A computer-implemented method includes receiving an original message from a trusted execution environment. The original message includes an original digital signature authored by the trusted execution environment. The method includes computing a proof of knowledge for the original digital signature and modifying the original message by replacing the original digital signature with the proof of knowledge.

Embodiments described herein provide a privacy mechanism to protect user data when transmitting the data to a server that estimates a frequency of such data amongst a set of client devices. In one embodiment, a differential privacy mechanism is implemented using a count-mean-sketch technique that can reduce resource requirements required to enable privacy while providing provable guarantees regarding privacy and utility. For instance, the mechanism can provide the ability to tailor utility (e.g. accuracy of estimations) against the resource requirements (e.g. transmission bandwidth and computation complexity).

Embodiments described herein provide a privacy mechanism to protect user data when transmitting the data to a server that estimates a frequency of such data amongst a set of client devices. One embodiment uses a differential privacy mechanism to enhance a user experience by identifying particular websites that exhibit particular characteristics. In one embodiment, websites that are associated with a high resource consumption are identified. High resource consumption can be identified based on threshold of particular resources such as processor, memory, network bandwidth, and power usage.

The disclosed embodiments relate to a system that anonymizes sensor data to facilitate machine-learning training operations without disclosing an associated user's identity. During operation, the system receives encrypted sensor data at a gateway server, wherein the encrypted sensor data includes a client identifier corresponding to an associated user or client device. Next, the system moves the encrypted sensor data into a secure enclave. The secure enclave then: decrypts the encrypted sensor data; replaces the client identifier with an anonymized identifier to produce anonymized sensor data; and communicates the anonymized sensor data to a machine-learning system. Finally, the machine-learning system: uses the anonymized sensor data to train a model to perform a recognition operation, and uses the trained model to perform the recognition operation on subsequently received sensor data.

A method of sending content comprising receiving a membership request from a client at an anonymizer, the membership request being encrypted with a public key of the anonymizer, generating a table from a prefix-free source coding scheme with a full binary tree, a pseudonym range, and a master key, sending the table, the pseudonym range, and the master key, all encrypted with a public key of the client, receiving a content request with an encoded content name, the content request being encoded using the table, a pseudonym from the pseudonym range, and the master key, decoding the content name of the content request using the pseudonym, the table, and the master key, retrieving content corresponding to the content name, and sending the content and the encoded content name. Secure information sharing is also provided for.

A method and apparatus provide centralized encryption key management for sharing data across diverse entities. In particular, the present invention relates to a universal and regulatory compliant system and method for sharing personal data records across diverse entities while maintaining unique identifiers at each entity for protecting the identity of any particular person. The present invention enables multiple organizations to be able to share their respective disparate data in a manner in which the disparate personal data records can be aggregated and manipulated by a single entity without putting the personal data records at risk.

The present disclosure provides a method and system for sharing privacy data based on smart contracts. The method includes: receiving, from a first providing device, a first pointer directing to a data contract, and adding the first pointer to a relationship contract of a first user, where the data contract is deployed on a first blockchain by the first providing device in response to the newly added first privacy data, and the first privacy data belongs to the first user; in response to the first privacy data being authorized to be shared with a second providing device, providing the first pointer to the second providing device to allow the second providing device to access the first privacy data through the first pointer.

A computer-implemented method according to one embodiment includes obtaining, at an untrusted environment, encrypted data from a storage location, initiating, within the untrusted environment, a performance of one or more secure computations on the encrypted data, and providing, within the untrusted environment, results of performing the one or more secure computations on the encrypted data.

A method for improving the utilization rate of a vehicle-to-X communication device for vehicle-to-X communication, having the steps: receipt of digital certificates by the vehicle-to-X communication device, generation of cryptographic keys for signing vehicle-to-X messages to be emitted using the digital certificates by an electronic computing apparatus, temporal spacing of the receipt of the digital certificates by the vehicle-to-X communication device, and generation of the cryptographic keys using the digital certificates. Furthermore, a vehicle-to-X communication device and use of the device in a vehicle or an infrastructure apparatus is provided.

Methods and systems relating incentivizing a data provider to participate in a match making protocol between a business (second entity) to a user (first entity) are shown. Encryption techniques maintain the secrecy of the data providers data such as proprietary analytics of user information such that the data is need not be shared with users or businesses. Businesses can verify that the user has desired properties without learning the actual raw data owned by the data provider. Users initiate data sharing by explicit request but do not learn the actual raw data known to the data provider, only whether or not they satisfy the properties of interest. The data provider is incentivized because the business compensates the data provider for access to proofs of properties about user data.