Methods and systems for performing on demand access transactions are disclosed. In one example, the method includes receiving, by a directory service computer from an authorizing computer, a file including a primary access identifiers and virtual access identifiers, the virtual access identifiers not being capable of being used at resource providers to conduct transactions. The method also includes receiving a request to provide an access token that is associated with an account, the request comprising information that identifies the account. The method further includes retrieving a virtual access identifier based on the identifying information; and requesting, by the directory service computer to a token service computer, that the access token be provisioned on the user device or an application computer associated with an application on the user device.

Cryptographic authentication is described to improve security in connected vehicle systems and other applications. Identity Based Cryptography and threshold cryptography are among techniques used in some embodiments.

Methods, systems, and techniques for private identity verification involve obtaining a cryptographically secure commitment that is generated using a first user identifier and a private user identifier associated with the first user identifier; receiving, from an identity verification system, initial zero knowledge proof messages comprising the commitment; sending, to the identity verification system, a set of cryptographically secure known identifier commitments generated using a set of private user identifiers; receiving, from the identity verification system: (i) a zero knowledge proof response generated using the zero knowledge proof challenge; and (ii) proof that the private user identifier used in the initial zero knowledge proof messages comprises part of the set of private user identifiers; and verifying that the private user identifier used in the initial zero knowledge proof messages comprises part of the set of private user identifiers.

A method for confirming a blockchain transaction utilizing output from a transaction still waiting inclusion in a blockchain includes: storing, in a node of a blockchain network, a plurality of waiting blockchain transactions not included in a blockchain associated with the blockchain network; receiving a new blockchain transaction including a transaction amount, destination address, digital signature, and an unspent transaction output, where the unspent transaction output is a reference to one waiting blockchain transactions; validating the new blockchain transaction including confirmation of the one of the waiting blockchain transactions; generating a new block including a block header and a plurality of blockchain data entries including at least the new blockchain transaction and the one of the waiting blockchain transactions; and transmitting the generated new block to a plurality of additional nodes in the blockchain network for confirmation.

When a third party wants to redeem a user's personally identifiable information (PII), the third party presents to the system a token representing the PII, which indicates a request for the PII. The system seeks consent from the user for sending the PII to the third party. If the user grants consent, then the system prepares the PII for the third party. In some embodiments, the third party can initiate a telephone call with a dispatch to receive the PII. In some embodiments, the third party can receive the PII directly from the system.

Secure auditability of monitoring processing using public ledgers that are particularly useful for monitoring surveillance orders, whereby an overseeing enforcer (“E”) checks if law enforcement agencies and companies are respectively over-requesting or over-sharing user data beyond what is permitted by the surveillance order, in a privacy-preserving way, such that E does not know the real identities of the users being surveilled, nor does E get to read the users' unencrypted data. Embodiments of the present invention also have inbuilt checks and balances to require unsealing of surveillance orders at the appropriate times, thus enabling accounting of the surveillance operation to verify that lawful procedures were followed, protecting users from government overreach, and helping law enforcement agencies and companies demonstrate that they followed the rule of law.

An apparatus and method for selectively revealing user data. User data may be stored on an immutable sequential listing and accessed through the immutable sequential listing. Processor of apparatus is configured to receive user-associated data to be stored in a resource data storage system. Processor is configured to sort the user-associated data into data sets and assigned an identifier to each data set. Identifier may be related to job history, education history, volunteer history, or the like. Processor is configured to receive a request to reveal data from a third-party and transmit data set to the requestor. Third party and data in data sets may be verified and validated.

Disclosed are methods, systems, and computer-readable medium to perform operations including: generating a font that includes a plurality of glyphs for characters of a language; generating a plurality of duplicate glyphs for the characters, wherein each duplicate glyph is associated with: (i) a respective letterform representing one of the characters, and (ii) a respective glyph code; swapping the respective letterforms of the plurality of duplicate glyphs such that the respective letterforms are mismatched with the respective glyph codes; designating the plurality of duplicate glyphs as a scrambling font style of the font; and providing a representation of the font for output on a graphical user interface (GUI) displayed on a display device.

A radio frequency (RF) communication that is transmitted by a subscriber device to a base station of a wireless carrier network on a corresponding allocated communication frequency of the wireless carrier network is monitored. A device identifier of the subscriber device is extracted from the RF communication and sent to a core network of the wireless carrier network for an indication of whether a subscriber associated with the subscriber device is eligible to access a resource. In response to receiving a notification from the core network that the subscriber is eligible to access the resource, whether the subscriber device with the device identifier is permitted to access the resource is determined based at least on device access information stored in an access control database of the device. The subscriber device is granted access when the device access information indicates that the subscriber device is permitted to access the resource.

A node includes processing circuitry configured to encrypt first network data including a first tenant identifier using a first cryptographic key to generate first encrypted data and anonymize the first encrypted data to generate anonymized data where the anonymizing of the first encrypted data includes segmenting the first encrypted data and the anonymizing of the first encrypted data preserving relationships among the first network data associated with the first tenant identifier, encrypt the anonymized data using a second cryptographic key to generate encrypted anonymized data, transmit the encrypted anonymized data, at least one analysis parameter, at least one security policy and instructions to analyze the encrypted anonymized data using the at least one analysis parameter, the at least one security policy and the second cryptographic key, receive analysis data resulting from the analysis of the encrypted anonymized data, and determine verification results from the received analysis data.