Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.

A method of simplifying electronic communications between a plurality of users by communication implementation and management. Each user has an electronic identifier, which may be of a type, such as a website address, domain, LinkedIn address, etc. Each identifier is unique to each user. The electronic identifier can be changed at any time prior to contact enabling privacy and the method may be effected on a singular telecommunications platform (SIP) or mixed platform (SIP and PSTN) or other voice or text medium for cost efficiency. The system renders communication between users passive and allows for simultaneous and instantaneous communication while maintaining anonymity of the identifiers used.

Systems and methods for public ledger authentication includes receiving a first previous authentication public ledger address and a first current authentication public ledger address from a user. A verified static user key is identified in a public ledger using the first previous authentication public ledger address. A second current authentication public ledger address is then provided to the user for use in the current authentication attempt. Authentication attempt information is determined that includes a number of authentication attempts by the user, and used in a hash operation with the verified static user key to generate a first user authentication key. A second user authentication key is retrieved from the public ledger that was sent from the first current authentication public ledger address to the second current authentication public ledger address in a transaction, and the user is authenticated if the second user authentication key matches the first user authentication key.

An embodiment may involve receiving, by a computing system, a message from a wireless service provider system. The computing system may include one or more computing devices located, e.g., in the trusted cloud. The message may contain a service-provider-based identity of a client device, an indication that the service-provider-based identity has been authenticated by the wireless service provider, and a code that the client device obtained from a remote machine proximate to the client device. The computing system may generate an anonymized identity of the client device based on the service-provider-based identity. The computing system may verify that a task associated with the code is within the authorized capabilities of the anonymized identity. Possibly based on the code (and perhaps other information as well), the computing system may transmit an instruction to the remote machine. The instruction may direct the remote machine to perform the task.

An anonymized biometric representation of a target individual is used in a computer based security system. A detailed input biometric signal associated with a target individual is obtained. A weakened biometric representation of the detailed biometric signal is constructed such that the weakened biometric representation is designed to identify a plurality of individuals including the target individual. The target individual is enrolled in a data store associated with the computer based security system wherein the weakened biometric representation is included in a record for the target individual. In another aspect of the invention, a detailed input biometric signal from a screening candidate individual is obtained. The detailed biometric signal of the screening candidate is matched against the weakened biometric representation included in the record for the target individual.

A method of processing data of communications through a communication network. The method includes: receiving first data relating to a first communication between a first and a second electronic device respectively associated with a first and a second connection identifier, the first data including a generic connection identifier associated with the first connection identifier and used for the first communication; storing at least the first connection identifier associated with the generic connection identifier and the second connection identifier used for the first communication; receiving second data relating to a second communication; searching through the second data for the first or the second stored connection identifier; and according to the result of the search, associating the second communication with the first and second connection identifiers.

An apparatus includes a processor and a memory operatively coupled to the processor and associated with an instance of a distributed database at a first compute device. The processor is configured to select an anonymous communication path. Each blinded public key from a sequence of blinded public keys associated with the anonymous communication path is associated with a pseudonym of a compute device from a set of compute devices that implement the anonymous communication path. The processor is configured to generate an encrypted message encrypted with a first blinded public key. The processor is configured to generate an encrypted data packet including the encrypted message and a compute device identifier associated with a second compute device. The encrypted data packet is encrypted with a second blinded public key. The processor is configured to send the encrypted data packet to a third compute device.

A system and corresponding method gather information about browsing and purchasing behavior of web users to avoid tracking information associated with individual web browser instances. The system enables collection of historical and statistical information by legitimate interested parties to be severed from information about the behavior of a browser instance, and so too from information about the user of the browser instance. The system is configured to perform at least one of: (i) masking a web browser cookie to prevent use of the cookie to access browsing information related to a user and (ii) replace stories about sequences of browser behaviors with statistics about abstracted “story types.” A story type is a sequence of behavior types common to all web browser instances which have performed that sequence. An example embodiment uses masking and aggregation techniques, frequently, and includes a variety of industry standard security measures specially adapted to these purposes.

This disclosure relates to anonymous transactions based on ring signatures. In one aspect, a method includes receiving a remittance transaction. The remittance transaction is generated by a client device of a remitter by assembling unspent assets in an account corresponding to the remitter and masked assets in an account corresponding to a masked participant. Key images are obtained from a linkable spontaneous anonymous group (LSAG) signature of the remittance transaction. Values of the key-images are based on a private key, a public key, and unspent assets of the remitter. The LSAG signature is verified. The LSAG signature is generated by the client device of the remitter based on the private key and the public key of the remitter, and a second public key of the masked participant. The remittance transaction is executed when a transaction execution condition is met.

A system for anonymizing and aggregating protected information (PI) from a plurality of data sources includes a master index server coupled to a data repository. The master index server receives an anonymized records associated with an individual from a plurality of data hashing appliances. The system includes a cluster matching engine that applies a plurality of rules to hashed data elements of the received record for comparing hashed data elements of the record with hashed data elements of a plurality of clusters of anonymized records associated with different individuals stored in the data repository to determine whether the individual associated with the received record corresponds to an individual associated with one of the clusters of anonymized records. When a match is found, the cluster matching engine adds the received record to the cluster of anonymized records associated with that individual.