Abstract: A computer-implemented system and method for anonymizing encrypted data is provided. At least one attribute is identified within a dataset for anonymization and is associated with a plurality of data values. Each data value is encrypted for each identified attribute while maintaining an order of the encrypted data values. The encrypted values are ordered and the ordered encrypted data values are segmented into two or more classes based on the ordering of the encrypted data values. A range of the encrypted data values within each of the segmented classes is identified and the range of one of the classes is assigned to each encrypted data value within that class as anonymized data.

Abstract: Systems and methods are disclosed for a server learning new words generated by user client devices in a crowdsourced manner while maintaining local differential privacy of client devices. A client device can determine that a word typed on the client device is a new word that is not contained in a dictionary or asset catalog on the client device. New words can be grouped in classifications such as entertainment, health, finance, etc. A differential privacy system on the client device can comprise a privacy budget for each classification of new words. If there is privacy budget available for the classification, then one or more new terms in a classification can be sent to new term learning server, and the privacy budget for the classification reduced. The privacy budget can be periodically replenished.

Abstract: A computer-implemented system and method for automatically identifying attributes for anonymization is provided. A dataset of attributes is accessed. Each attribute in the dataset is associated with a plurality of values. The values of the dataset are encrypted and the attributes are processed by assigning a sensitivity level to each of the attributes. One or more of the attributes are selected from the dataset for anonymization based on the assigned sensitivity levels.

Abstract: A computer-implemented system and method for anonymizing encrypted data is provided. At least one attribute is identified within a dataset for anonymization and is associated with a plurality of data values. Each data value is encrypted for each identified attribute while maintaining an order of the encrypted data values. The encrypted values are ordered and the ordered encrypted data values are segmented into two or more classes based on the ordering of the encrypted data values. A range of the encrypted data values within each of the segmented classes is identified and the range of one of the classes is assigned to each encrypted data value within that class as anonymized data.

Abstract: Systems and methods are disclosed for a server learning new words generated by user client devices in a crowdsourced manner while maintaining local differential privacy of client devices. A client device can determine that a word typed on the client device is a new word that is not contained in a dictionary or asset catalog on the client device. New words can be grouped in classifications such as entertainment, health, finance, etc. A differential privacy system on the client device can comprise a privacy budget for each classification of new words. If there is privacy budget available for the classification, then one or more new terms in a classification can be sent to new term learning server, and the privacy budget for the classification reduced. The privacy budget can be periodically replenished.

Abstract: A portable proxy for security management and privacy protection and methods of use are provided. The proxy establishes a connection to a user device. The proxy also establishes a secure connection to a virtual private network (VPN), performs authentication of the proxy to the VPN, and upon successful completion of the proxy authentication provides access to the VPN through the secure connection user credentials. Once the VPN accepts the credentials, the proxy routes at least a portion of Internet traffic between the user device and the VPN through the secure connection and the connection to the user device. The proxy can also establish a secure connection to an anonymizing service and route all Internet traffic of the user device through the anonymizing service using the secure connection and the connection to the user device.

Abstract: A computer-implemented system and method for analyzing data quality is provided. Attributes each associated with one or more elements are maintained. A request from a user is received for determining data quality of at least one attribute based on an interest vector having a listing of the elements of that attribute and a selection of elements of interest. Each element is encrypted. A condensed vector having the same listing of elements as the interest vector is populated with occurrence frequencies for each of the listed elements. The elements of the condensed vector are encrypted by computing an encrypted product of each element in the condensed vector and the corresponding element of the interest vector. An aggregate is determined based on the encrypted products of each element of the interest vector and the corresponding element of the condensed vector. The aggregate is provided as results of the data quality.

Abstract: The current invention provides a system and method for Data Owners to share with Data Seekers extracted insights from the Big Data, instead of raw data or anonymized raw data, thus reducing or eliminating privacy concerns on the data owned by the Data Owners. An Oblivious Pseudo Random Function (OPRF) is used, with operations using OPRFs occur over encrypted data, thus Data Owners learn only the primary object from Data Seeker and nothing else about the remainder of Data Owners' data. Similarly, Data Seeker learns a list of associated secondary objects and nothing else about Data Owners' data. The extent of sharing can be limited using a predefined threshold depending how much private information Data Owner is willing to share or Data Seeker is willing to pay.

Abstract: Computational overhead for private multiparty data function computation can be decreased by sharing parameters of dimensionality-reducing function between a client and a server, with both the client applying the function to a query vectors and the server applying the function to server vectors, both client and server creating embedded vectors. The client homomorphically encrypts the embedded query vector and provides the encrypted embedded query vector to the server. The server performs encrypted domain computations for an embedded vector processing function, each computation using the encrypted embedded query vector and one of the server embedded vectors as inputs for the function. The client receives encrypted computation results and identifies server vectors of interest using those results that are informative of a result of an application of an aggregate function to the query vector and one of the server vectors. The client obtains the vectors of interest using an oblivious transfer protocol.

Abstract: A system and method for data quality analysis between untrusted parties is provided. A dataset having attributes each associated with one or more elements is maintained. An encrypted request is received from a client regarding data quality for one of the attributes. The encrypted request includes an interest vector of separately encrypted values identifying those elements of interest for the attribute. A condensed data vector representing the elements is generated for the attribute and is the same length as the interest vector. An aggregate of the elements of interest is determined by calculating for each element in the condensed data vector, an encrypted product of that element and a corresponding element of the interest vector and by determining a total product of all the encrypted products. A data quality value is assigned to the elements of the attribute in the dataset based on the aggregate.

Abstract: Computational overhead for private multiparty data function computation can be decreased by sharing parameters of dimensionality-reducing function between a client and a server, with both the client applying the function to a query vectors and the server applying the function to server vectors, both client and server creating embedded vectors. The client homomorphically encrypts the embedded query vector and provides the encrypted embedded query vector to the server. The server performs encrypted domain computations for an embedded vector processing function, each computation using the encrypted embedded query vector and one of the server embedded vectors as inputs for the function. The client receives encrypted computation results and identifies server vectors of interest using those results that are informative of a result of an application of an aggregate function to the query vector and one of the server vectors. The client obtains the vectors of interest using an oblivious transfer protocol.

Abstract: A system and method for data quality analysis between untrusted parties is provided. A dataset having attributes each associated with one or more elements is maintained. An encrypted request is received from a client regarding data quality for one of the attributes. The encrypted request includes an interest vector of separately encrypted values identifying those elements of interest for the attribute. A condensed data vector representing the elements is generated for the attribute and is the same length as the interest vector. An aggregate of the elements of interest is determined by calculating for each element in the condensed data vector, an encrypted product of that element and a corresponding element of the interest vector and by determining a total product of all the encrypted products. A data quality value is assigned to the elements of the attribute in the dataset based on the aggregate.

Abstract: A probabilistic system and method facilitates the sharing of a secret among participating users in a private way. The secret shares satisfy the condition that their sum equal a predefined number that is chosen by a third party aggregator. Without interacting with any other user, each user computes a secret share according to a predefined probability density function. If enough parties join, their secret shares can be combined by the aggregator with relative efficiency into a secret with a high likelihood of success.

Abstract: A probabilistic system and method facilitates the sharing of a secret among participating users in a private way. The secret shares satisfy the condition that their sum equal a predefined number that is chosen by a third party aggregator. Without interacting with any other user, each user computes a secret share according to a predefined probability density function. If enough parties join, their secret shares can be combined by the aggregator with relative efficiency into a secret with a high likelihood of success.

Abstract: A portable proxy for security management and privacy protection and methods of use are provided. The proxy establishes a connection to a user device. The proxy also establishes a secure connection to a virtual private network (VPN), performs authentication of the proxy to the VPN, and upon successful completion of the proxy authentication provides access to the VPN through the secure connection user credentials. Once the VPN accepts the credentials, the proxy routes at least a portion of Internet traffic between the user device and the VPN through the secure connection and the connection to the user device. The proxy can also establish a secure connection to an anonymizing service and route all Internet traffic of the user device through the anonymizing service using the secure connection and the connection to the user device.

Abstract: An approach is provided for protecting a user identity in communication based on privacy information. The privacy engine selects one or more parameters associated with a privacy metric. Next, the privacy engine determines the parameters in a communication environment, the communication environment including a user device and a plurality of other devices. Next, the privacy engine computes a privacy level based, at least in part, on the parameters and the privacy metric. Next, the privacy engine compares the computed privacy level against a predetermined privacy level. Then, the privacy engine triggers a communication to one or more of the other devices in the communication environment based, at least in part, on the comparison.

Abstract: Techniques for remapping messages prior to encoding to improve performance are described. L designated messages among K total messages are remapped to L remapped messages, which are associated with L codewords having larger relative distance between these codewords, where L may be much less than K. The L designated messages may be more frequently used messages and/or more important messages. The remapping allows the L codewords with larger relative distance to be sent for the L designated messages, which may improve performance. A transmitter remaps an input message to a remapped message, encodes the remapped message to obtain a codeword, and sends the codeword to convey the input message. A receiver decodes a received codeword to obtain a decoded message and demaps the decoded message to obtain a demapped message, which is an estimate of the input message sent by the transmitter.

Abstract: Techniques for remapping messages prior to encoding to improve performance are described. L designated messages among K total messages are remapped to L remapped messages, which are associated with L codewords having larger relative distance between these codewords, where L may be much less than K. The L designated messages may be more frequently used messages and/or more important messages. The remapping allows the L codewords with larger relative distance to be sent for the L designated messages, which may improve performance. A transmitter remaps an input message to a remapped message, encodes the remapped message to obtain a codeword, and sends the codeword to convey the input message. A receiver decodes a received codeword to obtain a decoded message and demaps the decoded message to obtain a demapped message, which is an estimate of the input message sent by the transmitter.