It is provided a method, comprising instructing a subscription device to indicate an applied privacy protection to a visited network; instructing the subscription device to provide a protected subscription identifier to the visited network, wherein the protected subscription identifier is based on a permanent subscription identifier protected according to the applied privacy protection.

A method of user data authorization based on blockchain includes: storing, by a first application client, encrypted user data of user data in a blockchain database through a blockchain node, generating authorization information in response to a request of acquiring the user data by a second application client, and notifying the second application client to obtain the authorization information such that the second application client obtains the user data based on the encrypted user data and the authorization information. The encrypted user data is stored in the blockchain database such that the encrypted user data cannot be tampered with and a leak of real user data is prevented. The second application client obtains the user data based on the authorization information and the encrypted user data.

A computer-implemented blockchain-based transaction obfuscation method includes: determining a submission time based on a base time and a submission time interval; determining that no actual transaction information is obtained between the base time and the submission time during the submission time interval; generating false transaction information; cryptographically encoding transaction content in the false transaction information; and subsequent to the submission time, submitting the false transaction information to a blockchain to obfuscate a number of actual transactions in the blockchain.

A system for providing quality of service (QoS) levels to clients requesting certificates from a certificate management service is provided. The system includes an application programming interface (API) operable to receive certificate requests from each of a plurality of clients, each certificate request including a client identifier, a QoS manager operable to distribute the certificate requests to a corresponding client queue of a plurality of client queues based on the client identifier, select, based on at least one of a workflow and a client priority level, one or more of the certificate requests distributed to the plurality of client queues, and transmit the selected one or more certificate requests to a QoS queue of the certificate management service for processing.

A method for processing biometric data performed by a proof entity and a verification entity; the proof entity having a biometric candidate datum, a biometric reference datum, a hash value of the biometric reference datum, a hash value of the biometric candidate datum; the verification entity having only the hash value of the biometric candidate datum; the method including steps of: generation by a data-processing unit of the proof entity of a zero-knowledge proof of the assumption that the biometric candidate datum and the biometric reference datum coincide; transmission to the verification entity of said zero-knowledge proof, the hash value of the biometric candidate datum, and the hash value of the biometric reference datum; verification by a data-processing unit of the verification entity that the zero-knowledge proof is valid, and that the hash value received from the biometric candidate datum corresponds to the one the verification entity has.

One or more implementations of the present specification provide an invoice access method and apparatus based on a blockchain, and an electronic device. The method includes: receiving an access request initiated by an access user for a target invoice by using a client, the target invoice being encrypted and stored in the blockchain; determining, in response to the access request, whether the access user has an authority to access the target invoice; and in response to that the access user has the authority to access the target invoice, invoking decryption logic provided in a predetermined smart contract to decrypt ciphertext data of the target invoice stored in the blockchain, and returning decrypted plaintext data of the target invoice to the client.

The disclosure disclosures a blockchain-based verifiable inter-domain routing validation method, which includes: constructing a blockchain-based verifiable inter-domain routing system consisting of a verifiable inter-domain routing and a routing behavior validation subsystem; constructing, by a sender router R1, a routing behavior validation terminal of an autonomous domain to which the R1 belongs, and the routing validation blockchain system, a routing evidence and a routing evidence validation proposal, validating and endorsing the proposal, determining whether the proposal satisfies an endorsement policy, generating a routing evidence transaction, conducting consensus ordering on the transaction and updating a routing validation blockchain; and constructing, by a receiver router T, a routing behavior validation terminal of an autonomous domain to which the T belongs, and the routing validation blockchain system, a routing request validation message and retrieving whether a routing evidence corresponding to the routing request exists.

Implementations of the present specification provide a blockchain-based transaction method and apparatus, and a remitter device. The method includes: calculating a transaction amount commitment, a first commitment random number ciphertext, a first transaction amount ciphertext, a second commitment random number ciphertext, and a second transaction amount ciphertext; and submitting transaction data to the blockchain, the transaction data including the transaction amount commitment, the first commitment random number ciphertext, the first transaction amount ciphertext, the second commitment random number ciphertext, and the second transaction amount ciphertext, for the transaction amount commitment, the first commitment random number ciphertext, and the first transaction amount ciphertext to be recorded into a remitter account, and the transaction amount commitment, the second commitment random number ciphertext, and the second transaction amount ciphertext to be recorded into a remittee account.

Pseudonym digital certificates (160p) are generated for devices (110/150) by a Pseudonym Certificate Authority (PCA), which communicates with devices via another entity—registration authority (RA)—so that the PCA and RA cannot associate certificates with devices. Each certificate is associated with a public signature key, and with a public encryption key used by PCA to encrypt the certificate to hide it from the RA. Both keys are derived by PCA from a single key. For example, the signature key can be derived from the public encryption key rather than generated independently. However, high security is obtained even when the PCA does not sign the encrypted certificate. Reduced bandwidth and computational costs are obtained as a result. Other embodiments are also provided.

Techniques for providing a real-time service that protects personal data of clients from customer service agents are provided. Customer data that includes personal data indicative of sensitive information of a customer can be received from the customer. The personal data within the received customer data can be detected and a token that does not include the sensitive information of the customer can be generated. The personal data and the generated token can be stored along with data indicating a relationship between the token and the personal data. The personal data in the received customer data can be replaced by the token to form modified customer data. The modified customer data can be provided to a customer service representative. The token within the modified customer data can later be detected and associated with the personal data without revealing the personal data to the customer service representative.