Abstract: A method for identity resolution and data enrichment is performed by at least one hardware processor and includes detecting at an account of a data provider, a shared data object that is shared by an account of a data consumer with the account of the data provider. An application executing at the account of the data consumer is enabled for an identity resolution process based on the detecting of the shared data object. A request for source data received from the application is detected at the account of the data provider. The source data is managed by the account of the data provider. The source data is communicated to the application executing at the account of the data consumer, based on a verification that the application is enabled for the identity resolution process. The identity resolution process is performed at the account of the data consumer using the source data.

Abstract: Systems and methods for providing identity verification services to users by providing a staking mechanism to incentivize participants in an identity verification system to be truthful and accurate and determining validator accuracy and associated setting of fees for using validator attestations to create an efficient, private and secure system.

Abstract: An example system places control and choice of managing the usage of private data into the hands of the users themselves. In some examples, the disclosed data privacy management system allows users to select preferences on how their private data is used by the business, both internally and externally. For example, the system may present users with one or more selectable options regarding how the user's private data is used. The system may then use the user's data for purposes that are in line with the user's selected preferences.

Abstract: A client device collects immunization data includes a type of immunization given to an individual and a date that the immunization was provided to the individual. The client device converts immunization data into a numeric string, where the numeric string as converted comprises an encrypted payload portion and a mode indicator portion. The client device generates a two-dimensional machine-readable identifier using the numeric string. A reader device reads the two-dimensional machine-readable identifier and accesses the numeric string. The reader device converts at least a portion of the numeric string comprising the immunization data into a predetermined format for importing into an electronic health record (EHR).

Abstract: The present system relates a platform for addressing the optimal privacy-accuracy trade-off in the revelation of a user's valuable information to a third party. Specifically, the present system formalizes the privacy-accuracy trade-off in a precise mathematical framework, wherein mathematical formalization captures user's privacy preference with a single parameter. The system possesses a revelation method of user data that is optimal, in the sense of abiding by user's privacy preference while providing the most accurate description to third party subject to the aforementioned privacy preference constraint.

Abstract: A symmetric key that is stored at a device may be received. A public key from a remote entity may also be received at the device. Furthermore, a derived key may be generated based on a one way function between the symmetric key that is stored at the device and the public key that is received from the remote entity. The derived key may be encrypted with the public key and transmitted to the remote entity. The encryption of the derived key with the public key may provide secure transmission of the derived key to an authorized remote entity with a private key that may be used to decrypt the encrypted derived key.

Abstract: A system, method, and computer program product are provided for consent management. A method may include receiving a first data request for user data associated with a user, the user data stored in a user data database; communicating a consent request to the requester system; receiving a consent response from the requester system; storing consent data associated with the consent response for the user data requested in the first data request in an immutable ledger; receiving a consent verification request from the user data database, the consent verification request based on a second data request for the user data from the requester system to the user data database; verifying the consent verification request based on the consent data; and communicating a consent verification response to the user data database, the consent verification response indicating consent from the user to share the user data with the requester system.

Abstract: Described is a secure, electronic, submission process providing and enabling applicants to initiate requests to desirous requestors seeking such submissions based on authenticated and trusted identities and/or credentials or which could be authenticated securely through other defined processes. SafeCase is an innovative process for convenience, ease and security in application submissions for anyone and everyone through an electronic interface that has been built innovatively on the strong foundations of Identity Management, giving irrevocable and irrefutable trust on the Identity and/or credentials and/or the purpose that an applicant is applying for or wishes to achieve. SafeCase is an end-to-end secure and transparent interface, wherein the applicant (i.e. the Candidate) utilizes his/her Authenticated Credential(s) or Identity(ies) to submit an application. The applicant remains updated in real time on the status of the submitted application till its final disposal.

Abstract: A method performed at a first electronic device includes: (i) storing a privacy table that comprises random numbers at the first electronic device, (ii) transmitting the privacy table to a second electronic device over an encrypted channel, (iii) receiving a first message for transmission to the second electronic device, (iv) generating a map based on the privacy table, (v) generating a primary key based on the map and the privacy table, and (vi) encrypting the first message using the primary key to form an encrypted first message. The method also includes (vii) transmitting the map and the encrypted first message to the second electronic device, thereby enabling the second electronic device to decrypt the encrypted first message by recreating the primary key based on the map and the privacy table and decrypting the encrypted first message using the recreated primary key.

Abstract: A server computer hosting an extended reality world receives a first transmission over a communication network from a computing device associated with a user, the first transmission including a request for the user to access the extended reality world. The server computer transmits a presentation of the extended reality world to the communication device over the communications network based at least in part on the request, and displays the presentation of the extended reality world on the computing device, where the presentation includes at least an avatar associated with the user. The server computer receives a command for the avatar to store a phrase selected by the user in a location associated with a virtual object within the extended reality world. The server computer displays, within the presentation of the extended reality world on the computing device, the avatar storing the phrase at the location in the extended reality world.

Abstract: Described are methods and systems for using policies to comply with a person's request for data pertaining to the person, pursuant to applicable data privacy laws. A policy is retrieved responsive to receiving a query that includes data to identify records that store data pertaining to the person. The policy indicates first and second database objects, and respective first and second sets of fields, which store data that pertains to persons. The policy is applied. Applying the policy includes retrieving, as first values, data stored in the first set of fields of a first record associated with the data in the query, and retrieving, as second values, data stored in the second set of fields of a second record associated with the first record. The first and second values, and the names of the fields from which they were retrieved, are stored in a document.

Abstract: The system obtains information to send to the first user device and converts the information into a sequence of images, where one or more images in the sequence of images include the information, and a remainder of images in the sequence include a visual unrelated to the information. The number of the one or more images and the number of the remainder of images indicate a display frequency. The number of the remainder of images is greater than the number of the one or more images. The display frequency causes an observer to form a perception of the one or more images. The system sends the sequence to the first user device and causes the first user device to present on the display screen the sequence at the display frequency, which causes a garbling of a recording of the display screen associated with the first user device.

Abstract: A system, method, and computer-readable media for providing contextual data loss prevention (DLP) within a group-based communication system. At least a portion of a DLP policy may be suspended within a DLP engine based on a context for which a user input is to be displayed. Accordingly, the user input may be displayed without interference from the DLP engine.

Abstract: Protecting membership and data in secure multi-party computation and communication is provided. A method of protecting membership and data includes generating a padding dataset. A size of the padding dataset is determined based on a data privacy configuration. The method also includes up-sampling a first dataset with the padding dataset, transforming the first dataset, dispatching the first dataset, performing an intersection operation based on the first dataset and a second dataset to generate a third dataset, generating a first share based on the third dataset, and constructing a result based on the first share and a second share.

Abstract: A data management computing system for tracking data protection compliance of a plurality of entities using a data management (“DM”) server is provided. The DM server includes at least one processor programmed to: (i) receive, from a requesting entity, a personally identifying information (“PII”) consent request for access to a requested PII set of a user, (ii) determine at least one PII item associated with a reason code, (iii) compare the at least one PII item to the requested PII set, (iv) generate a consent recommendation, (v) transmit the consent recommendation to the user, (vi) receive a response indicating user consent, (vii) transmit, to the requesting entity, a notification indicating the user consent for the requesting entity to retrieve the at least one PII item from a third-party PII storage entity, and (viii) update a user profile to track the requesting entity with the at least one PII item.

Abstract: Provided is a technique for performing statistical processing such as processing for obtaining parameters of logistic regression analysis faster than before. A secure statistical processing system includes a cross tabulation table computing device 2 that performs secure computation on a cross tabulation table in which frequencies are in plain texts while keeping each record concealed; and a statistical processing device 3 that performs predetermined statistical processing using the cross tabulation table in which frequencies are in plain texts. The cross tabulation table computing device 2 may include a plurality of secure computation devices 221, . . . , 22N that perform secure computation on a cross tabulation table in which frequencies are fragments subjected to secret sharing while keeping each record concealed, and a management device 21 that restores the fragments to compute the cross tabulation table in which frequencies are in plain texts.

Abstract: A system for database restoration across service regions. The system includes data storage and backup data storage in the first region. The system includes a frontend for the database service configured to receive, from a client, a request to restore a database to the first region from backups stored in another backup data storage in a second region and to receive an authentication token for the request from the client. The system also includes a backup restore manager service for the first region configured to send, to another backup restore manager service implemented in the second region, a credential request for a second region credential authorizing retrieval of the one or more other backups from the second region. The backup restore manager service sends a backup restore request to retrieve the backups from the other backup data storage and loads the backups to restore the database in the first region.

Abstract: Systems and methods for verifying requests for personal information are described. A server computing system may receive a request for personal information associated with a requester, the request sent based on a government regulation related to consumer privacy rights, the request including a first identifier provided by the requester, the personal information stored in one or more databases based on one or more past transactions engaged between the requester and an entity associated with the one or more databases. The server computing system may search the one or more databases using the first identifier to identify a second identifier related to the first identifier, the second identifier stored in the one or more databases by the entity based on the one or more past transactions. The server computing system may verify identity of the requester using at least the second identifier.

Abstract: This disclosure describes techniques for calculating a vulnerability score for a malicious threat based on Indicator of Compromise (IoC) metadata retrieved from a computing device or underlying network. Further, an Indicator of Compromise (IoC) Calculation (IoC-C) system is described that may monitor a client interaction on a computing device, and further identify IoC metadata that may relate to a malicious threat. The IoC-C system may further generate a vulnerability score that numerically quantifies a risk that the malicious threat poses to the computing device or underlying network. The vulnerability score may account for environmental criteria that mitigate an effect of the malicious threat. The IoC-C system may also generate a reporting data packet that includes an informational message identifying a potential risk posed by a malicious threat, or a response protocol that dynamically prevents, mitigates or quarantines an effect of the malicious threat on a computing device or underlying network.

Abstract: Exemplary embodiments are directed to a method and apparatus for storing data for a batch of manufactured items. The method comprises defining in a processor, using a lower limit identifier and an upper limit identifier, a range of unique item identifiers for the batch, wherein each manufactured item in the batch is allocated a unique item identifier falling within the range. The item identifiers are stored in allocated storage space. If an upper limit identifier is specified for each time interval, an amount of storage specified for all manufactured items during a production time period is calculated as a sum of a first product and a second product, the first product being a product of a production time and a size allocated to each upper limit identifier, and the second product being a product of the production time, a total number of manufactured items, and a percentage of unused identifiers.