Abstract: A rating generator assembly 30 is configured to perform a method to associate quality ratings with each digital resource, such as a learning resource, of a plurality of learning resources, e.g. resources 5-1, . . . ,5-M, (QM={q1 . . . qM} in respect of a topic of an educational course. The method comprises, in respect of each of the learning resources, receiving one or more indications of quality, for example in the form of decision ratings dij and comments cij, in respect of the learning resource q1 from respective devices (“non-expert devices” e.g. 3a, . . . ,3N) of a plurality of non-experts, for example students (UN={u1, . . . , UN}) 3-1, . . . ,3-N via a data network 31. The method involves operating at least one processor, of the rating generator assembly 30 to process the one or more indications of quality from each of the respective non-expert devices 3a, . . .

Abstract: A transaction authorization apparatus includes a processor in communication with a communications interface. The processor is configured to receive a request for a transaction requested by a user with whom a plurality of user devices are associated, to obtain respective transaction measurements from at least some available devices from among the plurality of user devices, and to confirm approval of the request for the transaction in response to confirmation that the transaction measurements satisfy a multi-device authorization policy associated with the transaction.

Abstract: A transaction authorization apparatus includes a processor in communication with a communications interface. The processor is configured to receive a request for a transaction requested by a user with whom a plurality of user devices are associated, to obtain respective transaction measurements from at least some available devices from among the plurality of user devices, and to confirm approval of the request for the transaction in response to confirmation that the transaction measurements satisfy a multi-device authorization policy associated with the transaction.

Abstract: A method for decoupling user authentication and data encryption on mobile devices includes generating an encryption key (“EK”) for encrypting data and a key encryption key (“KEK”) for encrypting the EK, obtaining an encrypted EK by encrypting the EK using the KEK, storing the encrypted EK on a data container device (“DCD”), and storing the KEK on a key vault device (“KVD”) that is distinct from the DCD. Neither the EK nor KEK are generated using a user authentication secret as a seed. The DCD may fetch the KEK from the KVD as desired to decrypt the EK and to encrypt and decrypt data stored on the DCD. Examples of the DCD include a memory stick, smartphone, or tablet computer, while examples of the KVD include a dongle, smartphone, or tablet computer.

Abstract: A method for decoupling user authentication and data encryption on mobile devices includes generating an encryption key (“EK”) for encrypting data and a key encryption key (“KEK”) for encrypting the EK, obtaining an encrypted EK by encrypting the EK using the KEK, storing the encrypted EK on a data container device (“DCD”), and storing the KEK on a key vault device (“KVD”) that is distinct from the DCD. Neither the EK nor KEK are generated using a user authentication secret as a seed. The DCD may fetch the KEK from the KVD as desired to decrypt the EK and to encrypt and decrypt data stored on the DCD. Examples of the DCD include a memory stick, smartphone, or tablet computer, while examples of the KVD include a dongle, smartphone, or tablet computer.