Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: The techniques herein are directed generally to personalized secure communication session management, such as for virtual private networks (VPNs). In one embodiment, a user is authenticated at a client device to verify that the user is present at the client device and authorized to access one or more secured resources, and in response, a secure communication session is established for the client device to access the secured resources. At a later time during the secure communication session, it is determined whether the user is still authenticated at the client device, such that if so, access to the one or more secured resources is maintained on the secure communication session, or else access is restricted to the one or more secured resources (e.g., the session is terminated, or access is otherwise limited).

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: In one embodiment, the techniques herein are directed to receiving a reason for a call at a user device. For instance, an illustrative method herein may comprise: receiving, at an application on a recipient device of a user, information about a call to be made from an initiating device, the information having an outbound phone number of the call, a name of an organization of the initiating device, and a reason for the call; and configuring, by the application, a caller identification process on the recipient device to display, in response to receiving a subsequent call from the outbound phone number, the name of the organization and the reason for the call; wherein, in response to the initiating device calling the recipient device using the outbound phone number, the caller identification process on the recipient device displays the name of the organization and the reason for the call.

Abstract: In one embodiment, the techniques herein are directed to coordinating conveying a reason for a call from a user device. For instance, an illustrative method herein may comprise: receiving, at an intermediate service device, a message from a user device, the message informative of a second device to participate in a call with a user of the user device and a reason for the call; and conveying, from the intermediate service device, the user device, the user, and the reason for the call to the second device, wherein the second device initiates the call to the user device and is aware of the user and the reason for the call prior to initiating the call.

Abstract: In one embodiment, a method herein may comprise: identifying, by an initiating device of an organization, a user and a reason for a call to a recipient device of the user, the recipient device having an inbound phone number; informing an intermediate service about the call to the recipient device and the reason for the call, wherein the intermediate service coordinates with an application on the recipient device to inform the recipient device of the call, an outbound phone number of the call, a name of the organization, and the reason for the call; and calling, using the outbound phone number, the recipient device at the inbound phone number, wherein the application on the recipient device has configured a caller identification process on the recipient device to display, in response to receiving the call from the outbound phone number, the name of the organization and the reason for the call.

Abstract: In one embodiment, an intermediate service device: receives information about a call to be made from an initiating device to a recipient device of a user, the information including a reason for the call; and coordinates with an application on the recipient device to inform the recipient device of the call, an outbound phone number of the call, a name of an organization of the initiating device, and the reason for the call, wherein the application on the recipient device configures a caller identification process on the recipient device to display, in response to receiving a subsequent call from the outbound phone number, the name of the organization and the reason for the call.

Abstract: In one embodiment, the techniques herein are directed to conveying a reason for a call from a user device. For instance, an illustrative method herein may comprise: determining, by a user device, a second device to participate in a call with a user of the user device and a reason for the call; transmitting, from the user device, a message to an intermediate service to inform the intermediate service about the second device, the user, and the reason for the call, wherein the intermediate service conveys the user and the reason for the call to the second device; and receiving, at the user device, the call initiated by the second device, wherein the second device is aware of the user and the reason for the call prior to initiating the call.

Abstract: In one embodiment, the techniques herein are directed to receiving a reason for a call from a user device. For instance, an illustrative method herein may comprise: receiving, by a particular device, an indication from an intermediate service that a user device requested that the particular device participate in a call with a user of the user device, the indication also including a reason for the call; determining, by the particular device, when the particular device is able to initiate the call; and initiating, by the particular device and in response to being able to initiate the call, the call to the user device, wherein the particular device is aware of the user and the reason for the call prior to initiating the call.

Abstract: The techniques herein are directed generally to providing access control and identity verification for communications when initiating a communication from an entity to be verified. In one embodiment an initiating device initiates a communication to a receiving device on a communication channel, wherein the receiving device is configured to determine whether an identity associated with the initiating device is verified by a verification service. The initiating device verifies the identity through a verification service client application on the initiating device, and conveys, to the verification service over a verification channel, that the identity associated with the initiating device is verified, wherein the verification service conveys, to the receiving device over the verification channel, that the identity is verified.

Abstract: The techniques herein are directed generally to personalized secure communication session management, such as for virtual private networks (VPNs). In one embodiment, a user is authenticated at a client device to verify that the user is present at the client device and authorized to access one or more secured resources, and in response, a secure communication session is established for the client device to access the secured resources. At a later time during the secure communication session, it is determined whether the user is still authenticated at the client device, such that if so, access to the one or more secured resources is maintained on the secure communication session, or else access is restricted to the one or more secured resources (e.g., the session is terminated, or access is otherwise limited).

Abstract: The techniques herein are directed generally to providing access control and persona validation for interactions. In one embodiment, a method for a first device comprises: interacting with a second device on a communication channel; determining, over a verification channel with a verification service, that an identity of a user communicating on the second device is a verified identity according to the verification service; determining a persona of the user; querying a third-party entity to make a determination whether the persona is validated and to correspondingly determine a current privilege level; and managing interaction with the second device according to the determination whether the persona is validated and the corresponding current privilege level. Another embodiment comprises a verification server's perspective of facilitating the interaction between the first and second devices, where the verification server queries the third-party entity to validate the persona.

Abstract: The techniques herein are directed generally to providing access control and identity verification for communications when receiving a communication at an entity to be verified. In one embodiment, a receiving device receives a communication from an initiating device on a communication channel, wherein the initiating device is configured to determine whether an identity associated with the receiving device is verified by a verification service. The receiving device verifies the identity through a verification service client application on the receiving device, and conveys, to the verification service over a verification channel, that the identity associated with the receiving device is verified, wherein the verification service is caused to convey, to the initiating device over the verification channel, that the identity is verified.

Abstract: The techniques herein are directed generally to a secured private credential certificate, such as for vaccination certificates. In one embodiment, a user presents their credential certificate(s) to a questioning enterprise, such that the questioning enterprise is only aware that the user presenting the certificate is the particular user that obtained the credential certificate from the credential authority, without determining an identity of the presenting user. Additionally, the questioning enterprise confirms whether the issuer of the certificate is valid, while not disclosing the identity of the questioning enterprise to the credential authority.

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: The techniques herein are directed generally to personalized secure communication session management, such as for virtual private networks (VPNs). In one embodiment, a user is authenticated at a client device to verify that the user is present at the client device and authorized to access one or more secured resources, and in response, a secure communication session is established for the client device to access the secured resources. At a later time during the secure communication session, it is determined whether the user is still authenticated at the client device, such that if so, access to the one or more secured resources is maintained on the secure communication session, or else access is restricted to the one or more secured resources (e.g., the session is terminated, or access is otherwise limited).

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Abstract: The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.