A method for managing communication between at least one first communication device and at least one second communication device in a communication network is implemented by an intermediate entity positioned on at least one path taken by data packets of said communication. The method includes a step of obtaining a communication identifier included in a data packet exchanged during the communication, and a step of processing the data packet depending on the result of a check of the compliance of the communication identifier with at least one communication identifier mask accessible to the intermediate entity.

An approach is provided for managing pseudonymous or anonymous user data and relevant data management requests. The approach involves, for example, converting a numerical feature of a data point into a categorical form. The categorical form represents a value range into which a numerical value of the numerical feature falls. The approach also involves determining an identifier of a data contributor associated with the data point. The approach further involves concatenating the identifier with the categorical form. The approach further involves cryptographically hashing the identifier concatenated with the categorical form to generate a mark. The approach further involves associating the mark with the data point to generate marked pseudonymous-anonymous data. The approach further involves transmitting the pseudonymous-anonymous data to a data platform.

A Dynamic Host Configuration Protocol (DHCP) server includes a memory storing computer-readable instructions, and a processor configured to execute the computer-readable instructions to determine a media access control (MAC) address associated with a client, determine the MAC address associated with the client is a randomized MAC address, and assign an IP address the client from a DHCP IP server pool. The processor assigns an IP address to the client from a DHCP IP server pool using one of identifying, in a DHCP server table, at least one host name of the client and assigning a previously assigned IP address to the at least one host name of the client, and when the host name of the client is not available, assigning the IP address using a first lease with a first duration shorter than a default lease duration used for non-randomized MAC addresses.

A method and apparatus for authenticating a user for access to a service provider over a network is disclosed. It includes a first device configured to receive a request for a ticket, generate the ticket, send the ticket to at least one additional device, generate a first partial signature of the ticket, receive additional partial signatures of the ticket, generate a complete signature of the ticket, encrypt the ticket and the complete signature of the ticket, send the encrypted ticket and encrypted complete signature of the ticket to the service provider, receive an encrypted verification code from the service provider, decrypt the encrypted verification code, and display the decrypted verification code.

The object is to present a technical solution for a bank to disclose information on a deposit account directly to a third party. The owner of a virtual currency address or real-currency deposit account provides a disclosure key to a disclosee (third party). The third party accesses a disclosure server 6 by operating a disclosee terminal 7, and transmits a disclosure request with the disclosure key. The disclosure server 6 accesses to an opener bank server 1, 8, acquires the virtual currency address owner information or the instant real-currency deposit account balance information, transmits it to the disclosee terminal 7, and make it browsable on the disclosee terminal 7.

A computer-implemented method in a system enabling communication between users, a stored at least one predetermined association existing between each of the users and at least one other of the users, the method comprising: further to input at a user device (12) by a first of the users, receiving (400) a request for communication by the first user with a second of the users (20), the at least one predetermined association not existing between the first and second users; determining (414, 500) that the communication is permitted dependent at least on approval by at least one intermediate users collectively associating the first and second users; requesting (502) approval for the communication from the at least one intermediate user; dependent at least on the approval being received from the at least one intermediate users, permitting (512) the communication.

Methods and systems for providing a visual content gallery within a controlled environment are disclosed herein. A content gallery server receives a content submission from an inmate device within the controlled environment. Further, the content gallery server determines that the content submission does not include prohibited content based on comparing the content submission to a blacklist of prohibited information. When the content submission does not include prohibited content, the content gallery server adds the content submission to a network accessible content gallery corresponding to an inmate associated with the inmate device. Further, authorized friends and family of the inmate may view the content submission and provide comments on the content submission.

This disclosure relates to characterising data sets that are distributed as multiple data subsets over multiple computers such as by determining a gradient of an objective function. A computer determines a partial gradient of the objective function over a data subset stored on the computer and determines random data. The computer then determines an altered gradient by modifying the partial gradient based on the random data and encrypts the altered gradient such that one or more operations on the altered gradient can be performed based on the encrypted gradient and sends the encrypted gradient. Since the partial gradient is altered based on random data and encrypted it is difficult for another computer to calculate the data that is stored on the first computer. This is an advantage as it allows to preserve the privacy of the data stored on the first computer while still allowing to characterise the data set.

A system allows a user to store his personally identifiable information (PII) on a personal device. When a third party wants to access the user's PII (e.g., to update the PII or to retrieve the PII), a notification will be presented to the user on the personal device seeking consent to the access. The notification may inform the user as to what information is being requested and which entity is requesting the access. The requested access will be denied unless the user consents to the access. In this manner, the user is given control over the dissemination of his PII. Additionally, the system alters or adjusts the PII that is stored in third-party servers so that even if these servers are breached, the user's actual PII is not exposed.

In an example, a client-server platform identity architecture is disclosed. The platform identity architecture may be used to enable a venue operator to provide online services and to collect telemetry data and metrics while giving end users greater control over privacy. When entering a compatible venue, the user's device generates a signed temporary pseudonymous identity (TPI) in secure hardware or software. Any telemetry uploaded to the venue server includes the signature so that the server can verify that the data are valid. The TPI may have a built-in expiry. The venue server may thus receive useful tracking data during the term of the TPI, while the user is assured that the data are not kept permanently or correlated to personally-identifying information.