Abstract: According to one embodiment, a method, computer system, and computer program product for user authentication. The embodiment may include receiving, from a first device, multiple location coordinates of the first device. The embodiment may include storing, on a second device, a second moving window comprising last n location coordinates of the multiple location coordinates. The embodiment may include receiving, from the first device, a request to access the second device, wherein the request comprises log-in credentials and a first hash value. The embodiment may include computing, on the second device, a second hash value based on the second moving window. The embodiment may include verifying the log-in credentials. The embodiment may include comparing the first hash value and the second hash value. In response to the first and the second hash values being equal, and the log-in credentials being verified, the embodiment may include granting access.

Abstract: Online outreach based reward model generation is described. A set of features that are indicative of an online outreach for a user are determined, the online outreach originating from a particular online network. Based on this set of features, an online outreach for the user originating from the particular online network is determined. A reward model is derived from the online outreach for the user. The reward model indicates locations within the particular online network that are to be searched for user information.

Abstract: A system dynamically changes a data de-identification ruleset applied to a dataset for de-identifying data and comprises at least one processor. The system periodically monitors a dataset derived from data that is de-identified according to a data de-identification ruleset under a set of conditions. The set of conditions for the data de-identification ruleset is evaluated with respect to the monitored data to determine applicability of the data de-identification. One or more rules of the data de-identification ruleset are dynamically changed in response to the evaluation indicating one or more conditions of the set of conditions for the data de-identification ruleset are no longer satisfied. Embodiments of the present invention may further include a method and computer program product for dynamically changing a data de-identification ruleset applied to a dataset for de-identifying data in substantially the same manner described above.

Abstract: A mechanism is provided in a first client for approximate linkage of datasets over quasi-identifiers. The mechanism receives a generalization logic data structure representing sets of values for each quasi-identifier in a first dataset of the first client. For each record in the first dataset, the mechanism generates at least one generalization of a value of a given quasi-identifier in the first dataset based on a selected generalization logic data structure corresponding to the given quasi-identifier and generates a generalized record for each of the at least one generalization to form a first generalized dataset. The mechanism sends the first generalized dataset to a semi-trusted third party for approximate linkage of the first dataset with a second dataset of a second client, receives an approximate join result from the semi-trusted third party, performs post-processing on the approximate join result, and determines a final linkage result based on the post-processing.

Abstract: A computer-implemented method for obfuscating sensitive information associated with mail delivery is disclosed. The computer-implemented method includes identifying that a piece of mail directed towards a potential recipient includes a particular type of sensitive information. The computer-implemented method further includes selecting a mail obfuscation policy for the particular type of sensitive information based on the particular type of sensitive information. The computer-implemented method further includes performing an obfuscation action with respect to the particular type of sensitive information based on the selected mail obfuscation policy.

Abstract: A computer-implemented method, a computer system and a computer program product manage a medical treatment of a care recipient. The method includes obtaining a treatment record for the care recipient from a server. The method also includes capturing real-time biometric data of the care recipient using a plurality of sensors. The method further includes determining a severity level of the adverse event by comparing the real-time biometric data with the treatment record in response to detecting an adverse event in the real-time biometric data. In addition, the method includes generating a recommendation for an alternative treatment in response to the severity level being above a threshold. Lastly, the method includes transmitting a notification comprising the recommendation to a treatment provider.

Abstract: One embodiment of the invention provides a method for data deduplication storage management in a data platform including a plurality of data stores. The method comprises, for each data store of the plurality of data stores, determining a corresponding multi-level signature mapping data content of the data store into an ordered logical form comprising a plurality of data abstraction levels, determining a data similarity between the data store and each other data store of the plurality of data stores based on the multi-level signature corresponding to the data store and another multi-level signature corresponding to the other data store, and determining data usage of the data content of the data store. The method further comprises improving storage in the data platform by detecting duplicate data across the plurality of data stores based on each data similarity determined and each data usage determined.

Abstract: One embodiment of the invention provides a method for speaker identity and content de-identification under privacy guarantees. The method comprises receiving input indicative of privacy protection levels to enforce, extracting features from a speech recorded in a voice recording, recognizing and extracting textual content from the speech, parsing the textual content to recognize privacy-sensitive personal information about an individual, generating de-identified textual content by anonymizing the personal information to an extent that satisfies the privacy protection levels and conceals the individual's identity, and mapping the de-identified textual content to a speaker who delivered the speech. The method further comprises generating a synthetic speaker identity based on other features that are dissimilar from the features to an extent that satisfies the privacy protection levels, and synthesizing a new speech waveform based on the synthetic speaker identity to deliver the de-identified textual content.

Abstract: A mechanism is provided in a first client for approximate linkage of datasets over quasi-identifiers. The mechanism receives a generalization logic data structure representing sets of values for each quasi-identifier in a first dataset of the first client. For each record in the first dataset, the mechanism generates at least one generalization of a value of a given quasi-identifier in the first dataset based on a selected generalization logic data structure corresponding to the given quasi-identifier and generates a generalized record for each of the at least one generalization to form a first generalized dataset. The mechanism sends the first generalized dataset to a semi-trusted third party for approximate linkage of the first dataset with a second dataset of a second client, receives an approximate join result from the semi-trusted third party, performs post-processing on the approximate join result, and determines a final linkage result based on the post-processing.

Abstract: In an approach for anonymizing data, a processor receives a mixed-type dataset with at least two relational attributes and at least one textual attribute. A processor runs the mixed-type dataset through a text annotator to discover a set of personally identifiable information (PII). A processor creates a set of ghost attributes to add to the mixed-type dataset. A processor anonymizes data of the at least two relational attributes and the set of ghost attributes. A processor replaces each PII in the textual attribute with the corresponding anonymized data in the at least two relational attributes or the set of ghost attributes to create an anonymized mixed-type dataset. A processor removes the set of ghost attributes from the anonymized mixed-type dataset. A processor shuffles records of the anonymized mixed-type dataset to create a shuffled anonymized mixed-type dataset. A processor outputs the shuffled anonymized mixed-type dataset.

Abstract: A computer-implemented system and method for a data leakage and misuse detection system comprises receiving an evaluation dataset A, and building a signature of the evaluation dataset A (sig(A)), where A signature of a dataset is a multi-level evaluation data abstraction representation of the dataset. The method further comprises building a signature for each of existing datasets B (B1, B2, . . . , Bn) (sig(Bx)) that are stored in a memory. The method then compares the sig(A) with each of the sig(Bx)s. A similarity score is derived based on the comparing, and responsive to determining the similarity score exceeds a predefined threshold, the method comprises generating an activity related to the determination.

Abstract: A method, system, and computer program product for privacy protection of records based on attribute-based determination of quasi-identifiers within the records is provided. The method receives a first set of records containing a first set of attributes for a set of individuals. The method receives a second set of records for the set of individuals, with the second set of records containing a second set of attributes. A first set of quasi-identifiers, based on the first set of attributes, is accessed for the first set of records. The method determines a set of new attributes of the second set of attributes based on the first set of attributes. A second set of quasi-identifiers is generated based on the first set of quasi-identifiers and the set of new attributes. The method generates an anonymized set of records from the second set of records based on the second set of quasi-identifiers.

Abstract: One embodiment of the invention provides a method for utility-preserving text de-identification. The method comprises generating corresponding processed text for each text document by applying at least one natural language processor (NLP) annotator to the text document to recognize and tag privacy-sensitive personal information corresponding to an individual, and replacing some words in the text document with some replacement values. The method further comprises determining infrequent terms occurring across all processed texts, filtering out the infrequent terms from the processed texts, and selectively reinstating to the processed texts at least one of the infrequent terms that is innocuous.

Abstract: An approach is disclosed that enforces restrictions to data in a filesystem based on metadata for a file including a name for an attribute, a type, and a location in the file for the type. A file specific metadata includes an owner, contact information, access rights including an owner consent-based access policy, users of the system who can access the file and the type of access allowed by the users based on a purpose for the access. The operating system (OS) enforces an access to attribute entries of the file based on the purpose and selected metadata in the associated metadata. The restrictions for file access are driven by the file structure metadata which identifies types of information, where in the file each type of information is located, and consent information which specifies what type of information is accessible to a requestor retrieving data for a specific purpose.

Abstract: A method secures a computer display. One or more processors detect whether there is a presence of an authorized portable device proximate to the computer display. Based on what the processor(s) detect, the processor(s) apply a rule, which is based on one or more portable devices being proximate to the computer display, to selectively continue or end a current session on the computer display.

Abstract: A method, system, and computer program product for detecting data tampering with resilient watermarking is provided. The method accesses a first relational data set on a data repository. The first relational data set includes a plurality of data elements. The first relational data set is sorted to generate a first sorted list and a second sorted list of the plurality of data elements. The method generates a watermark from the first sorted list and the second sorted list. The watermark contains a hash corresponding to the first sorted list and the second sorted list of the plurality of data elements. In response to an access request for the first relational data set, the method verifies an integrity of the first relational data set based on the watermark.

Abstract: One embodiment of the invention provides a method for data lineage and data provenance enhancement. The method comprises arranging a data set into a logical ordering, and partitioning the data set into at least one set of partitions based on the logical ordering. The method further comprises, for each partition of the at least one set of partitions, determining a corresponding score for the partition, and determining a data similarity between the partition and each other partition of each other data set based on the corresponding score for the partition and another score corresponding to the other partition. The method further comprises determining data lineage of the data set based on each data similarity determined.

Abstract: An approach is disclosed that enforces a privacy legal framework filesystem along with an operating system (OS) to enforce the privacy legal framework. An access of a datum in a selected file in the filesystem includes accessing a metadata associated with the selected file where the metadata includes a privacy state and an owner consent-based access policy. The owner consent-based access policy is enforced by the OS via special-purpose support requiring usage of the metadata to access the selected file.

Abstract: An approach is disclosed for placing data on volumes. Accesses to data entries at a source location are analyzed to determine locations of the data entries in one or more files. Types of data are identified at the one or more data entries. Types of accesses are identified for the data entries. Durations of the types of accesses to the data entries are identified. An access value is calculated by mapping the one or more types of data combined with the one or more types of accesses combined with the one or more durations of the types of accesses. Confidential sensitive data is moved according to the calculated access value, where a highly accessed confidential data is separated from lighted accessed confidential data by moving a selected portion of data from the source location to the destination location.

Abstract: An approach is disclosed for moving personal and sensitive data from a source filesystem to a destination filesystem while enforcing a source privacy legal framework. A request to copy information from a file residing in the source filesystem enabled to enforce the privacy and control legal framework to a destination filesystem is received. Access to the filesystem is enforced by an Operating System (OS) that provides a privacy legal framework where the OS enforces controlled access to the source filesystem based on user consent metadata. The user consent metadata associated with the file and the request is analyzed to determine a copying policy. The copying policy is applied to the contents of the file to ensure compliance with the privacy and control legal framework of the source filesystem.