The disclosure relates to, among other things, systems and methods for facilitating the verification of the integrity of digital content. Embodiments of the disclosed systems and methods may provide mechanisms for generating a secure and unambiguous record of the creation and/or modification of digital content and/or other media associated with events. Further embodiments may provide for a ledger configured to capture a record of creation and/or modification actions performed in connection with digital content.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
2.
Systems and Methods for Secure Management of Generative Artificial Intelligence Engines
Embodiments of the disclosed systems and methods provide for techniques for managing generative AI services that allow for generative AI models to better use confidential, proprietary, sensitive, and/or otherwise managed data while maintaining the security of such data. Various embodiments may provide for generative AI model training based on variable and/or otherwise tuned reliance on input training data sets and queries may leverage this differential training. Differential analysis techniques may be further employed to identify confidential data included in model outputs. In further embodiments, query and/or output labeling may be used in connection with access rights management techniques to manage access to proprietary information that may be included in model outputs. Embodiments of the disclosed systems and methods may be used in a variety of applications, use cases, and/or contexts, including in personalized medicine and differential diagnosis applications.
Embodiments of the disclosed systems and methods facilitating multi-party control of protected cryptographic keys in cloud-based service architectures. Consistent with embodiments disclosed herein, secure enclaves associated with cloud service virtual machines may be leveraged in a manner such that multi-custody control of protected keys may be implemented, while cloud-service account root authority access to these keys may be restricted. In certain embodiments, policy managed by a key management system may persistently bind an application key to an enclave signing key, which may be placed under multi-custody control. With the application key being securely bound to the enclave signing key within enforced policy, the application kay may be effectively placed under multi -custody control within the cloud-based service.
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
The disclosure relates to systems and methods for managing data generated by connected systems and/or devices in connection with energy usage and/or management decisions. In certain embodiments, a gateway device in communication with one or more connected devices may be configured to receive energy management signal information and apply one or more policies in connection with the management of the connected devices. Responses generated in connection with such energy management decisions may be reported securely in a manner that respects various stakeholder concerns relating to transparency, confidentiality, privacy, auditability, and/or affirmation of data provenance.
H02J 13/00 - Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the networkCircuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
The disclosure relates to, among other things, systems and methods for augmenting and/or otherwise supplementing content using watermarks. Consistent with embodiments disclosed herein, a user device such as a smartphone may be used to retrieve watermark information encoded in a watermark. The watermark information may comprise content that supplements an associated content item, link and/or location information that may be used to retrieve supplemental content, and/or the like. In some embodiments, the watermark information may comprise cryptographic and/or other access token information used to decrypt and/or otherwise access supplemental content.
The disclosure relates to, among other things, systems and methods for securely managing digital assets, products, and/or associated tokens in a dynamic way. Various embodiments disclosed herein may use trusted ledgers to securely record certain assertions relating to the digital assets, products, rightsholders, and/or various ecosystems participants. Such assertions may be used in connection with rights binding, content packaging, management, and/or protection operations in connection with a variety of transactions associated with digital assets, products, and/or associated tokens.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Embodiments of the disclosed systems and methods facilitating multi-party control of protected cryptographic keys in cloud-based service architectures. Consistent with embodiments disclosed herein, secure enclaves associated with cloud service virtual machines may be leveraged in a manner such that multi-custody control of protected keys may be implemented, while cloud-service account root authority access to these keys may be restricted. In certain embodiments, policy managed by a key management system may persistently bind an application key to an enclave signing key, which may be placed under multi-custody control. With the application key being securely bound to the enclave signing key within enforced policy, the application kay may be effectively placed under multi-custody control within the cloud-based service.
Systems and methods are described that use cryptographic techniques to improve the security of applications executing in a potentially untrusted environment associated with a software application. Embodiments of the disclosed systems and methods may, among other things, facilitate cryptographic operations within an execution environment associated with browser software of a client system while maintaining security of cryptographic keys imported into the environment. As the security of keys is maintained in an execution environment implementing embodiments of the disclosed systems and methods, users and/or systems may be more willing to consign their keys for use in connection with cryptographic operations performed in such environments.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
9.
MOBILE DEVICE SERVICE SYSTEMS AND METHODS USING DEVICE ORIENTATION INFORMATION
This disclosure relates to, among other things, systems and methods for managing the communication of messages between devices using a service system operating as a trusted intermediary. Information indicative of device location and/or orientation may be communicated to the service system, which may use the information to determine whether a transmitting device is oriented and/or otherwise pointed in the direction of an intended receiving device. The trusted service may enforce policy articulated by the receiving device in connection with the communication of a message from the transmitting device to the intended receiving device.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04W 4/02 - Services making use of location information
10.
DATA MANAGEMENT SYSTEMS AND METHODS USING EXPLICIT PRIVATE NETWORKING TECHNIQUES
This disclosure relates to, among other things, managing data communicated between systems, services, and/or devices using explicit private networking techniques that provide relatively robust end-to-end security. In some embodiments, explicit private networking techniques may protect data in transit and/or as at rest and/or in use in potentially hostile environments. In various embodiments, an explicit private networking techniques architecture may protect connected device data where and when it is generated by encrypting it and maintaining that protection until it is consumed in a trusted information platform and/or service that uses identity and access management services to identify, authenticate, and/or authorize permissions to read, modify, and/or collaborate with that data and/or control devices and/or issue associated device commands.
This disclosure relates to systems and methods for managing protected electronic content using proxy reencryption techniques. Rights management architectures are described that may, among other things, provide end-to-end protection of content keys from their point of origination at a content creator and/or content service to end user devices. Proxy reencryption techniques consistent with aspects of the disclosed embodiments may enable transformation of a ciphertext under one public key to a ciphertext containing the same plaintext under another public key. Consistent with embodiments disclosed herein, proxy reencryption processes may be implemented using indistinguishability obfuscation and puncturable public-key encryption schemes, functional encryption, and/or white box obfuscation techniques.
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
12.
Content Distribution and Management Systems and Methods
Embodiments of the disclosed systems and methods provide for the management of the distribution and licensing of content using various content distribution and management techniques. Content links consistent with the disclosed embodiments may be used in connection with the disclosed systems and/or services to provide an integrated framework through which artists and/or creators may manage their content assets and/or facilitate the distribution and use of such content assets in accordance with agreements associated with the assets. Artists and/or creators may distribute content links via a variety of channels in connection with promoting their content. Content consumers may interact with such content links to interface with rights license services, which may in turn access agreements identified by and/or accessible using information included in the content link information in connection with license generation and issuance and agreement enforcement.
This disclosure relates to, among other things, scalable data processing, storage, and/or management systems and methods. In various embodiments, sequence number schemes associated with ingested data records may allow for improved management of data stored in one or more layers (e.g., hot and/or cold data storage layers) using data merging, deletion, and/or compaction techniques. In certain embodiments, certain data records stored in one or more segment files associated with a partition may be merged into compacted segment files, thereby reducing storage overhead associated with storing prior records that have been updated and/or deleted records. In further embodiments, data record tombstones may be employed in connection with the management of deleted records.
This disclosure relates to systems and methods generating and distributing protected software applications. In certain embodiments, integrity checking mechanisms may be implemented using integrity checking code in software code prior to compilation into machine code. Following compilation and execution of the application, the introduced code may check the integrity of the application by determining whether the application behaves and/or otherwise functions as expected. By introducing integrity checking in this manner, integrity checking techniques may be injected into the application prior to compilation into machine code and/or independent of the particular manner in which the application is compiled.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/51 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
This disclosure relates to systems and methods for managing data associated with a user using a personalized cloud storage platform operating as a centralized repository for user data generated from a variety of sources and/or user devices. By centralizing the storage and/or management of personal data that would conventionally be confined between multiple information silos, embodiments of the systems and methods disclosed herein may improve the ability of a user to control their personal data, facilitate utilization of their personal data in a variety of ways not offered by services associated with the silos, and/or allow a user to centrally manage their personal data. Further embodiments disclosed herein allow a user to define one or more policies or other rules associated with personal data stored in their personal cloud.
This disclosure relates to, among other things, key generation systems and methods. Certain embodiments disclosed herein provide for generation of cryptographic keys based on one or more defined key generation rules. Key generation consistent with various aspects of the disclosed embodiments may increase the difficultly and/or cost of producing public keys and, by extension, discourage the generation of fake keys used in connection with a key flooding attack. In certain embodiments, generated keys and/or associated key generation rules may depend, at least in part, on associated binding data.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
17.
CRYPTOGRAPHIC SYSTEMS AND METHODS USING DISTRIBUTED LEDGERS
The disclosure relates to, among other things, systems and methods for facilitating the secure recording of assertions made by entities tied to identities. Embodiments of the disclosed systems and methods may allow users to make non-revocable, difficult to forge, cryptographic assertions tied to their identities through the posting of entries in an immutable ledger. In certain embodiments, a user's cryptographic assertions may be preceded by ledger entries which feature certificates from trusted authorities that tie the keys used for making assertions to the user's identity. Further embodiments provide for a mechanism for disabling further entries posted under a user's key, either automatically or at the user's initiation.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
18.
DIGITAL RIGHTS MANAGEMENT SYSTEMS AND METHODS USING EFFICIENT MESSAGING ARCHITECTURES
This disclosure relates to systems and methods for managing protected electronic content that employ relatively efficient messaging schemes. Rights management architectures are described that may, among other things, provide end-to-end protection of content keys from their point of origination at a content creator and/or content service to end user devices. Certain embodiments may further provide for message protocols where fewer messages are sent in connection with a protected content license request process, thereby reducing latency associated with license request and provisioning processes.
Systems and methods are described for securely and efficiently processing electronic content. In one embodiment, a first application running on a first computing system establishes a secure channel with a second computing system, the secure channel being secured by one or more cryptographic session keys. The first application obtains a license from the second computing system via the secure channel, the license being encrypted using at least one of the one or more cryptographic session keys, the license comprising a content decryption key, the content decryption key being further encrypted using at least one of the one or more cryptographic session keys or one or more keys derived therefrom. The first application invokes a second application to decrypt the license using at least one of the one or more cryptographic session keys, and further invokes the second application to decrypt the content decryption key using at least one of the one or more cryptographic session keys or one or more keys derived therefrom, and to decrypt a piece of content using the content decryption key. The first application then provides access to the decrypted piece of content in accordance with the license.
G06F 21/10 - Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
G06F 21/72 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
This disclosure relates to systems and methods for performing cryptographic operations in connection with the management of electronic content using multiple license services. In some circumstances, a content service may not wish to share unencrypted content keys with a single license service for a variety of security reasons. Embodiments of the disclosed systems and methods may use multi-party cryptographic methods in connection with the management of protected content keys and/or associated licenses and/or the distribution of content keys and/or licenses to authorized users and/or devices. In various embodiments, a content service may split a content key into a plurality of key shares and may transmit the key shares to a plurality of different license services. The license services may coordinate operations to generate a protected content key without revealing unencrypted content key to any of the participating license services.
This disclosure relates to, among other things, scalable data processing, storage, and/or management systems and methods. Certain embodiments disclosed herein provide for a data management architecture that allows for more secure storage of enterprise data, making it more secure, usable, and/or interoperable, facilitating data usage across information silos. Further embodiments provide for comprehensive data access authentication and/or authorization functionality between various services included in embodiments of the disclosed architecture.
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
22.
SECURE CONTENT MANAGEMENT AND VERIFICATION SYSTEMS AND METHODS
This disclosure relates to, among other things, systems and methods for managing and/or verifying the integrity and/or provenance of digital content and/or media. Embodiments of the systems and methods disclosed herein may provide a mechanism for generating a secure records relating to digital content and/or other media by capturing records relating to creation and/or modification actions performed in connection with digital content and/or media and storing such records in a ledger. Trusted services that examine captured information recorded in trusted databases and/or ledgers and generate derivative information relating to associated content and/or media. When viewing content, trusted content applications may query the trusted service for derivative information relating to the content and/or media, providing users with an indication of the derivative information in connection with content and/or media playback.
This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
The disclosure relates to systems and methods for managing state using relatively small assistance from protected hardware. Obfuscated code segments may communicate with supporting protected hardware, store encrypted state values in main memory, and/or communicate via secure channels to secure platform hardware components. In various embodiments, consistent state may be achieved, at least in part, by computing secure tag information and storing the secure tag information in a secure and/or otherwise protected device register. Consistent with embodiments disclosed herein, the tag information may be used to derive keys used to encrypt and/or decrypt stored state information. Tag information may further be used in connection with verification operations prior to using the information to derive associated keys.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
25.
ENHANCED SECURITY SYSTEMS AND METHODS USING A HYBRID SECURITY SOLUTION
This disclosure relates to, among other things, electronic device security systems and methods. Certain embodiments disclosed herein provide for protection of cryptographic keys and/or associated operations using both an operating system security service and a software-based whitebox cryptographic security service executing on a device. Leveraging operating system security services and software-based whitebox cryptographic security services may provide enhanced security when compared to using either service alone to protect cryptographic keys and associated operations. In additional embodiments, server-side cryptographic security solutions may be further used to enhance device security implementations.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
26.
Media Management and Distribution Systems and Methods
Embodiments of the disclosed systems and methods provide for the management of the distribution and licensing of content using trusted ledgers and digital rights management techniques. In various embodiments, content creators and/or producers may reach agreements with service providers embodied as digital contracts with associated information recorded on trusted ledgers. Content parameter information included in these digital contracts may be leveraged by digital rights management services to ensure that conditions associated with the use and/or playback of content set by a content creator and/or producers are respected as a condition of license issuance. In this manner, digital rights management services may utilize trusted ledgers to ensure that content creator and/or producer rights are respected.
The present disclosure relates to systems and methods for facilitating trusted handling of genomic and/or other sensitive information. Certain embodiments may use a virtualized execution environment to execute code and/or programs that wish to access and/or otherwise use genomic and/or other sensitive information. In some embodiments, data requests from the code and/or programs may be routed through a transparent data access proxy configured to transform requests and/or associated responses to protect the integrity of the genomic and/or other sensitive information.
G16B 50/30 - Data warehousingComputing architectures
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G16B 20/00 - ICT specially adapted for functional genomics or proteomics, e.g. genotype-phenotype associations
G16B 20/20 - Allele or variant detection, e.g. single nucleotide polymorphism [SNP] detection
G16B 50/00 - ICT programming tools or database systems specially adapted for bioinformatics
28.
MEDIA MANAGEMENT AND DISTRIBUTION SYSTEMS AND METHODS
Embodiments of the disclosed systems and methods provide for the management of the distribution and licensing of content using trusted ledgers and digital rights management techniques. In various embodiments, content creators and/or producers may reach agreements with service providers embodied as digital contracts with associated information recorded on trusted ledgers. Content parameter information included in these digital contracts may be leveraged by digital rights management services to ensure that conditions associated with the use and/or playback of content set by a content creator and/or producers are respected as a condition of license issuance. In this manner, digital rights management services may utilize trusted ledgers to ensure that content creator and/or producer rights are respected.
G06F 21/10 - Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
29.
Systems and Methods for Scalable Management and Distribution of Digital Assets
Embodiments of the disclosed systems and methods provide for the scalable management of digital assets. Assets may be associated with digital tokens which may be used in connection with various disclosed management paradigms. Certain disclosed embodiments may use master and copy tokens associated with an asset, with asset metadata being associated with master tokens and copy tokens including a reference to corresponding master tokens. In this matter, an update in metadata for an asset may involve updating the master token metadata, with the updates being inherited by associated copy tokens referencing the mater token. In addition, segment-based content encryption techniques are presented for generate unique copies of an asset at scale.
This disclosure relates to systems and methods for managing the operation of unmanned vehicles within policy managed locations and/or areas. In some embodiments, an unmanned vehicle may issue an operator signed request to enter a policy managed area and/or use a certain sensor system within a policy managed area to an unmanned vehicle management system. The unmanned vehicle management system may verify the operator's identity and associated rights with a trusted authority, identify a policy associated with the policy managed area, and enforce the identified policy in connection with generating a response to the request. In this manner, the use of unmanned vehicles and/or associated systems may be managed in accordance with certain policies and/or rules associated with a particular operating location and/or area.
G05D 1/226 - Communication links with the remote-control arrangements
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04W 4/02 - Services making use of location information
This disclosure relates to systems and methods for managing connected devices and associated network connections. In certain embodiments, trust, privacy, safety, and/or security of information communicated between connected devices may be established in part through use of security associations and/or shared group tokens. In some embodiments, these security associations may be used to form an explicit private network associated with the user. A user may add and/or manage devices included in the explicit private network through management of various security associations associated with the network's constituent devices.
Embodiments of the disclosed systems and methods provide allow for dynamic management of electrical systems using an intelligent energy management system. Consistent with embodiments disclosed herein, an intelligent energy management system may allow for the dynamic connection of electrical sources and/or loads in accordance with applicable operating rules. Operating rules may be articulated and enforced by the intelligent energy management system that provide for event and/or state driven of an electrical system and/or associated sources and/or loads. Among other things, embodiments of the disclosed intelligent energy management system may support relatively flexible connection of electrical sources and loads, bidirectional energy usage to allow for energy to be both consumed from and fed back to a utility grid, improved battery storage and/or management, proactive energy source switching and predictive battery discharge management, and/or the like.
H02J 3/14 - Circuit arrangements for ac mains or ac distribution networks for adjusting voltage in ac networks by changing a characteristic of the network load by switching loads on to, or off from, network, e.g. progressively balanced loading
H02J 3/00 - Circuit arrangements for ac mains or ac distribution networks
H02J 3/32 - Arrangements for balancing the load in a network by storage of energy using batteries with converting means
H02J 3/38 - Arrangements for parallelly feeding a single network by two or more generators, converters or transformers
Embodiments of the disclosed systems and methods provide allow for dynamic management of electrical systems using an intelligent energy management system. Consistent with embodiments disclosed herein, an intelligent energy management system may allow for the dynamic connection of electrical sources and/or loads in accordance with applicable operating rules. Operating rules may be articulated and enforced by the intelligent energy management system that provide for event and/or state driven of an electrical system and/or associated sources and/or loads. Among other things, embodiments of the disclosed intelligent energy management system may support relatively flexible connection of electrical sources and loads, bidirectional energy usage to allow for energy to be both consumed from and fed back to a utility grid, improved battery storage and/or management, proactive energy source switching and predictive battery discharge management, and/or the like.
Embodiments of the disclosed systems and methods provide for the management of products using secure tags and a token rights management ecosystem. Products may be associated with secure tags and/or digital tokens which may be used in connection with various disclosed management paradigms. Marketplace service and token rights management services are described that facilitate, among other things, registration of products and/or associated secure tags, management of missing, lost, and/or otherwise stolen products, validation of products and/or associated secure tags, identification and/or management of ownership rights of products, and/or the like. In some embodiments, trusted ledger and/or blockchain services may be employed to manage and/or validate digital tokens securely associated with products using secure tags.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
35.
PRODUCT RIGHTS MANAGEMENT SYSTEMS AND METHODS USING SECURE TAGS AND CRYPTOGRAPHIC TOKENS
Embodiments of the disclosed systems and methods provide for the management of products using secure tags and a token rights management ecosystem. Products may be associated with secure tags and/or digital tokens which may be used in connection with various disclosed management paradigms. Marketplace service and token rights management services are described that facilitate, among other things, registration of products and/or associated secure tags, management of missing, lost, and/or otherwise stolen products, validation of products and/or associated secure tags, identification and/or management of ownership rights of products, and/or the like. In some embodiments, trusted ledger and/or blockchain services may be employed to manage and/or validate digital tokens securely associated with products using secure tags.
G06Q 20/12 - Payment architectures specially adapted for electronic shopping systems
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentialsReview and approval of payers, e.g. check of credit lines or negative lists
The disclosure relates to, among other things, systems and methods for facilitating the secure recording and use of assertions made by entities regarding other entities. Embodiments of the disclosed systems and methods provide mechanisms to make assertions in an authentic and authoritative manner and enable discovery and reliance on those assertions using trusted distributed ledgers and/or derivatives of the same. Various embodiments may be used in connection with establishing security associations and/or secure communication channels between entities and/or the secure management of governed electronic resources.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
Embodiments of the disclosed systems and methods provide for the management of digital assets and associated asset distribution architectures. Assets may be associated with digital tokens which may be used in connection with various disclosed management paradigms. Marketplace service and token rights management services are described that facilitate, among other things, payment from consumers and/or other parties to artists and/or rightsholders, interactions with media services including content distribution network(s) and/or packaging services, management of rights to digital assets using key management and/or DRM services and/or blockchain services, which may be used to manage associated tokens using trusted ledgers and/or blockchains. In addition, fractional ownership rights may be associated and managed in connection with digital assets, enabling multiple parties to acquire shares in digital assets and be remunerated based on the consumption of such assets.
This disclosure relates to systems and methods for managing protected electronic content that employ relatively efficient messaging schemes. Rights management architectures are described that may, among other things, provide end-to-end protection of content keys from their point of origination at a content creator and/or content service to end user devices. Certain embodiments may further provide for message protocols where fewer messages are sent in connection with a protected content license request process, thereby reducing latency associated with license request and provisioning processes.
Systems and methods for secure user authentication are described. In certain embodiments, a client device such as a smartphone may be provisioned with a secure key and/or other secret information. The client device may be used to generate unique secure tokens and/or other credentials used in connection with an authentication process. A user may provide the generated tokens and/or other credentials to a service provider in connection with a request to access a managed service. The validity of the generated tokens and/or other credentials may be verified by an authentication service in communication with the service provider.
Embodiments of the disclosed systems and methods provide for techniques for managing generative AI services that allow for generative AI models to better use confidential, proprietary, sensitive, and/or otherwise managed data while maintaining the security of such data. Various embodiments may provide for generative AI model training based on variable and/or otherwise tuned reliance on input training data sets and queries may leverage this differential training. Differential analysis techniques may be further employed to identify confidential data included in model outputs. In further embodiments, query and/or output labeling may be used in connection with access rights management techniques to manage access to proprietary information that may be included in model outputs. Embodiments of the disclosed systems and methods may be used in a variety of applications, use cases, and/or contexts, including in personalized medicine and differential diagnosis applications.
This disclosure relates to systems and methods for managing protected electronic content using proxy reencryption techniques. Rights management architectures are described that may, among other things, provide end-to-end protection of content keys from their point of origination at a content creator and/or content service to end user devices. Proxy reencryption techniques consistent with aspects of the disclosed embodiments may enable transformation of a ciphertext under one public key to a ciphertext containing the same plaintext under another public key. Consistent with embodiments disclosed herein, proxy reencryption processes may be implemented using indistinguishability obfuscation and puncturable public-key encryption schemes, functional encryption, and/or white box obfuscation techniques.
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
The disclosure relates to, among other things, systems and methods for augmenting and/or otherwise supplementing content using watermarks. Consistent with embodiments disclosed herein, a user device such as a smartphone may be used to retrieve watermark information encoded in a watermark. The watermark information may comprise content that supplements an associated content item, link and/or location information that may be used to retrieve supplemental content, and/or the like. In some embodiments, the watermark information may comprise cryptographic and/or other access token information used to decrypt and/or otherwise access supplemental content.
Embodiments of the disclosed systems and methods may facilitate various rights management associated with a variety of physical products. In various embodiments, information may be securely associated with products and/or digital assets associated with products using secure tags, which may comprise near field communication tags. Information associated with the secure tags may be associated with non-fungible tokens, which may allow for management of rights related to products associated with the tags using blockchain and/or other trusted ledger services. In this manner, non-fungible token management paradigms may be used to manage, implement, and/or otherwise enforce rights associated with physical products in a variety of variety of applications, use cases, and/or contexts.
Embodiments of the disclosed systems and methods may facilitate various rights management associated with a variety of physical products. In various embodiments, information may be securely associated with products and/or digital assets associated with products using secure tags, which may comprise near field communication tags. Information associated with the secure tags may be associated with non-fungible tokens, which may allow for management of rights related to products associated with the tags using blockchain and/or other trusted ledger services. In this manner, non-fungible token management paradigms may be used to manage, implement, and/or otherwise enforce rights associated with physical products in a variety of variety of applications, use cases, and/or contexts.
The disclosure relates to, among other things, systems and methods for facilitating the secure recording of assertions made by entities tied to identities. Embodiments of the disclosed systems and methods may allow users to make non-revocable, difficult to forge, cryptographic assertions tied to their identities through the posting of entries in an immutable ledger. In certain embodiments, a user's cryptographic assertions may be preceded by ledger entries which feature certificates from trusted authorities that tie the keys used for making assertions to the user's identity. Further embodiments provide for a mechanism for disabling further entries posted under a user's key, either automatically or at the user's initiation.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Downloadable software for computers and hand held electronic devices, namely, software development kits (SDK) for use with multiple chipsets or in a computer language for the implementation of applications and client interfaces and that allows users to securely control data, namely, personal identity data, financial data, customer data, business data, biometrics data and access thereof by internal and external users across data exchange platforms (1) Providing temporary use of a secure non-downloadable web application allowing users to control data, namely, personal identity data, financial data, customer data, business data, biometrics data and access thereof by internal and external users across data exchange platforms; Providing a website featuring temporary use of secure non-downloadable software allowing users to control data, namely, personal identity data, financial data, customer data, business data, biometrics data and access thereof by internal and external users across data exchange platforms
09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
Downloadable software for computers and electronic devices comprised of a software development kit that can be used on multiple chipsets or in a computer language and that allows users to control data access by other internal and external users across multiple platforms. Providing non-downloadable secure web based software allowing users to control data access by other internal and external users across multiple platforms.
48.
Mobile device service systems and methods using device orientation information
This disclosure relates to, among other things, systems and methods for managing the communication of messages between devices using a service system operating as a trusted intermediary. Information indicative of device location and/or orientation may be communicated to the service system, which may use the information to determine whether a transmitting device is oriented and/or otherwise pointed in the direction of an intended receiving device. The trusted service may enforce policy articulated by the receiving device in connection with the communication of a message from the transmitting device to the intended receiving device.
H04W 4/02 - Services making use of location information
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
49.
SYSTEMS AND METHODS FOR DATA COMMUNICATION, STORAGE, AND ANALYSIS USING REFERENCE MOTIFS
Systems and methods for communicating, storing, and/or analyzing data that may include genomic data are described herein. In various embodiments, unaligned genomic sequence read data and/or portions thereof may be stored and/or communicated as a list of variants relative to a particular reference associated with a reference motif identified in the genomic sequence read data. In further embodiments, quality score information associated with a genomic dataset may be analyzed and and/or communicated as quality score parameter information. Additional embodiments may facilitate relatively efficient analysis of unaligned genomic sequence read data using metadata associated with reference motifs identified in the unaligned genomic sequence read data.
Systems and methods are described that use cryptographic techniques to improve the security of applications executing in a potentially untrusted environment associated with a software application. Embodiments of the disclosed systems and methods may, among other things, facilitate cryptographic operations within an execution environment associated with browser software of a client system while maintaining security of cryptographic keys imported into the environment. As the security of keys is maintained in an execution environment implementing embodiments of the disclosed systems and methods, users and/or systems may be more willing to consign their keys for use in connection with cryptographic operations performed in such environments.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
This disclosure relates to the analysis of data generated by one or more connected systems and devices. Operational data obtained by one or more connected devices and/or systems, such as a connected thermostat and/or wind turbine system, may be used to detect and/or predict impending failures and/or suboptimal performance. By detecting and/or predicting anomalous system and device performance, various actions may be taken to improve system and device performance and mitigate failure conditions.
This disclosure relates to, among other things, key generation systems and methods. Certain embodiments disclosed herein provide for generation of cryptographic keys based on one or more defined key generation rules. Key generation consistent with various aspects of the disclosed embodiments may increase the difficultly and/or cost of producing public keys and, by extension, discourage the generation of fake keys used in connection with a key flooding attack. In certain embodiments, generated keys and/or associated key generation rules may depend, at least in part, on associated binding data.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
This disclosure relates to systems and methods for performing cryptographic operations in connection with the management of electronic content using multiple license services. In some circumstances, a content service may not wish to share unencrypted content keys with a single license service for a variety of security reasons. Embodiments of the disclosed systems and methods may use multi-party cryptographic methods in connection with the management of protected content keys and/or associated licenses and/or the distribution of content keys and/or licenses to authorized users and/or devices. In various embodiments, a content service may split a content key into a plurality of key shares and may transmit the key shares to a plurality of different license services. The license services may coordinate operations to generate a protected content key without revealing unencrypted content key to any of the participating license services.
09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
(1) Downloadable software for computers and electronic devices used to securely track and manage digital information of the type utilized in the business of the user. (1) Non-downloadable secure web-based decentralized applications for creating safe and secure data exchange and environments to sell, catalog, monetize, protect, manage and monitor digital assets; Computerized authentication services for use in securing daily business activities.
09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
Downloadable software for computers and electronic devices used to track, analyze, distribute, integrate, govern, protect, and/or securely manage digital information. Providing temporary use of non-downloadable secure web-based decentralized applications for creating safe and secure data exchange and environments to sell, catalog, monetize, protect, manage and monitor digital assets; Secure user authentication services for businesses and individuals to securely conduct daily business activities.
56.
Content Rights Management Systems and Methods Using Trusted Ledgers
Embodiments of the disclosed systems and methods may facilitate various rights management and/or digital content operations in connection with a variety of transactions. Various embodiments may leverage non-fungible tokens in connection with content asset management. For example and without limitation, various embodiments provide for the creation of token associated with content assets, secure association of creator, author, and/or other rightsholder information with content assets, creation and/or management of certain business conditions, contracts, and/or agreements associated with content assets, and/or listing of content assets in connection with a marketplace, and/or the like. In some implementations, these operations and/or aspects thereof may facilitate compensation of rights holder(s) associated with content assets.
G06Q 20/36 - Payment architectures, schemes or protocols characterised by the use of specific devices using electronic wallets or electronic money safes
This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
58.
Digital content integrity verification systems and methods
The disclosure relates to, among other things, systems and methods for facilitating the verification of the integrity of digital content. Embodiments of the disclosed systems and methods may provide mechanisms for generating a secure and unambiguous record of the creation and/or modification of digital content and/or other media associated with events. Further embodiments may provide for a ledger configured to capture a record of creation and/or modification actions performed in connection with digital content.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
59.
Connected device information management systems and methods
The disclosure relates to systems and methods for managing data generated by connected systems and/or devices in connection with energy usage and/or management decisions. In certain embodiments, a gateway device in communication with one or more connected devices may be configured to receive energy management signal information and apply one or more policies in connection with the management of the connected devices. Responses generated in connection with such energy management decisions may be reported securely in a manner that respects various stakeholder concerns relating to transparency, confidentiality, privacy, auditability, and/or affirmation of data provenance.
G05B 19/042 - Programme control other than numerical control, i.e. in sequence controllers or logic controllers using digital processors
H02J 13/00 - Circuit arrangements for providing remote indication of network conditions, e.g. an instantaneous record of the open or closed condition of each circuitbreaker in the networkCircuit arrangements for providing remote control of switching means in a power distribution network, e.g. switching in and out of current consumers by using a pulse code signal carried by the network
The disclosure relates to, among other things, systems and methods for mitigating the risks of errors, benign or otherwise, occurring within trusted ledgers and/or for validating the integrity of information provided by operators of trusted ledgers. Consistent with embodiments disclosed herein, trusted agents, which may comprise proxy agents and/or test agents, may be employed to examine ledgers and/or derivatives, which may be meshed with other ledgers, to ensure the integrity of information provided by ledger operators. Ledger meshing techniques are described to link ledgers in a manner that improves the ability to verify ledger entries and/or recover from data faults. Further embodiments provide for tagging processes may be performed to give semantic meaning to hashes included in trusted ledgers.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
The present disclosure relates to systems and methods for facilitating trusted handling of genomic and/or other sensitive information. Certain embodiments may use a virtualized execution environment to execute code and/or programs that wish to access and/or otherwise use genomic and/or other sensitive information. In some embodiments, data requests from the code and/or programs may be routed through a transparent data access proxy configured to transform requests and/or associated responses to protect the integrity of the genomic and/or other sensitive information.
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G16B 20/00 - ICT specially adapted for functional genomics or proteomics, e.g. genotype-phenotype associations
G16B 20/20 - Allele or variant detection, e.g. single nucleotide polymorphism [SNP] detection
G16B 50/00 - ICT programming tools or database systems specially adapted for bioinformatics
G16B 50/30 - Data warehousingComputing architectures
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
G16H 40/63 - ICT specially adapted for the management or administration of healthcare resources or facilitiesICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for local operation
G16H 40/67 - ICT specially adapted for the management or administration of healthcare resources or facilitiesICT specially adapted for the management or operation of medical equipment or devices for the operation of medical equipment or devices for remote operation
The disclosure relates to systems and methods for managing state using relatively small assistance from protected hardware. Obfuscated code segments may communicate with supporting protected hardware, store encrypted state values in main memory, and/or communicate via secure channels to secure platform hardware components. In various embodiments, consistent state may be achieved, at least in part, by computing secure tag information and storing the secure tag information in a secure and/or otherwise protected device register. Consistent with embodiments disclosed herein, the tag information may be used to derive keys used to encrypt and/or decrypt stored state information. Tag information may further be used in connection with verification operations prior to using the information to derive associated keys.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
63.
Digital rights management systems and methods using efficient messaging schemes
This disclosure relates to systems and methods for managing protected electronic content that employ relatively efficient messaging schemes. Rights management architectures that provide end-to-end protection of content keys from their point of origination at a content creator and/or content service to end user devices. Certain embodiments further provide for message protocols where fewer messages are sent in connection with a protected content license request process, thereby reducing latency associated with license request and provisioning processes.
09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
Downloadable software for computers and hand held electronic devices, namely, software development kits (SDK) for use with multiple chipsets or in a computer language for the implementation of applications and client interfaces that allow users to control data access by other internal and external users across multiple platforms Providing temporary use of a secure non-downloadable web application allowing users to control data access by other internal and external users across multiple platforms; Providing a website featuring temporary use of secure non-downloadable software allowing users to control data access by other internal and external users across multiple platform
This disclosure relates to systems and methods for managing data associated with a user using a personalized cloud storage platform operating as a centralized repository for user data generated from a variety of sources and/or user devices. By centralizing the storage and/or management of personal data that would conventionally be confined between multiple information silos, embodiments of the systems and methods disclosed herein may improve the ability of a user to control their personal data, facilitate utilization of their personal data in a variety of ways not offered by services associated with the silos, and/or allow a user to centrally manage their personal data. Further embodiments disclosed herein allow a user to define one or more policies or other rules associated with personal data stored in their personal cloud.
e.g.e.g., hot and/or cold data storage layers) using data merging, deletion, and/or compaction techniques. In certain embodiments, certain data records stored in one or more segment files associated with a partition may be merged into compacted segment files, thereby reducing storage overhead associated with storing prior records that have been updated and/or deleted records. In further embodiments, data record tombstones may be employed in connection with the management of deleted records.
This disclosure relates to, among other things, scalable data processing, storage, and/or management systems and methods. In various embodiments, sequence number schemes associated with ingested data records may allow for improved management of data stored in one or more layers (e.g., hot and/or cold data storage layers) using data merging, deletion, and/or compaction techniques. In certain embodiments, certain data records stored in one or more segment files associated with a partition may be merged into compacted segment files, thereby reducing storage overhead associated with storing prior records that have been updated and/or deleted records. In further embodiments, data record tombstones may be employed in connection with the management of deleted records.
42 - Scientific, technological and industrial services, research and design
Goods & Services
Non-downloadable secure web-based decentralized applications for selling, cataloging, monetizing, protecting, managing and monitoring digital assets in a safe and secure marketplace environment; Secure user authentication services using cryptographic identification and messaging technologies and block chain technology for businesses and individuals to securely conduct daily business activities
This disclosure relates to, among other things, systems and methods for the secure management and verification of data. Certain embodiments disclosed herein provide for a trusted data management platform that may interact with a trusted assertion service to securely record assertion information relating to the generation and/or processing of data managed by the platform. Data consumers interact with the trusted assertion service to authenticate and/or otherwise verify the provenance, chain-of-handling, and/or other information associated with data managed by the trusted data management platform and/or associated data marketplaces.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
This disclosure relates to systems and methods for managing connected devices and associated network connections. In certain embodiments, trust, privacy, safety, and/or security of information communicated between connected devices may be established in part through use of security associations and/or shared group tokens. In some embodiments, these security associations may be used to form an explicit private network associated with the user. A user may add and/or manage devices included in the explicit private network through management of various security associations associated with the network's constituent devices.
09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
Downloadable software for computers and electronic devices used to securely track, analyze, distribute, integrate, authenticate, protect, and securely manage digital information Providing online non-downloadable secure web-based decentralized applications for creating a safe and secure data exchange to sell, catalog, monetize, protect, manage, and monitor digital assets in a safe and secure environment; Secure user authentication services using single sign-on technology, biometric hardware and software technology, and secure processing environments for businesses and individuals to securely conduct daily business activities
09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
Downloadable software for computers and electronic devices used to securely track, analyze, distribute, integrate, authenticate, protect, and securely manage digital information Providing online non-downloadable secure web-based decentralized applications for creating a safe and secure data exchange to sell, catalog, monetize, protect, manage, and monitor digital assets in a safe and secure environment; Secure user authentication services using single sign-on technology, biometric hardware and software technology, and secure processing environments for businesses and individuals to securely conduct daily business activities
This disclosure relates to, among other things, systems and methods for managing electronic content. Certain embodiments disclosed herein provide for a trusted data management platform that may interact with a trusted assertion service and/or a digital rights management service to manage access to and/or use of electronic content. Content creators and/or other content rights holder may register their content and/or associate rights using the trusted data management platform and/or a trusted assertion service and be assured that their content rights are securely managed and respected.
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
This disclosure relates to systems and methods for managing access to data through enforcement of one or more associated rules. In various embodiments, a directory may be used to manage and/or otherwise record various relationships between objects, that may include governed objects such as data sets, and associated rules and rule sets. Access requests involving governed objects may be compared with relevant rules to determine whether the requested access should be allowed and what, if any, restrictions should be applied in connection with such access. Various embodiments of the disclosed systems and methods may allow for a data governance model that is flexible, allows for use across multiple complex organizations, and is highly extensible.
The disclosure relates to, among other things, systems and methods for facilitating the verification of the integrity of digital content. Embodiments of the disclosed systems and methods may provide mechanisms for generating a secure and unambiguous record of the creation and/or modification of digital content and/or other media associated with events. Further embodiments may provide for a ledger configured to capture a record of creation and/or modification actions performed in connection with digital content.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
This disclosure relates to systems and methods for enabling the use of secret digital or electronic information without exposing the sensitive information to unsecured applications. In certain embodiments, the methods may include invoking, by a client application executing in an open processing domain, a secure abstraction layer configured to interface with secret data protected by a secure processing domain. Secure operations may be securely performed on the secret data by the secure abstraction layer in the secure processing domain based on an invocation from a client application running in the open processing domain.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
The disclosure relates to, among other things, systems and methods for facilitating the secure recording of assertions made by entities tied to identities. Embodiments of the disclosed systems and methods may allow users to make non-revocable, difficult to forge, cryptographic assertions tied to their identities through the posting of entries in an immutable ledger. In certain embodiments, a user's cryptographic assertions may be preceded by ledger entries which feature certificates from trusted authorities that tie the keys used for making assertions to the user's identity. Further embodiments provide for a mechanism for disabling further entries posted under a user's key, either automatically or at the user's initiation.
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
The disclosure relates to, among other things, systems and methods for augmenting and/or otherwise supplementing content using watermarks. Consistent with embodiments disclosed herein, a user device such as a smartphone may be used to retrieve watermark information encoded in a watermark. The watermark information may comprise content that supplements an associated content item, link and/or location information that may be used to retrieve supplemental content, and/or the like. In some embodiments, the watermark information may comprise cryptographic and/or other access token information used to decrypt and/or otherwise access supplemental content.
This disclosure relates to, among other things, managing data communicated between systems, services, and/or devices using explicit private networking techniques that provide relatively robust end-to-end security. In some embodiments, explicit private networking techniques may protect data in transit and/or as at rest and/or in use in potentially hostile environments. In various embodiments, an explicit private networking techniques architecture may protect connected device data where and when it is generated by encrypting it and maintaining that protection until it is consumed in a trusted information platform and/or service that uses identity and access management services to identify, authenticate, and/or authorize permissions to read, modify, and/or collaborate with that data and/or control devices and/or issue associated device commands.
This disclosure relates to, among other things, managing data communicated between systems, services, and/or devices using explicit private networking techniques that provide relatively robust end-to-end security. In some embodiments, explicit private networking techniques may protect data in transit and/or as at rest and/or in use in potentially hostile environments. In various embodiments, an explicit private networking techniques architecture may protect connected device data where and when it is generated by encrypting it and maintaining that protection until it is consumed in a trusted information platform and/or service that uses identity and access management services to identify, authenticate, and/or authorize permissions to read, modify, and/or collaborate with that data and/or control devices and/or issue associated device commands.
This disclosure relates to, among other things, scalable data processing, storage, and/or management systems and methods. Certain embodiments disclosed herein provide for a multi-dimensional data storage structure that may facilitate parallel processing of data during both data ingestion and data retrieval and/or access processes involving one or more storage layers In various embodiments, sequence number schemes associated with ingested data records may allow for improved management of data stored in one or more layers (e.g., hot and/or cold data storage layers).
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database systemDistributed database system architectures therefor
82.
Enhanced security systems and methods using a hybrid security solution
This disclosure relates to, among other things, electronic device security systems and methods. Certain embodiments disclosed herein provide for protection of cryptographic keys and/or associated operations using both an operating system security service and a software-based whitebox cryptographic security service executing on a device. Leveraging operating system security services and software-based whitebox cryptographic security services may provide enhanced security when compared to using either service alone to protect cryptographic keys and associated operations. In additional embodiments, server-side cryptographic security solutions may be further used to enhance device security implementations.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
83.
ENVIRONMENT AND LOCATION-BASED DATA ACCESS MANAGEMENT SYSTEMS AND METHODS
This disclosure relates to, among other things, secure data rights management and governance. Certain embodiments disclosed herein provide for a data access control and management architecture that enforces one or more rules, restrictions, and/or configurations in connection with managing access requests to data. In various embodiments, one or more of the enforced rules, restrictions, and/or configurations may articulate access conditions that depend, at least in part, on a source, physical location, and/or an execution environment associated with a data access request. In this manner, data access may be managed and/or governed based, at least in part, on the source, location, system and/or associated environment requesting access to the data.
This disclosure relates to, among other things, secure data rights management and governance. Certain embodiments disclosed herein provide for a data access control and management architecture that enforces one or more rules, restrictions, and/or configurations in connection with managing access requests to data. In various embodiments, one or more of the enforced rules, restrictions, and/or configurations may articulate access conditions that depend, at least in part, on a source, physical location, and/or an execution environment associated with a data access request. In this manner, data access may be managed and/or governed based, at least in part, on the source, location, system and/or associated environment requesting access to the data.
This disclosure relates to, among other things, systems and methods for managing and/or verifying the integrity and/or provenance of digital content and/or media. Embodiments of the systems and methods disclosed herein may provide a mechanism for generating a secure records relating to digital content and/or other media by capturing records relating to creation and/or modification actions performed in connection with digital content and/or media and storing such records in a ledger. Trusted services that examine captured information recorded in trusted databases and/or ledgers and generate derivative information relating to associated content and/or media. When viewing content, trusted content applications may query the trusted service for derivative information relating to the content and/or media, providing users with an indication of the derivative information in connection with content and/or media playback.
The disclosure relates to, among other things, systems and methods for securely managing digital assets, products, and/or associated tokens in a dynamic way. Various embodiments disclosed herein may use trusted ledgers to securely record certain assertions relating to the digital assets, products, rightsholders, and/or various ecosystems participants. Such assertions may be used in connection with rights binding, content packaging, management, and/or protection operations in connection with a variety of transactions associated with digital assets, products, and/or associated tokens.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
87.
Mobile device service systems and methods using device orientation information
This disclosure relates to, among other things, systems and methods for managing the communication of messages between devices using a service system operating as a trusted intermediary. Information indicative of device location and/or orientation may be communicated to the service system, which may use the information to determine whether a transmitting device is oriented and/or otherwise pointed in the direction of an intended receiving device. The trusted service may enforce policy articulated by the receiving device in connection with the communication of a message from the transmitting device to the intended receiving device.
H04W 4/02 - Services making use of location information
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
88.
Cryptographic token rights management systems and methods using trusted ledgers
The disclosure relates to, among other things, systems and methods for securely managing digital assets, products, and/or associated tokens in a dynamic way. Various embodiments disclosed herein may use trusted ledgers to securely record certain assertions relating to the digital assets, products, rightsholders, and/or various ecosystems participants. Such assertions may be used in connection with rights binding, content packaging, management, and/or protection operations in connection with a variety of transactions associated with digital assets, products, and/or associated tokens.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
The disclosure relates to, among other things, systems and methods for securely managing personal information, which may include vaccination and/or other health status information. Aspects of the disclosed embodiments may use trusted ledgers and/or ledger derivatives in connection with managing personal information. Various mechanisms are described which facilitate cooperation and trust between various certification authorities, which may comprise public health authorities, allowing for cross jurisdictional verification of certified personal information.
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
This disclosure relates to, among other things, scalable data processing, storage, and/or management systems and methods. Certain embodiments disclosed herein provide for a data management architecture that allows for more secure storage of enterprise data, making it more secure, usable, and/or interoperable, facilitating data usage across information silos. Further embodiments provide for comprehensive data access authentication and/or authorization functionality between various services included in embodiments of the disclosed architecture.
G06F 17/00 - Digital computing or data processing equipment or methods, specially adapted for specific functions
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
H04L 29/06 - Communication control; Communication processing characterised by a protocol
91.
SYSTEMS AND METHODS FOR SECURELY MANAGING PERSONAL INFORMATION USING TRUSTED LEDGERS
The disclosure relates to, among other things, systems and methods for securely managing personal information, which may include vaccination and/or other health status information. Aspects of the disclosed embodiments may use trusted ledgers and/or ledger derivatives in connection with managing personal information. Various mechanisms are described which facilitate cooperation and trust between various certification authorities, which may comprise public health authorities, allowing for cross-jurisdictional verification of certified personal information.
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
G16H 40/20 - ICT specially adapted for the management or administration of healthcare resources or facilitiesICT specially adapted for the management or operation of medical equipment or devices for the management or administration of healthcare resources or facilities, e.g. managing hospital staff or surgery rooms
G16H 50/80 - ICT specially adapted for medical diagnosis, medical simulation or medical data miningICT specially adapted for detecting, monitoring or modelling epidemics or pandemics for detecting, monitoring or modelling epidemics or pandemics, e.g. flu
92.
DATA MANAGEMENT AND GOVERNANCE SYSTEMS AND METHODS
Trusted, privacy-protected systems and methods are disclosed for processing, handling, and performing tests on human genomic and other information. According to some embodiments, a system is disclosed that is a cloud-based system for the trusted storage and analysis of genetic and other information. Some embodiments of the system may include or support some or all of authenticated and certified data sources; authenticated and certified diagnostic tests; and policy-based access to data.
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G06F 21/10 - Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
G16H 10/40 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for data related to laboratory analysis, e.g. patient specimen analysis
G16B 50/00 - ICT programming tools or database systems specially adapted for bioinformatics
G16B 50/30 - Data warehousingComputing architectures
The disclosure relates to, among other things, systems and methods for mitigating the risks of errors, benign or otherwise, occurring within trusted ledgers and/or for validating the integrity of information provided by operators of trusted ledgers. Consistent with embodiments disclosed herein, trusted agents, which may comprise proxy agents and/or test agents, may be employed to examine ledgers and/or derivatives, which may be meshed with other ledgers, to ensure the integrity of information provided by ledger operators. Ledger meshing techniques are described to link ledgers in a manner that improves the ability to verify ledger entries and/or recover from data faults. Further embodiments provide for tagging processes may be performed to give semantic meaning to hashes included in trusted ledgers.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
This disclosure relates to, among other things, systems and methods for deriving key identifiers and managing mapping between keys and key identifiers. Consistent with embodiments disclosed herein, the disclosed systems and methods may provide a mechanism that allows multiple parties to reconstruct unique identifiers given a set of known inputs that may be used to look up, identify, and/or otherwise access services and/or data objects. In some embodiments, this may allow for a service provider and a rights management service to independently derive key identification information based on information that both entities share (e.g., a content document such as a Content Protection Information Exchange Format document), thereby reducing requirements to maintain such mappings.
G06F 21/10 - Protecting distributed programs or content, e.g. vending or licensing of copyrighted material
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
This disclosure relates to systems and methods for managing data associated with a user using a personalized cloud storage platform operating as a centralized repository for user data generated from a variety of sources and/or user devices. By centralizing the storage and/or management of personal data that would conventionally be confined between multiple information silos, embodiments of the systems and methods disclosed herein may improve the ability of a user to control their personal data, facilitate utilization of their personal data in a variety of ways not offered by services associated with the silos, and/or allow a user to centrally manage their personal data. Further embodiments disclosed herein allow a user to define one or more policies or other rules associated with personal data stored in their personal cloud.
This disclosure relates to systems and methods for managing protected electronic content using proxy reencryption techniques. Rights management architectures are described that may, among other things, provide end-to-end protection of content keys from their point of origination at a content creator and/or content service to end user devices. Proxy reencryption techniques consistent with aspects of the disclosed embodiments may enable transformation of a ciphertext under one public key to a ciphertext containing the same plaintext under another public key. Consistent with embodiments disclosed herein, proxy reencryption processes may be implemented using indistinguishability obfuscation and puncturable public-key encryption schemes, functional encryption, and/or white box obfuscation techniques.
H04L 9/30 - Public key, i.e. encryption algorithm being computationally infeasible to invert and users' encryption keys not requiring secrecy
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
The disclosure relates to, among other things, systems and methods for mitigating the risks of errors, benign or otherwise, occurring within trusted ledgers and/or for validating the integrity of information provided by operators of trusted ledgers. Consistent with embodiments disclosed herein, trusted agents, which may comprise proxy agents and/or test agents, may be employed to examine ledgers and/or derivatives, which may be meshed with other ledgers, to ensure the integrity of information provided by ledger operators. Ledger meshing techniques are described to link ledgers in a manner that improves the ability to verify ledger entries and/or recover from data faults. Further embodiments provide for tagging processes may be performed to give semantic meaning to hashes included in trusted ledgers.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
This disclosure relates to, among other things, systems and methods for managing electronic content. Certain embodiments disclosed herein provide for a trusted data management platform that may interact with a trusted assertion service and/or a digital rights management service to manage access to and/or use of electronic content. Content creators and/or other content rights holder may register their content and/or associate rights using the trusted data management platform and/or a trusted assertion service and be assured that their content rights are securely managed and respected.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
G06F 21/64 - Protecting data integrity, e.g. using checksums, certificates or signatures
The disclosure relates to, among other things, systems and methods for mitigating the risks of errors, benign or otherwise, occurring within trusted ledgers and/or for validating the integrity of information provided by operators of trusted ledgers. Consistent with embodiments disclosed herein, trusted agents, which may comprise proxy agents and/or test agents, may be employed to examine ledgers and/or derivatives, which may be meshed with other ledgers, to ensure the integrity of information provided by ledger operators. Ledger meshing techniques are described to link ledgers in a manner that improves the ability to verify ledger entries and/or recover from data faults. Further embodiments provide for tagging processes may be performed to give semantic meaning to hashes included in trusted ledgers.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system