There is provided a method comprising: detecting (310) a subset of protocol data units in an original stream of protocol data units to be transmitted over the network, wherein the original stream is associated with a first source port; generating (320) an updated transmitting-side stream of protocol data units based on the original stream, wherein the updated transmitting-side stream excludes the detected subset; merging (330) the subset of protocol data units with a subset of protocol data units associated with a second source port to form a merged stream; transmitting (340) the merged stream, as a first stream, over a first link of the network; transmitting (350) the updated transmitting-side stream associated with the first source port, as a second stream, over a second link; and transmitting (360) an updated transmitting-side stream associated with the second source port, as a third stream, over a third link.

A system performs a method including: generating a posture of a first microservice in a microservice based network environment; implementing the posture of the first microservice at a sidecar of the first microservice; distributing the posture of the first microservice to a sidecar of a second microservice in the microservice based network environment; implementing the posture of the first microservice at the sidecar of the second microservice; and controlling communication of personally identifiable information between the first microservice and the second microservice based on the posture of the first microservice through either or both the sidecar of the first microservice and the sidecar of the second microservice. The posture of the first microservice includes an identification of one or more types of personally identifiable information that the first microservice is authorized to distribute and one or more types of personally identifiable information that the first microservice is authorized to receive.

Systems and methods for providing services are disclosed. One aspect comprises authenticating a user associated with a first service, receiving a selection of a second service, generating an opaque identifier associated with the user and the first service, wherein the opaque identifier facilitates the anonymous collection of data relating to the second service. Another aspect can comprise transmitting the opaque identifier to the second service, and receiving data relating to the second service.

This patent disclosure provides various verification techniques to ensure that anonymized surgical procedure videos are indeed free of any personally-identifiable information (PII). In a particular aspect, a process for verifying that an anonymized surgical procedure video is free of PII is disclosed. This process can begin by receiving a surgical video corresponding to a surgery. The process next removes personally-identifiable information (PII) from the surgical video to generate an anonymized surgical video. Next, the process selects a set of verification video segments from the anonymized surgical procedure video. The process subsequently determines whether each segment in the set of verification video segments is free of PII. If so, the process replaces the surgical video with the anonymized surgical video for storage. If not, the process performs additional PII removal steps on the anonymized surgical video to generate an updated anonymized surgical procedure video.

A computer system comprises computer storage holding a plurality of code modules, one or more processors and a communication system. The one or more processors are configured to execute the code modules and thereby implement the bots. The communication system comprises a message relay and an anonymized identifier generator. The message relay is configured to receive a message comprising an identifier of a user and an identifier of a target one of the bots. The anonymized identifier generator is configured to generate an anonymized identifier of the user unique to the target bot, by applying an anonymization function to the user identifier and the bot identifier in the message. The message relay is configured to transmit to the target bot a version of the message, which comprises the anonymized user identifier and does not include the user identifier, wherein the user identifier is not rendered accessible to the target bot.

Systems and methods for processing data are described. More specifically, a query request may be received and a data pattern may be identified in the query request. Personally identifiable information associated with the query request may then be de-pseudonymized. Accordingly, a second request using the de-pseudonymized personally identifiable information and receiving a response to the second request may be generated. The personally identifiable information in the response may be pseudonymized such that the pseudonymized personally identifiable information and data included in the response is provided to a client.

A data security server system includes a first network proxy, a data classifier, an operation pipeline module, a vault database, security infrastructure, and second network proxy that function as secure data tunnel mechanisms through which network data containing sensitive information passes through. The data classifier identifies data payloads having data fields that require processing and routes these data payloads to an operation pipeline module which can redact, tokenize or otherwise process sensitive data before the data payload exits the system. The data classifier also reverses the process by identifying data payloads having redacted or tokenize data fields and restoring the sensitive data to these data fields.

Various implementations disclosed herein provide a method for anonymizing data in a distributed hierarchical network. In various implementations, the method includes determining a first set of attribute hierarchy counts that indicate a number of occurrences of corresponding attributes that are stored at the first network node and have not been transmitted upstream towards the hub. In various implementations, the method includes receiving, from a second network node, a second set of attribute hierarchy counts that indicate a number of occurrences of corresponding attributes at the second network node. In various implementations, the method includes determining whether a sum based on the first and second set of attribute hierarchy counts satisfies an anonymization criterion. In some implementations, the sum indicates a total number of occurrences for a corresponding attribute that are stored at the first and second network nodes and have not been transmitted upstream towards the hub.

A method for anonymizing user identifiable information to be transmitted outside of a local network includes generating a network entity hash input based on (i) a first MAC address assigned to a client station of the local network, (ii) a second MAC address assigned to the network gateway device of the local network, and (iii) an identifier of a cloud entity of an external network to which data of the client station is to be transmitted. The method further includes generating a hash value output based on the network entity hash input and a random token value using a hashing function, generating an anonymized MAC address associated with the client station based on the hash value output, and transmitting the anonymized MAC address associated with the client station to the cloud entity of the external network.

The application is directed at a method and system for selective anonymization, wherein the method comprises the steps of capturing visual streaming data, identifying an anonymizable object in the visual data, for which a quantized identity (y) and an individual private key (n) is determined. Based on the individual private key (n) and the quantized identity (y), the first set of encryptions (E1) is calculated, comprising at least two distinct encryptions of the quantized identity. The first set of encryptions (E1) of the quantized identity (y) is sent to a central server, which, in return, sends an exception information indicating if an exception list of the central server comprises a set of exception encryptions (E2) which corresponds to the first set of encryptions (E1). The anonymizable object is then selectively anonymized in the streaming visual data depending on the exception information and an operating mode of the edge device, thereby generating selectively modified visual streaming data and the selectively modified visual streaming data is transmitted to a remote database.