CPC Class H04W

There are provided systems and methods for on-device data privacy operations to prevent data sharing at user locations. A service provider, such as a merchant location of a merchant and/or associated online transaction processor, may provide additional services for to users via user data that may be tracked or stored of the user. However, the user may not want to share certain data with the merchant or other backend processor for privacy concerns. Thus, on-device data privacy operations may be used to detect when a user is at a location that has a corresponding privacy setting to hide or abstract user data for the location. The privacy setting may designate data to prevent from sharing when the user uses their device with devices associated with the location. Abstracted data associated with recommendations or actions to provide the user may be generated and provided to a merchant for the location.

A method for concealing a subscription identifier at a user equipment including a mobile equipment and an integrated circuit card storing the subscription identifier, the method including receiving a corresponding request by a server to provide a corresponding subscription identifier, performing an elliptical curve encryption of the subscription identifier generating a concealed subscription identifier, the concealing operation including the mobile equipment sending an identity retrieve command to the card, performing, before receiving the identity retrieve command at the card, a pre-calculation of the ephemeral key pair including an ephemeral private key and ephemeral public key and the shared secret key, and in response to the respective state of completion indicating that completion of the computation of a valid ephemeral key pair or shared secret key, storing the corresponding values of the ephemeral key pair and shared secret key in a table in a memory of the card.

Application data collected by an IDS (intrusion detection system) on the data communication network and concerning applications executing on stations coupled to the plurality of access points, is received. Additionally, firewall rules for applications from a firewall device coupled to the data communication network and providing firewall services to the plurality of access points, including outbound traffic from the plurality of access points, are received. The firewall rules can be parsed to expose configured actions for applications. A customized application control policy is prepared for each particular application for implementation on the network edge by at least one of the plurality of access points.