A method includes receiving a plurality of data sets. Each data set includes a customer identifier field specifying a unique customer identifier associated with each entry in each data set. The plurality of data sets includes a first group of data sets and a second group of data sets. The method further includes storing the plurality of data sets, and generating a key map including the customer identifier field including unique customer identifiers of the first group of data sets of the plurality of data sets, and an anonymous identifier field including unique anonymous identifiers. Each anonymous identifier corresponds to a customer identifier of the key map. The method further includes replacing each unique customer identifier in the second group of data sets with the corresponding anonymous identifier.

Implementations of this specification provide a method and apparatus for transaction scheduling in a blockchain. An example method performed by a node in the blockchain includes receiving a first privacy transaction, and determining a data volume of the first privacy transaction; determining a first summation value by adding the data volume of the first privacy transaction to a data volume of all privacy transactions in a buffer queue, and adding the first privacy transaction to the buffer queue; receiving a second privacy transaction, and determining a data volume of the second privacy transaction; determining a second summation value by adding the data volume of the second privacy transaction to a data volume of all privacy transactions in the buffer queue, and packaging all privacy transactions in the buffer queue and transferring the packaged privacy transactions into a trusted environment; and adding the second privacy transaction to the buffer queue.

A computer-implemented information protection method comprises: obtaining a plurality of encrypted transaction amounts associated with transactions among a plurality of accounts, wherein each of the encrypted transaction amounts is associated with one of the accounts that sends or receives one of the transaction amounts, and the encryption of each of the transaction amounts at least conceals whether the one account sends or receives the one of the transaction amounts; generating a sum proof based on the obtained encrypted transaction amounts, the sum proof at least indicating that the transaction amounts are balanced; and transmitting the encrypted transaction amounts and the sum proof to one or more nodes on a blockchain network for the nodes to verify the transactions.

A network device that includes a memory operable to store a set of anonymization rules and a distributed ledger comprising information for a private blockchain and a semi-private blockchain associated with the user. The network device further includes an information security engine implemented by a processor. The information security engine is configured to receive data from one or more user devices and to store the data in the private blockchain. The information security engine is further configured to determine a data classification type for the data, to determine to anonymize the data based on the data classification type, to anonymize the data in accordance with the set of anonymization rules, and to store the anonymized data in the semi-private blockchain.

A method allowing a user confidentially to query a server including a database. The user builds, from an index of a desired entry, a vector encrypted by a homomorphic probabilistic cryptosystem, and transmits a request having the vector as an argument to the server. The server performs a scalar product between the vector of entries of the database and returns the result to the user. The user decrypts the scalar product to obtain the desired entry. The method can be used for example for querying a location-based service and for navigation by concealed routes.

Sensitive data may be anonymized for use in user interfaces by applying a cryptographic hash function to the data. The hashed value may be broken into hash tokens and the hash tokens converted to human readable tokens using a 1:1 conversion function. The human readable tokens can then be concatenated together to provide a human readable identifier of the sensitive data.

Methods and systems for performing on demand access transactions are disclosed. In one example, the method includes receiving, by a directory service computer from an authorizing computer, a file including a primary access identifiers and virtual access identifiers, the virtual access identifiers not being capable of being used at resource providers to conduct transactions. The method also includes receiving a request to provide an access token that is associated with an account, the request comprising information that identifies the account. The method further includes retrieving a virtual access identifier based on the identifying information; and requesting, by the directory service computer to a token service computer, that the access token be provisioned on the user device or an application computer associated with an application on the user device.

In a computer-implemented method for providing obfuscated data to users, first, a user request to access data is received; then, an authorization level associated with the request received is identified. Next, obfuscated data is accessed in a protected enclave, which data corresponds to the request received. The data accessed has been obfuscated with an obfuscation algorithm that yields a level of obfuscation compatible with the authorization level identified. Finally, the obfuscated data accessed is provided to the user, from the protected enclave. Related systems and computer program products are also disclosed.

Permissioned blockchains with off-chain storage establish integrity and no-later-than date-of-existence for documents, leveraging records containing hash values of documents. When a document's integrity or date is challenged, a new hash value is compared with a record in the blockchain. Proving date-of-existence (via hash value in a publication and/or SMS) for the block containing the record establishes no-later-than date-of-existence for the document. Permissioning monetizes operations, enforcing rules for submission rights and content, thereby precluding problematic material (privacy, obscenity, malicious logic, copyright violations) that threatens long-term viability. Compact records and off-chain storage in a document corral (with quarantine capability) preserve document confidentiality and ease storage burdens for distributed blockchain copies. Using multiple hash values for each document hardens against preimage attacks with quantum computing. Daisy chaining records establishes that relationships existed among documents at registration. Self-addressed blockchain registration (SABRe) permits documents to self-identify their blockchain record address (block ID, index).

A temporary EID (TEID) is generated based on an indicator of a hash algorithm, a nonce, and a hash generated using the hash algorithm. The hash is generated based on the indicator, nonce, and EID of a mobile device. The TEID is sent to the mobile network operator to identify the mobile device in lieu of using the device's EID. The TEID is stored in a data store and an eSIM profile for the mobile device is associated the TEID. The mobile device sends to an eSIM server the device's EID over a secure communications channel. The eSIM server generates a hash using the indicator and nonce contained in the stored TEID and the EID of the mobile device. The eSIM server verifies that the generated hash matches the hash contained in the TEID stored in the data store. If the hash matches, the eSIM server sends, to the mobile device, subscription credentials for accessing the mobile network in accordance with the data plan.