Various techniques for processing sensitive data in an isolated incubator system within a service-provider network are described. The incubator system, for instance, is isolated from a client system in the service-provider network. In an example method, the incubator system receives an indication of an operation, and first encrypted data, from the client system. The incubator system converts the first encrypted data to plaintext and performs the operation. The incubator system converts the processed data into second encrypted data and provides the second encrypted data to the client system. Thus, the incubator system performs the operation on the data without exposing the data to the client system in the plaintext format.

Various systems, computer-readable media, and computer-implemented methods of providing improved data privacy, anonymity and security by enabling subjects to which data pertains to remain “dynamically anonymous,” i.e., anonymous for as long as is desired—and to the extent that is desired—are disclosed herein. Embodiments include systems that create, access, use, store and/or erase data with increased privacy, anonymity, and security—thereby facilitating the availability of more qualified and accurate information. When personal data is authorized by data subjects to be shared with third parties, embodiments described herein may facilitate the sharing of information in a dynamically-controlled manner that also enables the delivery of temporally-, geographically-, and/or purpose-limited information to the receiving party. In one example, the disclosed techniques may be used to functionally separate geospatial information, such that it remains “dynamically anonymous,” i.e., anonymous for as long as is desired—and to the extent or degree that is desired.

Techniques to protect a subscriber identity, by encrypting a subscription permanent identifier (SUPI) to form one-time use subscription concealed identifiers (SUCIs) using a set of one-time ephemeral asymmetric keys, generated by a user equipment (UE), and network provided keys are disclosed. Encryption of the SUPI to form the SUCIs can mitigate snooping by rogue network entities, such as fake base stations. The UE is restricted from providing the unencrypted SUPI over an unauthenticated connection to a network entity. In some instances, the UE uses a trusted symmetric fallback encryption key K.sub.FB or trusted asymmetric fallback public key PK.sub.FB to verify messages from an unauthenticated network entity and/or to encrypt the SUPI to form a fallback SUCI.sub.FB for communication of messages with the unauthenticated network entity.

Techniques to protect a subscriber identity, by encrypting a subscription permanent identifier (SUPI) to form one-time use subscription concealed identifiers (SUCIs) using a set of one-time ephemeral asymmetric keys, generated by a user equipment (UE), and network provided keys are disclosed. Encryption of the SUPI to form the SUCIs can mitigate snooping by rogue network entities, such as fake base stations. The UE is restricted from providing the unencrypted SUPI over an unauthenticated connection to a network entity. In some instances, the UE uses a trusted symmetric fallback encryption key K.sub.FB or trusted asymmetric fallback public key PK.sub.FB to verify messages from an unauthenticated network entity and/or to encrypt the SUPI to form a fallback SUCI.sub.FB for communication of messages with the unauthenticated network entity.

Aspects of the subject technology provide for shared experience sessions within a group communications session such as a video call. The shared experience session may be, as one example, a co-watching session in which the participants in the call watch a video together while in the call. Encrypted shared state data may be exchanged between the participant devices, with which the participant devices can provide synchronized and coordinated output of shared experience data for the shared experience session of the group communications session.

Aspects of the subject technology provide for shared experience sessions within a group communications session such as a video call. The shared experience session may be, as one example, a co-watching session in which the participants in the call watch a video together while in the call. Encrypted shared state data may be exchanged between the participant devices, with which the participant devices can provide synchronized and coordinated output of shared experience data for the shared experience session of the group communications session.

An embodiment of a blockchain-based cryptographic key generation method and system that leverages existing values locally available within a distributed ledger to generate cryptographic keys independent of a third-party server is disclosed herein.

A video output controlling apparatus and a video output controlling method that can reduce the possibility that a video for which encryption is required may be outputted in a non-encrypted state are provided. A first acceptance unit (40) accepts a video and an encryption necessity signal indicative of whether or not encryption of the video is required via a first route. A second acceptance unit (44) accept a control signal via a second route different from the first route. A video conversion unit (46) converts, in accordance with the control signal, the video accepted by the first acceptance unit (40) into one of a video that is different in a format from that of the video and is in an encrypted state and a video that is different in a format from that of the video and is not in an encrypted state. An output controlling unit (48) performs control regarding whether or not the video is to be outputted based on the encryption necessity signal and whether or not the video after conversion by the video conversion unit (46) is in an encrypted state.

The system and methods described herein may be utilized to perform operations in a faster and less complex manner than provided by conventional systems. An encrypted record may be stored at a user device. The encrypted record may include entries related to operations that were previously requested by the user device. The encrypted record may have been encrypted using a dynamic value and a key that is associated with an entity associated with the user. A recipient computer of a request by the user device may be configured to utilize the dynamic value provided in the request and the key associated with the entity to derive the encryption key(s) last used to encrypt the record. The recipient computer may decrypt and modify the encrypted record to perform the requested operation while the user device is precluded from doing so.

The system and methods described herein may be utilized to perform operations in a faster and less complex manner than provided by conventional systems. An encrypted record may be stored at a user device. The encrypted record may include entries related to operations that were previously requested by the user device. The encrypted record may have been encrypted using a dynamic value and a key that is associated with an entity associated with the user. A recipient computer of a request by the user device may be configured to utilize the dynamic value provided in the request and the key associated with the entity to derive the encryption key(s) last used to encrypt the record. The recipient computer may decrypt and modify the encrypted record to perform the requested operation while the user device is precluded from doing so.