Patent application number | Description | Published |
20140324826 | TARGETED CONTENT PROVISIONING BASED UPON TAGGED SEARCH RESULTS - One or more techniques and/or systems are provided for tagging search results, organizing tagged search results for later access from various devices, public sharing of tagged search results, and/or providing targeted content based upon search results tagged by a user. That is, a user may tag a search result (e.g., a website, an image, a social network profile, etc.), such as through a one-click user input, with a tag to create a tagged search result. The tagged search result may be organized into a public tag collection for sharing and/or exploration of tagged search results by other users. The tagged search result may be organized into a personal tag collection for later access by the user from any device. Because the tagged search result may be indicative of an interest of the user, targeted content associated with the tagged search result may be provided to the user. | 10-30-2014 |
20140324827 | SEARCH RESULT ORGANIZING BASED UPON TAGGING - One or more techniques and/or systems are provided for tagging search results, organizing tagged search results for later access from various devices, public sharing of tagged search results, and/or providing targeted content based upon search results tagged by a user. That is, a user may tag a search result (e.g., a website, an image, a social network profile, etc.), such as through a one-click user input, with a tag to create a tagged search result. The tagged search result may be organized into a public tag collection for sharing and/or exploration of tagged search results by other users. The tagged search result may be organized into a personal tag collection for later access by the user from any device. Because the tagged search result may be indicative of an interest of the user, targeted content associated with the tagged search result may be provided to the user. | 10-30-2014 |
20140324828 | SEARCH RESULT TAGGING - One or more techniques and/or systems are provided for tagging search results, organizing tagged search results for later access from various devices, public sharing of tagged search results, and/or providing targeted content based upon search results tagged by a user. That is, a user may tag a search result (e.g., a website, an image, a social network profile, etc.), such as through a one-click user input, with a tag to create a tagged search result. The tagged search result may be organized into a public tag collection for sharing and/or exploration of tagged search results by other users. The tagged search result may be organized into a personal tag collection for later access by the user from any device. Because the tagged search result may be indicative of an interest of the user, targeted content associated with the tagged search result may be provided to the user. | 10-30-2014 |
20140324829 | TAGGED SEARCH RESULT MAINTAINANCE - One or more techniques and/or systems are provided for tagging search results, organizing tagged search results for later access from various devices, public sharing of tagged search results, and/or providing targeted content based upon search results tagged by a user. That is, a user may tag a search result (e.g., a website, an image, a social network profile, etc.), such as through a one-click user input, with a tag to create a tagged search result. The tagged search result may be organized into a public tag collection for sharing and/or exploration of tagged search results by other users. The tagged search result may be organized into a personal tag collection for later access by the user from any device. Because the tagged search result may be indicative of an interest of the user, targeted content associated with the tagged search result may be provided to the user. | 10-30-2014 |
Patent application number | Description | Published |
20130212395 | MONITORING AND CONTROLLING ACCESS TO ELECTRONIC CONTENT - Methods, systems and apparatuses for monitoring and controlling access to an electronic content are disclosed. One method includes creating, by an owner server, a group comprising generating a group public key PK | 08-15-2013 |
20140149734 | MEDIATOR MONITORING AND CONTROLLING ACCESS TO ELECTRONIC CONTENT - Methods, systems and apparatuses for a mediator controlling access to an electronic content, are disclosed. One method includes receiving, by a mediator server of a mediator, a second share SK | 05-29-2014 |
20140164769 | CUSTODIAN SECURING A SECRET OF A USER - Methods, systems and apparatuses for a custodian securing a secret are disclosed. One method includes receiving, by a custodian server of a first custodian, encrypted shares, wherein the encrypted share are generated based on a secret of the user, a policy, and a plurality of public keys, comprising generating a plurality of shares from the secret, and encrypting each share utilizing a corresponding one of the plurality of public keys. The method further includes verifying, by the custodian server, that the encrypted shares can be used to reconstitute the secret upon receiving the encrypted shares, comprising leveraging, by the first custodian, one-way cryptographic functions, wherein the first custodian can reconstruct the secret, but cannot obtain access to the secret or any of the shares. | 06-12-2014 |
20140208108 | MEDIATOR UTILIZING ELECTRONIC CONTENT TO ENFORCE POLICIES TO A RESOURCE - Methods, systems and apparatuses for a mediator enforcing policies to a resource utilizing an electronic content, are disclosed. One method includes receiving, by a mediator computing device of a mediator, a second share SK | 07-24-2014 |
20140236839 | USER-MEDIATOR MONITORING AND CONTROLLING ACCESS TO ELECTRONIC CONTENT - Methods, systems and apparatuses for a user-mediator controlling access to an electronic content, are disclosed. One method includes receiving, by a user-mediator server of the user-mediator, a second share SK | 08-21-2014 |
20140297333 | USER-MEDIATOR MEDIATING TRANSFER OF ELECTRONIC CONTENT - Methods, systems and apparatuses for a user-mediator mediating transfer of electronic content, are disclosed. One method includes receiving, by a mediator computing device of the user-mediator, a second share SK | 10-02-2014 |
20150046985 | USER ADMINISTERING A TRUSTWORTHY WORKSPACE - Methods, systems and apparatuses for an operator provisioning a trustworthy workspace to a subscriber are disclosed. One method includes providing the subscriber with the trustworthy workspace, where in the trustworthy workspace comprises a virtualized content repository with trustworthy workflows for storing, sharing and processing a digital content across a plurality of repositories. The method further includes allowing the subscriber authority to sub-provision the trustworthy workspace to one or more authorized parties, wherein only the one or more authorized parties can view or modify at least a portion of the digital content. | 02-12-2015 |
20150082045 | ORIGINATOR PUBLISHING AN ATTESTATION OF A STATEMENT - Methods, systems and apparatuses for an originator publishing an attestation of a statement are disclosed. One method includes obtaining information, wherein the information includes the attestation of the statement, wherein the statement includes at least a portion of the information to be attested to, and wherein the attestation includes a context describing conditions of the attestation, and wherein the attestation includes a cryptographic signature of the context and the statement. The method further includes validating the information. The method further includes communicating after validating the information the information to a destination while maintaining at least one of data privacy or data provenance, including creating a new statement by transforming the statement to a form suitable for the destination, creating, by the computing device, a new attestation by signing the new statement with a new context specific to the computing device, and making available the new attestation to the destination. | 03-19-2015 |
Patent application number | Description | Published |
20100121902 | SERVICE DELIVERY ONLINE - In one embodiment, a computer system configures an online service to function as a service delivery platform, where the online service includes a plurality of service delivery platform components configured to process inputs received from services that are to be hosted by the online service. The computer system receives an indication that a service is to be hosted using the online service, where the indication includes a service configured for hosting by the online service and a portion of use information indicating how the service delivery platform components are to be used to host the service for various computer clients. The computer system processes the portion of use information received with the indication to configure the service delivery platform components in an appropriate manner for hosting the service and provides the hosted service to computer clients in the appropriate manner as determined by the accessed use information. | 05-13-2010 |
20100131380 | ONLINE SERVICE SYNDICATION - Embodiments described herein are directed to syndicating an online service to at least one syndication partner of a syndicator. In one embodiment, a computer system determines that a syndication relationship has been established between a syndicator and a syndication partner, where the syndication relationship is established to provide syndicated services to syndication partners and clients. The computer system indicates which services provided by the syndicator are available for syndication to the syndication partner and which type of usage information the partner is to provide in order to use the syndicator's services. The computer system receives usage information from the syndication partner specifying which services are to be syndicated and specifying parameters for those services indicating operating parameters specific to the use of the syndicated services. Based on the received usage information, the computer system provides the service to the syndication partner in the manner indicated by the received usage information. | 05-27-2010 |
20100211781 | TRUSTED CLOUD COMPUTING AND SERVICES FRAMEWORK - A digital escrow pattern is provided for network data services including searchable encryption techniques for data stored in a cloud, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, a key generator, a cryptographic technology provider and a cloud services provider are each provided as separate entities, enabling a publisher of data to publish data confidentially (encrypted) to a cloud services provider, and then expose the encrypted data selectively to subscribers requesting that data based on subscriber identity information encoded in key information generated in response to the subscriber requests, e.g., a role of the subscriber. | 08-19-2010 |
20100211782 | TRUSTED CLOUD COMPUTING AND SERVICES FRAMEWORK - A digital escrow pattern is provided for network data services including searchable encryption techniques for data stored in a cloud, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, a key generator, a cryptographic technology provider and a cloud services provider are each provided as separate entities, enabling a publisher of data to publish data confidentially (encrypted) to a cloud services provider, and then expose the encrypted data selectively to subscribers requesting that data based on subscriber identity information encoded in key information generated in response to the subscriber requests, e.g., a role of the subscriber. | 08-19-2010 |
20100318782 | SECURE AND PRIVATE BACKUP STORAGE AND PROCESSING FOR TRUSTED COMPUTING AND DATA SERVICES - A digital escrow pattern is provided for backup data services including searchable encryption techniques for backup data, such as synthetic full backup data, stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, an operational synthetic full is maintained with encrypted data as a data service in a cryptographically secure manner that addresses integrity and privacy requirements for external or remote storage of potentially sensitive data. The storage techniques supported include backup, data protection, disaster recovery, and analytics on second copies of primary device data. Some examples of cost-effective cryptographic techniques that can be applied to facilitate establishing a high level of trust over security and privacy of backup data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof of Application, blind fingerprints, Proof of Retrievability, and others. | 12-16-2010 |
20100318812 | SECURE AND PRIVATE BACKUP STORAGE AND PROCESSING FOR TRUSTED COMPUTING AND DATA SERVICES - A digital escrow pattern is provided for backup data services including searchable encryption techniques for backup data, such as synthetic full backup data, stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, an operational synthetic full is maintained with encrypted data as a data service in a cryptographically secure manner that addresses integrity and privacy requirements for external or remote storage of potentially sensitive data. The storage techniques supported include backup, data protection, disaster recovery, and analytics on second copies of primary device data. Some examples of cost-effective cryptographic techniques that can be applied to facilitate establishing a high level of trust over security and privacy of backup data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof of Application, blind fingerprints, Proof of Retrievability, and others. | 12-16-2010 |
20110119481 | CONTAINERLESS DATA FOR TRUSTWORTHY COMPUTING AND DATA SERVICES - A digital escrow pattern and trustworthy platform is provided for data services including mathematical transformation techniques, such as searchable encryption techniques, for obscuring data stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Using the techniques of a trustworthy platform, data (and associated metadata) is decoupled from the containers that hold the data (e.g., file systems, databases, etc.) enabling the data to act as its own custodian through imposition of a shroud of mathematical complexity that is pierced with presented capabilities, such as keys granted by a cryptographic key generator of a trust platform. Sharing of, or access to, the data or a subset of that data is facilitated in a manner that preserves and extends trust without the need for particular containers for enforcement. | 05-19-2011 |
20110145580 | TRUSTWORTHY EXTENSIBLE MARKUP LANGUAGE FOR TRUSTWORTHY COMPUTING AND DATA SERVICES - A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a gamut of trust ranging with guarantees such as, but not limited to, confidentiality, privacy, anonymity, tamper detection, integrity, etc. For instance, XML tags can be applied or augmented to create trust envelopes for structured XML data. Some examples of mathematical transformations or ‘decorations’ that can be applied to the XML data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof(s) of Application, blind fingerprints, Proof(s) of Retrievability, etc. | 06-16-2011 |
20110145593 | VERIFIABLE TRUST FOR DATA THROUGH WRAPPER COMPOSITION - A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a gamut of trust ranging with guarantees such as, but not limited to, confidentiality, privacy, anonymity, tamper detection, integrity, etc. Verifiable trust is provided through families of techniques that are referred to as wrapper composition. Multiple concentric and/or lateral transform wrappers or layers can wholly or partially transform data, metadata or both to mathematical transform (e.g., encrypt, distribute across storage, obscure) or otherwise introduce lack of visibility to some or all of the data, metadata or both. | 06-16-2011 |
20120321086 | CLOUD KEY ESCROW SYSTEM - Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored. | 12-20-2012 |
20120324237 | CLOUD KEY DIRECTORY FOR FEDERATING DATA EXCHANGES - Embodiments are directed to facilitating data transfer using an anonymous directory and to providing attribute-based data access to identified users. In an embodiment, a computer system instantiates an anonymous directory that stores data in various client-specific directories for different clients. The anonymous directory is configured to provide data access according to access controls defined and managed by the client. The computer system receives a data request from a user that identifies the user and specifies a portion of data that is to be returned to the user. The computer system determines which of the client's data is to be returned to the user based on the client's specified access controls. The access controls grant access to specified data in some of the client-specific directories, based on the user's identity. The computer system then provides the determined data to the user. | 12-20-2012 |
20130212388 | PROVIDING TRUSTWORTHY WORKFLOW ACROSS TRUST BOUNDARIES - Methods, systems and apparatuses for providing trustworthy workflow across trust boundaries are disclosed. One method includes a curator generating a first public key (PK | 08-15-2013 |
20130212393 | SECURING A SECRET OF A USER - Methods, systems and apparatuses for securing a secret are disclosed. One method includes receiving a secret from the user and generating encrypted shares based on the secret, a policy, and a plurality of public keys. The encrypted shares are provided to a custodian, wherein the custodian verifies that the encrypted shares can be used to reconstitute the secret upon receiving the encrypted shares. | 08-15-2013 |
20130254539 | CONTAINERLESS DATA FOR TRUSTWORTHY COMPUTING AND DATA SERVICES - A digital escrow pattern and trustworthy platform is provided for data services including mathematical transformation techniques, such as searchable encryption techniques, for obscuring data stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Using the techniques of a trustworthy platform, data (and associated metadata) is decoupled from the containers that hold the data (e.g., file systems, databases, etc.) enabling the data to act as its own custodian through imposition of a shroud of mathematical complexity that is pierced with presented capabilities, such as keys granted by a cryptographic key generator of a trust platform. Sharing of, or access to, the data or a subset of that data is facilitated in a manner that preserves and extends trust without the need for particular containers for enforcement. | 09-26-2013 |
20130254841 | SECURE CLOUD COMPUTING PLATFORM - A secure cloud computing platform. The platform has a pool of secure computing devices such that each can be allocated to a customer as with other computing resources. Each secure computing device may be configured by a customer with a key and software for performing operations on sensitive data. The customer may submit data, defining a job for execution on the platform, as cyphertext. The secure computing device may perform operations on that data, which may include decrypting the data with the key and then executing the software to perform an operation on cleartext data. This operation, and the data on which it is performed, though in cleartext, may be inaccessible to the operator of the cloud computing platform. The device may operate according to a secure protocol under which the software is validated before loading and the device is provisioned with a key shared with the customer. | 09-26-2013 |
20140075184 | TRUST SERVICES FOR SECURING DATA IN THE CLOUD - Embodiments are directed to securing data in the cloud, securely encrypting data that is to be stored in the cloud and to securely decrypting data accessed from the cloud. In one scenario, an instantiated trust service receives information indicating that a trust server is to be instantiated. The trust service instantiates the trust server, which is configured to store key references and encrypted keys. The trust service receives the public key portion of a digital certificate for each publisher and subscriber that is to have access to various specified portions of encrypted data. A data access policy is then defined that specifies which encrypted data portions can be accessed by which subscribers. | 03-13-2014 |
20140090089 | CLOUD KEY DIRECTORY FOR FEDERATING DATA EXCHANGES - Embodiments are directed to providing attribute-based data access. In an embodiment, a data request specifies one or more search data attributes describing requested data that is to be found in an anonymous directory. The anonymous directory is configured to provide access to secured data according to access controls defined one or more clients. The secured data includes data that is associated with a particular client and that is encrypted using multi-authority attribute-based encryption, which associates the data with one or more encryption data attributes and that enables the data to be provided if conditions in the corresponding access controls are met. The particular portion of data is provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes is determined to be relevant to at least one of the encryption data attributes. | 03-27-2014 |
20150074401 | CLOUD KEY ESCROW SYSTEM - Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored. | 03-12-2015 |
20150074402 | CLOUD KEY ESCROW SYSTEM - Embodiments are directed to allowing a user to store encrypted, third-party-accessible data in a data store and to providing third party data access to a user's encrypted data according to a predefined policy. A data storage system receives encrypted data from a user at a data storage system. The data is encrypted using the user's private key. The data storage system stores the received encrypted data according to a predefined policy. The encryption prevents the storage system from gaining access to the encrypted data, while the policy allows the encrypted data to be released upon receiving a threshold number of requests from verified third parties. The data storage system implements a verifiable secret sharing scheme to verify that the encrypted data can be reconstituted without the data storage system accessing the encrypted data. The data storage system synchronously acknowledges that the received encrypted data has been verified and successfully stored. | 03-12-2015 |