Various aspects of this disclosure provide digital data processing systems for using encrypted variant data objects to facilitate queries of sensitive data. In one example, a digital data processing system can receive sensitive data about an entity. The digital data processing system can create, in an identity data repository and from the sensitive data, a searchable secure entity data object for the entity. The searchable secure entity data object is usable for servicing a query regarding the entity. For instance, a transformed query parameter can be generated from a query parameter in the query. The query can be serviced by matching the transformed query parameter to tokenized variant data in the searchable secure entity data object and retrieving tokenized sensitive data from the searchable secure entity data object.

A system for using biometric data to authenticate a subject as an individual whose biometric data has been previously obtained. A second transducer has a digital electronic signal output characterizing a biometric of the subject; a second computing facility to receive the digital electronic signal; and an array of servers. These components implement processes including causing generating of shards from the digital electronic signal and distributing of the generated shards to the array of servers; causing storing of the generated shards and performing of a data exchange process using a subset of the generated shards to develop information relating to authentication of the subject; and causing processing of the authentication information in a verification process to indicate whether the subject is authenticated as the individual. A related enrollment system is also provided.

To revoke a digital certificate, activation of the digital certificate is blocked by withholding an activation code from the certificate user. The certificates are generated by a plurality of entities in a robust process that preserves user privacy (e.g. anonymity) even in case of collusion of some of the entities. The process is suitable for connected vehicles, e.g. as an improvement for Security Credential Management System (SCMS).

Systems and methods relating to providing identity privacy over a trusted or untrusted non-3GPP access network in a wireless communication system are disclosed. In some embodiments, a method of operation of a wireless device comprises sending a message to a gateway (ePDG, N3IWF or TWAG) where the message comprises an anonymous user identity; receiving a request for obfuscating the user identity wherein the request comprises a server certificate; and validating the server certificate and sending a response message back to the gateway, comprising the user identity obfuscated by a public key associated with the server certificate. Similar methods are provided on the gateway side and AAA server side. In this manner, the user identity is protected when establishing the connection to the core network and protects against a man in the middle attack.

Various embodiments of the present technology provide a distributed overwatch system that allows transactions with government-grade privacy and security. The security and privacy can be achieved by a combination of distributed trusted proxies, to which anonymous users connect with the overwatch of a variety of network security engines. The structured ecosystem provides mechanism for the blockchain to be monitored by an overwatch capability combining big data analytics, intelligent learning, and comprehensive vulnerability assessment to ensure any risks introduced by vulnerabilities are effectively mitigated. The system may include multiple proxy servers geographically distributed around the world. Each proxy can be associated with local network security engines to probe and analyze network traffic. Each proxy can mask sensitive data (e.g., personally identifiable information) within the transaction before it is stored. Various embodiments can interface with most blockchain or distributed ledger technologies that support multi-signature transactions and/or smart contracts.

Systems and methods for providing services are disclosed. One aspect comprises authenticating a user associated with a first service, receiving a selection of a second service, generating an opaque identifier associated with the user and the first service, wherein the opaque identifier facilitates the anonymous collection of data relating to the second service. Another aspect can comprise transmitting the opaque identifier to the second service, and receiving data relating to the second service.

A node including processing circuitry configured to: generate anonymized data based at least in part on a first cryptographic key and network data, calculate a coordination vector, generate initialized data based at least in part on the anonymized data, a second cryptographic key and the coordination vector, transmit the initialized data, the random vector, a security policy and instructions to analyze n iterations of the initialized data and the security policy using the random vector and the second cryptographic key, and receive results of the analysis of the n iterations of the initialized data and the security policy using the random vector and the second cryptographic key. The analysis of an m iteration of the n iterations correspond to an analysis of the initialized data with prefix preservation where the analysis of the remaining iterations of the n iterations fail to be prefixed preserved.

This disclosure relates to voting systems for collecting votes from multiple voters. The voters are associated with multiple identity public keys that each identify one voter. The system comprises nodes to collect the votes and to combine the votes into a vote container and store the vote container on a public data store. Each node communicates voting public keys between the nodes by using cryptography to remove an association between the voting public keys and the identity public keys to create a list of anonymised voting public keys. Each node, after the association between the voting public keys and the identity public keys is removed, communicates votes, authenticated by the anonymised voting public keys, by using cryptography to remove an association between the votes and the voting public keys to create anonymised votes and combine the anonymised votes into the vote container.

The disclosure relates to securing and enabling user control of profiling data, blockchain-driven matching of users and advertiser-identified anonymous profiling data records of interest, and smart contracts encoded by blockchain for executing transactions. The system may include an anonymized database of profiling data, which is unlinked to any user. The system may implement a private blockchain to store user-defined settings that provide user control over whether and how the profiling data may be used. If a grant to use the data is received, a link is stored that allows the system to identify a user associated with the anonymous profiling data records. If the grant is revoked, the link may be removed. The system may also implement public blockchain technology to record a public information relating to grants, online marketing transactions, making them verifiable, immutable, and transparent for various stakeholders including advertisers, publishers, and users.

The embodiments set forth a technique for securely identifying relevant computing devices that are nearby. The technique can be implemented at a first computing device, and include the steps of (1) receiving, from a second computing device, an advertisement packet that includes: (i) a network address that is associated with the second computing device, and (ii) a hash value that is calculated using the network address and an encryption key that is associated with the second computing device, and (2) for each known encryption key in a plurality of known encryption keys that are accessible to the first computing device: (i) calculating a temporary hash value using the network address and the known encryption key, and (ii) in response to identifying that the temporary hash value and the hash value match: carrying out an operation associated with the second computing device.