A blockchain-based record of transactions taking place through a smartphone or other electronic/peripheral device. The blockchain record itself contains mathematical hashes, including encryption if desired, based on the various data components of a smartphone or other device, which creates a distributed ledger system that is extremely difficult to break into to add, delete, or alter individual transactions after the fact.

A first raw value of a first field from the first set of fields is encrypted to generate a first token using a symmetric key encryption mechanism based on a first cryptographic key associated with a first time window after which the first cryptographic key is no longer valid for tokenization of raw fields of raw log records. After the first time window has elapsed, a second raw value of a second field from the second set of fields is encrypted to generate a second token using the symmetric key encryption mechanism based on a second cryptographic key that is different from the first cryptographic key. The second cryptographic key is associated with a third time window that occurs after the first time window and after which the second cryptographic key is no longer valid for tokenization of raw fields of raw log records.

An example system receives certificate requests from clients. Each request can indicate a number of computerized devices needing certificates; a timestamp indicating when the request was transmitted; and a client identifier. The system includes a Quality of Service (QoS) manager that: distributes the requests from the clients across client queues, each of the client queues corresponding to a particular client; and divides requests into smaller subgroups of entries corresponding to a subset of the computerized devices needing certificates. The system can also transmit retrieved entries from the client queues to a certificate management service.

The techniques herein are directed generally to providing access control and identity verification for communications when receiving a communication from an entity to be verified. In one particular embodiment, an illustrative method according to one or more embodiments of the present disclosure may comprise: receiving, at a receiving device, a communication from an initiating device on a communication channel; determining, by the receiving device over a verification channel with a verification service, whether an identity associated with the initiating device is verified by the verification service; managing, by the receiving device in response to the identity associated with the initiating device being verified, the communication from the initiating device according to the identity being verified; and managing, by the receiving device in response to the identity associated with the initiating device being unverified, the communication from the initiating device according to the identity being unverified.

A method and a system for enabling multiple log record consumers to comply with regulations and requirements regarding privacy and handling of data are described. A determination, based on a log record format being of a first of the log record types, that a first field from a raw log record is to be tokenized based on a first tokenization strategy of multiple tokenization strategies in the first log record type, is performed. Each one of the tokenization strategies identifies a tokenization mechanism from tokenization mechanisms for generating a token from a raw value to enable compliance with a set of regulations and requirements regarding privacy and the handling of data. For a first raw value in the first field a first token is generated that is an anonymized representation of the first raw value using a tokenization mechanism identified by the first tokenization strategy in the log record type.

A method performing anonymous hardware attestation. A local software monitor is loaded at an originating device. The local software monitor may receive at least a command to execute at least a program and execute the at least a program by performing a series of authentications. Originating device activates a secure computing module located within originating device to generate a secure proof a device specific secret of the originating device. The originating device generates a digital signature conferring a credential on the local software module. The originating device deactivates the secure computing module upon generating the digital signature.

A computer-implemented process of altering original data in a dataset, in which original data is anonymised and a digital watermark is included in the anonymised data. Anonymising the original data incurs information loss, and the process of including the digital watermark does not add significant further information loss. The original data can be a tabular file, a relational or a non-relational database, or the results of interactive database queries. Anonymising the data is achieved using one or more techniques that perturb the original data, such as tokenisation, generalisation; data blurring, synthetic record insertion, record removal or re-ordering.

A disease development risk prediction system 10 includes: a data generation means 11 which generates combination data by combining at least two different types of receipt data using a combination key, wherein the receipt data includes an insured person number for an insured person which was converted using a predetermined method, a birth date or birth year and month which are both age-identifiable items, and gender, and the combination key combines the converted insured person number, age-identifiable items, and gender; and a model generation means 12 which uses the generated combination data to generate a prediction model predicting a risk of the insured person of developing a predetermined disease.

In an example, a first metadata tag and a second metadata tag are added to first Personally Identifiable Information (PII) of a first user handled by a first application. The first PII is to be part of call home data captured from a hosting system. The first metadata tag may be indicative of security rules to be complied with for the first application and the second metadata tag may be indicative of security rules to be complied with for the first user. The first PII, the first metadata tag, and the second metadata tag may be protected and transmitted to a data processing center. The transmission may be in response to a determination to transmit the call home data.

A data search server stores a system ciphertext including a data ciphertext and a keyword ciphertext in each category-specific DB unit for each data category, and stores each category-determination secret key being associated with each category-specific DB unit. A search request receiving unit receives from a data search terminal a search request including a search trapdoor and an index tag. A data searching unit searches for a category-determination secret key with which the index tag is decrypted to the same value as a key-determination value. Using the search trapdoor, the data searching unit performs a search of a Public-key Encryption with Keyword Search scheme on system ciphertexts in a category-specific DB unit associated with this category-determination secret key. A search result transmitting unit transmits to the data search terminal a data ciphertext included in a system ciphertext which has been found as a hit in the search.