Abstract: Systems and methods are described for providing user control over access to private data. An exemplary embodiment is performed on a client computing device in which separate computing environments referred to as context modules are installed. Each context module has a context identifier. An application is installed in a context module. The client computing device receives a request for data from the application, where the request for data includes a schema identifier that identifies the data. If the schema identifier is associated with the context identifier in a rules data storage, then the data is provided to the application. Otherwise, a user is prompted as to whether to permit the data request.

Abstract: Systems and methods are provided for context-module-based personal data protection. Systems and methods provide a user device's user interface with two or more context modules associated with a respective set of applications. Upon receiving a user input to launch an application, the application is executed using data permissions associated with the context from which the user launches the application. Permission for application requests for data are determined based on the data permissions associated with the launch context. For some embodiments, the context may be selected automatically based on sensor data or a user device's context or location. For some embodiments, the context may be changed between two contexts. Such context changes may occur without changing user accounts. For some embodiments, a third user may execute a third application using the data permissions associated with the first context module.

Abstract: Exemplary systems and methods enable consistent context settings for different devices of a user. When a user accesses a service such as a web site through a user device, the device determines whether the service has previously-stored context information associated with a user of the device. If the service does not have previously-stored context information associated with that user, the user device sends context information to service identifying a current context setting of the user device. If the networked service does have previously-stored context information associated with the user, the user device receives that information and switches the context of the device to a context identified by the previously-stored context information.

Abstract: The disclosed systems and methods allow cloud services to delegate processing of sensitive data to trusted user devices. In an exemplary method, a cloud service stores data, some of which is encrypted and cannot be decrypted by the service. The service receives from a client device a request to perform a function on a set of data. The service determines whether the set of data is encrypted. If the set of data is encrypted, it is sent to the client device for processing. The client device decrypts the data, processes it, and returns it to the cloud service for storage. If the set of data is not encrypted, it is processed and stored by the cloud service.

Abstract: Disclosed herein are systems and methods for protecting user privacy in networked data collection. One embodiment takes the form of a method that includes obtaining a user-data request that is associated with a requesting party. The method also includes preparing a first candidate response to the user-data request, where the first candidate response is based at least in part on data that is associated with a first user. The method also includes receiving additional candidate responses that are respectively based on data that is respectively associated with a plurality of additional users. The method also includes determining a privacy level of the first candidate response based at least in part on the received plurality of additional candidate responses. The method also includes determining that the privacy level exceeds a privacy threshold, and responsively sending, to the requesting party, a user-data response associated with the user-data request.

Abstract: Systems and methods for use in a secure personal data marketplace are disclosed. In accordance with one method, a request for processed user data from a requesting party is received at an electronic marketplace. The request for the processed user data is published from the electronic marketplace to a plurality of responding agents. The plurality of responding agents determine whether one or more of the users will be a user participant. The responding agents send the user information for the user participants to the electronic marketplace, where the user information is processed in a trusted environment to generate the processed user data requested by the requesting party. The processed user data is sent from the electronic marketplace to the requesting party, and the user information and processed user data is deleted from the electronic marketplace once the processed user data has been sent to the requesting party.

Abstract: Systems and methods are described for providing user control over access to private data. An exemplary embodiment is performed on a client computing device in which separate computing environments referred to as context modules are installed. Each context module has a context identifier. An application is installed in a context module. The client computing device receives a request for data from the application, where the request for data includes a schema identifier that identifies the data. If the schema identifier is associated with the context identifier in a rules data storage, then the data is provided to the application. Otherwise, a user is prompted as to whether to permit the data request.

Abstract: The server comprises a plurality of nodes and links connecting the nodes. Each node can serve a single user or multiple users. A data storage means (42) in the node is designed to serve not only its own users but also other nodes of the decentralized file server so that files incoming to the node can be distributed forward to at least two other nodes of the server. A file fetched by several users simultaneously is copied automatically into a plurality of nodes in the file server. The nodes have conversion means (44) for converting a file requested by a user from one type to another type. The conversion can only be carried out in the node the user is connected to. Calculation capacity for executing the conversion can also be decentralized to several nodes. This is especially advantageous when the calculation load for the processor in one node is very high due to various simultaneous conversion processes.