Abstract: Methods, systems and apparatuses for securing a secret of a user are disclosed. One method includes one or more adjudicator devices providing a plurality of public keys, wherein each of the plurality of public keys has a corresponding at least one adjudicator, and a corresponding secret key, receiving, by the one or more adjudicator devices, a plurality of encrypted shares that were generated based on a secret of the user, a policy, and the plurality of public keys, and verifying that the plurality of encrypted shares can be used to reconstitute the secret upon receiving the plurality of encrypted shares, wherein the secret can be reconstructed, without access to the secret.

Abstract: Methods, systems and apparatuses for a mediator enforcing policies to a resource utilizing an electronic content, are disclosed. One method includes receiving, by a mediator computing device of a mediator, a second share SKG2 from an owner server, wherein a first share SKG1 is provided to a member server of a member of a group by the owner server, wherein the owner defines policies associated with the group. The method further includes the mediator receiving a request from the member for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content, determining, by the mediator, whether the member is eligible to access the electronic content based at least in part on the policies associated with the group, if eligible, the mediator responds to the request for mediation with a member accessible header.

Abstract: Methods, systems and apparatuses for a mediator controlling access to an electronic content, are disclosed. One method includes receiving, by a mediator device of a mediator, a second share SKG2 from an owner device, wherein a first share SKG1 is provided to a member device of a member of a group by the owner device. Further, the mediator receives a request from the member for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content. Further, the mediator receives a request for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content from the member. Further, the mediator determines whether the member is eligible to decrypt the electronic content, if eligible, the mediator responding to the request for mediation with a member accessible header, wherein the member accessible header includes the header after application of SKG2.

Abstract: Methods, systems and apparatuses for an originator publishing an attestation of a statement are disclosed. One method includes obtaining information, wherein the information includes the attestation of the statement, wherein the statement includes at least a portion of the information to be attested to, and wherein the attestation includes a context describing conditions of the attestation, and wherein the attestation includes a cryptographic signature of the context and the statement. The method further includes validating the information. The method further includes communicating after validating the information the information to a destination while maintaining at least one of data privacy or data provenance, including creating a new statement by transforming the statement to a form suitable for the destination, creating, by the computing device, a new attestation by signing the new statement with a new context specific to the computing device, and making available the new attestation to the destination.

Abstract: Methods, systems and apparatuses for an operator provisioning a trustworthy workspace to a subscriber are disclosed. One method includes providing the subscriber with the trustworthy workspace, where in the trustworthy workspace comprises a virtualized content repository with trustworthy workflows for storing, sharing and processing a digital content across a plurality of repositories. The method further includes allowing the subscriber authority to sub-provision the trustworthy workspace to one or more authorized parties, wherein only the one or more authorized parties can view or modify at least a portion of the digital content.

Abstract: Methods, systems and apparatuses for a user-mediator controlling access to an electronic content, are disclosed. One method includes receiving, by a user-mediator server of the user-mediator, a second share SKG2 from an owner server, wherein a first share SKG1 is provided to a member server of a member of a group by the owner. Further, the user-mediator receives a request from the member for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content. Further, the mediator receives a request for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content from the member. Further, the user-mediator determines whether the member is eligible to decrypt the electronic content, if eligible, the user-mediator responds to the request for mediation with a member accessible header, wherein the member accessible header includes the header after application of SKG2.

Abstract: Methods, systems and apparatuses for a mediator controlling access to an electronic content, are disclosed. One method includes receiving, by a mediator device of a mediator, a second share SKG2 from an owner device, wherein a first share SKG1 is provided to a member device of a member of a group by the owner device. Further, the mediator receives a request from the member for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content. Further, the mediator receives a request for mediation, including the mediator receiving a dispatch of the header of the encrypted electronic content from the member. Further, the mediator determines whether the member is eligible to decrypt the electronic content, if eligible, the mediator responding to the request for mediation with a member accessible header, wherein the member accessible header includes the header after application of SKG2.

Abstract: Methods, systems and apparatuses for securing a secret of a user are disclosed. One method includes one or more adjudicator devices providing a plurality of public keys, wherein each of the plurality of public keys has a corresponding at least one adjudicator, and a corresponding secret key, receiving, by the one or more adjudicator devices, a plurality of encrypted shares that were generated based on a secret of the user, a policy, and the plurality of public keys, and verifying that the plurality of encrypted shares can be used to reconstitute the secret upon receiving the plurality of encrypted shares, wherein the secret can be reconstructed, without access to the secret.

Abstract: Methods, systems and apparatuses for an originator publishing an attestation of a statement are disclosed. One method includes obtaining information, wherein the information includes the attestation of the statement, wherein the statement includes at least a portion of the information to be attested to, and wherein the attestation includes a context describing conditions of the attestation, and wherein the attestation includes a cryptographic signature of the context and the statement. The method further includes validating the information. The method further includes communicating after validating the information the information to a destination while maintaining at least one of data privacy or data provenance, including creating a new statement by transforming the statement to a form suitable for the destination, creating, by the computing device, a new attestation by signing the new statement with a new context specific to the computing device, and making available the new attestation to the destination.

Abstract: Methods, systems and apparatuses for a custodian securing a secret are disclosed. One method includes receiving, by a custodian server of a first custodian, encrypted shares, wherein the encrypted share are generated based on a secret of the user, a policy, and a plurality of public keys, comprising generating a plurality of shares from the secret, and encrypting each share utilizing a corresponding one of the plurality of public keys. The method further includes verifying, by the custodian server, that the encrypted shares can be used to reconstitute the secret upon receiving the encrypted shares, comprising leveraging, by the first custodian, one-way cryptographic functions, wherein the first custodian can reconstruct the secret, but cannot obtain access to the secret or any of the shares.

Abstract: Methods, systems and apparatuses for an operator provisioning a trustworthy workspace to a subscriber are disclosed. One method includes providing the subscriber with the trustworthy workspace, where in the trustworthy workspace comprises a virtualized content repository with trustworthy workflows for storing, sharing and processing a digital content across a plurality of repositories. The method further includes allowing the subscriber authority to sub-provision the trustworthy workspace to one or more authorized parties, wherein only the one or more authorized parties can view or modify at least a portion of the digital content.

Abstract: Methods, systems and apparatuses for an operator provisioning a trustworthy workspace to a subscriber are disclosed. One method includes providing the subscriber with the trustworthy workspace, where in the trustworthy workspace comprises a virtualized content repository with trustworthy workflows for storing, sharing and processing a digital content across a plurality of repositories. The method further includes allowing the subscriber authority to sub-provision the trustworthy workspace to one or more authorized parties, wherein only the one or more authorized parties can view or modify at least a portion of the digital content.