Abstract: A system for executing a virtual machine instance is provided. An executing environment (11) is arranged for creating a virtual machine instance (10). The virtual machine instance (10) comprises an instance authorization unit (1) for receiving an instance authorization credential, wherein the instance authorization credential is uniquely associated with the virtual machine instance (10). A data key unit (2) is arranged for generating a request for a data key, based on the instance authorization credential associated with the virtual machine instance (10). A decryption unit (3) is arranged for decrypting a data item (7) based on the data key. A key server system (6) is arranged for issuing keys to a virtual machine instance (10). An instance authorization providing unit (22) is arranged for providing the instance authorization credential to the virtual machine instance (10).

Abstract: A method of authenticating a device and a user comprises obtaining a device ID for the device, performing a biometric measurement of the user, obtaining helper data for the user, and generating a key from the biometric measurement and helper data. There is then generated a message comprising the key or a component derived from the key, which transmitted to a remote service, and at the service there is carried out the step of authenticating the device and the user with the message. In a preferred embodiment, the generating of the key further comprises generating the key from the device ID.

Abstract: A virtual machine device 100 comprising multiple operation routines 122,124, 126 each configured to perform a particular instruction, and a selector 110 configured to receive an encoded instruction, the encoded instruction being obtained by encoding a plain instruction with a code encoding, the selector is configured to select and activate a corresponding operation routine of the multiple operation routines, the corresponding operation routine is configured to perform the plain instruction corresponding to the encoded instruction, the selector 100 comprises a look-up means for looking-up an encoded instruction to select the corresponding operation routine.

Abstract: A domain authority 13 for use in a hierarchy of domain authorities in a hierarchical cryptographic system. The domain authority 13 comprises a user secret key generator 21 for generating a user secret key based on a domain secret key and one or more attribute representations, to obtain a user secret key associated with a set of attributes corresponding to the attribute representations, and wherein the domain secret key is based on a domain secret key of a parent domain authority or a root secret key of a root authority of the hierarchy of domain authorities, and wherein the attribute representations are independent of the hierarchy. A decrypter makes use of the user secret key. An encrypter generates ciphertext decryptable by the decrypter.

Abstract: The present invention relates to a method for exchanging data between at least two servers with use of a gateway. Preferably the method is applied to healthcare systems. Each server holds a unique federated identifier, which identifier identifies a single patient (P). Thus, it is possible for the servers to communicate with each other without having to reveal the true identity of patient. By creating one session pseudonym for each pair of providing server (12) holding relevant patient data and a requesting server (10) and by formatting an inbound session identifier related to the requesting server and an outbound session identifier related to the providing server for each session pseudonym the servers may communicate anonymous data with each other. The patient data is transferred from the at least one providing server to the requesting server and all session pseudonyms are replaced, in the requesting server, with the identifier of the requesting server for the patient (P).

Abstract: A cuvette (10) for storing a biological sample to be analyzed by means of a predefined detection technique is disclosed. The cuvette (10) is formed from a moldable material that contains particles (15a, 15b) at a concentration within a predefined range. The particles (15a, 15b) are randomly distributed, in order to form a unique pattern. Moreover, the particles (15a, 15b) have measurable physical properties, so that the unique pattern is detectable using the detection technique that is used to analyze the biological sample. The unique properties obtained by the randomly distributed particles (15a, 15b) render copying nearly impossible, since it is more complicated to distribute the particles in a predetermined pattern than to let them distribute randomly.

Abstract: The invention uses the concept of identity-based encryption in the context of data-centric protection of electronic health records, where each data item is encrypted by using its own identifier as a public key. The corresponding decryption keys are managed by special trusted entities, which distribute the keys to authorized parties and provide logging facilities. This approach has the particular advantage that emergency access mechanisms can be implemented in a secure and extremely efficient way. In contrast to previous approaches, it requires no large-scale distribution of secret decryption keys. Furthermore, the scheme allows limiting the impact of a compromised decryption key, as one key can only be used to decrypt one single document.

Abstract: To overcome the drawback of difficulties when interchanging a patient's health record among different health information management systems and yet keep the patient's privacy, this invention proposes a method comprising the steps of: extracting, from a certificate, a signature of a first service provider and a first identifier; generating a second identifier corresponding to the first identifier; sending a request to any one of a second identifier manager and the first service provider so as to request a record associated with the first identifier; receiving the requested record from any one of the second identifier manager and the first service provider; and associating the requested record with the second identifier.

Abstract: A system for generating an access control policy comprises a user interface (1) for enabling a user to indicate a topic (10) and a set of permissions (15). A document analyzer (2) analyzes the content of a plurality of documents (11) to find a set of documents (13) relating to the topic (10). A property finder (5) analyzes the content of a plurality of documents (11) to find at least one distinguishing property (12) of documents relating to the topic (10). A document selector (6) selects the set of documents (13), based on the distinguishing property (12). An associating subsystem (3) associates the set of permissions (15) with the set of documents (13) to obtain an access control policy (4).

Abstract: An attribute-based digital signature system is disclosed. A first signature generating unit (1) is used for generating a first signature (10) for a document (11), based on a first signature key (12) and the document (11). A re-signing unit (2) is used for generating a second signature (13) for the document (11), based on the first signature (10) and a re-signing key (14), wherein the re-signing unit (2) is arranged for handling attributes (15, 16) associated with the first signature (10) and/or the second signature (13). The second signature (13) is associated with a second set of attributes (16,16?) determined by the re-signing key (14), wherein the second set of attributes (16) comprises a plurality of attributes.

Abstract: A user interface and a processor coupled to the user interface wherein the processor receives access requests through the user interface and authorizes access through the user interface. The processor associates a rights request with a role based policy to determine access rights, modifies the determined access rights in accordance with an exception list related to particular users and records, and authorizes access to a record based upon the modified determined access rights.

Abstract: A system is disclosed for providing interoperability between a plurality of data protection systems. The system includes an ontology (3) configured to store definitions (12) of concepts (4) relating to interface elements of at least two different data protection systems including a first data protection system (1) and a second data protection system (2); and a mapping generator (5) configured to generate a mapping between at least one interface element of the first data protection system (1) and at least one interface element of the second data protection system (2), based on the ontology (3). The system comprises a message converter (16) configured to receive a message generated by the first data protection system (1), convert the message based on the mapping to obtain a converted message, and transmit the converted message to the second data protection system (2).

Abstract: An attribute-based digital signature system comprises a signature generation unit (1) for signing a message (m) by generating a signature (?) based on a user secret key (SK) associated with a set of user attributes, wherein the signature generation unit (1) is arranged for combining the user secret key (SK) with revocation data (R) to form at least part of the signature (?), wherein the revocation data (R) complements respective ones of a plurality of valid user secret keys and wherein the revocation data (R) prevents a revoked user secret key (SK) from being used to validly sign a message (m) with the set of user attributes. The system further comprises a revocation unit (2) for selectively removing at least part of the signing capability of a to-be-revoked user secret key (SK), by generating updated revocation data (R), wherein the updated revocation data (R) is based on at least part of the to-be-revoked user secret key (SK).

Abstract: A data provider (1) for use in a digital rights management system comprises a data protector (2) for protecting data (20), using attribute-based encryption, in dependence on an access policy over a plurality of attributes. A license issuer (3) issues a license (17) comprising a representation of a set of usage rights (18), wherein the set of usage rights (18) is associated (19) with the data (20), for granting the usage rights (18) in respect of the data (20) to a plurality of entities (10) having attributes satisfying the access policy. A data receiver (10) comprises a data access subsystem (11) for accessing data, using attribute-based decryption, in dependence on a decryption key (16) associated with a set of attributes. The data receiver (10) further comprises a usage constraining subsystem (12) for constraining the access to the data (20), based on a license (17) comprising a representation of a set of usage rights (18) associated (19) with the data.

Abstract: This invention relates to a method of processing rights relating to content, that can be communicated between devices. Typically, a Digital Rights Management (DRM) system imposes limitations of use and distribution, imposed by the service provider, content provider or distributor. The method of the invention renders it possible for a user who has received DRM rights to restrict the right further. The invention is more particularly related to the receipt of DRM rights to Authorized Domain Digital Rights Management (AD-DRM) systems and the introduction of user attributed rights in the form of further restrictions introduced to the received DRM rights. The invention further relates to a Rights Program Template (RPT) facilitating the introduction of such further restrictions in a user friendly way. Finally, the invention relates to a system supporting the method of the invention.

Abstract: A method of performing measurement of a subject comprises measuring a physiological parameter of a subject, deriving data from the measured parameter, optionally, obtaining metadata relating to the measurement of the physiological parameter, determining the quality of the derived data from the derived data and/or the obtained metadata, and if the determined quality matches a predefined criteria, performing a predefined corrective action. In one embodiment, the method further comprises calculating one or more qualifiers from the derived data and/or from the obtained metadata, and wherein the step of determining the quality of the derived data comprises determining the quality of the derived data from the calculated qualifiers.

Abstract: A method of dynamically determining the access rights of a client to a record comprises receiving an access request from the client with respect to the record, determining one or more contexts relating to the access request, calculating a score for each determined context, calculating an overall score from the context scores, accessing a rights policy for the record, the rights policy defining a plurality of different rights with respect to the record, each with a respective minimum score, and determining the client's access rights according to a comparison of the overall score to the score for each right in the rights policy.

Abstract: A method of authenticating a device and a user comprises obtaining a device ID for the device, performing a biometric measurement of the user, obtaining helper data for the user, and generating a key from the biometric measurement and helper data. There is then generated a message comprising the key or a component derived from the key, which transmitted to a remote service, and at the service there is carried out the step of authenticating the device and the user with the message. In a preferred embodiment, the generating of the key further comprises generating the key from the device ID.

Abstract: A system for specifying an access control policy comprises: A user interface (13) for enabling a user to specify a plurality of policy rules comprising a subject attribute, an object, an action, and an authorization, the policy rules defining an access control policy (10). A translation means (9) for translating the access control policy into a machine readable data access control policy language to obtain a translated data access control policy (14). An output (11) for providing the translated data access control policy to an access control policy enforcing unit (50). A conflict detection means (2) for detecting at least two conflicting policy rules indicative of denial and allowance, respectively, of a possible access request. A conflict indication means (6) for indicating to a user information relating to the conflict. A conflict resolution input (7) for retrieving information from a user indicative of a conflict resolution.

Abstract: The present invention relates to a method for exchanging data between at least two servers with use of a gateway. Preferably the method is applied to healthcare systems. Each server holds a unique federated identifier, which identifier identifies a single patient (P). Thus, it is possible for the servers to communicate with each other without having to reveal the true identity of patient. By creating one session pseudonym for each pair of providing server (12) holding relevant patient data and a requesting server (10) and by formatting an inbound session identifier related to the requesting server and an outbound session identifier related to the providing server for each session pseudonym the servers may communicate anonymous data with each other. The patient data is transferred from the at least one providing server to the requesting server and all session pseudonyms are replaced, in the requesting server, with the identifier of the requesting server for the patient (P).