Embodiments described herein provide a privacy mechanism to protect user data when transmitting the data to a server that estimates a p-th frequency moment, F.sub.p for p∈[1, 2] and .sub.p low-rank approximation for p∈[1, 2). The privacy mechanism uses an encode-shuffle then analyze (ESA) framework that provides a compromise between the central and local model of privacy.

A computer-implemented method for creating a classified token database usable for dynamically redacting confidential information from communications includes performing natural language processing on training input and determining whether a confidentiality level is present in the training input. The method includes, in response to determining that the confidentiality level is present, adding at least one classified token associated with the training input to a classified token database.

Methods, systems, and techniques for private identity verification involve obtaining a cryptographically secure commitment that is generated using a first user identifier and a private user identifier associated with the first user identifier; receiving, from an identity verification system, initial zero knowledge proof messages comprising the commitment; sending, to the identity verification system, a set of cryptographically secure known identifier commitments generated using a set of private user identifiers; receiving, from the identity verification system: (i) a zero knowledge proof response generated using the zero knowledge proof challenge; and (ii) proof that the private user identifier used in the initial zero knowledge proof messages comprises part of the set of private user identifiers; and verifying that the private user identifier used in the initial zero knowledge proof messages comprises part of the set of private user identifiers.

A vehicle can have a user profile securely deployed in it according to a security protocol. The vehicle can include a body, a powertrain, vehicle electronics, and a computing system. The computing system of the vehicle can be configured to: retrieve information from a user profile according to a security protocol. The computing system of the vehicle can also be configured to receive a request for at least a part of the retrieved information from the vehicle electronics and send a portion of the retrieved information to the vehicle electronics according to the request. The computing system of the vehicle can also be configured to propagate information sent from the vehicle electronics back into the user profile according to the security protocol. And, the computing system of the vehicle can also be configured to store in its memory, according to the security protocol, information sent from the vehicle electronics.

A method includes obtaining, from a server, a filter including a set of encrypted identifiers each encrypted with a server key controlled by the server. The method includes obtaining a request that requests determination of whether a query identifier is a member of a set of identifiers corresponding to the set of encrypted identifiers. The method also includes transmitting an encryption request to the server that requests the server to encrypt the query identifier. The method includes receiving, from the server, an encrypted query identifier including the query identifier encrypted by the server key and determining, using the filter, whether the encrypted query identifier is not a member of the set of encrypted identifiers. When the encrypted query identifier is not a member of the set of encrypted identifiers, the method includes reporting that the query identifier is not a member of the set of identifiers.

Systems and applications are described that use group signature technology to allow for anonymous and/or semi-anonymous feedback while allowing for the application of rules and parameters. The use of group signature technology may serve to potentially mitigate or prevent malicious identification of individuals or entities providing a communication such as feedback. Feedback may range from constructive feedback all the way to the ‘whistleblower’ variety. It may be desirable to identify the individuals as belonging to a particular group or having a particular status or position while maintaining the anonymity of the individuals within the particular group.

An ephemeral content distribution system associated with exchanging calibrated communications using a wave dynamic communication protocol based at least on a current wave-state of a user is disclosed. The system transmits a wave-based request for wave dynamic communications associated with a first user. The system processes wave-geographic information associated with a bounded geographical region based on a wave-state of a second user that received the wave-based request. The system processes wave-identity information associated with the wave-state of the second user. The system next receives a response of the second user to the wave-based request in accordance with the wave-state of the second user. The system further facilitates an exchange of the calibrated communications between the first and the second user based on the wave-identity of the second user using the wave dynamic communication protocol associated with discrete epochs of the calibrated communications in the ephemeral content distribution system.

Corresponding methods and a computer-readable device are also disclosed.

Methods, systems, and apparatus, including computer programs encoded on a computer-readable storage medium, and including a method for providing content. The method comprises receiving a first login request from a first device used by a user, the request being associated with a first anonymous identifier associated with the first device, and determining a user tag for the user, that does not include any personally identifiable information associated with the user. The method further comprises receiving a second login request from a second different device used by the user, the request being associated with a second different anonymous identifier associated with the second different device, and storing an association between the user tag, the first anonymous identifier and the second different anonymous identifier. The method further comprises receiving a request for content from either the first or second different device and providing content in response to the request using the association.

The invention described herein is directed to methods and systems for protecting network trace data. Network traces are used for network management, packet classification, traffic engineering, tracking user behavior, identifying user behavior, analyzing network hierarchy, maintaining network security, and classifying packet flows. In some embodiments, network trace data is protected by subjecting network trace data to data anonymization using an anonymization algorithm that simultaneously provides sufficient privacy to accommodate the organization need of the network trace data owner, provides acceptable data utility to accommodate management and/or network investigative needs, and provides efficient data analysis, at the same time.

Improved pseudonym certificate management is provided for connected vehicle authentication and other applications. Temporary revocation of a certificate is enabled. With respect to Security Credential Management Systems (SCMS), pre-linkage values can be employed. The pre-linkage values can be encrypted using homomorphic encryption. Other embodiments are also provided.