Abstract: Systems and methods for managing digital identities. In some embodiments, a method is provided, comprising acts of: receiving a request to validate at least one statement about a user; identifying, from the request, a reference to a distributed ledger, the reference comprising an identifier for the distributed ledger and an identifier for a transaction recorded on the distributed ledger; identifying, based at least in part on the identifier for the distributed ledger, at least one node of a network of nodes managing the distributed ledger; and communicating with the at least one node to validate the at least one statement about the user.

Abstract: A computer-implemented method comprising, at a verifying nodes of a blockchain network: obtaining a first transaction which comprises runnable code; receiving a second transaction which includes information comprising at least a submitted instance of an r-part and an s-part of a first ECDSA signature, and further comprising a nonce; and miming the code from the first transaction. The code is configured to verify that HPoW(ƒ(r, d)) meets a predetermined condition defined in the code, and to return a result of true on condition thereof, where r is the submitted instance of the r-part, d is the nonce, HPoW is a hash function, and f is a function combining q and d.

Abstract: A virtual machine comprises a browser and an output unit configured to output a file generated while the browser interprets and processes a Web page to storage, which is different from a storage region that the virtual machine has and can be shared with another virtual machine different from the virtual machine.

Abstract: A cookie compliance management system enables automated evaluation of cookie compliance within an enterprise. The system determines whether a cookie set by an application in the environment is compliant with a policy. It comprises a workflow engine, a cookie discovery engine (CDE), a cookie characterization engine (CCE), a cookie policy engine (PE), and a cookie registry. The workflow engine receives a request to initiate an evaluation of an application for cookie compliance. The CDE is invoked and returns cookies that are set by the application. The CCE receives a set of base attributes associated with a cookie discovered by the CDE, and computes a set of descriptive attributes determined to be required to enable evaluation of the cookie according to a policy. The policy engine receives policy rules and the set of descriptive attributes and, in response, determines whether the cookie is compliant with the policy. The cookie registry stores cookie data.

Abstract: A computer-implemented method that provides watermark-based image reconstruction to compensate for lossy encoding schemes. The method can generate a difference image describing the data loss associated with encoding an image using a lossy encoding scheme. The difference image can be encoded as a message and embedded in the encoded image using a watermark and later extracted from the encoded image. The difference image can be added to the encoded image to reconstruct the original image. As an example, an input image encoded using a lossy JPEG compression scheme can be embedded with the lost data and later reconstructed, using the embedded data, to a fidelity level that is identical or substantially similar to the original.

Abstract: Methods and apparatuses for data communication and cybersecurity are provided to handle the PKI over constrained devices with application over PAN/LP-WAN and other similar devices and networks. This significantly improves the security capabilities of such devices in terms of identity verification, encrypted communication, and device life-cycle management. The apparatus may authenticate a party of a data communication session using a micro certificate within a micro public key infrastructure that provides transport or application layer security. The micro public key infrastructure may be the combination of communication protocol, micro certificates, and a management platform. The apparatus may establish the data communication session using the micro certificate. The apparatus may perform secured data communication over the data communication session.

Abstract: The present invention discloses a watermark embedding method based on service invocation data, comprising obtaining service invocation data, and preprocessing the invocation data, then, obtaining the key data through screening the preprocessed invocation data based on relevant weights, then, adding timestamps to the key data to obtain enhanced data, after that, selecting the contribution degree of the enhanced data to obtain high-quality data, and encoding the high-quality data to generate encoded data, then, constructing a data watermark embedding model by employing the encoded data, and inputting the service invocation data to be embedded into the data watermark embedding model, and thus the embedding results can be output. This method can not only improve the accuracy of watermark embedding for service invocation data, but also provides good interpretability, making it directly applicable to watermark embedding systems.

Abstract: Methods and systems are presented for generating a zero-knowledge, or other, proof for a prover (user) in need of specialized services for generating a zero-knowledge proof. The prover transmits a proof request comprising a witness and a statement to an orchestrator. The orchestrator determines an optimal zero-knowledge proof system for the particular statement and witness. It then transmits the proof request to a prover network with the optimal proof system to generate a zero-knowledge proof in an efficient manner. The proof is then transmitted back to the orchestrator and/or published or otherwise made available.

Abstract: Embodiments describe systems and methods for analyzing digital certificates. A computer-implemented method can include identifying a plurality of digital certificates, individual digital certificates of the plurality of digital certificates including respective internal information. External information associated with the individual digital certificates can be determined, the external information not contained within the respective digital certificate. The external information can be updated in a database with additional external information that is collected on a periodic basis. A query can be run against the database to identify one or more vulnerable digital certificates associated with a client based on the internal information and the external information. A notification can be sent to the client regarding the one or more vulnerable digital certificates.

Abstract: An example operation includes one or more of detecting, by a validation service node, an access of a block on a blockchain ledger; accessing, by the validation service node, a block validation stamp comprising meta-data signed by a trusted stamping authority (TSA) on the blockchain ledger; and validating the block based on the meta-data.

Abstract: A novel structured random sample consensus protocol to greatly improve blockchain and distributed ledger technology throughput and scalability, while maintaining decentralization and high levels of security. The invention leverages small committees of fixed sizes, called “Clans,” threshold cryptography, and logical virtual districts, called “Tribes,” in order to deterministically random sample disparate nodes for sentiment analysis on a transactions validity, thereby only requiring a relatively small subset of nodes to validate any particular transaction or batch of transactions thus enabling much greater concurrency and parallel processing compared to other more linearized consensus algorithms, while maintaining high security.

Abstract: Methods of securely controlling a utility grid edge device are provided. A method of securely controlling a utility grid edge device includes receiving renewed security information at a node that includes cryptographic circuitry. Moreover, the method includes controlling an operation of the utility grid edge device via the node, after receiving the renewed security information. Related nodes and utility grid edge devices are also provided.

Abstract: Disclosed are a computer-hosted database system providing cryptographic verifiability and comprising an immutable key-value data store and cryptographic proof data (which may be stored in a Merkle Hash Tree). The logical structure of a data record is defined by a rich data model and comprises a first field and a second field. Disclosed is a method that comprises receiving an instruction requesting retrieval of first field data and returning the data stored in the first field and cryptographic proof data sufficient to prove data originality of the first field data without knowledge of the data in the second field. The rich data model may be a relational data model or a document data model.

Abstract: A method is disclosed. The method includes receiving, by an access control server, an authentication request message comprising a credential or a token from an access device, after the access device receives the credential or the token from a portable device of a user. The method also includes responsive to receiving the authentication request message, transmitting, by the access control server, a challenge message to a user device associated with the user; generating, by the access control server, an authentication indicator. The method also includes transmitting, by the access control server, an authentication response message including the authentication indicator to the access device.

Abstract: Securely storing data includes encrypting the data using a random key to provide obfuscated data, scrambling the obfuscated data to provide scrambled obfuscated data, generating a scramble schema indicating how to unscramble the scrambled obfuscated data, encrypting the scrambled obfuscated data to provide encrypted scrambled obfuscated data, splitting the scramble schema, and distributing separate portions of the scramble schema and separate portions of the encrypted scrambled obfuscated data to separate entities. The data may be private key data. Securely storing data may also include concatenating the random key on to the obfuscated data prior to scrambling the obfuscated data, wherein the random key is scrambled together with the obfuscated data. Scrambling the obfuscated data may use a Fisher Yates Shuffle mechanism. Securely storing data may also include generating and distributing a symmetric authentication key that is used to authenticate a first entity to a second entity.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to securely configure an endpoint. Example apparatus disclosed herein include memory, machine readable instructions, and processor circuitry to at least one of instantiate or execute the machine readable instructions to access a certificate at an ePolicy orchestrator, the certificate including private key information, access a configuration, the configuration including policy information and installation instructions, sign the configuration using the private key information to securely sign the configuration, the signed configuration including a secured signature, create a secured installer using the certificate and the signed configuration, the secured installer including an agent, and provide the secured installer to an endpoint for installation of the agent and execution of the endpoint.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for jointly training an encoder that generates a watermark and a decoder that decodes a data item encoded within the watermark. The training comprises obtaining a plurality of training images and data items. For each training image, a first watermark is generated using an encoder and a subsequent second watermark is generated by tiling two or more first watermarks. The training image is watermarked using the second watermark to generate a first error value and distortions are added to the watermarked image. A distortion detector predicts the distortions based on which the distorted image is modified. The modified image is decoded by the decoder to generate a predicted data item and a second error value. The training parameters of the encoder and decoder are adjusted based on the first and the second error value.

Abstract: The present invention is a data protocol providing notarization of a data between two or more nodes on a content-addressable peer-to-peer storage network. A node generates a new data block, which is witnessed by peer nodes to increase the integrity of the data. Each peer node responds to the node's signature request with an encoded digital signature of the data using a private key. The node appends the signature from each witness node to the data block and then generates a cryptographic hash of the entire data block, which is used as the identity of the block.

Abstract: A file recovery method executed by a storage device among a plurality of storage devices is provided. The file recovery method includes: detecting that the storage device is compromised and deleting file slices and an original encryption key from the storage of the storage device; after the deleting, generating a new encryption key different from the original encryption key; and instantiating a file recovery method to obtain the previously stored file slices on the compromised storage device from other non-compromised storage devices and to distribute new file slices encrypted using the new encryption key to non-compromised storage devices storing file slices encrypted using the old encryption key of the comprised storage device.

Abstract: Methods and systems described in this disclosure electronically notarize a document. The system can receive biometric information from a user, extract characteristics from the biometric information, and compare the characteristics of the biometric information with previously stored characteristics of the user's biometric information. When the characteristics of the biometric information match the previously stored characteristics to a threshold, the system can create an identity of the user using the characteristics of the biometric information. The system can send a document to the user for cryptographic signature and receive an indication that the document has been signed. The cryptographic signature can be generated with a digest of the document, the identity, and a cryptographic key associated with the user. The system can inspect the digest of the document, the cryptographic key, and the identity associated with the document to verify authenticity of the document and the identity of the user.

Abstract: Embodiments of this application provide an information verification method, apparatus, and device. The method includes: sending a first message to a server that includes a target domain name and first indication information, which indicates a status of first verification information stored in a client, the first verification information is verification information generated based on multiple domain names and owner information of the multiple domain names, the first verification information verifies the owner information of the multiple domain names, and the multiple domain names include a target domain name; receiving a second message sent by the server based on the first message, where the second message indicates target first verification information, which is used by the client to verify owner information of the target domain name; and verifying the obtained owner information of the target domain name based on the second message.

Abstract: A memory system includes a nonvolatile memory and a controller. In a case where first encrypted data obtained by encrypting first data with a first DEK is stored in the nonvolatile memory, in response to determining that second data received based on a first write request from a host is the same as the first data and a first user uses the host, the controller encrypts the first DEK with a first KEK associated with the first user to acquire a first encrypted DEK, and stores the first encrypted DEK.

Abstract: Devices, systems, and methods enabling parties with little trust or no trust in each other to enter into and enforce value transfer agreements conditioned on input from or participation of a third party, over arbitrary distances, without special technical knowledge of the underlying transfer mechanism(s), optionally affording participation of third-party mediators, substitution of transferors and transferees, term substitution, revision, or reformation, etc. Such value transfers can occur reliably without involving costly third-party intermediaries who traditionally may otherwise be required, and without traditional exposure to counterparty risk.

Abstract: This disclosure relates to field of cryptography and digital signatures. The constant theft of cryptocurrencies is due to compromise of the secret signing key inherently stored in a single location. Also, one of challenges in the existing ECDSA signature is single point failure, wherein the signing key (private key) is prone to theft. The disclosed technique overcomes the challenging in the existing techniques by party distributed signature that ensures the safety of the private key. The disclosed techniques slits the key in two parts and saves at two different locations/machines. Further based on a ECDSA based technique, the digital signature is obtained securely using several steps that includes generation of first two parts of digital signature at one party, generation of the second two parts of digital signature at second party, finally decrypting a complete digital signature at the first party.

Abstract: A method of creating secure endpoints on a network includes registering by a node using a random selection algorithm to choose which server to register to; receiving by the node a property set ID of a property set that the node is a member of; and authorizing by the node using the property set ID to look up its authorization details in the property set. A method of creating secure endpoints on a secure network having at least one community of interest, includes registering by a node using a random selection algorithm to choose which server to register to; receiving by the node a property set ID of a property set that the node is a member of; and authorizing by the node through an authorization server using the property set ID to look up its authorization details in the property set; wherein the node and the authorization server are a member of the at least one community of interest.

Abstract: Systems and methods are described for accessing resources of a Unified Endpoint Management (“UEM”) system through an enrolled device. In an example, an unenrolled device can be paired with an enrolled device. The unenrolled device can connect to the enrolled device on a local network. The enrolled device can verify the unenrolled device using a key provided during pairing. The unenrolled device can send requests for UEM resources to the enrolled device, which the enrolled device can send to a UEM server. The UEM server can send the requested UEM resources to the enrolled device, and the enrolled device can send the UEM resources to the enrolled device over the local network.

Abstract: Cross-channel user authentication is provided, to increase resilience of a computerized system to cyber-attacks and to fraudulent transactions. In a demonstrative scenario, a user utilizes his web browser on his laptop computer to log-in to a web server; which in turn extracts the IP address of the laptop computer. The web server triggers an application server to send a Push Notification to a Mobile App that had been installed on a smartphone of that user who just logged in; and that Push Notification causes that smartphone to respond to the application server with the IP address of the smartphone. If the IP address of the computer is not identical to the IP address of the smartphone, then the servers determine that the log-in attempt on the computer was possibly fraudulent, and fraud mitigation operations are initiated. Optionally, geo-location data, device orientation data, device motion data, or other parameters are used as part of the cross-channel authentication process.

Abstract: Apparatuses, systems, and techniques to generate a trusted execution environment including multiple accelerators. In at least one embodiment, a parallel processing unit (PPU), such as a graphics processing unit (GPU), operates in a secure execution mode including a protect memory region. Furthermore, in an embodiment, a cryptographic key is utilized to protect data during transmission between the accelerators.

Abstract: The invention relates to securing of a digital file content against forgery and falsifying, and particularly of digital data relating to its belonging to a specific batch of digital files, while allowing offline or online checking of the authenticity of a secured digital file and conformity of its digital data with respect to that of a genuine original digital file.

Abstract: The methods and system allow for the generation of a signcrypted biometric electronic signature token using a subsequent biometric sample after an enrollment of a biometric reference value in a biometric system. The signcrypted biometric electronic signature token involves simultaneous encryption and digital signature to protect the confidentiality. The system as described herein provides data integrity, origin authentication, and efficiency by performing encryption and digital signature simultaneously. The process allows a signcrypting party to enroll in a biometric service, sign a piece of data or content using a public key, that may be tied to a trusted anchor certificate authority, and submit a biometric sample. Subsequently, the relying party may validate the information on that piece of data or content to confirm the identity of the signcrypting party.

Abstract: Methods and systems for installing and running an application for a terminal are described. The method may include uploading an application to an application store. The method may also include downloading, by a terminal, the application from the application store, wherein the terminal is connected to the application store by a network. Furthermore, the method may include authorizing, by a terminal management server (TMS) coupled to the terminal and the application store via the network, the terminal to install and run the downloaded application.

Abstract: An information processing system includes an array sensor with a pixel array having a plurality of one-dimensionally or two-dimensionally arranged pixels including a light-receiving element that receives visible or non-visible light, a hash value generator that generates a hash value from captured-image data based on a photoelectric conversion performed by the pixel array, and an encryption processing section that performs processing of encrypting the hash value; an acquisition section that acquires the captured-image data and the encrypted hash value; a decryption processing section that decrypts the acquired encrypted hash value; a hash value calculator that calculates a hash value from the acquired captured-image data; a hash value comparing section that compares the hash value obtained by the decryption with the calculated hash value; and a falsification determination section that determines whether the acquired captured-image data has been falsified, based on a comparison result of the hash values.

Abstract: An AI system and a method of preventing capture of an AI module in the AI system is disclosed. The AI system includes an input interface, a signature verification module, an AI module configured to execute multiple AI models, a hash module, and a key generation module. A signature module and the key generation module provide an output to the user in response to a received input from the user. The AI module further includes an output interface configured to transmit an output response from the signature module to the user.

Abstract: A method for cryptographic signature of a datum comprises determining: a signature point equal to the addition of elements equal to a derived first point and of number equal to a first scalar; a second scalar by subtracting, from the product of the first scalar and of a selected scalar, the product of a third and of a fourth scalar; another signature point equal to the addition of elements equal to a selected point and of number equal to the second scalar, and of elements equal to a derived second point and of number equal to the fourth scalar; and a signature portion based on a private key, on the first scalar, on a coordinate of the signature point and on the datum. The derived first and second point are respectively equal to the addition of elements equal to a generator point and of number equal to a fifth and to the third scalar.

Abstract: There is provided a computer-implemented method for a first party to control permission for access to first party information to a second party while preserving privacy, the method comprising the following steps taken by the first party at first party computing apparatus: establishing with the second party a set of information classes for first party information to be provided to the second party and establishing permitted use for the first party information in the set of information classes; providing a first party consent to the permitted use for the first party information in the set of information classes, encrypting the first party consent for inspection limited to the first party and the second party, and providing the first party consent to the second party in a first party digitally signed consent grant structure for the second party to decrypt, validate and sign the first party consent and for a consent validating party to store the first and second party digitally signed consent grant structure on a

Abstract: A transmitter device for sending an encrypted message to a receiver device in an identity-based cryptosystem, the identity-based cryptosystem includes a transmitter trusted center connected to the transmitter device and a receiver trusted center connected to the receiver device. The transmitter device is configured to: receive, from the transmitter trusted center, two public authentication keys; check if a set of conditions related to a transmitter trusted center public key, to a receiver trusted center public key, and to a transmitter authentication key comprised in the two public authentication keys are satisfied; determine a ciphertext set comprising an encrypted message if the set of conditions are satisfied; send the ciphertext set to the receiver device.

Abstract: Exemplary embodiments can identify the toxic PI combinations and flag these combinations for evaluation. Because organization policies on toxic PI combinations can constantly evolve, the system may be continuously updated with the latest policies. Exemplary embodiments may be used as part of an automated code review for application development and for monitoring of existing applications and programs. Thus, exemplary embodiments take the guesswork out of identifying risks in applications and programs by providing an automated tool that can scan and identify toxic combinations in accordance with various policies.

Abstract: An information processing apparatus is provided. The apparatus is configured to verify a native program stored in a first storage unit with reference to a correct value stored in advance in the first storage unit; and, when an additional program is stored in a second storage unit that is different from the first storage unit, storing a correct value corresponding to the additional program in the second storage unit. The information processing apparatus is further configured to verify the additional program with reference to the correct value stored in the second storage unit, in addition to verifying the native program stored in the first storage unit.

Abstract: A system and method are disclosed for encoding and decoding QR codes using proprietary compression codebooks to increase information density and provide data security. Public data is encoded using a standard codebook while private data uses a proprietary codebook. The encoded data is combined into a single QR code. Decoding extracts the public and private portions and decompresses them using the appropriate codebooks.

Abstract: A user device generates an initiate interaction request message comprising a state commitment. The user device provides the initiate interaction request message to a first server computer, which creates a verify state request message comprising an interaction index, an interaction index commitment, and a first commitment signature formed from the state commitment and the interaction index commitment. The user device receives the verify state request message, then generates a modified verify state request message comprising a user device public key, the state commitment, the interaction index commitment, and the first commitment signature. The user device provides the modified verify state request message to a second server computer. The second server computer verifies the state commitment, verifies the first commitment signature, and creates a second commitment signature formed from the state commitment and the interaction index commitment.

Abstract: One or more computing devices, systems, and/or methods for evaluating email activity and/or controlling, based upon the email activity, transmission of instructions associated with quality are provided. A first email, transmitted by an email account associated with an entity to a plurality of email accounts, may be identified. First activity associated with the first email may be detected. A first set of activity information associated with the first activity may be stored in an entity profile associated with the entity. The entity profile may comprise a plurality of sets of activity information associated with a plurality of emails transmitted by one or more email accounts associated with the entity. A quality score corresponding to the first entity may be generated based upon the entity profile. A notification may be generated based upon the quality score. The notification may be transmitted to the first client device.

Abstract: The disclosed technology provides solutions for performing a document validation process wherein physically present witnesses are required. In some aspects, a process of the disclosed technology includes steps for receiving geolocation data for a mobile device associated with a first user, receiving a signed electronic document via the first device, determining if the signed electronic document was properly executed by the first user, and if the signed electronic document was properly executed, providing a prompt to the first user, wherein the prompt is configured to request electronic contact address for a second device associated with a second user. In some aspects, the process can further include transmitting an authentication request to the second device associated with the second user, receiving geolocation data from the second device in response to the authentication request. Systems and machine-readable media are also provided.

Abstract: Embodiments described herein provide a design architecture for co-designing a controller and a watermarking signal for a cyber-physical system. During operation, the architecture can determine, in conjunction with each other, respective values of a first set of parameters indicating operations of the controller and a second set of parameters representing the watermarking signal. Here, the watermarking signal is combinable with a control signal from the controller for monitoring an output signal of the cyber-physical system for detecting malicious data at different time instances. Subsequently, the architecture can determine a state manager for determining the states of the cyber-physical system from the monitored output signal based on the first and second sets of parameters. The architecture can also determine a detector capable of identifying presence of an attack from the states of the cyber-physical system at a plurality of time instances using the watermarking signal.

Abstract: An information handling system may include at least one processor; and a computer-readable medium having instructions thereon that are executable by the at least one processor for: communicatively coupling to an electronic pen; receiving, from the electronic pen, stroke data indicative of content drawn by the user with the electronic pen; receiving, from the electronic pen, biometric data associated with a user of the electronic pen, wherein the biometric data is collected via one or more grip pads of the electronic pen contemporaneously with the content being drawn; receiving, from the electronic pen, timestamp data indicative of a time at which the content was drawn; and creating a cryptographic hash based on the stroke data, the biometric data, and the timestamp data.

Abstract: A data transmission method includes a step in which a first device generates a first encrypted packet by encrypting a packet addressed to a second device with an associated first encryption key. A device to be a transmission destination of the first encrypted packet is determined. A second encrypted packet is generated by encrypting the first encrypted packet with an associated second encryption key, and the second encrypted packet is transmitted to the determined device. The method includes determining another device and executing the transmission step if the decrypted first encrypted packet is not addressed to the device itself in the determination regarding whether or not the decrypted first encrypted packet is addressed to the device itself and of further decrypting the first encrypted packet if the decrypted first encrypted packet is addressed to the device itself.

Abstract: A method for providing images, comprising: performing authentication of an entity (1010);obtaining identity information of the entity based on the authentication (1020); obtaining one or more images associated with the entity based at least on the identity information of the entity (1030); and providing the one or more images, wherein each image in the one or more images is attached with a privacy label (1040).

Abstract: Techniques are presented to control the performance of a process conducted via a blockchain. The method comprises the steps of deriving a public-key-private key cryptographic pair for a portion of data related to a smart contract associated with an asset, wherein the smart contract is stored in a computer-based resource that is separate to the blockchain; deriving a signature for the portion of data using the public key-private key cryptographic pair; and codifying the portion of data to generate codified metadata for the data, wherein the codified metadata is arranged to reference or provide access to the smart contract; transmitting the codified metadata to the blockchain; and receiving a signature and a script from at least one user to enable access to embedded data, wherein the script comprises a public key of a signatory.

Abstract: A technique for selectively censoring sensitive information for presentation on a display of a computing device is disclosed. In some embodiments, the disclosed techniques may transmit the sensitive information after receiving an indication that the sensitive information is permitted to be displayed. In some embodiments, the sensitive information may be transmitted to an external device for viewing or listening by an authorized user.

Abstract: A method for the reliable provision of measurement data of at least one sensor of a smart meter in a decentralized transaction database. The method includes forming a measurement data set, which comprises measurement data recorded by the at least one sensor at least at one point in time, the meter digitally signing the measurement data set using a secret key; the meter transmitting the digitally signed measurement data set to a first protocol, which is implemented as a computer protocol executed in automated fashion on the transaction database, the verification protocol verifying the digitally signed measurement data set using a public key, which corresponds to the secret key; and, if the measurement data set is successfully verified, providing the measurement data set to at least one second protocol, which is implemented as a computer protocol executed in automated fashion on the transaction database.

Abstract: A system and method are provided for conditional delivery of electronic content such as images or video stream content over a communication network. In some embodiments, a condition for receiving such content is determined, for example a verification of a biometric fact as a face recognition or a finger print. The content will then be delivered conditioned on the satisfaction of the condition. In some embodiments, facial detection technology is used continually while sent content is being displayed to ensure that content is being viewed solely by the intended recipient. In some embodiments, the recipient's reaction to sent content is recorded on video and sent to the sender as a condition of viewing the sent content. In some embodiments, two or more users interact with one another in real time in a secure video conference.