Abstract: Methods, systems and apparatuses for a user-mediator mediating transfer of electronic content, are disclosed. One method includes receiving, by a mediator computing device of the user-mediator, a second share SKG2 from an owner-publisher server of an owner-publisher, wherein a first share SKG1 is provided to a member server of a member of a group by the owner-publisher. The method further includes the user-mediator receiving a request, by the member, for mediation, comprising the user-mediator receiving a dispatch of the header of the encrypted electronic content from the member, determining, by the user-mediator, whether the member is eligible to decrypt the electronic content, if eligible, the user-mediator responding to the request for mediation with a member accessible header.

Abstract: Methods, systems and apparatuses for a user-mediator controlling access to an electronic content, are disclosed. One method includes receiving, by a user-mediator server of the user-mediator, a second share SKG2 from an owner server, wherein a first share SKG1 is provided to a member server of a member of a group by the owner. Further, the user-mediator receives a request from the member for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content. Further, the mediator receives a request for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content from the member. Further, the user-mediator determines whether the member is eligible to decrypt the electronic content, if eligible, the user-mediator responds to the request for mediation with a member accessible header, wherein the member accessible header includes the header after application of SKG2.

Abstract: Methods, systems and apparatuses for a mediator enforcing policies to a resource utilizing an electronic content, are disclosed. One method includes receiving, by a mediator computing device of a mediator, a second share SKG2 from an owner server, wherein a first share SKG1 is provided to a member server of a member of a group by the owner server, wherein the owner defines policies associated with the group. The method further includes the mediator receiving a request from the member for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content, determining, by the mediator, whether the member is eligible to access the electronic content based at least in part on the policies associated with the group, if eligible, the mediator responds to the request for mediation with a member accessible header.

Abstract: Methods, systems and apparatuses for a custodian securing a secret are disclosed. One method includes receiving, by a custodian server of a first custodian, encrypted shares, wherein the encrypted share are generated based on a secret of the user, a policy, and a plurality of public keys, comprising generating a plurality of shares from the secret, and encrypting each share utilizing a corresponding one of the plurality of public keys. The method further includes verifying, by the custodian server, that the encrypted shares can be used to reconstitute the secret upon receiving the encrypted shares, comprising leveraging, by the first custodian, one-way cryptographic functions, wherein the first custodian can reconstruct the secret, but cannot obtain access to the secret or any of the shares.

Abstract: Methods, systems and apparatuses for a mediator controlling access to an electronic content, are disclosed. One method includes receiving, by a mediator server of a mediator, a second share SKG2 from an owner server, wherein a first share SKG1 is provided to a member server of a member of a group by the owner server. Further, the mediator receives a request for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content from the member. Further, the mediator determines whether the member is eligible to decrypt the electronic content, if eligible, the mediator responding to the request for mediation with a member accessible header, wherein the member accessible header includes the header after application of SKG2.

Abstract: Methods, systems and apparatuses for securing a secret are disclosed. One method includes receiving a secret from the user and generating encrypted shares based on the secret, a policy, and a plurality of public keys. The encrypted shares are provided to a custodian, wherein the custodian verifies that the encrypted shares can be used to reconstitute the secret upon receiving the encrypted shares.

Abstract: Methods, systems and apparatuses for monitoring and controlling access to an electronic content are disclosed. One method includes creating, by an owner server, a group comprising generating a group public key PKG and a group secret key SKG. The method further includes adding, by the owner server, a member to the group, comprising generating a first share SKG1 from the group secret key SKG and a public key of a member, and a second share SKG2 from the group secret key SKG and a public key of a mediator, and providing, by the owner server, the first share SKG1 to a member server of the member and the second shares SKG2 to a mediator server of the mediator.

Abstract: Methods, systems and apparatuses for an operator provisioning a trustworthy workspace to a subscriber are disclosed. One method includes providing the subscriber with the trustworthy workspace, where in the trustworthy workspace comprises a virtualized content repository with trustworthy workflows for storing, sharing and processing a digital content across a plurality of repositories. The method further includes allowing the subscriber authority to sub-provision the trustworthy workspace to one or more authorized parties, wherein only the one or more authorized parties can view or modify at least a portion of the digital content.

Abstract: Methods, systems and apparatuses for monitoring and controlling access to an electronic content are disclosed. One method includes creating, by an owner server, a group comprising generating a group public key PKG and a group secret key SKG. The method further includes adding, by the owner server, a member to the group, comprising generating a first share SKG1 from the group secret key SKG and a public key of a member, and a second share SKG2 from the group secret key SKG and a public key of a mediator, and providing, by the owner server, the first share SKG1 to a member server of the member and the second shares SKG2 to a mediator server of the mediator.

Abstract: Methods, systems and apparatuses for providing trustworthy workflow across trust boundaries are disclosed. One method includes a curator generating a first public key (PKC1) and a second public key (PKC2), publishing the first public key (PKC1) and the second public key (PKC2), and generating a first proxy re-encryption key (RKC1-C2) and a second proxy re-encryption key (RKC2-B). Further, a first party encrypts data having a key k, wherein k is encrypted according to the first public key (PKC1). A custodian proxy re-encrypts k from the first public key (PKC1) to the second public key (PKC2) using the first proxy re-encryption key (RK C1-C2), and the custodian proxy re-encrypts k from the second public key (PKC2) to a public key (PKB) of the second party B using the second proxy re-encryption key (RKC2-B). The second party B receiving the data and decrypting the data with the key k.

Abstract: Methods, systems and apparatuses for securing a secret are disclosed. One method includes receiving a secret from the user and generating encrypted shares based on the secret, a policy, and a plurality of public keys. The encrypted shares are provided to a custodian, wherein the custodian verifies that the encrypted shares can be used to reconstitute the secret upon receiving the encrypted shares.