Abstract: A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files.

Abstract: In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.

Abstract: A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files.

Abstract: A security system for authenticating users and protecting content that provides an application program interface (API) with a Cloud Platform integration (Platform) to extend the security capabilities of Public Key Infrastructure and Privilege Management Infrastructure systems to authenticated external users and protected content.

Abstract: A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files.

Abstract: A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files.

Abstract: A security system for authenticating users and protecting content that provides an application program interface (API) with a Cloud Platform integration (Platform) for use by enterprise businesses, government entities, systems integrators, independent software vendors, small business, individuals and others (“Entities”) to extend the security capabilities of PKI- and PMI-systems to authenticated external users and protected content. Through use of an API such Entities may optionally use their own Public Key Infrastructure (PKI) and Privilege Management Infrastructure (PMI) components (such as: Registration Authority, RA; Certification Authority, CA; Hardware Security Module, HSM) and access through a provided API to a Platform which integrates its own PKI and PMI and Attribute Authority (AA) or alternatively, a Platform (via an API interface to an Entity) can provide all PKI and PMI needs and functions.

Abstract: A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files.

Abstract: A method for enforcing digital rights management (DRM) rules in a first device is disclosed. In the method the first device receives a message that includes a rights object (RO) having a digital signature, directly from a source device. The first device determines an identity of a signing entity from the message including the RO having the digital signature. The signing entity is an entity that digitally signed the RO. The first device processes the message including the RO having the digital signature using the identity of the signing entity and an information state to enforce DRM rules in the first device.

Abstract: In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.

Abstract: Disclosed are methods for extracting and using information about an entity that has a presence in a number of information domains. The entity has separate identifiers in each of several domains. Various techniques are described that bind together the identifiers of the entity across the domains. The results of the binding are provided to an interested party that can review information extracted about the entity's behavior in the multiple domains. The interested party is not given access to information that would compromise the confidentiality of the entity. A trusted broker has access to information about the behavior of the entity in the several domains. The broker analyzes that information and provides the analysis to the interested party, again without compromising the confidentiality of the entity. An “incentivizer” works with the broker to extract from the domains information that would be useful in binding together the different identifiers of the entity.

Abstract: In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.

Abstract: A method and apparatus for providing and determining integrity of video is provided herein. During operation, a trusted unit such as a computer housed within a securable trunk of a vehicle generates or receives data on stimuli applied to a camera and receives video purportedly taken by that camera, as means for the trusted unit or an independent entity to determine if time periods of the stimuli correspond to responses seen or heard within the video.

Abstract: A “message broker” personalizes messages based on the recipient's estimated “privacy sensitivity.” By carefully estimating the sensitivity, the message broker can achieve the advantages of personalized messaging without incurring the disadvantages of offending or scaring away the recipient. In a first set of embodiments, messages are sent to a recipient, and information about the recipient's responses is collected and analyzed. The sensitivity level of the recipient is estimated based on this collected information. In a second set of embodiments, messages are sent that include an offer in which an incentive will be given to the recipient in exchange for allowing a certain type of access to specific information associated with the recipient. In a third set of embodiments, the message broker sends messages that request information associated with the recipient, but the messages do not include explicit offers to give incentives in exchange for the information.

Abstract: A “message broker” personalizes messages based on the recipient's estimated “privacy sensitivity.” By carefully estimating the sensitivity, the message broker can achieve the advantages of personalized messaging without incurring the disadvantages of offending or scaring away the recipient. In a first set of embodiments, messages are sent to a recipient, and information about the recipient's responses is collected and analyzed. The sensitivity level of the recipient is estimated based on this collected information. In a second set of embodiments, messages are sent that include an offer in which an incentive will be given to the recipient in exchange for allowing a certain type of access to specific information associated with the recipient. In a third set of embodiments, the message broker sends messages that request information associated with the recipient, but the messages do not include explicit offers to give incentives in exchange for the information.

Abstract: A “message broker” personalizes messages based on the recipient's estimated “privacy sensitivity.” By carefully estimating the sensitivity, the message broker can achieve the advantages of personalized messaging without incurring the disadvantages of offending or scaring away the recipient. In a first set of embodiments, messages are sent to a recipient, and information about the recipient's responses is collected and analyzed. The sensitivity level of the recipient is estimated based on this collected information. In a second set of embodiments, messages are sent that include an offer in which an incentive will be given to the recipient in exchange for allowing a certain type of access to specific information associated with the recipient. In a third set of embodiments, the message broker sends messages that request information associated with the recipient, but the messages do not include explicit offers to give incentives in exchange for the information.

Abstract: A central server configured to mediate communications including establishing secure online sessions between user-controlled devices and 3rd party devices, such as a 3rd party device hosting a financial site. The methods and apparatus used to instantiate and carry out the mediated communications can be designed to thwart crimeware. To enable communications between the user-controlled devices and the 3rd party devices, the central server can be configured to instantiate a first secure communication session between the central server and the user-controlled device and a second secure communication session between the central server and the 3rd party device. If desired, separate encryption keys can be used for the first communication session and the second communication session where only the central server possesses the encryption keys for both the first communication session and the second communication session.

Abstract: A method and apparatus for providing and determining integrity of video is provided herein. During operation, a trusted unit such as a computer housed within a securable trunk of a vehicle generates or receives data on stimuli applied to a camera and receives video purportedly taken by that camera, as means for the trusted unit or an independent entity to determine if time periods of the stimuli correspond to responses seen or heard within the video.

Abstract: Disclosed are methods for extracting and using information about an entity that has a presence in a number of information domains. The entity has separate identifiers in each of several domains. Various techniques are described that bind together the identifiers of the entity across the domains. The results of the binding are provided to an interested party that can review information extracted about the entity's behavior in the multiple domains. The interested party is not given access to information that would compromise the confidentiality of the entity. A trusted broker has access to information about the behavior of the entity in the several domains. The broker analyzes that information and provides the analysis to the interested party, again without compromising the confidentiality of the entity. An “incentivizer” works with the broker to extract from the domains information that would be useful in binding together the different identifiers of the entity.

Abstract: Disclosed are methods for extracting and using information about an entity that has a presence in a number of information domains. The entity has separate identifiers in each of several domains. Various techniques are described that bind together the identifiers of the entity across the domains. The results of the binding are provided to an interested party that can review information extracted about the entity's behavior in the multiple domains. The interested party is not given access to information that would compromise the confidentiality of the entity. A trusted broker has access to information about the behavior of the entity in the several domains. The broker analyzes that information and provides the analysis to the interested party, again without compromising the confidentiality of the entity. An “incentivizer” works with the broker to extract from the domains information that would be useful in binding together the different identifiers of the entity.