiver device, the public key of the receiver device and the unique identifier both encrypted with the public key associated with the system, and the response used to establish a wireless connection between the system and the receiver device.

Abstract: To calculate of an exclusive OR of elements of bits while the bits remain distributed to a plurality of secret calculation devices without communication among the secret calculation devices, and to calculate of an AND of bits with small amounts of communication and calculation while the bits remain distributed, provided is a secret calculation device including a local AND device and an AND redistribution device. The local AND device receives at least two one-bit input elements to produce a first local AND element. The AND redistribution device receives a one-bit mask and a second local AND element acquired by calculating an exclusive OR of the first local AND element and P bits (P is an integer equal to or more than 0), calculates a first OR, and communicates to/from an AND redistribution device of another secret calculation device to produce at least one one-bit output element.

Abstract: A method to associate a unique identifier (ID) of an object, such as a Bluetooth Low Energy beacon, to a spatial coordinate in a facility is described. In one embodiment, the method utilizes a visual indicator, such a barcode to transfer a beacon's unique ID to a mobile device. In another embodiment, the method transfers a beacon's unique ID to the mobile device via an optical data transmission. For either embodiment, the transfer is activated by a user prompting an activation sensor, such as a push button, on the beacon, or by the user sending a wireless signal from the mobile device to the beacon.

Abstract: Systems and methods for automated email encryption between email servers are provided. According to one embodiment, an email, originated by a sender using a client device coupled with a private network and directed to a recipient, is received by an email server associated with the private network. A key server is queried for public keys of the recipient and the sender. When the recipient's public key is returned by the key server, it is used to encrypt the email message; otherwise, no encryption is performed. When the sender's public key does not exist on the key server, the email server automatically generates a temporary key pair for the sender on the fly and without requiring intervention on the part of the sender. Finally, both the email message and the public key of the sender are transmitted by the email server to the recipient.

Abstract: A method, computing system, and computer-readable medium comprising instructions to establish a chain of trust for components of a computing environment. A respective public/private key pair is generated using a multivariate quadratic function F for each component of the computing environment. In response to a challenge from a verifier, a current prover component sends a response that the verifier uses to determine whether to trust the current prover component. The response may include a first commitment value and a second commitment value, which are determined for the current prover component using a public key of a previous prover component. At least one of the first and second commitment values can be determined using a polar function G, which is a polar form of the multivariate quadratic function F.

Abstract: A hub device that monitors characteristics of a transportation platform, such as a tractor trailer used for transporting goods, may establish connections with a plurality of external sensors. In order to simplify the pairing process between the hub devices and the external sensors, the hub device may be receiving IDs of the sensors to pair to from a remote server. A technician may physically scan tags, for example a barcode or an NFC tag, of the sensors and hub device, which are then transmitted to the remote server in order to identify which hub and sensors should be paired.

Abstract: The present disclosure relates to a method and a device for installing a profile of an embedded universal integrated circuit boards (eUICC) and, more particularly, to a method and a device for remotely installing mobile communication subscriber information (profile) substituting for a universal integrated circuit boards (UICC), on a security module. In an aspect, a network device, acquires at least one of or more profiles encrypted with a first password key and one or more first password keys encrypted with a second password key; and when profile installation for the eUICC starts, transmits to, at least one eUICC, the one or more encrypted profiles and the one or more encrypted first password keys, wherein, prior to the transmission, each first password key is re-encrypted with a third password key for installation by the corresponding one or more eUICCs.

Abstract: The present technology relates to the field of configuration and setup of encrypted computer network transmission systems. In particular, the present technology relates to setting up and configuring network encryption systems, including MACsec, Internet Protocol Security (IPsec), and TLS protocols, in heterogeneous networks over Wireless Area Networks (WAN), Wireless Local Area Network (WLAN) or cellular links. In some embodiments, the present technology includes a method for setting up, configuring, and monitoring of encryption equipment providing encrypted links over WAN connections (typically IPsec VPN gateways and clients or TLS applications). The method includes communicating with encryption and PKI equipment necessary to automate the generation of encryption keys, digital certificates, and digital certificate signing requests.

Abstract: A method for sharing data between blockchains in a multi-chain network including receiving a first plurality of account addresses associated with first and second blockchains and an account state for each account associated with the first plurality of account addresses and generating a first hash tree comprising a mapping between the first plurality of account addresses and the account states, defining a world state trie and a root hash thereof. The method further includes receiving a first plurality of transactions associated with the first and second blockchains and generating a second hash tree comprising the first plurality of transactions, defining a transactions trie, and a root hash thereof. The method further includes receiving a first plurality of transaction receipts associated with the plurality of transactions and generating a third hash tree comprising the first plurality of transactions receipts, defining a transaction receipts trie, and a root hash thereof.

Abstract: A method assigns a bootstrap server for wireless devices in a machine-to-machine environment. The method includes receiving, by a network device in a wireless access network and from a wireless device, a first request for a bootstrap server identifier. The method also includes providing, to the wireless device, a response including an address for a carrier-specific bootstrap server device. The method also includes receiving, by the carrier-specific bootstrap server device, a request for management server connection information. The request is submitted by the wireless device using the bootstrap server identifier. The method further includes assigning, by the carrier-specific bootstrap server device, the wireless device to a management server of a group of management servers and sending connection information for the management server to the wireless device.

Abstract: A system may retrieve a pattern from a pattern database with the pattern identifying a type of sensitive data. The system may also retrieve data identified by a variable from a big data management system. The system may then match the data to the pattern to detect the type of sensitive data in the data. An output may be generated in response to the data matching the pattern. A variable access permission may be retrieved for the variable from a permissions repository, a sensitive data permission may be retrieved for the type of sensitive data from the permissions repository, and the variable access permission may be compared to the sensitive data permission to detect a discrepancy.

Abstract: A communication system involving an access point, a vehicle and a user is provided. The vehicle and user possess a registration code, the user possesses a public and private key pair, and the access point and vehicle possess certificates and associated private keys. The access point issues a certificate to the user associated with the user's public and private keys, and the certificate of the access point is known and trusted by the vehicle. The access point signs a message granting ownership of the vehicle to the user, and the identity of the user indicates the user's certificate. The vehicle conditionally accepts the ownership registration request of the user.

Abstract: One embodiment described herein provides a system and method for establishing a secure communication channel between a client and a server. During operation, the client generates a service request comprising a first dynamic message, transmits the first service request to the server, which authenticates the client based on the first dynamic message, and receives a second dynamic message from the server in response to the first dynamic message. The client authenticates the server based on the second dynamic message, and negotiates, via a quantum-key-distribution process, a secret key shared between the client and the server. The client and server then establish a secure communication channel based on at least a first portion of the secret key.

Abstract: Techniques include receiving, at a sensor, a request for authentication of an identity; determining, based on a distributed ledger, a dynamic credibility score for the identity; determining whether the dynamic credibility score for the identity can be validated by consensus by at least a subset of distributed verification services, based on whether the dynamic credibility score for the identity is within a range of variance from one or more credibility scores for the identity determined by the subset of the plurality of distributed verification services; and determining, based on whether the dynamic credibility score for the identity can be validated by consensus, whether to authorize the identity to perform the action in the blockchain network.

Abstract: A loading control method and system for a storage device are disclosed. The method includes: judging whether a storage controller is valid through a first bus, and judging whether a storage controller is valid through a first bus, and acquiring a key of the storage controller if a positive judgement is made; judging whether the key is valid, commanding the storage controller to turn on a power supply of a storage device if a positive judgement is made; and loading the storage device through a second bus. According to the method, storage devices based on windows and android systems are allowed to be loaded after the verification of storage devices is successful. The method protects data security of a user can be effectively and provides reliable and effective protection for future private cloud service data.

Abstract: In an embodiment, a computer implemented method comprises, using a first server, detecting one or more changes to identity information that is stored in a first data repository; using the first server, in response to detecting the one or more changes to the identity information, mapping the identity information according to a different identity data format that is compatible with one or more protected computing devices, to result in creating mapped identity information; using the first server, updating stored blockchain data using the mapped identity information; using a second server, detecting mapped identity information updates to the blockchain data; using the second server, in response to detecting the mapped identity information updates, transferring the mapped identity information updates to a second data repository; and using the second server, performing one or more authentication services on behalf of one or more of the protected computing devices, using the mapped identity information updates in th

Abstract: Techniques are described for wireless communication. A method for wireless communication at a user equipment (UE) includes performing an extensible authentication protocol (EAP) procedure with an authentication server via an authenticator. The EAP procedure is based at least in part on a set of authentication credentials exchanged between the UE and the authentication server. The method also includes deriving, as part of performing the EAP procedure, a master session key (MSK) and an extended master session key (EMSK) that are based at least in part on the authentication credentials and a first set of parameters; determining a network type associated with the authenticator; and performing, based at least in part on the determined network type, at least one authentication procedure with the authenticator. The at least one authentication procedure is based on an association of the MSK or the EMSK with the determined network type.

Abstract: A method for calculating the parameters of a resist model of an IC manufacturing process is provided. Accordingly, a function representative of the target design convoluted throughout the whole target design with a kernel function compounded with a deformation function with a shift angle. The deformation function is replaced by its Fourier series development, the order of which is selected so that the product of convolution is invariant through rotations within a tolerance of the corrections to be applied to the target design. Alternatively, the product of convolution may be decomposed into basic kernel functions selected varying by angles determined so that a deformation function for a value of the shift angle can be projected onto a couple of basic kernel functions the angles of which are proximate to the shift angle.

Abstract: The invention provides for method of operating a medical instrument (100, 200, 400, 500, 600, 700) comprising a battery powered medical appliance (104) and a control unit (102). Both have Bluetooth communication modules. A first memory of the medical appliance contains a onetime password (210) and of a password-authenticated key agreement algorithm (212). The control unit has a second memory (223) with an implementation of the password-authenticated key agreement algorithm (212?). The method comprises entering (300) the onetime password into the data entry interface (140, 221, 504, 604) of the control unit. The method further comprises generating (302) a Bluetooth encryption key (218) by the medical appliance and the control unit with the onetime password by exchanging data across the wireless communication channel by executing the password-authenticated key agreement algorithm. The method further comprises storing (304) the Bluetooth encryption key in the first memory.

Abstract: An HSM cluster includes a set of hardware security modules that maintain a set of cryptographic keys that are synchronized across the HSM cluster. Individual applications running on client computer systems access the HSM cluster using HSM cluster clients running on the client computer systems. The HSMs are accessed via a set of HSM cluster servers that monitor the synchronization of the cryptographic keys. Synchronization of the HSMs is maintained by the HSM cluster clients. The HSM cluster clients replicate key-addition and key-deletion operations across the HSM cluster. When a new key is created by a particular HSM, a prefix associated with the particular HSM is added to the identifier associated with the new key to avoid key-namespace collisions. If the set of cryptographic keys becomes unsynchronized across the HSM cluster, applications may continue read-only cryptographic operations while the HSM cluster is resynchronized by the HSM cluster clients.

Abstract: A behavior of a computer security threat is described in a root-cause chain, which is represented by a detection rule. The detection rule includes the objects of the root-cause chain and computer operations that represent links of the root-cause chain. An endpoint computer establishes a link between objects described in the detection rule when a corresponding computer operation between the objects is detected. Detected computer operations are accumulated to establish the links between objects. The threat is identified to be in the computer when the links of the detection rule have been established.

Abstract: A random number generating unit generates random numbers s1, s2, s?1, and s?2. A public keys randomizing unit generates first randomized public keys information obtained by randomizing public keys using the random number s1 and second randomized public keys information obtained by randomizing the public keys using the random number s2. A proxy calculation unit calculates a first commission result by using a secret key and calculates a second commission result by using the secret key. A verification unit calculates a first verification value by using the random number s2, calculates a second verification value by using the random number s1, and verifies whether or not the first verification value and the second verification value coincide with each other. A common key calculation unit calculates a common key by using the random numbers s?1 and s?2 if the first verification value and the second verification value coincide with each other.

Abstract: A method, apparatus, and computer program product, in which a password-based digest access authentication procedure is used for performing authentication between a client and a server, wherein the authentication procedure is secured by at least one of modifying a digest-response parameter with a user password and generating a bootstrapped key based on the user password and at least one fresh parameter not used in a previous protocol run between the client and the server.

Abstract: Method and device of encrypting communication between a server and a peripheral device are disclosed. The method includes: a server receiving a session request from a control device, the session request including a predetermined device ID of a peripheral device associated with the control device; generating a first session key for encrypting and decrypting future communication between the peripheral device and the server; identifying a pre-stored encryption key corresponding to the predetermined device ID from a database, wherein the pre-stored encryption key is also pre-stored in the peripheral device; encrypting the first session key using the pre-stored encryption key; sending the encrypted first session key to the peripheral device via the control device; and encrypting communication to the peripheral device in a respective communication session using the first session key.

Abstract: The invention relates to a method for authorized updating of first operating software of a field device which is used in an automation technology installation, wherein an authentication test of second operating software for the field device is performed, which second operating software is signed by means of a first private key associated with the installation, wherein, within the scope of the authentication test, the signature, generated by the first private key, of the second operating software is authenticated by means of a first public key associated with the installation, and wherein, in the event that the authentication test has been performed successfully, the first operating software located on the field device is at least partially replaced by the second operating software.

Abstract: The present application describes a computer-implemented device on a network including a non-transitory memory having instructions stored thereon for registering a node with a router on the network. The device also includes a processor, operably coupled to the non-transitory memory, configured to execute the instructions of receiving, from the node over the network, a solicitation with context information including a registration start time request. The processor is also configured to execute the instructions of evaluating, at the router, whether to accept the solicitation based upon neighbor space and the received start time request. The processor is even further configured to execute the instructions of sending, to the node, an advertisement including an approved registration start time based upon the determining step.

Abstract: Authentication methods and apparatuses are provided. The authentication method comprises: acquiring, from a server, first server authentication information of a user, the first server authentication information being encrypted by using at least one first key obtained from a first number of characters in a user password of the user; acquiring the first number of characters input by the user in a password input area; decrypting the first server authentication information by using at least one second key obtained from the first number of characters input; feeding back at least one first authentication response to the user at least according to the decrypted first server authentication information; and sending an authentication request to the server based on a server authentication pass instruction of the user, the authentication request being used to request the server to authenticate the user.

Abstract: It is provided a method for switching replay of a home media streaming, wherein a first device receives a content from a source device via multicast to replay, including: receiving a request from a user to switch a device where the content is replayed from the first device to a second device; instructing the first device to unicast the content stored in the first device from the time-point of receiving the request to the second device to replay; instructing the source device to retransfer via multicast the content from the time-point; stopping receiving the unicast content from the first device when the retransferred content from the source device via multicast reaches a frame of the content being replayed at the second device; starting receiving and storing the retransferred content from the source device via multicast by the second device when the retransferred content reaches the content unicasted from the first device and stored in the second device.

Abstract: According to an embodiment, a relay device includes a reception unit, a collection unit, a determination unit, a rewriting unit, and a transmission unit. The reception unit is configured to receive a wireless frame transmitted between a plurality of communication devices. The collection unit is configured to collect configuration information indicating a configuration of a wireless multi-hop network from the communication devices. The determination unit is configured to determine whether to relay the wireless frame on the basis of the configuration information. the rewriting unit is configured to rewrite a transmission destination address of the wireless frame to an address of the communication device of a relay destination specified on the basis of the configuration information and rewrite a transmission source address of the wireless frame to an address of the own device. The transmission unit is configured to transmit the wireless frame rewritten by the rewriting unit.

Abstract: Disclosed is a working method of a voice authentication system and a device. The method includes that: an application server sends user information sent by an application interface and a stored application name to an authentication server; the authentication server generates a push authentication request according to a generated challenge value, the user information and the application name and sends the push authentication request to a mobile terminal token; the mobile terminal token generates voice information, collects the voice response of user, generates a first response value according to the challenge value and sends the challenge value to the authentication server when determining that logon is authorized; the authentication server generates a second response value, returns successful authentication when two response values are identical.

Abstract: Techniques are disclosed relating to the secure communication of devices. In one embodiment, a first device is configured to perform a pairing operation with a second device to establish a secure communication link between the first device and the second device. The pairing operation includes receiving firmware from the second device to be executed by the first device during communication over the secure communication link, and in response to a successful verification of the firmware, establishing a shared encryption key to be used by the first and second devices during the communication. In some embodiments, the pairing operation includes receiving a digital signature created from a hash value of the firmware and a public key of the second device, and verifying the firmware by extracting the hash value from the digital signature and comparing the extracted hash value with a hash value of the received firmware.

Abstract: Systems and methods for migrating encrypted storage blocks in a security enhanced manner. An example method may comprise: selecting, by a processing device, a storage block from a plurality of storage blocks comprising encrypted content, the storage block being associated with a computing process; restricting access of the computing process to the storage block; causing the storage block to be decrypted using a first cryptographic input and encrypted using a second cryptographic input; copying the storage block from a first location within the plurality of storage blocks to a second location within the plurality of storage blocks; and providing access of the computing process to the storage block at the second location.

Abstract: Methods, systems, and computer program products for vehicle wireless internet security are provided. A connection request is received from a mobile device. A data request is transmitted to the mobile device. The data request includes a request for location-based data of the mobile device. A first data is received from the mobile device that corresponds to the data request. A vehicle data is generated that comprises location-based data of the vehicle. A match between the first data and the vehicle data is determined. A match is determined where the location based data of the mobile device is with a pre-determined threshold of the location-based data of the vehicle.

Abstract: This disclosure relates to generating shares of secret data represented by secret data elements based on a first threshold for the number of shares that allow determining the secret data. The shares are determined based on the secret data, one or more random data elements added to the secret data and coefficients of a systematic maximum distance separable (MDS) code. The MDS code has a number of input data elements that is equal to the first threshold and that is also equal to the number of secret data elements plus the number of the one or more random data elements. The method of determining shares can be used for different data sets and multiple pairs of the shares can be generated to allow performing an operation between the first secret data with the second secret data based on distributed processing of each of the multiple pairs.

Abstract: A system and method for authorizing a client device to access a host device based on timestamps including preferably at least two time units. Both devices contain multiple sequence tables that relate an order of time units to the value of one of the time units. Both devices also contain multiple string tables that relate strings to values of the time units within the timestamps. When the client device wants to access the host, it generates a first timestamp and sends the host device the first timestamp and the character strings from host tables related to the value of time units of the first timestamp. The host tables are known to all authorized client devices within the network. The strings are ordered according to a sequence table in the client device and the host device. When received, the host device compares the received characters strings to the character strings within its host string table based on an order determined by its host sequence table.

Abstract: Disclosed herein are methods and systems for link-based enforcement of routing of communication sessions via authorized media relays. In an embodiment, a media relay receives encrypted first payloads from a first endpoint and encrypted second payloads from a second endpoint as part of a session. The encrypted first payloads require a first key for decryption and the encrypted second payloads requite a second key for decryption. The media relay is preconfigured prior to the session with secrets useable for identifying the first and second keys. The media relay decrypts the first payloads using the first key and decrypts the second payloads using the second key, and transmits the first payloads to the second endpoint and the second payloads to the first endpoint as part of the session.

Abstract: A system may include a transaction history controller to store, in a distributed blockchain database, a first chain including a primary head node for a first subscriber to a social media history map service and multiple blocks each representing an online transaction for the first subscriber, and a second chain including a follower head node, linked to the primary head node, for a second subscriber and multiple blocks each representing an online transaction for the second subscriber. The transaction history controller may receive data representing a first online transaction for the second subscriber, format the data for the distributed blockchain database, store the formatted data as a new block in the second chain, receive a request to generate a trend report for a cluster of subscribers that includes the first and second subscribers, and generate the trend report dependent on the blocks in the first and second chains.

Abstract: The present teaching relates to exchanging a key with a device. In one example, a secret value is generated. A message is transmitted to the device. The message includes information related to the secret value based on which the device is to create a cryptographic key. A visual code displayed on the device is captured. The visual code includes a first piece of information and a second piece of information. A key value is generated based on the first piece of information and the secret value. A test value is calculated based on the key value. It is determined whether the device is securely connected based on the test value.

Abstract: An expedited automated merchant boarding system in association with a distributed enhanced payment processing system includes a merchant point of sale (POS) terminal system and a remote enhanced payment management system (EPMS). The remote EPMS pre-boards anticipated POS terminal system components and records pre-boarding results information. The POS terminal system initiates merchant boarding by transmitting merchant account information. The remote EPMS receives merchant account information and establishes a merchant account. The POS terminal system utilizes protocol transactions including auto-boarding information to initiate auto-boarding with the remote EPMS. The remote EPMS auto-boards the POS terminal system utilizing received auto-boarding information and recorded pre-boarding results. The remote EPMS turns up selected payment management services for the merchant POS terminal system.