Abstract: Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored.

Abstract: A digital escrow pattern is provided for backup data services including searchable encryption techniques for backup data, such as synthetic full backup data, stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, an operational synthetic full is maintained with encrypted data as a data service in a cryptographically secure manner that addresses integrity and privacy requirements for external or remote storage of potentially sensitive data. The storage techniques supported include backup, data protection, disaster recovery, and analytics on second copies of primary device data. Some examples of cost-effective cryptographic techniques that can be applied to facilitate establishing a high level of trust over security and privacy of backup data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof of Application, blind fingerprints, Proof of Retrievability, and others.

Abstract: Embodiments described herein are directed to syndicating an online service to at least one syndication partner of a syndicator. In one embodiment, a computer system determines that a syndication relationship has been established between a syndicator and a syndication partner, where the syndication relationship is established to provide syndicated services to syndication partners and clients. The computer system indicates which services provided by the syndicator are available for syndication to the syndication partner and which type of usage information the partner is to provide in order to use the syndicator's services. The computer system receives usage information from the syndication partner specifying which services are to be syndicated and specifying parameters for those services indicating operating parameters specific to the use of the syndicated services.

Abstract: In one embodiment, a computer system configures an online service to function as a service delivery platform, where the online service includes a plurality of service delivery platform components configured to process inputs received from services that are to be hosted by the online service. The computer system receives an indication that a service is to be hosted using the online service, where the indication includes a service configured for hosting by the online service and a portion of use information indicating how the service delivery platform components are to be used to host the service for various computer clients. The computer system processes the portion of use information received with the indication to configure the service delivery platform components in an appropriate manner for hosting the service and provides the hosted service to computer clients in the appropriate manner as determined by the accessed use information.

Abstract: A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a gamut of trust ranging with guarantees such as, but not limited to, confidentiality, privacy, anonymity, tamper detection, integrity, etc. For instance, XML tags can be applied or augmented to create trust envelopes for structured XML data. Some examples of mathematical transformations or ‘decorations’ that can be applied to the XML data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof(s) of Application, blind fingerprints, Proof(s) of Retrievability, etc.

Abstract: A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a gamut of trust ranging with guarantees such as, but not limited to, confidentiality, privacy, anonymity, tamper detection, integrity, etc. Verifiable trust is provided through families of techniques that are referred to as wrapper composition. Multiple concentric and/or lateral transform wrappers or layers can wholly or partially transform data, metadata or both to mathematical transform (e.g., encrypt, distribute across storage, obscure) or otherwise introduce lack of visibility to some or all of the data, metadata or both.

Abstract: A digital escrow pattern and trustworthy platform is provided for data services including mathematical transformation techniques, such as searchable encryption techniques, for obscuring data stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Using the techniques of a trustworthy platform, data (and associated metadata) is decoupled from the containers that hold the data (e.g., file systems, databases, etc.) enabling the data to act as its own custodian through imposition of a shroud of mathematical complexity that is pierced with presented capabilities, such as keys granted by a cryptographic key generator of a trust platform. Sharing of, or access to, the data or a subset of that data is facilitated in a manner that preserves and extends trust without the need for particular containers for enforcement.

Abstract: A digital escrow pattern is provided for backup data services including searchable encryption techniques for backup data, such as synthetic full backup data, stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, an operational synthetic full is maintained with encrypted data as a data service in a cryptographically secure manner that addresses integrity and privacy requirements for external or remote storage of potentially sensitive data. The storage techniques supported include backup, data protection, disaster recovery, and analytics on second copies of primary device data. Some examples of cost-effective cryptographic techniques that can be applied to facilitate establishing a high level of trust over security and privacy of backup data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof of Application, blind fingerprints, Proof of Retrievability, and others.

Abstract: A digital escrow pattern is provided for backup data services including searchable encryption techniques for backup data, such as synthetic full backup data, stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, an operational synthetic full is maintained with encrypted data as a data service in a cryptographically secure manner that addresses integrity and privacy requirements for external or remote storage of potentially sensitive data. The storage techniques supported include backup, data protection, disaster recovery, and analytics on second copies of primary device data. Some examples of cost-effective cryptographic techniques that can be applied to facilitate establishing a high level of trust over security and privacy of backup data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof of Application, blind fingerprints, Proof of Retrievability, and others.

Abstract: A digital escrow pattern is provided for network data services including searchable encryption techniques for data stored in a cloud, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, a key generator, a cryptographic technology provider and a cloud services provider are each provided as separate entities, enabling a publisher of data to publish data confidentially (encrypted) to a cloud services provider, and then expose the encrypted data selectively to subscribers requesting that data based on subscriber identity information encoded in key information generated in response to the subscriber requests, e.g., a role of the subscriber.

Abstract: A digital escrow pattern is provided for network data services including searchable encryption techniques for data stored in a cloud, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, a key generator, a cryptographic technology provider and a cloud services provider are each provided as separate entities, enabling a publisher of data to publish data confidentially (encrypted) to a cloud services provider, and then expose the encrypted data selectively to subscribers requesting that data based on subscriber identity information encoded in key information generated in response to the subscriber requests, e.g., a role of the subscriber.

Abstract: Embodiments described herein are directed to syndicating an online service to at least one syndication partner of a syndicator. In one embodiment, a computer system determines that a syndication relationship has been established between a syndicator and a syndication partner, where the syndication relationship is established to provide syndicated services to syndication partners and clients. The computer system indicates which services provided by the syndicator are available for syndication to the syndication partner and which type of usage information the partner is to provide in order to use the syndicator's services. The computer system receives usage information from the syndication partner specifying which services are to be syndicated and specifying parameters for those services indicating operating parameters specific to the use of the syndicated services.

Abstract: In one embodiment, a computer system configures an online service to function as a service delivery platform, where the online service includes a plurality of service delivery platform components configured to process inputs received from services that are to be hosted by the online service. The computer system receives an indication that a service is to be hosted using the online service, where the indication includes a service configured for hosting by the online service and a portion of use information indicating how the service delivery platform components are to be used to host the service for various computer clients. The computer system processes the portion of use information received with the indication to configure the service delivery platform components in an appropriate manner for hosting the service and provides the hosted service to computer clients in the appropriate manner as determined by the accessed use information.

Abstract: Fields of smart forms include default logic and verification logic to simplify filling in of the smart form by an employee and reduce the likelihood that errors in data entry occur. In particular, the default logic determines a default value for a field in the form according to one or more data items in a comprehensive company database. Verification logic verifies that the employee has entered valid form data in a particular field. The verification logic can include references to data items stored in the comprehensive company database such that data entered by the employee can be verified with respect to data already stored in the database. Data entered by the employee is stored in the database and can be used by default logic and/or verification logic in subsequently used smart forms.