A client computing system inserts selected advertising into digital content. Ads may be inserted into content based on a dynamic advertising matching process that is securely implemented within a hardware-based root of trust. User profiles used in ad matching may be privacy protected and maintained with confidentiality protection in the client computing system and/or a service provider server, respectively. When a client computing system makes a request to the service provider server for content with specified ad slots, the request may be made with the client's EPID signature, which is inherently privacy protected. The hardware-based root of trust protects insertion of selected ads into the linear rendering flow of the content.

Methods and apparatus are disclosed for enabling digital content from a content provider (12, 5 14) to be provided via a communication network (10) from intermediate digital content stores (16) to user-devices (18). According to one aspect, the method comprises the content provider (12, 14) providing digital content encrypted using a cryptographic encryption key to an intermediate digital content store (16), the cryptographic encryption key being a public key of a key-pair and having an associated private key. In response to a request from a user-device (18) to the content provider (12, 14) for the digital content, a cryptographic session key is shared between the content provider (12, 14) and the requesting user-device (18). The content provider (12, 14) provides to the intermediate digital content store (16) the cryptographic re-encryption key and indications of the requested digital content and of the user-device (18).

A device configured to obtain a first graphical code that represents a public encryption key for an organization and to extract the public encryption key for the organization from the first graphical code. The device is further configured to obtain a second graphical code that represents a digital document comprising data and a digital signature that was signed using a private encryption key for the organization. The device is further configured to extract the digital document from the second graphical code and to validate the second graphical code using the public encryption key for the organization. The device is further configured to determine the second graphical code passes validation using the public encryption key for the organization and to store the digital document in a digital document repository.

The disclosure is directed to providing content access control in information centric networking (ICN) networks. Methods and systems include hardware and/or software that perform operations for sending to a content provider of an ICN network an access request for content in response to receiving a first content request from a client. The operations also include receiving from the content provider access control information for the content. The operations further include sending to the client a challenge. Additionally, the operations include receiving from the client an authorization of the content provider that includes information obtained by the client from the content provider based on the challenge. Furthermore, the operations include verifying the authorization received from the client using the access control information received from the content provider. Moreover, the operations include sending to the client the content.

A file is created in which digital data and a certificate are integrated and content authentication for the digital data and the certificate are performed simultaneously. A data authentication device (1) is provided with: an original data receiving means which is communicably connected to a user terminal (2) and a timestamp provision device (3), and receives original data to be authenticated from the user terminal (2); an intermediate file creation means which creates an authentication file corresponding to the original data, and attaches the actual original data to the authentication file to create an intermediate file; a timestamp request means which transmits the intermediate file to the timestamp provision device (3); a date/time security information acquisition means which receives from the timestamp provision device (3) date/time security information containing date/time information and a hash value for the intermediate file; an authenticated file creation means which embeds the received date/time security information in the intermediate file and creates an authenticated file; and an authenticated file transmission means which transmits the authenticated file to the user terminal (2)

A trusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure.

Portion- or tile-based video streaming concepts are described.

Systems, methods, and devices of the various embodiments disclosed herein may provide a protocol and architecture for decentralization of content delivery. Various embodiments may provide a client based method for content delivery from content delivery networks (CDNs) via tiered caches of content hosted by Internet Service Providers (ISPs). In various embodiments, content delivery protocol (CDP) messages may enable clients to discover local cache network topologies and request content from a CDN based on a discovered local cache network topology. In various embodiments, security may be provided for the content delivery by the use of key encryption and/or file hashing.

The present disclosure relates to a method for sharing encrypted data comprising encrypting first data with at least one first attribute. The first attribute satisfies a first access policy of a first cryptographic key to enable one or more first users holding the first cryptographic key to decrypt the encrypted first data using the first cryptographic key. The method also comprises encrypting second data with at least one second attribute of the second data. The method further provides for generating a second cryptographic key based on a second access policy including at least one logical connective of the first attribute and the second attribute for decrypting the encrypted first data and the encrypted second data using the second cryptographic key and providing the second cryptographic key to one or more second users to enable the second users to decrypt the encrypted first data and the encrypted second data.

A confidentiality preserving system and method for performing a rank-ordered search and retrieval of contents of a data collection. The system includes at least one computer system including a search and retrieval algorithm using term frequency and/or similar features for rank-ordering selective contents of the data collection, and enabling secure retrieval of the selective contents based on the rank-order. The search and retrieval algorithm includes a baseline algorithm, a partially server oriented algorithm, and/or a fully server oriented algorithm. The partially and/or fully server oriented algorithms use homomorphic and/or order preserving encryption for enabling search capability from a user other than an owner of the contents of the data collection. The confidentiality preserving method includes using term frequency for rank-ordering selective contents of the data collection, and retrieving the selective contents based on the rank-order.