Systems and methods for managing data stream identity are provided. Ownership information regarding a data stream may be analyzed to identify at least one owner. The data stream may be filtered to identify at least one portion that is associated with the identified owner. A unique identifier may be assigned to the identified portion. The identified portion may be stored in memory in association with the assigned unique identifier and information regarding the identified owner. Access to the identified portion may be controlled based on settings set by the identified owner.

The system can be for the management of access authorization using an immutable ledger comprising and can include a server having a computer readable medium in communications with an immutable ledger. A set of computer readable instructions can be included in the server and can be configured for: receiving a set of data, encrypting the set of data with a data-encryption-key and storing the encrypted data on the immutable ledger, creating a key tree having a node associated with a user, creating a key-encryption-key associated with the node and the user, and, distributing the key-encryption-key to the user wherein the key-encryption-key is configured to decrypt the data-encryption-key thereby providing access to the data for the user.

The present disclosure relates generally to systems and methods for content authentication. A method can include receiving from a sender system transmitted content (C) and appended content, the appended content including a digital signature associated with the content (C) and a hash tree (“SHT”) associated with the content (C), generating with a signature engine a hash tree (“RHT”) from the content (C), cryptographically verifying the received digital signature to generate a resultant hash value, comparing the resultant hash value to the second hash value of the second root node, determining that the second hash value of the second root node does not match the resultant hash value, identifying a potentially corrupted portion of content (C) via comparison of at least some of the plurality of first nodes of SHT to corresponding second nodes of RHT, and indicating that the digital signature could not be verified.

Some embodiments provide a method for an electronic device. The method receives, through a communication address, an invitation to access a shared data asset via a cloud services platform. When the communication address is not associated with any account on the cloud services platform, the method identifies whether the device is associated with a cloud services account. When the device is associated with a cloud services account, the method prompts for input of a password for the cloud services account in order for the communication address to be associated with the cloud services account and for access to be enabled to the shared data asset.

A method of organizing an end-to-end encrypted online meeting for a group of members including a creator. The method includes: maintaining, by each member in the online meeting including the creator, a group tree from which is derivable a group key required for communication between members in the online meeting; accessing, by the creator, a key package associated with a member of the group; adding to the online meeting, by the creator and based on the key package, the member associated with the key package; updating, by the creator, the group tree maintained by the creator; generating, by the creator and based on the updated group tree, one or more encrypted secret keys required for deriving the group key; and transmitting, by the creator and via a server, the updated group tree and the one or more encrypted secret keys to each other member in the online meeting.

The disclosed embodiments provide a distributed transaction system including a group of validator nodes that are known to each other in a network but are indistinguishable to other network nodes. The validator nodes form a Committee including a Leader node and one or more Associate nodes configured to receive and process transaction requests and candidate requests, for example, to add new blocks to one or more blockchains. The Committee may be dynamically changed, such that new network nodes may be added to the Committee or may replace existing validator nodes. The Associate nodes also may coordinate with each other to select a new Leader node. The system may allow multiple request-fulfillment process to run simultaneously, thereby enhance the efficiency of the system. The disclosed embodiments reduce the distributed system's reliance on the stability of any particular node(s) in the network, as the validator nodes in the Committee may be changed at a sufficient frequency to remove unreliable, unavailable, or otherwise untrusted nodes. Further, the disclosed embodiments provide a scheme that helps ensure the Leader node, as well as the other Committee members, functions properly.

Techniques for provisioning a key server to facilitate secure communications between a web server and a client by providing the client with a first data structure including information on how the web server may obtain a target symmetric key are presented. The techniques can include: provisioning the key server with a second data structure including information on how the key server may generate the first data structure; receiving a request on behalf of a web server for a third data structure comprising information on how the client may obtain the first data structure from the key server; and obtaining the third data structure, such that the third data structure is published in association with an identification of the web server, and such that the client uses the third data structure to obtain the first data structure and uses the first data structure to communicate with the web server.

Technologies for secure collective authorization include multiple computing devices in communication over a network. A computing device may perform a join protocol with a group leader to receive a group private key that is associated with an interface implemented by the computing device. The interface may be an instance of an object model implemented by the computing device or membership of the computing device in a subsystem. The computing device receives a request for attestation to the interface, selects the group private key for the interface, and sends an attestation in response to the request. Another computing device may receive the attestation and verify the attestation with a group public key corresponding to the group private key. The group private key may be an enhanced privacy identifier (EPID) private key, and the group public key may be an EPID public key. Other embodiments are described and claimed.

An encryption scheme is provided in which subset-difference lists are generated by blacklisting subsets corresponding to compromised devices and splitting subset difference lists corresponding to the blacklisted subsets into multiple subset difference lists. In some embodiments, a subset-difference tree is generated. The subset-difference tree includes a plurality of subsets. The subset-difference tree covers a plurality of nodes. Each of the plurality of subsets has an apex node among the plurality of nodes. At least one blacklisted node of the plurality of nodes is determined. A first subset among the plurality of subsets is identified that covers the at least one blacklisted node. A plurality of substitute subsets is determined. Each of the plurality of substitute subsets overlaps the first subset and does not cover the at least one blacklisted node. The plurality of substitute subsets are substituted for the first subset.

Space-efficient methods of defining a key allocation scheme within a broadcast encryption system are provided. In some embodiments, a descriptor is received. The descriptor includes a plurality of subset definitions and a plurality of pointers. A data segment is resolved from each of the plurality of pointers. The resulting data segments are assembled into a plurality of variant definitions. A media key block is generated from the plurality of subset definitions and the plurality of variant definitions.