American Express to use a blockchain database

American Express to patent aspects of a rewards program that might include a blockchain database
27 October 2017   2998

A patent application filed by American Express Travel Related Services Co. Inc. was recently published by the United States Patent and Trademark Office. As detailed in the application, the company may use a blockchain database as part of a consumer rewards program.

A patent application by American Express Travel Related Services Co. Inc.
A patent application by American Express Travel Related Services Co. Inc. 

Thus, the innovation revolves around gathering customer data analytics, such as spending trends, which Amex will use to offer incentivized rewards. According to the patent, certain account holders would be eligible for "value added offers" which may involve "virtual currency."

As for the use of a blockchain system, the document implies that the databases that would be utilized to deliver this system might be blockchain-backed.

The blockchain structure may include a distributed database that maintains a growing list of data records. The blockchain may provide enhanced security because each block may hold individual transactions and the results of any blockchain executables. Each block may contain a timestamp and a link to a previous block. Blocks may be linked because each block may include the hash of the prior block in the blockchain. The linked blocks form a chain, with only one successor block allowed to link to one other predecessor block.
 

A patent application
by American Express Travel Related Services Co. Inc.

This move by Amex might be yet another strong signal that major corporations are actively seeking to integrate the technology into their infrastructures for providing goods and services.

Potentional Vulnerabilities Found in ETH 2.0

Least Authority have found potentional security issues in the network P2P interaction and block proposal system
26 March 2020   212

Technology security firm Least Authority, at the request of the Ethereum Foundation, conducted an audit of the Ethereum 2.0 specifications and identified several potential vulnerabilities at once.

Least Authority said that developers need to solve problems with vulnerabilities in the network layer of peer-to-peer (P2P) interaction, as well as in the block proposal system. At the same time, the auditor noted that the specifications are "very well thought out and competent."

However, at the moment there is no large ecosystem based on PoS and using sharding in the world, so it is impossible to accurately assess the prospects for system stability.
Also, information security experts emphasized that the specifications did not pay enough attention to the description of the P2P network level and the system of records about Ethereum nodes. Vulnerability risks are also observed in the block proposal system and the messaging system between nodes.

Experts said that in the blockchains running on PoS, the choice of a new block is simple and no one can predict who will get the new block. In PoS systems, it is the block proposal system that decides whose block will fall into the blockchain, and this leads to the risk of data leakage. To solve the problem, auditors suggested using the mechanism of "Single Secret Leader Election" (SSLE).

As for the peer-to-peer exchange system, there is a danger of spam. There is no centralized node in the system that would evaluate the actions of other nodes, so a “malicious" node can spam the entire network with various messages without any special punishment. The solution to this problem may be to use special protocols for exchanging messages between nodes.