A system and associated methods provide digital identity and strong authentication management services for Internet users. The system includes a central, cloud-based, online service, referred to as a central service, which can manage user accounts. The system also includes dedicated, always-on, always-connected, cryptographically unique devices, referred to as beacons, located within the physical residences of its users. The central service associates each beacon with the residence address of its user by physically sending a unique address verification code by postal mail to the user's residence. The user presents the unique code to the beacon, and the beacon cryptographically confirms its identity and the unique code sent to the residence address back to the central service. The beacons can attest to users' identities and provide seamless strong authentication to third-party online service providers on behalf of those users.

This application relates to a client-server architecture that enables user accounts registered with a service to be discoverable to other users of the service. A discovery protocol includes accessing personal information data stored in an address book of a client device, obfuscating the personal information data, transmitting a request to a service to determine if the obfuscated personal information data matches any potential contacts that have registered as discoverable with the service, and comparing information related to the potential contacts with the contacts included in the address book to determine if the contacts in the address book match any of the potential contacts.

Some embodiments are directed to a categorization system for 100 categorizing a sensitive data field in a dataset, e.g., a disease classification according to the ICD classification. A client device is to obtain categories for one or more records of the dataset. The client device determines categorization data for the categorization. The categorization data comprises homomorphic encryptions of possible values of the sensitive data field and encodings of the categories associated to the respective possible values, thus keeping the categorization secret. A data provider device stores the dataset and determines homomorphic encryption indicating differences between the value of the sensitive data field for a record and respective possible values. A categorization device determines which of those encryptions indicates a match and provides a category encoding associated with a matching possible value to the client device. The client device associates the encoded category to the record.

A method for outsourcing exponentiation in a private group includes executing a query instruction to retrieve a query element stored on an untrusted server by selecting a prime factorization of two or more prime numbers of a modulus associated with the query element stored on the server, obtaining a group element configured to generate a respective one of the prime numbers, generating a series of base values using the prime factorization and the group element, and transmitting the series of base values from the client device to the server. The server is configured to determine an exponentiation of the group element with an exponent stored on the server using the series of base values. The method also includes receiving a result from the server based on the exponentiation of the group element with the exponent.

Examples described herein relate to systems, apparatuses, and methods for using tokens between two entities comprising a client device and a server, including receiving, by the server, a token from the client device, wherein the token is unique to a transaction, deriving, by the server, a server-derived token from the original data based on a transaction count, wherein the transaction count corresponds to a number of times that the original data is involved in transactions, comparing, by the server, the received token with the server-derived token, and responsive to determining that the received token and the server-derived token are same, sending, by the server, a verification message.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for enhancing blockchain network security. Embodiments include generating a request for data from a data source, the request including plaintext data and encrypted data, the encrypted data including access data and a hash of the plaintext data, transmitting the request to a relay system component external to the blockchain network, receiving a result from the relay system component that is digitally signed using a private key of the relay system component, and verifying an integrity of the result based on a public key of the relay system component and a digital signature of the result.

A computer-implemented method includes: determining assets held by a remitter, the assets to be spent in a remittance transaction between the remitter and one or more payees, in which each asset corresponds to a respective asset identifier, a respective asset amount, and a respective asset commitment value; determining a remitter pseudo public key and a remitter pseudo private key; determining a cover party pseudo public key, in which the cover party pseudo public key is obtained based on asset commitment values of assets held by the cover party; and generating a linkable ring signature for the remittance transaction.

A first connected message broadcast from a first vehicle and a second connected message broadcast from a second vehicle is received, each of the first and second connected messages including proof-of-work computed from connected vehicle data regarding a third vehicle. The first and second connected messages are authenticated, responsive to a comparison of the proof-of-work for the third vehicle included in the first connected message and the proof-of-work for the third vehicle included in the second connected message. The connected vehicle data in the first connected message broadcast or second connected message broadcast is utilized for autonomous vehicle operations or driver-assistance vehicle operations, responsive to the proof-of-work being a match.

A system for collecting and managing vehicle-generated data from multiple vehicles are provided. The vehicle-generated data is pseudonymized by pseudonymized identifiers, and the pseudonymized vehicle-generated data is collected and managed by a neutral data server operated by an operator who is independent of vehicle manufacturers. Vehicle manufacturers can reestablish the link of the pseudonymized event data with the vehicle that had generated the event data and the vehicle driver.

Techniques are described for transaction-based read and write operations in a distributed system. In an embodiment, an authorization protocol overlaid onto a transaction to control access to each of the data pools. Using the techniques described herein, the DTRS provides authorization mechanism to ensure that the entity, which hosts the data pool, may only access the data set from an originating entity based at least upon the access rules of the originating entity set for the data set. Additionally, the DTRS's read/write transactions keep the data pools of the DTRS in synch with each other, so each data pool stores the same data sets as another data pool of the DTRS. When a data integrity service of an entity generates a new data entry from a user transaction with a client application, a new write request is generated for the DTRS to which the data integrity service belongs. The DTRS receives the data entry and its metadata from the data integrity service and performs steps to update all data pool of the DTRS, in an embodiment.