Abstract: The current application is directed to computationally efficient attribute-based access control that can be used to secure access to stored information in a variety of different types of computational systems. Many of the currently disclosed computationally efficient implementations of attribute-based access control employ hybrid encryption methodologies in which both an attribute-based encryption or a similar, newly-disclosed policy-encryption method as well as a hierarchical-key-derivation method are used to encrypt payload keys that are employed, in turn, to encrypt data that is stored into, and retrieved from, various different types of computational data-storage systems.

Abstract: The current application is directed to computationally efficient attribute-based access control that can be used to secure access to stored information in a variety of different types of computational systems. Many of the currently disclosed computationally efficient implementations of attribute-based access control employ hybrid encryption methodologies in which both an attribute-based encryption or a similar, newly-disclosed policy-encryption method as well as a hierarchical-key-derivation method are used to encrypt payload keys that are employed, in turn, to encrypt data that is stored into, and retrieved from, various different types of computational data-storage systems.

Abstract: The current application is directed to computationally efficient attribute-based access control that can be used to secure access to stored information in a variety of different types of computational systems. Many of the currently disclosed computationally efficient implementations of attribute-based access control employ hybrid encryption methodologies in which both an attribute-based encryption or a similar, newly-disclosed policy-encryption method as well as a hierarchical-key-derivation method are used to encrypt payload keys that are employed, in turn, to encrypt data that is stored into, and retrieved from, various different types of computational data-storage systems.

Abstract: Systems, methods, and computer storage media having computer-executable instructions embodied thereon that maintain privacy during user profiling are provided. A profiling service receives, from a first device, rules for profiling a user. The rules were encrypted using a private key. The profiling service also receives, from a second device, user data. The user data was encrypted using a public key communicated to the second device by the first device. The profiling service then matches the encrypted rules with the encrypted user data, and based on the matching, generates a profile for the user. In embodiments, such a user profile can be utilized to deliver personalized digital content to a user.

Abstract: Described is a technology comprising a system in which two distrusting parties can submit sets of encrypted keywords using two independent secret keys to a third party who can decide, using only public keys, if the underlying cleartext message of a cryptogram produced by one distrusting party matches that of a cryptogram produced by the other. The third party (e.g., a server) uses generator information corresponding to a generator of an elliptic curve group to determine whether the sets of encrypted keywords match each other. Various ways to provide the generator information based upon the generator are described. Also described is the use of one-ray randomization and two-way randomization as part of the system to protect against dictionary attacks.

Abstract: The current application is directed to computationally efficient attribute-based access control that can be used to secure access to stored information in a variety of different types of computational systems. Many of the currently disclosed computationally efficient implementations of attribute-based access control employ hybrid encryption methodologies in which both an attribute-based encryption or a similar, newly-disclosed policy-encryption method as well as a hierarchical-key-derivation method are used to encrypt payload keys that are employed, in turn, to encrypt data that is stored into, and retrieved from, various different types of computational data-storage systems.

Abstract: The claimed subject matter provides a system and/or a method that facilitates securing a wireless digital transaction. A terminal component can receive a portion of data related to a payment for at least one of a good or a service. A mobile device can include at least one mobile payment card (m-card), wherein the m-card is created by establishing a link to an account associated with a form of currency. The mobile device can employ public-key cryptography (PKC) to securely and wirelessly transmit a payment to the terminal component utilizing the m-card and linked account.

Abstract: The claimed subject matter provides a system and/or a method that facilitates securing a wireless digital transaction. A terminal component can receive a portion of data related to a payment for at least one of a good or a service. A mobile device can include at least one mobile payment card (m-card), wherein the m-card is created by establishing a link to an account associated with a form of currency. The mobile device can employ public-key cryptography (PKC) to securely and wirelessly transmit a payment to the terminal component utilizing the m-card and linked account.

Abstract: Method for performing a collaborative search in a computing network. In one implementation, the method may include receiving a search criteria from a user, identifying one or more agents who have performed a search using the search criteria, the agents and the user belonging to the computing network, identifying one or more search results that the agents have previously selected as being relevant to the search criteria, ranking the search results, and displaying the search results according to the ranking.

Abstract: Systems, methods, and computer storage media having computer-executable instructions embodied thereon that maintain privacy during user profiling are provided. A profiling service receives, from a first device, rules for profiling a user. The rules were encrypted using a private key. The profiling service also receives, from a second device, user data. The user data was encrypted using a public key communicated to the second device by the first device. The profiling service then matches the encrypted rules with the encrypted user data, and based on the matching, generates a profile for the user. In embodiments, such a user profile can be utilized to deliver personalized digital content to a user.

Abstract: Described is a technology comprising a system in which two distrusting parties can submit sets of encrypted keywords using two independent secret keys to a third party who can decide, using only public keys, if the underlying cleartext message of a cryptogram produced by one distrusting party matches that of a cryptogram produced by the other. The third party (e.g., a server) uses generator information corresponding to a generator of an elliptic curve group to determine whether the sets of encrypted keywords match each other. Various ways to provide the generator information based upon the generator are described. Also described is the use of one-ray randomization and two-way randomization as part of the system to protect against dictionary attacks.

Abstract: A network-based data protection scheme for a mobile device utilizes encryption techniques and a remote key server that stores encryption keys on behalf of the mobile device. The mobile device stores encrypted data, preferably having no unencrypted counterpart stored therewith. On an as-needed basis, the mobile device requests a decryption key (or an encrypted version of a decryption key) from the key server, where the decryption key can be used by the mobile device to decrypt the encrypted information. The key server transmits the decryption key to the mobile device after authenticating the user of the mobile device.

Abstract: Techniques are disclosed to enable utilization of randomly-occurring features of a label (whether embedded or naturally inherent) to provide counterfeit-resistant and/or tamper-resistant labels. More specifically, labels including randomly-occurring features are scanned to determine the labels' features. The information from the scan is utilized to provide identifying indicia which uniquely identifies each label and may be later verified against the label features that are present to determine whether the label is genuine. In a described implementation, the identifying indicia may be cryptographically signed.

Abstract: A computer-implemented system and method for configuring and operating a white-box cipher is disclosed. In one implementation, the system employs a method for configuring pseudorandom data derived from a key to perform key-scheduling functionality associated with rounds of the cipher. Additionally, the system employs a method for generating white-box executable code, wherein the code hides the pseudorandom data by incorporating it into mathematical operations performed during execution of the rounds. Accordingly, the cipher is suited for white-box applications managing digital rights, such as decoding audio, video and other content.

Abstract: A technique for imparting substantial break-once-run-everywhere (BORE) resistance to passive and active software objects, and for controlling access and use of resulting protected objects by a client computer (400). Specifically, a relatively large number, n, of identical watermarks (1720) are embedded throughout a software object (1700), through use of n different secret watermark keys to form a protected object, with each key defining a pointer to a location in the protected object at which a corresponding watermark appears.

Abstract: An implementation of a technology is described herein that facilitates rights enforcement of digital goods using watermarks. More particularly, it is a fingerprinting technology for protecting digital goods by detecting collusion as a malicious attack and identifying the participating colluders. If a digital pirate breaks one client and enables this client to avoid watermark detection, all content (both marked/protected an unmarked/free) can be played as unmarked only on that particular client. However, to enable other clients to play content as unmarked, the digital pirate needs to collude the extracted detection keys from many clients in order to create content that can evade watermark detection on all clients. The described implementation significantly improves collusion resistance through a fingerprinting mechanism that can identify the members of a malicious coalition even when their numbers are several orders of magnitude greater than what conventional collusion-protection schemes can accomplish.

Abstract: Techniques are disclosed to enable utilization of randomly-occurring features of a label (whether embedded or naturally inherent) to provide counterfeit-resistant and/or tamper-resistant labels. More specifically, labels including randomly-occurring features are scanned to determine the labels' features. The information from the scan is utilized to provide identifying indicia which uniquely identifies each label and may be later verified against the label features that are present to determine whether the label is genuine. In a described implementation, the identifying indicia may be cryptographically signed.

Abstract: Method for performing a collaborative search in a computing network. In one implementation, the method may include receiving a search criteria from a user, identifying one or more agents who have performed a search using the search criteria, the agents and the user belonging to the computing network, identifying one or more search results that the agents have previously selected as being relevant to the search criteria, ranking the search results, and displaying the search results according to the ranking.

Abstract: Method for calculating a trust value of an agent in a computing network. In one implementation, the method may include receiving information pertaining to a first agent's previous actions, quantifying a discrepancy between an expected behavior and an actual behavior of the first agent during the first agent's previous actions, and determining the trust value of the first agent based on the quantified discrepancy.

Abstract: Product registration of an electronic good (e.g., software) over the telephone is made easier by reducing the length of code that is communicated to the electronic good provider (e.g., software provider). More particularly, an electronic goods provider provides a product ID comprising a message and digital signature to a client purchasing their electronic good. The electronic good is registered over a telephone by providing only the digital signature portion of a product ID to a telephone registration server having the electronic good provider's private key. The telephone registration server computes a message from the digital signature and private key. If the message has an expected structure (e.g., zeros in certain places) the software is authentic. Therefore, the verification method ensures software authenticity using only a portion of the product ID and thereby reducing the amount of information that needs to be transferred over the telephone to perform the registration process.