Some embodiments are directed to an authentication system (100; 101; 102) for computing an authentication token for a service provider to authenticate a user system to the service provider, the authentication system comprising a processor configured to jointly blind with a user system an encrypted user identity and to compute an encrypted identity for the service provider from the blinded encrypted user identity.

Methods aiding in proving shuffles of re-encryptions of ciphertexts and a mixnet employing such methods. A method for compacting ciphertexts includes encrypting a plaintext using an asymmetric key encryption scheme for a ciphertext, dividing the ciphertext into partial ciphertexts, encrypting each of the partial ciphertexts using the asymmetric key encryption scheme to obtain re-encrypted partial ciphertexts, creating hash exponents from a digest of a cryptographic hash function taking the partial ciphertexts, the re-encrypted partial ciphertexts and arbitrary salt values as argument of the cryptographic hash function, calculating a compacted ciphertext by multiplying all of the partial ciphertexts exponentiated by a respective one of the plurality of hash exponents, and calculating a compacted re-encrypted ciphertext by multiplying all of the re-encrypted partial ciphertexts exponentiated by a respective one of the hash exponents.

A system for providing quality of service (QoS) levels to clients requesting credentials from a credential management service is provided. The system includes an application programming interface (API) operable to receive credential requests from each of a plurality of clients, each credential request including a client identifier, and a QoS manager operable to: distribute the credential requests to a corresponding client queue of a plurality of client queues based on the client identifier, select a credential request distributed to the plurality of client queues based on a selection scheme, and transmit the selected credential request to a QoS queue of the credential management service for processing.

A gateway and a method are provided for securely storing (and/or securely retrieving) medical data the method for storing comprising at least steps of: obtaining, in a secure environment, medical data which include patient property data as well as patient identifier data wherein the patient identifier data indicate at least one patient to which the patient property data correspond; generating, in the secure environment de identified medical data by replacing the patient identifier data in the medical data with non-patient-identifying coded identifiers; generating, in the secure environment, a re-identifying database indicating correspondences between the non-patient-identifying coded identifiers and the patient identifier data; generating n encrypted re-identifying database by applying, in the secure environment, at least one symmetric and/or asymmetric encryption method to the re-identifying database; storing the encrypted re-identifying database and the de-identified medical data on a cloud storage outside of the secure environment.

A computer-implemented blockchain-based transaction obfuscation method includes: determining a submission time based on a base time and a submission time interval; determining that no actual transaction information is obtained between the base time and the submission time during the submission time interval; generating false transaction information; cryptographically encoding transaction content in the false transaction information; and subsequent to the submission time, submitting the false transaction information to a blockchain to obfuscate a number of actual transactions in the blockchain.

Methods and systems can prove to an independent verifier that multiple activities registered on decentralized BASE network belong to the same user, without revealing true identity of the user. A selective linkability algorithm provides for linking together activities done under various of user's pseudonyms, without revealing the true user's identity. A reward calculation mechanism calculates a reward based on activities linked using the linking proof. For example, if user can prove that she already successfully completed 10 prior transactions, she might be deemed more valuable to the business making a new offer and hence eligible for a higher reward.

The present disclosure promotes distribution of sensor data among a plurality of business operators. A controller that an information processing system according to the present disclosure includes collects first data including a plurality of items and personal information from mobile bodies belonging to a first business operator. The controller converts the first data to second data not being usable to identify individuals. The controller provides data in a range decided based on content of a predetermined data use contract, among the second data, to a second business operator. The controller calculates a consideration for the data that is to be paid by the second business operator, based on a data use record of the second business operator.

A protocol that is managed by a coordinating network element or third-party intermediary or peer network elements and utilizes tokens prohibits any subset of a union of the coordinating network element or third-party intermediary, if any, and a proper subset of the processors involved in token generation from substantively accessing underlying data. By one approach, processors utilize uniquely-held secrets. By one approach, an audit capability involves a plurality of processors. By one approach, the protocol enables data transference and/or corroboration. By one approach, transferred data is hosted independently of the coordinating network element. By one approach, the coordinating network element or third-party intermediary or a second requesting network element is at least partially blinded from access to tokens submitted by a first requesting network element. By one approach, a third-party intermediary uses a single- or consortium-sourced database. By one approach, network elements provisioned with tokens jointly manage the protocol.

Systems and methods for providing services are disclosed. One aspect comprises authenticating a user associated with a first service, receiving a selection of a second service, generating an opaque identifier associated with the user and the first service, wherein the opaque identifier facilitates the anonymous collection of data relating to the second service. Another aspect can comprise transmitting the opaque identifier to the second service, and receiving data relating to the second service.

Methods, computer-readable media, software, and apparatuses may assist a consumer in deleting personal information held by a data broker. Entities holding the consumer's personal information may be discovered and automated actions for purging or deleting the consumer's personal information may be determined. The methods, computer-readable media, software, and apparatuses may assist the consumer in updating privacy settings associated with accounts at various entities.