A method comprising: storing, in a database, a list of geographical regions in which the party consents to their data being stored; receiving a request to store data of the party, wherein at least one of the data has a region-restriction that restricts the regions in which that data can be stored; determining, based on a respective region-restriction of a respective one of the data, in which of the list of regions the respective data can be stored; storing the data, wherein each respective data is stored in at least one respective storage centre associated with one of the regions according to the determination; storing, in the database, a list comprising a pointer to each respective stored data, wherein the pointer identifies the respective storage centre; receiving a request to retrieve a respective stored data; and using the pointer to route the request to the respective storage centre.

A virtualized network function included in a mobile communication network may be capable of performing validation of sensor data. The sensor data may be generated by one or more sensors monitoring a tangible asset that is being transported between geographical locations. The sensor data may be received by the virtualized network function from an Internet-enabled device in communication with the mobile communication network. In some cases, a contract management application included in the virtualized network function may validate the sensor data based on one or more compliance thresholds describing a shipment condition of the tangible asset. Based on determining whether the sensor data indicates a compliant shipment condition for the tangible asset, the contract management application may modify a contract associated with the tangible asset.

A computing device supports the use of multiple different authenticators for a user to unlock his or her computing device and access his or her user account. An authenticator refers to something that the user knows or has that can be compared to known authentication data in order to authenticate the user. In one or more embodiments, the behavior of the computing device varies for different authenticators by displaying user-selectable content in different visibility modes based on which authenticator is used to authenticate the user. In one content visibility mode content is fully visible on the computing device display screen, whereas in another content visibility mode content visibility on the computing device display screen is reduced. Additionally or alternatively, the behavior of the computing device varies for different authenticators by using different authenticators for different contexts of the computing device.

Methods, systems, and apparatus for risk mitigation for a cryptoasset custodial system include transmitting an endorsement request for a cryptoasset transaction to a user device configured to cause the user device to prompt a user to endorse the cryptoasset transaction. Multiple data points are collected from mobile devices associated with the user. The data points indicate an identity of the user. A cryptographic endorsement of the cryptoasset transaction is received from the user device. A graphical visualization including a risk metric is generated based on the data points. The risk metric indicates a risk of accepting the cryptographic endorsement from the user device. Generating the graphical visualization includes determining whether the plurality of data points matches expected values.

In an authentication method, a wireless communication is established between a mobile device and a wearable device. A proximity is detected between the mobile device and the wearable device by comparing mobile device position information and wearable device position information. Access to the mobile device is granted based on a detected proximity.

Embodiments relate to a computer system, computer program product, and method to prevent unauthorized file dissemination and replication. A file parameter is defined, with the defined file parameter including a file dissemination characteristic. The file is encoded with the defined file parameter as file metadata. Dissemination and replication of the file is managed responsive to the encoded file parameter. The defined parameter is assessed along with a physical replication destination. The file is selectively replicated or transmitted responsive to the file parameter and the destination assessment.

A first entity may provide a request to transmit data from the first entity to a second entity. The first entity may receive a session key from the second entity in response to the request where the session key is encrypted by a second key that is based on a combination of a public key and a location associated with the second entity. A location associated with the first entity may be identified. Furthermore, a first key may be generated based on a combination of the location associated with the first entity and a private key that corresponds to the public key. The first key may decrypt data encrypted by the second key when the location associated with the first entity corresponds to the location associated with the second entity.

Embodiments of systems and methods for implementing data sovereignty safeguards in a distributed services network architecture are disclosed. Embodiments of a distributed services system may have a number of distributed nodes that each implements a set of services. When a user requests a service at a particular node of a distributed services system, the node is configured to determine if that node is not (or is) data sovereign for a region associated with the user. If the node is not data sovereign for the user's region, the user may be directed to a corresponding service at a node of the distributed service system that is data sovereign for the user's region.

A method of sharing encrypted data includes, by an electronic device, receiving a password from a user to perform an action, receiving a salt value, generating a user key using the password and salt value, receiving an encrypted key location identifier value, decrypting the encrypted key location identifier value to obtain a key location identifier, receiving an encrypted read token value, decrypting the encrypted read token value using the user key to obtain a read token value, and transmitting the read token value and the key location identifier to a server electronic device.

Systems and methods for verifying an identity of a first user involves receiving, at a server, a request from a communicatively coupled device of a second user to access information of the first user. The request includes information retrieved from a passive communication device associated with the first user and location information of the communicatively coupled device. In response, a location of an authenticated mobile device of the first user is determined, and when a location match is present, the identity of the first user is confirmed to the second user, and the second user is permitted to provide input into an account of the first user, such as for rating and reporting the performance of the first user. When a location match is not present, a message is transmitted to the second user indicating the identity of the first user is not confirmed and instructions provided to take action.