Abstract: Systems and techniques described herein are concerned with providing supervisory control of computer programs. In particular, a method for executing application code defining a computer program includes providing a “kill switch” to the operator, which allows the operator to disable the computer program. The kill switch is configured so that the computer program is incapable of over-riding it.

Abstract: Systems and techniques described herein are concerned with providing supervisory control of computer programs. In particular, a method for executing application code defining a computer program includes providing a “kill switch” to the operator, which allows the operator to disable the computer program. The kill switch is configured so that the computer program is incapable of over-riding it.

Abstract: A method for communicating information relating to test results of a user includes obtaining test results of a user. An assertion is derived from the test results of the user. The test results are input to a pre-provisioned first algorithm. The assertion is encapsulated in a first data object by a PGE that controls an environment in which the first algorithm is executed. A first proof is generated which is configured to be usable to verify that the first algorithm used the test results to produce the assertion when provided to a PVE along with the first data object. The test results itself are excluded from the first proof and the first data object such that privacy of the test results is maintained. The first proof and the first data object are communicated to a receiving communication device from an enterprise communication device associated with the user and an enterprise.

Abstract: In a method for recording a transaction between first and second transacting network nodes associated with a global blockchain is provided. The transacting nodes are associated with a selected sub-chain of the global blockchain. The selected sub-chain is selected from among a plurality of sub-chains of the global sub-chain. In response to the first transacting node causing cryptocurrency to be sent to a first public address associated with the second transacting node as part of a transaction between the first and second transacting nodes, the given transaction is recorded in the selected sub-chain. Subsequent to recording the given transaction, the transaction recorded on the global blockchain using a second public address of the second transacting network node. The recording is performed using an atomic commit process that prevents the first and second transacting nodes from conducting any other transactions while the given transaction is being recorded on the global blockchain.

Abstract: A method is provided for validating an assertion provided by a web resource. The method includes: sending a first request to the web resource over a communications network; responsive to the first request, receiving a web page from the web resource, the web page including at least one user-selectable representation of a cryptographic credential, the cryptographic credential including at least one assertion that is based on underlying data and at least one proof that allows verification that the assertion accurately reflects the underlying data without revealing the underlying data; receiving a selection of the user-selectable representation that causes a second request for verification of the proof to be sent over the communications network; and responsive to the second request, receiving a response indicating whether or not the representation accurately reflects the underlying data.

Abstract: A user device containing sensors is delivered customized services without utilizing private user data or while only using it in highly constrained ways. This is accomplished by sending one or more queries to the user device. Each query requests a binary response and each query inquires whether or not the user device has obtained one or more specified parameter values, or range of parameter values, from one or more sensors incorporated in or in communication with the user device. For each query a binary response is received, which indicates that the user device has or has not obtained the one or more specified parameter values, or the range of parameter values, about which the respective query is inquiring.

Abstract: A method of associating multiple user endpoints (UEs) with a single IMS session in an IMS network having a serving node for controlling at least one IMS session for a user and at least a first access network for providing access to UEs. The method involves associating a first UE with the user and with an IMS session; discovering a second UE in a proximity of the first UE; discovering information about the second UE; communicating the information about the second UE to the serving node; the serving node utilizing computer-implemented policy logic to determine whether to associate the second UE with the user and the IMS session; and if the policy logic determines that the second UE is to be associated, the serving node associating the second UE with the IMS session while retaining the association with the first UE.

Abstract: A system includes a database of image data associated with a vehicle; and control logic configured to cause a user device to capture one or more images and compare data associated with the one or more images with the image data to determine if a user is present in a vehicle and disable a text messaging function at least in part responsive to the determination using the image data.

Abstract: A method allows third party authentication of confirmation of an activity performed by a user of a computing device that receives first and second datasets of values for a plurality of attributes respectively obtained from a plurality of sensors associated with the computing device. The first and second datasets reflect a user activity obtained over first and second periods of time, respectively, during which the activity occurs. The computing device compares a subset of the attribute values in the first dataset to their corresponding attribute values in the second dataset to confirm whether they match to within a prescribed degree. If the matching is confirmed, a representation is created of an indicia of the confirmation and a set of cryptographic objects is derived from the representation such that a third party is able to authenticate the confirmation without being able to derive the first or second datasets.

Abstract: An online service provisioning process is provided during which the service provider's knowledge about the user to whom the service is delivered does not increase. This is accomplished by presenting user attribute information to the service provider as obfuscated objects that can be independently verified and which are privacy preserving.

Abstract: A method for customizing an application for a user includes receiving user state information about a user of a smart device from one or more sensors associated with the smart device. The user state information is stored using an access control mechanism that only allows access upon express authorization of the user. The stored user state information is retrieved after an application being executed on or through the smart device has been provided with the express authorization from the user. Functionality of the application is adapted based at least in part on the user state information that is retrieved.

Abstract: Applications of the privacy switch technology are shown for handling data breaches in database systems, thereby providing fundamental improvements to the security and utility of database technology.

Abstract: A method of associating multiple user endpoints (UEs) with a single IMS session in an IMS network having a serving node for controlling at least one IMS session for a user and at least a first access network for providing access to UEs. The method involves associating a first UE with the user and with an IMS session; discovering a second UE in a proximity of the first UE; discovering information about the second UE; communicating the information about the second UE to the serving node; the serving node utilizing computer-implemented policy logic to determine whether to associate the second UE with the user and the IMS session; and if the policy logic determines that the second UE is to be associated, the serving node associating the second UE with the IMS session while retaining the association with the first UE.

Abstract: A system and method is presented that extracts snippets form web pages according to specially designed logic. The extracted snippets might be made relevant to, i.e., indexed by, a location and time/day applicability. Such snippets may be thought of as apps or services that are defined only when a mobile terminal is in a pre-defined geographical area at a certain time and day (e.g., as defined by a calendar of events). Extracted snippets are stored and made searchable. Methods and a system are described to control the display of snippet search results. Snippets may be selected by user or by programmed logic and executed on the mobile terminal or in remote servers without the need to download the app or source code associated with the snippet.

Abstract: A method for providing a secure computing environment creates an isolated computing environment using supervisory programs that are provided with a public access key of a public-private access key pair and not the private key of the public-private access key pair such that access to the computing environment is unavailable to the supervisory programs to thereby prevent the supervisory programs from affecting results of computations executed in the computing environment. An isolated computing environment is a computing environment in which only a specified maximum number of application processes and specified system processes implementing the computing environment are able to operate. A baseline digest of the isolated computing environment is caused to be generated and stored in a location so that the baseline digest is validated by or available to at least one third party to thereby establish a trusted and isolated computing environment.

Abstract: A method for obtaining a representation of an environment includes requesting device context information from a user device. The request is sent to the user device from a virtual machine environment established by a database processor. The virtual machine environment is established by the database processor in response to a request received from the user device over a network for a representation of an environment. User preference information is requested and the device context information and the user preference information are received in the virtual machine environment. Based on the device context information, an environmental data set (EDS) is identified that includes information reflective of the environment. The EDS is received in the virtual machine environment and the EDS is modified based at least in part on the user preference information. Executable computer code is constructed for generating a representation from the modified EDS and sent to the user device.

Abstract: A system and method is provided for using information broadcast by devices and resources in the immediate vicinity of a mobile device, or by sensors located within the mobile device itself, to ascertain and make a determination of the immediate environment and state of the mobile device. This determination may be used to control and manage the actions that the device is asked to carry out by or on behalf of the user.

Abstract: In accordance a method for storing a dataset, the dataset may be split into fragments that are distributed among different nodes of a network for storage. The fragments may then be retrieved as and when needed and re-assembled. The method allows multiple different fragments to be stored and re-assembled on demand. The dataset is initially stored in a user computing device in communication with a data storage system and a custodial entity. The fragments are stored so that no single computing entity in the storage system or the custodian ever contains or gains knowledge of all the fragments. Additionally, the user computing device that was initially in possession of the dataset and which caused the fragments to be stored in the storage system may be replaced with different user computing devices without losing the capability of storing and re-assembling the user data on demand by the replacement user computing device.

Abstract: A system and method is provided for using information broadcast by devices and resources in the immediate vicinity of a mobile device, or by sensors located within the mobile device itself, to ascertain and make a determination of the immediate environment and state of the mobile device. The sensor data is then used to identify situational profiles to target and determine the relevance of apps, advertisements, content, and recommendations.

Abstract: A user device containing sensors is delivered customized services without utilizing private user data or while only using it in highly constrained ways. This is accomplished by sending one or more queries to the user device. Each query requests a binary response and each query inquires whether or not the user device has obtained one or more specified parameter values, or range of parameter values, from one or more sensors incorporated in or in communication with the user device. For each query a binary response is received, which indicates that the user device has or has not obtained the one or more specified parameter values, or the range of parameter values, about which the respective query is inquiring.