Abstract: A problem with online transactions is that a customer may unwillingly be profiled by a corporate entity. To hinder such profiling, a customer may occasionally generate a public/private key pair, and present the public key to a digital token service for use as a pseudonym included in tokens issued to the customer. A subsequent assignment of the digital token to a corporate entity can then be performed by adding the public key of the corporate entity to the token, and signing the combination with the private key which pairs with the pseudonymous public key in the token. A return transaction from the corporate entity to the customer can then add the pseudonymous public key to a return digital token and sign the combination with the corporate entity's private key. Routing the digital token to the customer may be achieved by replying directly to the anonymous inbound token.

Abstract: Systems and methods are described for content distribution at a distributor. A functionally encrypted content request comprising a user identifier and a content identifier is received. The functionally encrypted content request is sent to a content provider. A content reply comprising the functionally encrypted content request and encrypted content corresponding to the content identifier is received. The content reply is decrypted using a functional user identifier decryption key to resolve the user identifier. A further content reply corresponding to the content reply is sent to a user node corresponding to the user identifier.

Abstract: A privacy-preserving process for communicating over a decentralized peer-to-peer network is described in which a user device receives a digitally signed temporary user ID from an identification service, and initiates a transaction with an online content provider using the digitally signed temporary user ID and cryptographically encrypted user payment information. The user device receives data from the content distributor in response to the content distributor receiving a first indication of payment for the transaction from a payment service. In this method, the first indication of payment for the transaction to the content distributor was to have been transmitted by the payment service device in response to: the payment service device receiving the temporary user ID and linking the temporary user ID to the user information; and the payment service receiving a second indication of payment based on the user information.

Abstract: A peer-to-peer content provision network is disclosed which implements a privacy-preserving payment mechanism for rewarding actors in the network (for example, a content supplier, a content distributor and storage-contributing peers). To reward some or all of those actors, a user device obtains, from a token service, anonymous digital payment tokens which include an ephemeral public key. Payment is achieved by adding an assignment layer to the token which involves combining a payee ephemeral public key with the token, and applying a digital signature to the combination using the ephemeral private key corresponding to the ephemeral public key in the token. Subsequent assignments can be made by the payee by adding a further assignment layer to the token using a payee ephemeral private key which pairs with the payee ephemeral public key in the received token. A payment service can divide a payment from the user between actors in the network.

Abstract: Systems and methods of rotating content license management for multiple terminals associated with the same content service subscription user account are disclosed. An ephemeral master device (EMD) is selected from a domain of client devices associated with the same user account. The content service generates an Ephemeral Personal Credential (EPC) associated with the user account, which is temporary and is updated periodically or randomly. The EMD role rotates among the devices in the domain periodically or randomly. The updated EPC is sent to the current EMD. A client device can access content via the user account by providing 1) the account credentials and 2) a valid EPC. Account credentials may be shared with the client device. The EPC is shared with the client device when the client device moves within a particular range of the EMD (or another device in the domain which has the EPC) to synchronize the EPC.

Abstract: Systems and methods are described for encrypting and decrypting data in a distributed storage environment. Such systems and methods for encryption may divide a data payload into slices, the slices including a first slice and a subsequent slice, employ a content encryption key and an initialization vector, encrypt the first slice using the content encryption key and the initialization vector, generate a subsequent initialization vector for the subsequent slice based upon the initialization vector and the unencrypted content of the first slice, and encrypt the subsequent slice using the subsequent initialization vector and the content encryption key. The systems and methods may then generate a list of the encrypted slices into which the data payload has been generated, and publish to a secure storage location, the slice list, the content encryption key and the initialization vector for the first slice in the slice list, with the slices outputted to the distributed storage environment.

Abstract: Systems and methods are described for encrypting and decrypting data in a distributed storage environment. Such systems and methods for encryption may divide a data payload into slices, the slices including a first slice and a subsequent slice, employ a content encryption key and an initialization vector, encrypt the first slice using the content encryption key and the initialization vector, generate a subsequent initialization vector for the subsequent slice based upon the initialization vector and the unencrypted content of the first slice, and encrypt the subsequent slice using the subsequent initialization vector and the content encryption key. The systems and methods may then generate a list of the encrypted slices into which the data payload has been generated, and publish to a secure storage location, the slice list, the content encryption key and the initialization vector for the first slice in the slice list, with the slices outputted to the distributed storage environment.

Abstract: A method, a computing unit and a system for token-based information exchange between a computing unit of a first entity (400A) and a computing unit of one second entity (400B) are presented. The method comprises obtaining (110) a token set (200A) associated with the first entity (400A) and a token set (200B) associated with the one second entity (400B), clustering (120) the token set (200A) associated with the first entity (400A) into clusters, requesting (130) information on tokens (205, 205A, 205B) from the computing unit of the one second entity (400B), receiving (140) information on said tokens (205, 205 A, 205B) from the computing unit of the one second entity (400B), determining (150) an active cluster associated with the first entity (400A), modifying (160) the token subset (310, 320) associated with the determined active cluster of the first entity (400A) at least partly with information on the received tokens (205, 205A, 205B) associated with the second entity (400B).

Abstract: A method, a computing unit and a system for token-based information exchange between a computing unit of a first entity (400A) and a computing unit of one second entity (400B) are presented. The method comprises obtaining (110) a token set (200A) associated with the first entity (400A) and a token set (200B) associated with the one second entity (400B), clustering (120) the token set (200A) associated with the first entity (400A) into clusters, requesting (130) information on tokens (205, 205A, 205B) from the computing unit of the one second entity (400B), receiving (140) information on said tokens (205, 205 A, 205B) from the computing unit of the one second entity (400B), determining (150) an active cluster associated with the first entity (400A), modifying (160) the token subset (310, 320) associated with the determined active cluster of the first entity (400A) at least partly with information on the received tokens (205, 205A, 205B) associated with the second entity (400B).

Abstract: The invention relates to a method for exchange of information between a computing unit of a first entity and a computing unit of at least one second entity. A computing unit of at least one second entity is detected and information on a token associated to the second entity from the computing unit is requested and received. On the basis of the received information, the token associated to the at least one second entity, is retrieved and a token associated to the first entity is modified at least partly with information of the received token associated to the at least one second entity. Finally, the modified token is utilized at least in the service the computing unit of the first entity belongs to. The invention relates also to a system and a computing unit implementing the method.

Abstract: Recommendation system based on the actions of a group of users, and not requiring prior metadata, is provided. The recommendation is not limited to from user-to-item (e.g. media recommendation) type; e.g. from user-to-user (e.g. social networking), from item-to-item (e.g. “see also” in internet shopping) and item-to-user (e.g. advertizing) recommendations are supported. The solution utilizes a set of identifiable tokens, associated with each entity, an entity being either a user or an item. Whenever there is an interaction between entities, either existing token sets are updated or new token sets are created such that after an interaction each interacting entity is associated with a token set which resembles more than before the token set(s) associated with the other interacting entity. Recommendation can be produced by searching best matching token sets on the user-to-item, user-to-user, from item-to-item or item-to-user basis.

Abstract: Method (400) for managing a plurality of digital token sets (202, 202b, 202c), wherein each digital token set comprises a plurality of tokens (203) and is associated with a digital item available for access via an e-service, wherein the digital tokens are identifiable elements of substantially no semantic value and interaction between a user-related token set and item-related token set involves adapting both token sets based on the token set of the other party of the interaction, comprises obtaining a first plurality of token sets associated with a corresponding plurality of digital items (300), distributing (304) said first plurality of token sets among a second plurality of at least computationally separate but communications-wise connected, functionally parallel partial repositories (202, 204, 206), wherein said second plurality is smaller than the first plurality, the partial repositories establishing a greater joint, distributed repository, wherein said distributing comprises utilization of a predefined

Abstract: Method (501) for adapting an obtained digital first token set comprising a plurality of tokens, the first token set being associated with a first entity, such as a user of an electronic device, wherein tokens are identifiable elements of substantially no semantic value, the first token set being maintained between and updated responsive to interactions between the first entity and one or more other entities, the token sets of which are also updated based on the interactions, said method comprising detecting interaction (504, 514) between the first entity and another entity, optionally a digital media element such as a web site, web page or a digital resource accessible therethrough, a second token set being associated with the second entity, determining at least one control value (506) regarding the first token set based on the interaction, wherein interaction feedback or interaction frequency is configured to affect said at least one control value, and altering the construction of the first token set (508) i

Abstract: A method for writing data to a memory device comprising a first and a second memory device the first memory device comprises data blocks numbered with block numbers and the second memory device comprises at least one reference calculated from a data block digest and its physical block number. The invention comprises at least the steps: calculating the digest from at least part of the data block content, receiving at least one physical block number, to which the data block contents in the first memory device is stored, encrypting the data block content, storing the data block content to the first memory device to the position pointed by the physical block number, and storing or issuing a command to save the digest, or a number derived from it, and at least one said physical block number to the second memory device. A system, computer program, and server are also presented.

Abstract: A method for writing data to a memory device comprising a first and a second memory device the first memory device comprises data blocks numbered with block numbers and the second memory device comprises at least one reference calculated from a data block digest and its physical block number. The invention comprises at least the steps: calculating the digest from at least part of the data block content, receiving at least one physical block number, to which the data block contents in the first memory device is stored, encrypting the data block content, storing the data block content to the first memory device to the position pointed by the physical block number, and storing or issuing a command to save the digest, or a number derived from it, and at least one said physical block number to the second memory device. A system, computer program, and server are also presented.

Abstract: Recommendation system based on the actions of a group of users, and not requiring prior metadata, is provided. The recommendation is not limited to from user-to-item (e.g. media recommendation) type; e.g. from user-to-user (e.g. social networking), from item-to-item (e.g. “see also” in internet shopping) and item-to-user (e.g. advertizing) recommendations are supported. The solution utilizes a set of identifiable tokens, associated with each entity, an entity being either a user or an item. Whenever there is an interaction between entities, either existing token sets are updated or new token sets are created such that after an interaction each interacting entity is associated with a token set which resembles more than before the token set(s) associated with the other interacting entity. Recommendation can be produced by searching best matching token sets on the user-to-item, user-to-user, from item-to-item or item-to-user basis.

Abstract: The invention relates to a method for exchange of information between a computing unit of a first entity and a computing unit of at least one second entity. A computing unit of at least one second entity is detected and information on a token associated to the second entity from the computing unit is requested and received. On the basis of the received information, the token associated to the at least one second entity, is retrieved and a token associated to the first entity is modified at least partly with information of the received token associated to the at least one second entity. Finally, the modified token is utilized at least in the service the computing unit of the first entity belongs to. The invention relates also to a system and a computing unit implementing the method.

Abstract: A Method and a terminal intended for securing information in a local memory device which is couplable to a terminal having a data link interface. At the terminal, the method divides the original data resulting in a first portion and a second portion. The method stores the first portion in the local memory device and sends the second portion for storage in a remote memory device. Upon obtaining an authorized read request targeted to the original data the method retrieves the second portion and combines the two portions. The method provides high data security if the data, is encrypted prior to the step of dividing. Another aspect of the invention comprises a terminal capable of at least combing the first and second data portions to reconstruct the original data, and preferably to perform the step required for dividing the data. The data may or may not be encrypted.

Abstract: The invention concerns a method for writing data to a memory device arrangement comprising a first and a second memory device in which the first memory device comprises data blocks numbered with block numbers and the second memory device comprises at least one reference calculated from a data block digest and its physical block number. The invention is characterized in that it comprises the following steps: calculating the digest from at least part of the data block content, receiving at least one physical block number, to which the data block contents in the first memory device is stored, encrypting the data block content, storing the data block content to the first memory device to the position pointed by the physical block number, and storing or issuing a command to save the digest, or a number derived from it, and at least one said physical block number to the second memory device. Also a system, a computer program and server computer in accordance to the invention are presented.

Abstract: A Method and a terminal intended for securing information in a local memory device which is couplable to a terminal having a data link interface. At the terminal, the method divides original data resulting in a first portion and a second portion. The method stores the first portion in the local memory device and sends the second portion for storage in a remote memory device. Upon obtaining an authorized read request targeted to the original data the method retrieves the second portion and combines the two portions. The method provides high data security if the data, is encrypted prior to the step of dividing. Another aspect of the invention comprises a terminal capable of at least combing the first and second data portions to reconstruct the original data, and preferably to perform the step required for dividing the data. The data may or may not be encrypted.