A key master service capable of operating on a service provider in a network enables is disclosed. The key master enables authorized parties to securely exchange client information without compromising client security. One feature of the key master service is the generation of a unique key for each client. All parties in an authorized universe access, exchange and modify client information by referencing the universal key, rather than using known client identifiers. Client information is further secured by advantageously applying an obfuscation function to the data. Obfuscated client information is stored together with the universal key as keyed client data at the client and/or server, where it may be directly accessed by the service provider or third parties. Because client information is stored and exchanged without the ability to discern either the client identity or the nature of the information, such information is secured against malicious third-party interception.

To address the requirements described above, this document discloses a system and method for performing an action on at least one resource node of a hierarchical organization of resource nodes is disclosed. The system utilizes an external Identity Provider that provide more flexible authentication and authorization services, and leverages such services with secure server such as an on-line data signing service to provide flexible permission management.

A device implementing a system for using a verified claim of identity includes at least one processor configured to receive a verified claim including information to identify a user of a device, the verified claim being signed by a server based on verification of the information by an identity verification provider separate from the server, the verified claim being specific to the device. The at least one processor is further configured to send, to a service provider, a request for a service provided by the service provider, and receive, from the service provider and in response to the sending, a request for the verified claim. The at least one processor is further configured to send, in response to the receiving, the verified claim to the service provider.

Disclosed are an electronic device and a method of performing digital key provisioning of an electronic device. The electronic device according to an embodiment includes a communication unit, a memory that stores programs and data for performing digital key provisioning, and a processor configured to, by executing the programs stored in the memory, perform device authentication on a target device by performing short-range communication with the target device, identify a digital key service access right of the target device through a server by obtaining user information, and control generation and storing of a digital key in response to a digital key generation request from the target device.

A system and method of establishing a resource provider as a trusted listing are disclosed. The method includes receiving, by a directory server computer, an indication from a user that a resource provider is trusted. The directory server computer is programmed to provide a first level of authentication. The method then includes storing, in a database, data representing the indication from the user that the resource provider is trusted. The method then includes receiving an authentication request message from the user conducting an interaction at the resource provider computer and determining that the data representing the indication from the user that the resource provider is trusted is present. In response to determining, the method includes providing a second level of authentication to the user before the user is allowed to complete the interaction. The second level of authentication is lower than the first level.

An electronic device and an operating method of an electronic device are provided. The electronic device receives, from a first server, access information about a second server for accessing the second server, receives access information about a third server from the second server accessed based on the access information about the second server, in response to a service connection request using the third server of an application, checks the validity of the application based on data for verifying the validity of the application included in the access information about the third server, and performs the service by accessing the third server based on the result of identifying the validity of the application.

A content server may receive from a user device a request for a content asset and may send to the playback device a permit for accessing the content asset. The permit may be used by the content server in order to enforce a concurrency restriction, or a number of concurrent playbacks of one or more content assets desired or permitted by the playback device. In response to receiving a request for a content asset segment associated with a content asset, the content server may determine whether the number of permits currently granted to the playback device exceeds the number of desired or permitted accesses by the playback device, or a group of playback devices, to the content asset or one or more content assets. If so, then the content server may discontinue sending to the playback device any further content asset segments associated with that content asset.

The present embodiments relate generally to systems and methods for securing operation of an ultrasound scanner for use with a multi-use electronic display device. In some embodiments, the multi-use electronic display device can control whether the ultrasound scanner is permitted to generate ultrasound image data for display based on an institution affiliation status of the ultrasound scanner retrieved from a server. In some embodiments, the multi-use electronic display device can control whether the ultrasound scanner is permitted to generate ultrasound image data for display based on whether a digital certificate provided by a server is successfully validated.

Techniques described herein are directed to proxies configured to handle identity and access management for a web application. For instance, a first proxy receives requests to the application from a browser. The first proxy redirects the browser to an identity endpoint, which prompts the user to enter authentication credentials for the application. Upon successful authentication, the endpoint provides an access token for accessing web APIs to the first proxy. The first proxy provides the token to a second proxy, which stores the token. The second proxy receives anonymous API calls from the web application to the web APIs. When receiving an anonymous API call, the second proxy obtains the token and inserts it into an outgoing request to the API. Responsive to the API returning a message indicating that the token is invalid, the second proxy communicates with the first proxy to obtain a new token from the endpoint.

The present disclosure relates generally to data access control solutions. In particular, techniques are provided to implement a secure and distributed file storage scheme and in particular, a managed access system using a blockchain. In some aspects, a process of the disclosed technology includes operations for associating a first key share with a first copy of a file, wherein the first copy of the file is stored by a first party, associating a second key share with a second copy of the file, and recording versioning information corresponding with the file on a distributed ledger accessible by the first party and the second party. In some aspects, the process can further include operations for managing access to the file using the first key share and the second key share. Systems and machine-readable media are also provided.