Embodiments described herein provide a privacy mechanism to protect user data when transmitting the data to a server that estimates a frequency of such data amongst a set of client devices. One embodiment uses a differential privacy mechanism to enhance a user experience by inferring potential user preferences from analyzing crowdsourced user interaction data. Based on a statistical analysis of user interactions in relation to various features or events, development efforts with respect to application behavior may be refined or enhanced. For example, user interactions in relation to the presentation of content such as content from online sources may be analyzed. Accordingly, presentation settings or preferences may be defined based on the crowdsourced user interaction data.

An anonymous attestation cryptographic protocol is provided for enabling a target (device 4) to attest to a predetermined property of the device without needing to reveal its identity to a verifier (8). When obtaining a credential from an issuer (6) to attest to the predetermined property, the credential is validated by an intermediary device (2) which is a separate consumer electronics device to the target device (4) itself. This allows the relatively processor-intensive calculations required for validating the credential to be performed on a separate device (2) from the device (4) for which the attestation has been made, allowing anonymous attestation protocols to be used for lower powered target devices such as sensors in the internet of things.

An example operation may include one or more of computing historical patterns related to fraudulent attempts from a transaction log, predicting future fraud attempts from public data, correlating the historical patterns and the predicted future fraud attempts, modifying one or more first endorsement policies based on the correlations, preventing modifying one or more second endorsement policies, the one or more second endorsement policies providing read-only access, and adding the modified one or more first endorsement policies to a smart contract.

A temporary EID (TEID) is generated based on an indicator of a hash algorithm, a nonce, and a hash generated using the hash algorithm. The hash is generated based on the indicator, nonce, and EID of a mobile device. The TEID is sent to the mobile network operator to identify the mobile device in lieu of using the device's EID. The TEID is stored in a data store and an eSIM profile for the mobile device is associated the TEID. The mobile device sends to an eSIM server the device's EID over a secure communications channel. The eSIM server generates a hash using the indicator and nonce contained in the stored TEID and the EID of the mobile device. The eSIM server verifies that the generated hash matches the hash contained in the TEID stored in the data store. If the hash matches, the eSIM server sends, to the mobile device, subscription credentials for accessing the mobile network in accordance with the data plan.

Systems and methods are provided for object identifier translation using a key pairs platform in a virtualized or cloud-based computing system. A key pair refers to a pair of identifiers held by an entity. Each key pair includes at least one anonymized object identifier. Advantageously, the key pair system protects privacy and provides anonymity for objects by not disclosing the identity of the objects or the underlying data associated with the objects.

Systems and methods are provided for managing data across a network based on multiple keys assigned to different participants in association with the data. One exemplary method includes identifying, by an originating party, a relying party, identifying data relevant to at least one interaction between the originating party and the relying party, and encrypting the data based on a secret. The method also includes generating a key set based on the secret, where the key set has at least three keys and is structured such that the secret is derivable from at least two of the at least three keys, and disseminating a first key of the key set and the encrypted data to a control party and disseminating a second key of the key set to the relying party.

Improved pseudonym certificate management is provided for connected vehicle authentication and other applications. Temporary revocation of a certificate is enabled. With respect to Security Credential Management Systems (SCMS), linkage authorities can be eliminated without compromising the system security. Other embodiments are also provided.

A dynamic blockchain system includes: at least one complete asset node server, including a complete asset manager and a complete asset storage; a plurality of hash asset node servers, each including a hash asset manager and an asset blockchain and; a dynamic blockchain management server, including a blockchain manager, a representation calculation function, and an asset map with a plurality of map records; and a blockchain management device; such that the dynamic blockchain management server validates a digital asset by lookup in the at least one complete asset node server and by verification of the digital asset by a random sampling in a statistically representative number of hash asset node servers in the plurality of hash asset node servers.

A method for implementing blockchain-based transactions comprises: determining a transaction amount to be remitted from a blockchain account of a remitter into a blockchain account of a receiver, wherein the blockchain account of the remitter records a homomorphic encryption ciphertext of the remitter's balance, the blockchain account of the receiver records a homomorphic encryption ciphertext of the receiver's balance; generating a homomorphic encryption ciphertext of the transaction amount with respect to the remitter and a homomorphic encryption ciphertext of the transaction amount with respect to the receiver; and submitting to the blockchain a transaction for the homomorphic encryption ciphertext of the transaction amount with respect to the remitter to be subtracted from the homomorphic encryption ciphertext of the remitter's balance and for the homomorphic encryption ciphertext of the transaction amount with respect to the receiver to be added to the homomorphic encryption ciphertext of the receiver's balance.

A method for anonymizing user identifiable information to be transmitted outside of a local network includes generating a network entity hash input based on (i) a first MAC address assigned to a client station of the local network, (ii) a second MAC address assigned to the network gateway device of the local network, and (iii) an identifier of a cloud entity of an external network to which data of the client station is to be transmitted. The method further includes generating a hash value output based on the network entity hash input and a random token value using a hashing function, generating an anonymized MAC address associated with the client station based on the hash value output, and transmitting the anonymized MAC address associated with the client station to the cloud entity of the external network.