Abstract: A system for context-based data privacy can include a processor in communication with a data store associated with a data variable, wherein the data variable is associated with an entity. The processor can receive a request for the data variable. The processor can obtain contextual data associated with at least one of the data variable and the entity. The processor can determine a probabilistic model based on the contextual data. The processor can generate a key for the data variable. The processor can generate a perturbation value by applying the probabilistic model using the key. The processor can send a de-identified value by modifying a current value of the data variable by the perturbation value responsive to the request for the data variable.

Abstract: Systems and methods are disclosed that receive a search request with one or more data items to search against filters. Masked versions of the data items are generating using a first predetermined algorithm. The masked versions can be transmitted to another computing device to be secured. Query data can be generated by applying a second algorithm to the secured version of the data items. The query data can be transmitted to a storage system to query the filters to identify search results.

Abstract: Systems and methods are disclosed that receive data at an electronic computing device. A first algorithm can be applied to the phrases to generate masked versions of the phrases. The masked versions can be cryptographically secured using a second algorithm and a cryptographic key. The second algorithm and cryptographic key can be used to generate a secured versions of the phrases. A filter representative of the data can be generated using the secured versions of the phrases.

Abstract: Systems and methods are disclosed for generation of a representative data structure. A computing device can receive data including various data items. The computing device can generate logical rows that include the data items. The computing device can convert the logical rows into nodes and store the nodes into logical rows of a first logical table. The computing device can generate logical rows for a second logical table including row identifiers and a link to one of the logical rows from the first logical table.

Abstract: Systems and methods are disclosed that receive data at an electronic computing device. The data can include phrases that can be transformed according to an algorithm to generate a masked version of the phrases. The masked version can be transmitted to a third party system for securing. The secured version can be received from the third party system. A secured filter representative of the received data can be generated based on the received secured version.

Abstract: Systems and methods are disclosed for generation of secure indexes that permit the querying or searching of encrypted data in a cryptographically-secure manner. In various embodiments, a filter gradient comprises a node identifier, a set membership filter, and an ordered genealogy (such that it comprises a filter that encodes a subset of the items encoded by its parent), and a FiG tree is a rooted tree with filter gradients (and, optionally, one or more dictionaries) as nodes such that each filter gradient uses a different hash. A HiiT data structure, in various embodiments, comprises a hash table that points to the rows of an inverted index table. In various embodiments, an oblivious pseudorandom function may be employed to mask, secure, and prepare the phrases for insertion into the secure indexes.

Abstract: Systems and methods are disclosed for, without access to the original set of data elements from which the online filter was originally constructed, converting online filters to other types of filters. To convert a particular type of online filter to either an offline filter or a different type of online filter, the system, in various embodiments, first determines the types/formats of each of the relevant filters. Then, in various embodiments, the system extracts the appropriate data representations from the original online filter. In various embodiments, the system converts the extracted data representations into the data representation format of the new filter. The system, in various embodiments, then constructs the new filter from the converted data representations.

Abstract: Systems and methods are disclosed for generation of secure indexes that permit the querying or searching of encrypted data in a cryptographically-secure manner. In various embodiments, a filter gradient comprises a node identifier, a set membership filter, and an ordered genealogy (such that it comprises a filter that encodes a subset of the items encoded by its parent), and a FiG tree is a rooted tree with filter gradients (and, optionally, one or more dictionaries) as nodes such that each filter gradient uses a different hash. A HiiT data structure, in various embodiments, comprises a hash table that points to the rows of an inverted index table. In various embodiments, an oblivious pseudorandom function may be employed to mask, secure, and prepare the phrases for insertion into the secure indexes.

Abstract: Systems and methods that permit the querying of encrypted data in a cryptographically-secure manner. Generally, data that has been encrypted cannot be queried using plaintext terms because it is in ciphertext. Accordingly, use of filters that correspond to the encrypted data and are generated by multiple parties permits querying of the data without decrypting the data or compromising the security of the encrypted data or of the queries against that data.

Abstract: Systems and methods that permit the querying of encrypted data in a cryptographically-secure manner. Generally, data that has been encrypted cannot be queried using plaintext terms because it is in ciphertext. Accordingly, use of filters that correspond to the encrypted data and are generated by multiple parties permits querying of the data without decrypting the data or compromising the security of the encrypted data or of the queries against that data.