Abstract: Various embodiments include a coordinator node for coordinating a multiparty computation (MPC) on one or more datasets. The system comprises a plurality of client nodes, one or more datasets and a plurality of computation nodes. Client nodes may include at least one dataset and/or at least one computation node that can operate as a party to an MPC. The coordinator node is configured to receive a request for an MPC on one or more of the datasets from a requesting node, the MPC including the evaluation of at least one function by two or more computation nodes from different client nodes; determine a computation schedule for the MPC, the computation schedule indicating which client nodes of the plurality of client nodes are to participate in the MPC; send at least part of the determined computation schedule to at least one of the client nodes indicated in the determined computation schedule.

Abstract: Some embodiments are directed to a categorization system for categorizing a sensitive data field in a dataset, e.g., a disease classification according to the ICD classification. A client device is to obtain categories for one or more records of the dataset. The client device determines categorization data for the categorization. The categorization data comprises homomorphic encryptions of possible values of the sensitive data field and encodings of the categories associated to the respective possible values, thus keeping the categorization secret. A data provider device stores the dataset and determines homomorphic encryption indicating differences between the value of the sensitive data field for a record and respective possible values. A categorization device determines which of those encryptions indicates a match and provides a category encoding associated with a matching possible value to the client device. The client device associates the encoded category to the record.

Abstract: Various embodiments include a first node for providing a function to a second node for evaluation, the first node configured to form a first plurality of garbled circuits for the function, each circuit being formed from a circuit representing the function and a respective set of wire keys and including one or more logic operations, one or more input wires for inputting data into the circuit and one or more output wires for outputting the result of the function, wherein each respective set of wire keys comprises a respective subset of wire keys for each input wire and each output wire, each subset of wire keys comprising a plurality of wire keys, each wire key in the plurality being associated with a possible value for the wire; and publish a first list of the first plurality of garbled circuits for the function for access by a plurality of second nodes.

Abstract: According to one aspect, there is provided a server for use in evaluating a monitoring function to determine if a trigger condition is satisfied. The server comprises a processing unit and a memory unit. The memory unit is for storing a current monitoring state Ss of the server or an encrypted current monitoring state S of the monitoring function, the current monitoring state Ss of the server relating to the current monitoring state S of the monitoring function that is based on an evaluation of one or more previous events. The processing unit is configured to receive an indication of a first event from a first client node and evaluate the monitoring function to determine if the first event satisfies the trigger condition.

Abstract: A mechanism for determining the trustworthiness of training a first neural network, and thereby of the trained first neural network. Values of a set of weights of the first neural network are monitored during the training process. The monitored values are used to determine the trustworthiness of the training of the first neural network.

Abstract: According to one aspect, there is provided a server for use in evaluating a monitoring function to determine if a trigger condition is satisfied. The server comprises a processing unit and a memory unit. The memory unit is for storing a current monitoring state Ss of the server or an encrypted current monitoring state S of the monitoring function, the current monitoring state Ss of the server relating to the current monitoring state S of the monitoring function that is based on an evaluation of one or more previous events. The processing unit is configured to receive an indication of a first event from a first client node and evaluate the monitoring function to determine if the first event satisfies the trigger condition.

Abstract: Some embodiments are directed to a data sampling device for obtaining a sample of records from a remote dataset satisfying a private criterion using multi-party computation. One or more sample providing devices store respective subdatasets of the remote dataset. The data sampling device determine a candidate size for a sample providing device; requests the sample providing device to determine a candidate sample of the candidate size from the subdataset of the sample providing device; perform a multi-party computation with the sample providing device to obtain a set of indices of records from the candidate sample satisfying the private criterion; sample a subset of the set of indices; and obtains from the sample providing device records of the candidate sample corresponding to the subset of the set of indices.

Abstract: A method performed by a device for identifying a network node within a network to which data will be replicated is disclosed. The method comprises encrypting a session key according to an attribute-based encryption scheme; broadcasting the encrypted session key within the network; receiving at least one message encrypted using the session key from at least one network node within the network; and selecting a network node from the at least one network node to which data will be replicated. A further method, a device and a non-transitory machine-readable medium are also disclosed.

Abstract: The invention provides a consent management system for managing a user's consent for a plurality of services. The system includes a consent management unit adapted to register a plurality of services to a user and obtain user consent information associated with the user. The consent management unit is further adapted to control consent operation of the plurality of services registered to the user, based on user consent information associated with the user.

Abstract: According to one aspect, there is provided a server for use in evaluating a monitoring function to determine if a trigger condition is satisfied. The server comprises a processing unit and a memory unit. The memory unit is for storing a current monitoring state (Ss) of the server or an encrypted current monitoring state (S) of the monitoring function, the current monitoring state (Ss) of the server relating to the current monitoring state (S) of the monitoring function that is based on an evaluation of one or more previous events. The processing unit is configured to receive an indication of a first event from a first client node and evaluate the monitoring function to determine if the first event satisfies the trigger condition.

Abstract: Various embodiments include a coordinator node for coordinating a multiparty computation (MPC) on one or more datasets. The system comprises a plurality of client nodes, one or more datasets and a plurality of computation nodes. Client nodes may include at least one dataset and/or at least one computation node that can operate as a party to an MPC. The coordinator node is configured to receive a request for an MPC on one or more of the datasets from a requesting node, the MPC including the evaluation of at least one function by two or more computation nodes from different client nodes; determine a computation schedule for the MPC, the computation schedule indicating which client nodes of the plurality of client nodes are to participate in the MPC; send at least part of the determined computation schedule to at least one of the client nodes indicated in the determined computation schedule.

Abstract: Some embodiments are directed to location-tracking system (100) comprising a location database (120) configured to receive a plurality of location updates from a plurality of tracking devices (112, 113), the plurality of location updates indicating the location of one or more objects, the location updates being stored encrypted with a cryptographic database encryption-key (130), multiple location-analysis devices execute a multi-party computation protocol on the encrypted location updates using a stored key-share, thus jointly computing a location-analysis result secret-shared among the multiple location analysis devices.

Abstract: Some embodiments are directed to a requesting device and a data device configured for multi-party computation to select a close record from a database. The data device performs a filtering of its candidate records by selecting candidate records from the database for which a received set of similarity values for a target record are close to a set of similarity values for a candidate record. For one or more selected candidate records, the requesting device and the data device performing a multiparty computation protocol to jointly compute a second closeness measure between the target record and the selected candidate record.

Abstract: A system or method generates de-identified output from a data set of patient data comprising unstructured text (100) in natural language phrases. A blacklist (105) has word items that are not allowed. The unstructured text is processed to determine a word count (110) comprising a list of low-rate word items that have a number of occurrences (k) in the unstructured text below a threshold (120). Subsequently, the low-rate word items and the blacklist word items are masked (130) in the unstructured text to generate the de-identified output (140).

Abstract: Some embodiments are directed to a categorization system for 100 categorizing a sensitive data field in a dataset, e.g., a disease classification according to the ICD classification. A client device is to obtain categories for one or more records of the dataset. The client device determines categorization data for the categorization. The categorization data comprises homomorphic encryptions of possible values of the sensitive data field and encodings of the categories associated to the respective possible values, thus keeping the categorization secret. A data provider device stores the dataset and determines homomorphic encryption indicating differences between the value of the sensitive data field for a record and respective possible values. A categorization device determines which of those encryptions indicates a match and provides a category encoding associated with a matching possible value to the client device. The client device associates the encoded category to the record.

Abstract: Various embodiments include a first node for providing a function to a second node for evaluation, the first node configured to form a first plurality of garbled circuits for the function, each circuit being formed from a circuit representing the function and a respective set of wire keys and including one or more logic operations, one or more input wires for inputting data into the circuit and one or more output wires for outputting the result of the function, wherein each respective set of wire keys comprises a respective subset of wire keys for each input wire and each output wire, each subset of wire keys comprising a plurality of wire keys, each wire key in the plurality being associated with a possible value for the wire; and publish a first list of the first plurality of garbled circuits for the function for access by a plurality of second nodes.

Abstract: According to one aspect, there is provided a server for use in evaluating a monitoring function to determine if a trigger condition is satisfied. The server comprises a processing unit and a memory unit. The memory unit is for storing a current monitoring state (Ss) of the server or an encrypted current monitoring state (S) of the monitoring function, the current monitoring state (Ss) of the server relating to the current monitoring state (S) of the monitoring function that is based on an evaluation of one or more previous events. The processing unit is configured to receive an indication of a first event from a first client node and evaluate the monitoring function to determine if the first event satisfies the trigger condition.

Abstract: Some embodiments are directed to location-tracking system (100) comprising a location database (120) configured to receive a plurality of location updates from a plurality of tracking devices (112, 113), the plurality of location updates indicating the location of one or more objects, the location updates being stored encrypted with a cryptographic database encryption-key (130), multiple location-analysis devices execute a multi-party computation protocol on the encrypted location updates using a stored key-share, thus jointly computing a location-analysis result secret-shared among the multiple location analysis devices.

Abstract: Some embodiments are directed to a data sampling device for obtaining a sample of records from a remote dataset satisfying a private criterion using multi-party computation. One or more sample providing devices store respective subdatasets of the remote dataset. The data sampling device determine a candidate size for a sample providing device; requests the sample providing device to determine a candidate sample of the candidate size from the subdataset of the sample providing device; perform a multi-party computation with the sample providing device to obtain a set of indices of records from the candidate sample satisfying the private criterion; sample a subset of the set of indices; and obtains from the sample providing device records of the candidate sample corresponding to the subset of the set of indices.

Abstract: A method performed by a device for identifying a network node within a network to which data will be replicated is disclosed. The method comprises encrypting a session key according to an attribute-based encryption scheme; broadcasting the encrypted session key within the network; receiving at least one message encrypted using the session key from at least one network node within the network; and selecting a network node from the at least one network node to which data will be replicated. A further method, a device and a non-transitory machine-readable medium are also disclosed.