Abstract: An access gateway may grant a requestor access to a computer resource. The requestor may receive a credential from an identity provider and calculate a zero-knowledge proof of possession of the credential. The requestor may use the proof to request access to the computer resource. The identity provider may record a policy corresponding to the credential in a distributed ledger. The access gateway may, subject to verifying the proof, retrieve the policy from the distributed ledger. The policy may indicate that the requestor is authorized to access the computer resource. The access gateway may grant the requestor access to the computer resource as indicated by the policy.

Abstract: An access gateway may grant a requestor access to a computer resource. The requestor may receive a credential from an identity provider and calculate a zero-knowledge proof of possession of the credential. The requestor may use the proof to request access to the computer resource. The identity provider may record a policy corresponding to the credential in a distributed ledger. The access gateway may, subject to verifying the proof, retrieve the policy from the distributed ledger. The policy may indicate that the requestor is authorized to access the computer resource. The access gateway may grant the requestor access to the computer resource as indicated by the policy.

Abstract: A computing system that is configured to receive requests to send computer executable programs to a data owner system associated with a data source for execution of the computer executable program by the data owner system. The data owner system may store to a blockchain a permitted list of programming functions, function libraries, function syntax definitions, and execution environment requirements. The computing system may be further configured to retrieve the permitted lists. The computing system may be further configured to evaluate the computer executable program using the permitted lists to determine if the computer executable program may be executed by the data owner system. The evaluation may be performed by generating an abstract syntax tree of the computer executable program. The computing system may be further configured to send the computer executable program to the data owner system if the computer executable program satisfies the conditions of the permitted lists.

Abstract: An access gateway may grant a requestor access to a computer resource. The requestor may receive a credential from an identity provider and calculate a zero-knowledge proof of possession of the credential. The requestor may use the proof to request access to the computer resource. The identity provider may record a policy corresponding to the credential in a distributed ledger. The access gateway may, subject to verifying the proof, retrieve the policy from the distributed ledger. The policy may indicate that the requestor is authorized to access the computer resource. The access gateway may grant the requestor access to the computer resource as indicated by the policy.

Abstract: An access gateway may grant a requestor access to a computer resource. The requestor may receive a credential from an identity provider and calculate a zero-knowledge proof of possession of the credential. The requestor may use the proof to request access to the computer resource. The identity provider may record a policy corresponding to the credential in a distributed ledger. The access gateway may, subject to verifying the proof, retrieve the policy from the distributed ledger. The access gateway may grant the requestor access to the computer resource as indicated by the policy. For example, the access gateway may allow the requestor to transfer data from a classified data storage component to a declassified data storage component. In some cases, the classified data storage component may encrypt data (e.g., using an encryption key provided by the requestor and/or the declassified data storage component) prior to transfer.

Abstract: An access gateway may grant a requestor access to a computer resource. The requestor may receive a credential from an identity provider and calculate a zero-knowledge proof of possession of the credential. The requestor may use the proof to request access to the computer resource. The identity provider may record a policy corresponding to the credential in a distributed ledger. The access gateway may, subject to verifying the proof, retrieve the policy from the distributed ledger. The policy may indicate that the requestor is authorized to access the computer resource. The access gateway may grant the requestor access to the computer resource as indicated by the policy.

Abstract: A computing system that is configured for a federated wallet with cryptographically secure signature delegation. The system may be configured to receive a session public key corresponding to a decentralized application and a user. The system may be further configured to receive an unsigned transaction of a blockchain, the unsigned transaction corresponding to the user. The system may be further configured to provide a symmetric encryption key to the user's device for encrypting the user's private signing key. The system may be further configured to determine, using the session public key, that the unsigned transaction is valid. Based on the validity of the unsigned transaction, the system may send the unsigned transaction to the user's device. The system may send the symmetric encryption key to the user's device to decrypt the private signing key. The system may be further configured to receive a signed transaction for submission to the blockchain.

Abstract: A computing system that is configured to receive requests to send computer executable programs to a data owner system associated with a data source for execution of the computer executable program by the data owner system. The data owner system may store to a blockchain a permitted list of programming functions, function libraries, function syntax definitions, and execution environment requirements. The computing system may be further configured to retrieve the permitted lists. The computing system may be further configured to evaluate the computer executable program using the permitted lists to determine if the computer executable program may be executed by the data owner system. The evaluation may be performed by generating an abstract syntax tree of the computer executable program. The computing system may be further configured to send the computer executable program to the data owner system if the computer executable program satisfies the conditions of the permitted lists.

Abstract: A computing system that is configured for a federated wallet with cryptographically secure signature delegation. The system may be configured to receive a session public key corresponding to a decentralized application and a user. The system may be further configured to receive an unsigned transaction of a blockchain, the unsigned transaction corresponding to the user. The system may be further configured to provide a symmetric encryption key to the user's device for encrypting the user's private signing key. The system may be further configured to determine, using the session public key, that the unsigned transaction is valid. Based on the validity of the unsigned transaction, the system may send the unsigned transaction to the user's device. The system may send the symmetric encryption key to the user's device to decrypt the private signing key. The system may be further configured to receive a signed transaction for submission to the blockchain.

Abstract: A computing system that is configured to receive requests to send computer executable programs to a data owner system associated with a data source for execution of the computer executable program by the data owner system. The data owner system may store to a blockchain a permitted list of programming functions, function libraries, function syntax definitions, and execution environment requirements. The computing system may be further configured to retrieve the permitted lists. The computing system may be further configured to evaluate the computer executable program using the permitted lists to determine if the computer executable program may be executed by the data owner system. The evaluation may be performed by generating an abstract syntax tree of the computer executable program. The computing system may be further configured to send the computer executable program to the data owner system if the computer executable program satisfies the conditions of the permitted lists.

Abstract: A computing system that is configured to receive requests to send computer executable programs to a data owner system associated with a data source for execution of the computer executable program by the data owner system. The data owner system may store to a blockchain a permitted list of programming functions, function libraries, function syntax definitions, and execution environment requirements. The computing system may be further configured to retrieve the permitted lists. The computing system may be further configured to evaluate the computer executable program using the permitted lists to determine if the computer executable program may be executed by the data owner system. The evaluation may be performed by generating an abstract syntax tree of the computer executable program. The computing system may be further configured to send the computer executable program to the data owner system if the computer executable program satisfies the conditions of the permitted lists.

Abstract: A computing system that facilitates execution of protocol for requesting data from one or more data owners. The protocol may specify an execution graph for performing operations collect the requested data. The execution graph may be comprised of execution graph nodes specifying operations such as accessing a database, querying the database, and scrubbing the resulting data of sensitive information. An execution graph may be agreed upon and stored on a blockchain. Storing the execution graph on the blockchain ensures a validated consensus among parties, such as the data owners, for the operations defined within the execution graph. The protocol may include requests for data from multiple data owners. The data received from each data owner may be aggregated. Rules may require the aggregated data meet certain requirements before release such as removing sensitive information or a minimum number of data records to prevent exposure of private data.

Abstract: A computing system that facilitates approval and validation of executable code between parties. A template including executable code and specifying certain operations and functions to be performed on protected data, as well as constraints thereto, may be verified and agreed upon by parties. The verified template and/or a hash of the verified template may be stored on a blockchain. Prior to execution of the code certain parameters within the template may be filled and validated by a system that will execute the code. A contract, which too may be agreed upon and stored on the blockchain, may also include other terms governing the parties. The filled template may also be validated, and compared against a blockchain version of the template, by the parties prior to execution of the code and prior to access being granted to protected data. Such verifications and validations ensure that data is only operated on, using a secure system, within the parameters as agreed upon by the parties.

Abstract: Computer instructions corresponding to a neural-network model are received and encrypted using an encryption technique. Training data encrypted using the encryption technique is received from a data source. The model is trained using the training data using, for example, a gradient descent technique. If the model performs in accordance with a quality metric, it is sent to a device of a model user.

Abstract: Computer instructions corresponding to a neural-network model are received and encrypted using an encryption technique. Training data encrypted using the encryption technique is received from a data source. The model is trained using the training data using, for example, a gradient descent technique. If the model performs in accordance with a quality metric, it is sent to a device of a model user.

Abstract: A computing system that facilitates approval and validation of executable code between parties. A template including executable code and specifying certain operations and functions to be performed on protected data, as well as constraints thereto, may be verified and agreed upon by parties. The verified template and/or a hash of the verified template may be stored on a blockchain. Prior to execution of the code certain parameters within the template may be filled and validated by a system that will execute the code. A contract, which too may be agreed upon and stored on the blockchain, may also include other terms governing the parties. The filled template may also be validated, and compared against a blockchain version of the template, by the parties prior to execution of the code and prior to access being granted to protected data. Such verifications and validations ensure that data is only operated on, using a secure system, within the parameters as agreed upon by the parties.

Abstract: Computer instructions corresponding to a neural-network model are received and encrypted using an encryption technique. Training data encrypted using the encryption technique is received from a data source. The model is trained using the training data using, for example, a gradient descent technique. If the model performs in accordance with a quality metric, it is sent to a device of a model user.

Abstract: Multiple systems may determine neural-network output data and neural-network parameter data and may transmit the data therebetween to train and run the neural-network model to predict an event given input data. A secure processing component may process data using a transformation layer and may send and receive data to and from a first system. Multiple data-provider systems may send vertically partitioned data to the secure-processing component, which may determine output data corresponding to the multiple data-provider systems.

Abstract: Multiple systems may determine neural-network output data and neural-network parameter data and may transmit the data therebetween to train and run the neural-network model to predict an event given input data. A secure processing component may process data using a transformation layer and may send and receive data to and from a first system. Multiple data-provider systems may send vertically partitioned data to the secure-processing component, which may determine output data corresponding to the multiple data-provider systems.

Abstract: Computer instructions corresponding to a neural-network model are received and encrypted using an encryption technique. Training data encrypted using the encryption technique is received from a data source. The model is trained using the training data using, for example, a gradient descent technique. If the model performs in accordance with a quality metric, it is sent to a device of a model user.