A distributed private ledger function of a server of a first consortium member receives data representing an alias for one of its customers from the customer and also receives data that represents an alias for a customer of a second member replicated by a distributed private ledger function of a server of the second member to all members of the consortium. Thereafter, the distributed private ledger function of the first member's server identifies a recipient account of the second member's customer based on an account pointer associated with the alias of the second member's customer and initiates a transfer of funds from a source account of the first member's customer corresponding to an account pointer associated with the alias for the first member's customer to the identified recipient account of the second member's customer.

A coordinating network element manages a protocol that prohibits the coordinating network element from substantively accessing data content that, at least in part, underlies received protocol-compliant requests. By one approach, these teachings provide for preventing substantive access to data information that is included within the protocol-compliant request in tokenized form, wherein the tokens are generated using secrets, at least one of which is unavailable to the coordinating network element.

A data collection and analysis method includes applying a first noise step to an original data stream with an original character to generate a first data stream with a first character; and applying a second noise step to the first data stream to generate a second data stream with a second character, wherein a first variation between the original character and the first character is greater than a second variation between the original character and the second character.

A method for conveying auditable information regarding provenance of a product that is cryptographically accurate while retaining complete anonymity of product and participant on a blockchain includes: receiving a product identifier; generating a digital token by applying a hashing algorithm to the product identifier; generating an entry value by applying the hashing algorithm to a combination of an event identifier and the digital token; generating a digital signature by digitally signing a data package using a private key of a cryptographic key pair, where the data package includes at least a blockchain address, the event identifier, and the digital token; and transmitting the blockchain address, the digital signature, and the entry value to a node in a blockchain network.

A device, system and method for privacy enhanced proximity detection by secure collaboration between a first party without access to user locations and a second party without access to a target user identifier. The second party may receive from the first party a homomorphic encryption public key and homomorphic encrypted target user identifier or masked target location, and may determine an associated homomorphic encrypted target user location. The second party may search a homomorphically encrypt database of user locations and associated user identifiers for homomorphic encrypted proximate user identifiers associated with homomorphic encrypted user locations proximate to the homomorphic encrypted target user location. The second party may send the first user the search result of homomorphic encrypted proximate user identifiers to be decrypted by the first party with a private key to identify proximate user identifiers without knowing their locations.

According to some embodiments, systems and methods are provided for revoking one or more of a plurality of entities in a vehicular public-key infrastructure. The systems and methods balance privacy and efficiency by distributing activation codes according to various approaches, including a direct request approach, a fixed-size subset approach, and a variable-size subset approach.

Methods, systems, and apparatus, including a method for determining network measurements. In some aspects, a method includes receiving, by a first aggregation server and from each of multiple client devices, encrypted impression data. A second aggregation server received from each of at least a portion of the multiple client devices, conversion data that includes, for each conversion recorded by the client device, encrypted conversion value data. The first aggregation server and the second aggregation server perform a multi-party computation process to decrypt the encrypted impression data and the encrypted conversion data.

Methods, systems, and apparatus, including a method for determining network measurements. In some aspects, a method includes receiving, by a first aggregation server and from each of multiple client devices, encrypted impression data. A second aggregation server receives, from each of at least a portion of the multiple client devices, encrypted conversion data. The first aggregation server and the second aggregation server perform a multi-party computation process to decrypt the encrypted impression data and the encrypted conversion data. Each portion of decrypted impression data and each portion of decrypted conversion data is sent to a respective reporting system.

A method for learning a shared machine learning model while preserving privacy of individual participants is provided. The method includes: receiving, from each of a group of users, an encrypted user input; when a number of user inputs is greater than or equal to a threshold, transmitting, to each user, a list of the group of users; receiving, from each user, a message indicating a mutual agreement regarding a shared secret among the group; and when a number of received messages indicating the mutual agreement is greater than or equal to the threshold, determining information about the shared machine learning model by combining the received encrypted user inputs. The shared machine learning model facilitates a secure multi-party computation of a function that generates an updated version of the shared machine learning model.

A facility for performing accurate and real-time privacy-preserving biometrics verification in a client-server environment is described. The facility receives the user's biometrics data such as face, voice, fingerprint, iris, gait, heart rate, etc. The facility then processes and applies various privacy-preserving techniques to this data to complete enrollment and authenticate users, including but not limited to: encrypting data with a key using homomorphic encryption techniques and sending the encryption to the server; the server computes directly on the encryption and returns the result, which is also encrypted under the same key, to the client; the client optionally performs post-processing and decryption (in any order) and obtains the enrollment or authentication result. The facility may repeat this process to increase security level, resulting in more than 1 round trip between the client and the server. Lastly, the facility employs methods that generalize to other privacy-preserving applications beyond biometrics verification.