Generally, embodiments of the invention are directed to methods, computer readable medium, servers, and systems for deidentified access of data. The deidentified access is permitted with the use of an identifier that uniquely indicates an outcome, the coding of the identifier obscures unaided human interpretation of the outcome, and the identifier uniquely identifies data for remediating performance associated with future outcomes.

Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include generating a security questionnaire response (SQR), defining a readiness project and an audit project, sharing InfoSec entities encompassing the various products of a tenant, automating risk assessment, automatic collection of evidence tasks for verifying the implementation and/or operational state/status of various mitigating controls, etc.

Systems, methods and devices for validating and performing operations on homomorphically encrypted data are described herein. The methods include securely transmitting and extracting information from encrypted data without fully decrypting the data. A data request may include an encrypted portion including a set of confidential data. One or more sets of encrypted comparison data may be then retrieved from a database in response to the data request. The encrypted set of confidential data from the data request is then compared with each set of encrypted comparison data using one or more homomorphic operations to determine which set of encrypted comparison data matches the encrypted set of confidential data. If there is a match, this validates the set of confidential data. An encrypted indicator is then generated indicating success or failure in validating the set of confidential data, which may then be forwarded to a party associated with the data request.

A storage cluster of symmetric nodes includes a data privacy scheme that implements key management through secret sharing. The protection scheme preferably is implemented at install time. At install, an encryption key is generated, split, and the constituent pieces written to respective archive nodes. The key is not written to a drive to ensure that it cannot be stolen. Due to the secret sharing, any t of the n nodes must be present before the cluster can mount the drives. To un-share the secret, a process runs before the cluster comes up. It contacts as many nodes as possible to attempt to reach a sufficient t value. Once it does, the process un-shares the secret and mounts the drives locally. Given bidirectional communication, this mount occurs more or less at the same time on all t nodes. Once the drives are mounted, the cluster can continue to boot as normal.

A mobile device identifier (such as an MSISDN) that typically accompanies a mobile device request is replaced with an “enriched” identifier that exposes the mobile device user's home operator but obfuscates the mobile device's (and, thus, the device user's) identity. In one embodiment, the identifier comprises a first part, and a second part. The first part comprises a data string that identifies (either directly or through a database lookup) the mobile device user's home operator. The second part, however, is an opaque data string, such as a one-time-use unique identifier (UID) or a value that is otherwise derived as a function of the MSISDN (or the like). The opaque data string encodes the mobile device's identity in a manner that preferably can be recovered only by the user's home operator (or an entity authorized thereby). When the mobile device user roams into a foreign network, that network receives the enriched identifier in lieu of an MSISDN. The foreign network uses the first part to identify the mobile device user's home network, e.g., to determine whether to permit the requested access (or to provide some other value-added service). The foreign network, however, cannot decode the second part; thus, the mobile device's identity (as well as the identity of the mobile device user) remains obscured. This ensures that the user's privacy is maintained, while preventing third parties from building a profile of the device based on the requests that include the MSISDN or similar identifier.

A system and method of validating and performing operations on homomorphically encrypted data are described herein. The methods include processing a secure financial transaction by receiving a transaction request to complete a financial transaction, with at least a portion of the request encrypted according to a homomorphic encryption scheme, and the transaction request comprising confidential cardholder data including an account number, non-confidential cardholder data, and transaction data, and retrieving one or more sets of encrypted comparison cardholder data encrypted according to a homomorphic encryption scheme. The confidential cardholder data is then compared to each set of the comparison cardholder data using one or more homomorphic operations to determine which set of comparison cardholder data matches the confidential cardholder data and validating the confidential cardholder data. An encrypted indicator is generated indicating authorization or rejection of the request and forwarded to a party seeking authorization to complete the financial transaction.

Methods and systems for facilitating communications between user computing devices and online entities (such as web sites, advertisers, and/or advertising networks or exchanges), and safeguarding user identifiable information and ad targeting data from those entities are provided. Communications sent from user computing devices and directed to the entities are intercepted, and those communications are processed to encrypt, or otherwise remove, user identifiable information therein. The processed communications are transmitted to the intended entities, targeting data calls are received from those entities for ad targeting data associated with users of those computing devices, and at least a portion of such ad targeting data is provided to the entities when certain predefined conditions are met.

A system and a method are disclosed for protecting the privacy of a wireless data transmission. A request is received from a client device to connect to a base station. A session identification is assigned to the client device and a set of transmission identifications are generated using a block cipher with the assigned session identification and a secret key as input. The transmission identifications identify a frequency channel and a time slot for the client device to wirelessly transmit a message to the base station. The set of transmission identifications are then encrypted and sent to the client device.

A management method for managing an identity of a first user during communication between a first web browser installed on a communication terminal of the first user and a second web browser installed on a communication terminal of a second user is disclosed. The method includes the first user obtaining at least one first data item characteristic of the second user. The method also includes associating an identity of the first user with the at least one first data item characteristic of the second user. The method also includes making the identity of the first user associated with the at least one first characteristic data item available to the second user on condition that the second user holds at least one second data item corresponding to the first data item characteristic of the second user.

In a method for monitoring or tracking between mobile devices of a same group, mobile devices broadcast messages in broadcast mode over a radio interface in compliance with a short-range digital communication protocol. The messages can be received by all other mobile devices in the vicinity and can communicate according to the protocol. The messages include encrypted data encrypted using at least one identifier of the emitter device and a seed intended for single use or having a short period of validity. The encrypted data can only be decrypted by a limited group of devices. The mobile devices receive messages broadcast by other devices and decrypt the messages intended for a group to which they belong. If the protocol provides that the message includes an address field of the emitter device, this field is filled with a randomised address intended for single use or having a short period of use.