A real-time event processing system receives event data containing telemetric data and one or more personal identifiers. The personal identifier in the event data is replaced with an obfuscated value so that the telemetric data may be used without reference to the personal identifier. A reversible map is used to reverse the obfuscated personal identifier to its original value. In the case when a request is received to delete the mapped personal identifier, the link to the entry in the reversible map is broken by associating the personal identifier with a different obfuscated value.

Techniques for providing a real-time service that protects personal data of clients from customer service agents are provided. Customer data that includes personal data indicative of sensitive information of a customer can be received from the customer. The personal data within the received customer data can be detected and a token that does not include the sensitive information of the customer can be generated. The personal data and the generated token can be stored along with data indicating a relationship between the token and the personal data. The personal data in the received customer data can be replaced by the token to form modified customer data. The modified customer data can be provided to a customer service representative. The token within the modified customer data can later be detected and associated with the personal data without revealing the personal data to the customer service representative.

The present disclosure relates to systems and methods for information security, specifically for automatically detecting theft of personal data. In one implementation, a computer-implemented method for automatically detecting theft of personal data on the Internet may include at least one processor configured to execute instructions, the instructions including receiving from a user, an electronic communication containing a first search term, extracting via pattern recognition one or more patterns corresponding with the first search term, and comparing the one or more patterns with a subset of data scraped from the Internet, with the subset of data scraped from the Internet being indexed by pattern for the first search term. The instructions may also include flagging matches of the one or more patterns with the subset of data based on the comparison and transmitting information associated with the matches in a report that indicates a possible theft of personal data.

A first raw value of a first field from the first set of fields is encrypted to generate a first token using a symmetric key encryption mechanism based on a first cryptographic key associated with a first time window after which the first cryptographic key is no longer valid for tokenization of raw fields of raw log records. After the first time window has elapsed, a second raw value of a second field from the second set of fields is encrypted to generate a second token using the symmetric key encryption mechanism based on a second cryptographic key that is different from the first cryptographic key. The second cryptographic key is associated with a third time window that occurs after the first time window and after which the second cryptographic key is no longer valid for tokenization of raw fields of raw log records.

A method and a system for enabling multiple log record consumers to comply with regulations and requirements regarding privacy and handling of data are described. A determination, based on a log record format being of a first of the log record types, that a first field from a raw log record is to be tokenized based on a first tokenization strategy of multiple tokenization strategies in the first log record type, is performed. Each one of the tokenization strategies identifies a tokenization mechanism from tokenization mechanisms for generating a token from a raw value to enable compliance with a set of regulations and requirements regarding privacy and the handling of data. For a first raw value in the first field a first token is generated that is an anonymized representation of the first raw value using a tokenization mechanism identified by the first tokenization strategy in the log record type.

A method and apparatus for tokenization of user-traceable data are described. User traceable data is data that is not directly personal data but can be traced back to the identity or an activity of the user. A first raw value is encrypted into a first token using a symmetric key encryption mechanism based on a combination of a second raw value including personal data of a user and a second token resulting from the tokenization of the second raw value where the first token is an anonymized representation of the first raw value.

A universal opt-in/opt-out client allows a user to connect to the APIs for various different sites which have the user's data. The universal client orchestrates opting out on any of the site lists provided by default, or sites which the user selects. The universal client enables the user to select total or partial opt-ins or opt-outs with granular control, on one or more web or decentralized sites, where the user may wish to allow some uses of data and access to data but would also like to restrict others. When a user is calibrating their privacy and data settings, a company or site may provide reasons and incentives for the user to allow access to certain data. This allows users to have simultaneous global control over their personal data while enabling the user to receive compensation for the use of their personal data, and allowing companies to have access to better data.

This application relates to a client-server architecture that enables user accounts registered with a service to be discoverable to other users of the service. A discovery protocol includes accessing personal information data stored in an address book of a client device, obfuscating the personal information data, transmitting a request to a service to determine if the obfuscated personal information data matches any potential contacts that have registered as discoverable with the service, and comparing information related to the potential contacts with the contacts included in the address book to determine if the contacts in the address book match any of the potential contacts.

Disclosed herein are systems and techniques for using a content delivery network to perform various functions within a digital advertising ecosystem, in ways that yield technological benefits such as improved security, efficiency, and speed (for example, reduction in publisher load times). As one specific example, a content delivery network can be used for the creation of electronic tokens for user identity protection between demand side platforms, supply side platforms, content creators (for example, advertisers), and publishers.

Disclosed herein are an apparatus and method for processing vehicle data security based on a cloud. The method may include requesting, by a vehicle, a cloud center device to register a cloud-based vehicle data security service; generating, by the cloud center device, cloud-based vehicle data security policies and a pseudonym for the vehicle; requesting, by the cloud center device, an authentication center to generate a pseudonym certificate for the pseudonym and receiving the pseudonym certificate; transmitting, by the cloud center device, the cloud-based vehicle data security policies, the pseudonym, and the pseudonym certificate to the vehicle; generating, by the vehicle, vehicle state information, including accident record information and driving entity information, based on the cloud-based vehicle data security policies and transmitting the same to the cloud center device; and storing, by the cloud center device, the accident record information and the driving entity information in a database for each vehicle.