A system and method for on-demand data cleansing is disclosed. The system includes a processor and a volatile memory including a data object having a plurality of data fields, each field having a tag and a value. The system also includes a cleansing module stored in the volatile memory and executed by the processor. The cleansing module includes a library having a plurality of tag-operation pairs. The cleansing module is configured to receive a pointer locating the data object within volatile memory, and further configured to, for each data field, look up the tag of the data field among the library tags, and execute the operation paired with the matching library tag on the value of the field, modifying the value of the data field while it is stored in volatile memory. The cleansing module is configured to execute the operation in near real-time, and at runtime.

The present disclosure provides a method of access to users of a network system via a unique identity key that controls access and permission rights of outside entities as controlled by the entity itself. The system assigns unique identity to a unique entity. The key is responsible for facilitating preferred access types and information accessed by outside entities, and acts as a signal for action, interaction and experience within the System as well as third party platforms. Each interaction within the system includes a requesting entity's proxy (‘REP’) sending an information access request (‘IAR’) to the deciding entity's proxy (‘DEP’) via a network. This IAR is routed to the correct DEP via the unique identifier. The DEP applies access preferences to allow or deny the IAR, in part or completely. If allowed or partially allowed, the DEP returns information to the REP.

Embodiments are disclosed for address changing schemes for a multi-link device in a wireless communications system. Some embodiments include a privacy enhanced (PE) access point (AP) multi-link device (MLD) that includes one or more affiliated APs operating on different links. The PE AP MLD can generate a first randomized OTA MLD address based at least on the MLD address of the PE AP MLD for a first affiliated PE AP (PE AP1). The PE AP MLD can transmit a first data transmission using the first OTA MLD address where the first data transmission includes an encrypted aggregated MAC service data unit (A-MSDU) subframe that includes the MLD address. The PE AP MLD can correlate the MLD address of the PE AP MPL with multiple addresses comprising: the first OTA MLD, a unique MLD address, and a Media Access Control (MAC) service access point (SAP) MLD address.

A method for providing subscriber data from a first service provider network to a content provider external to the service provider network comprises receiving a first network identifier sent from a subscriber device that is authenticated to communicate over the first service provider network, wherein the first network identifier is sent by the subscriber device in a first message to an entity outside of the service provider network; receiving a second network identifier sent from the subscriber device to the first service provider network; performing a verification process using the first network identifier and the second network identifier to verify whether it is permissible for subscriber data stored at the service provider network to be provided to the content provider external to the service provider network. In response to the verification process being successful, the subscriber data is provided to an entity that is external to the service provider network.

A method, apparatus and computer program product to detect whether specific sensitive data of a client is present in a cloud computing infrastructure is implemented without requiring that data be shared with the cloud provider, or that the cloud provider provide the client access to all data in the cloud. Instead of requiring the client to share its database of sensitive information, preferably the client executes a tool that uses a cryptographic protocol, namely, Private Set Intersection (PSI), to enable the client to detect whether their sensitive information is present on the cloud. Any such information identified by the tool is then used to label a document or utterance, send an alert, and/or redact or tokenize the sensitive data.

A same wireless access profile is installed on each of multiple mobile communication devices. The wireless access profile includes outer identity information and anonymous inner identity information for each service. The anonymous inner identity information includes a credential used by each of the multiple mobile communication devices to use the service. To use the service such as access a remote network, a respective mobile communication device communicates an anonymous username and password assigned to the service to a policy server during first level authentication. The policy server stores a network address of the authenticated mobile communication device. During second level authentication, the policy server receives an identity of the mobile communication device from a network gateway. The policy server provides access control information (assigned to the service) to the network gateway. The network gateway then provides access to the mobile communication device in accordance with the access control information.

Data processing systems and methods according to various embodiments are adapted for automatically detecting and documenting privacy-related aspects of computer software. Particular embodiments are adapted for: (1) automatically scanning source code to determine whether the source code include instructions for collecting personal data; and (2) facilitating the documentation of the portions of the code that collect the personal data. For example, the system may automatically prompt a user for comments regarding the code. The comments may be used, for example, to populate: (A) a privacy impact assessment; (B) system documentation; and/or (C) a privacy-related data map. The system may comprise, for example, a privacy comment plugin for use in conjunction with a code repository.

Protecting personal information by generating entity-specific aliases for use in communication with third parties is disclosed.

In one embodiment, a method includes: transmitting a message to a first end point that includes an instruction to initiate a communication type, wherein the communication type includes sharing a randomization token between the first and second end points; obtaining a first communication report from the first end point and a second communication report from the second end point in response to initialization of a communication based on the communication type between the first end point and the second end point across the network, wherein the first and second communication reports respectively include a first and second hash that corresponds to a function of the randomization token and identity information; determining whether the first hash matches the second hash; generating a value that correlates the first and second end points with the communication across the network in response to determining that the first hash matches the second hash.

Embodiments include methods of assisting a user in locating a mobile device executed by a processor of the mobile device. Various embodiments may include a processor of a mobile device obtaining information useful for locating the mobile device from a sensor of the mobile device configured to obtain information regarding surroundings of the mobile device, anonymizing the obtained information to remove private information, and uploading the anonymized information to a remote server in response to determining that the mobile device may be misplaced. Anonymizing the obtained information may include removing speech from an audio input and compiling samples of ambient noise for inclusion in the anonymized information. Anonymizing the obtained information to remove private information includes editing an image captured by the mobile device to make images of detected individuals unrecognizable.