Abstract: A problem with online transactions is that a customer may unwillingly be profiled by a corporate entity. To hinder such profiling, a customer may occasionally generate a public/private key pair, and present the public key to a digital token service for use as a pseudonym included in tokens issued to the customer. A subsequent assignment of the digital token to a corporate entity can then be performed by adding the public key of the corporate entity to the token, and signing the combination with the private key which pairs with the pseudonymous public key in the token. A return transaction from the corporate entity to the customer can then add the pseudonymous public key to a return digital token and sign the combination with the corporate entity's private key. Routing the digital token to the customer may be achieved by replying directly to the anonymous inbound token.

Abstract: Systems and methods are described for content distribution at a distributor. A functionally encrypted content request comprising a user identifier and a content identifier is received. The functionally encrypted content request is sent to a content provider. A content reply comprising the functionally encrypted content request and encrypted content corresponding to the content identifier is received. The content reply is decrypted using a functional user identifier decryption key to resolve the user identifier. A further content reply corresponding to the content reply is sent to a user node corresponding to the user identifier.

Abstract: A privacy-preserving process for communicating over a decentralized peer-to-peer network is described in which a user device receives a digitally signed temporary user ID from an identification service, and initiates a transaction with an online content provider using the digitally signed temporary user ID and cryptographically encrypted user payment information. The user device receives data from the content distributor in response to the content distributor receiving a first indication of payment for the transaction from a payment service. In this method, the first indication of payment for the transaction to the content distributor was to have been transmitted by the payment service device in response to: the payment service device receiving the temporary user ID and linking the temporary user ID to the user information; and the payment service receiving a second indication of payment based on the user information.

Abstract: A peer-to-peer content provision network is disclosed which implements a privacy-preserving payment mechanism for rewarding actors in the network (for example, a content supplier, a content distributor and storage-contributing peers). To reward some or all of those actors, a user device obtains, from a token service, anonymous digital payment tokens which include an ephemeral public key. Payment is achieved by adding an assignment layer to the token which involves combining a payee ephemeral public key with the token, and applying a digital signature to the combination using the ephemeral private key corresponding to the ephemeral public key in the token. Subsequent assignments can be made by the payee by adding a further assignment layer to the token using a payee ephemeral private key which pairs with the payee ephemeral public key in the received token. A payment service can divide a payment from the user between actors in the network.

Abstract: Systems and methods of rotating content license management for multiple terminals associated with the same content service subscription user account are disclosed. An ephemeral master device (EMD) is selected from a domain of client devices associated with the same user account. The content service generates an Ephemeral Personal Credential (EPC) associated with the user account, which is temporary and is updated periodically or randomly. The EMD role rotates among the devices in the domain periodically or randomly. The updated EPC is sent to the current EMD. A client device can access content via the user account by providing 1) the account credentials and 2) a valid EPC. Account credentials may be shared with the client device. The EPC is shared with the client device when the client device moves within a particular range of the EMD (or another device in the domain which has the EPC) to synchronize the EPC.

Abstract: Systems and methods are described for encrypting and decrypting data in a distributed storage environment. Such systems and methods for encryption may divide a data payload into slices, the slices including a first slice and a subsequent slice, employ a content encryption key and an initialization vector, encrypt the first slice using the content encryption key and the initialization vector, generate a subsequent initialization vector for the subsequent slice based upon the initialization vector and the unencrypted content of the first slice, and encrypt the subsequent slice using the subsequent initialization vector and the content encryption key. The systems and methods may then generate a list of the encrypted slices into which the data payload has been generated, and publish to a secure storage location, the slice list, the content encryption key and the initialization vector for the first slice in the slice list, with the slices outputted to the distributed storage environment.

Abstract: Systems and methods are described for encrypting and decrypting data in a distributed storage environment. Such systems and methods for encryption may divide a data payload into slices, the slices including a first slice and a subsequent slice, employ a content encryption key and an initialization vector, encrypt the first slice using the content encryption key and the initialization vector, generate a subsequent initialization vector for the subsequent slice based upon the initialization vector and the unencrypted content of the first slice, and encrypt the subsequent slice using the subsequent initialization vector and the content encryption key. The systems and methods may then generate a list of the encrypted slices into which the data payload has been generated, and publish to a secure storage location, the slice list, the content encryption key and the initialization vector for the first slice in the slice list, with the slices outputted to the distributed storage environment.

Abstract: Systems and methods are provided for context-module-based personal data protection. Systems and methods provide a user device's user interface with two or more context modules associated with a respective set of applications. Upon receiving a user input to launch an application, the application is executed using data permissions associated with the context from which the user launches the application. Permission for application requests for data are determined based on the data permissions associated with the launch context. For some embodiments, the context may be selected automatically based on sensor data or a user device's context or location. For some embodiments, the context may be changed between two contexts. Such context changes may occur without changing user accounts. For some embodiments, a third user may execute a third application using the data permissions associated with the first context module.

Abstract: The disclosed systems and methods allow cloud services to delegate processing of sensitive data to trusted user devices. In an exemplary method, a cloud service stores data, some of which is encrypted and cannot be decrypted by the service. The service receives from a client device a request to perform a function on a set of data. The service determines whether the set of data is encrypted. If the set of data is encrypted, it is sent to the client device for processing. The client device decrypts the data, processes it, and returns it to the cloud service for storage. If the set of data is not encrypted, it is processed and stored by the cloud service.

Abstract: Disclosed herein are systems and methods for protecting user privacy in networked data collection. One embodiment takes the form of a method that includes obtaining a user-data request that is associated with a requesting party. The method also includes preparing a first candidate response to the user-data request, where the first candidate response is based at least in part on data that is associated with a first user. The method also includes receiving additional candidate responses that are respectively based on data that is respectively associated with a plurality of additional users. The method also includes determining a privacy level of the first candidate response based at least in part on the received plurality of additional candidate responses. The method also includes determining that the privacy level exceeds a privacy threshold, and responsively sending, to the requesting party, a user-data response associated with the user-data request.

Abstract: In an embodiment, a merchant server receives, from a client device, an order message identifying an ordered product having a purchase price. The merchant server generates an order identifier associated with the ordered product and sends, to the client device an order-response message that includes the generated order identifier. The merchant server receives, from the client device, an order-arranged message that includes a payment-arranged message (having a payment amount, the order identifier, and a digital signature of a financial institution) and a delivery-arranged message (having delivery-plan data and a digital signature of a courier). The merchant server verifies the respective digital signatures of the financial institution and the courier, and generates and outputs transfer instructions for the ordered product based at least in part on the delivery-plan data.

Abstract: An apparatus for providing an improved content protecting and packaging system for protecting content may include an extractor for extracting a content package into a plurality of content segments including a first portion and a second portion. An enveloper may envelop each of the content segments in the first portion separately to thereby create one or more protected content segments. Further, a packager may package the protected content segments with the second portion of the content segments into a protected content package, which may then be uploaded to a distributor for distribution to user terminals. A corresponding method and computer program product are also provided.

Abstract: Systems and methods for use in a secure personal data marketplace are disclosed. In accordance with one method, a request for processed user data from a requesting party is received at an electronic marketplace. The request for the processed user data is published from the electronic marketplace to a plurality of responding agents. The plurality of responding agents determine whether one or more of the users will be a user participant. The responding agents send the user information for the user participants to the electronic marketplace, where the user information is processed in a trusted environment to generate the processed user data requested by the requesting party. The processed user data is sent from the electronic marketplace to the requesting party, and the user information and processed user data is deleted from the electronic marketplace once the processed user data has been sent to the requesting party.

Abstract: Disclosed is a method in a provisioning apparatus. The method comprises obtaining a family key, a family key defining a family; submitting the family key to a security element in a secure manner (2-2); using the family key for securing credential data; submitting said secured credential data to the security element (2-4); using the family key for binding an application to the family; and submitting said binding to the security element (2-5). Also a method in a related security element and related apparatuses, systems and computer programs are disclosed.

Abstract: A method, an apparatus, and a computer program product for enabling verification key handling is disclosed. Said handling is enabled by receiving a verification key including an identifier of the parent verification key of the verification key, wherein the verification key includes a constraint portion, determining whether the constraint portion of the verification key corresponds to the constraint portion of the parent verification key, associating, in case the constraint portion of the verification key corresponds to the constraint portion of the parent verification key, the verification key with a particular state update, and storing the verification key associated with the particular state update.

Abstract: An apparatus for providing an improved content protecting and packaging system for protecting content may include an extractor for extracting a content package into a plurality of content segments including a first portion and a second portion. An enveloper may envelop each of the content segments in the first portion separately to thereby create one or more protected content segments. Further, a packager may package the protected content segments with the second portion of the content segments into a protected content package, which may then be uploaded to a distributor for distribution to user terminals. A corresponding method and computer program product are also provided.

Abstract: Disclosed is a method in a provisioning apparatus. The method comprises obtaining a family key, a family key defining a family; submitting the family key to a security element in a secure manner (2-2); using the family key for securing credential data; submitting said secured credential data to the security element (2-4); using the family key for binding an application to the family; and submitting said binding to the security element (2-5). Also a method in a related security element and related apparatuses, systems and computer programs are disclosed.

Abstract: A method, an apparatus, and a computer program product for enabling verification key handling is disclosed. Said handling is enabled by receiving a verification key including an identifier of the parent verification key of the verification key, wherein the verification key includes a constraint portion, determining whether the constraint portion of the verification key corresponds to the constraint portion of the parent verification key, associating, in case the constraint portion of the verification key corresponds to the constraint portion of the parent verification key, the verification key with a particular state update, and storing the verification key associated with the particular state update.