Method and device for the pseudonymization of digital data

US 10,372,940 B2
Filed: 03/14/2007
Issued: 08/06/2019
Est. Priority Date: 03/17/2006
Status: Active Grant

First Claim

Patent Images

1. A method for pseudonymizing digital data records for transmission from a source computing system to a destination computing system, the method comprising:

receiving, by a client component of an identity protector system, person-specific data from a source computing system provided with a source identifier, wherein the person-specific data comprises unique identifiers corresponding to a person;

generating, by the client component of the identity protector system, a pre-pseudonym (PI) based on the unique identifiers and a protected hash function;

sending, by the client component of the identity protector system, the PI with the source identifier to the source computing system;

erasing, by the client component of the identity protector system, the person-specific data from the client component of the identity protector system;

receiving, by a master component of the identity protector system, the PI with the source identifier from the source computing system;

generating, by the master component of the identity protector system, a pseudonym (PPI) based on the PI and the source ID, wherein generating the PPI is performed in response to a request for possible re-identification for a data record corresponding to the source identifier from the destination computing system; and

transmitting, by the master component of the identity protector system, the PPI to the destination computing system; and

storing, at a trusted database component of the identity protector system, an assignment of the PPI to the PI and the source ID to facilitate re-identification for the data record corresponding to the source identifier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for pseudonymizing digital data records sent from a source system to a destination system, using an identity protector client system and an identity protector master system, includes the steps of receiving, at the identity protector client, person-specific data from a source system provided with a source identifier. The digital data records are pre-pseudonymized by the identity protector client, and the processed digital data records are marked with a source identifier which references the source file in the source system. The pre-pseudonymized digital data records are transmitted to the identity protector master. For every data record, a pseudonym is created by the identity protector master from the pre-pseudonym, the source identifier, and at least one other value generated from an erratic value and a time value. The pseudonym is transmitted to the destination system.

22 Citations

View as Search Results

11 Claims

1. A method for pseudonymizing digital data records for transmission from a source computing system to a destination computing system, the method comprising:
- receiving, by a client component of an identity protector system, person-specific data from a source computing system provided with a source identifier, wherein the person-specific data comprises unique identifiers corresponding to a person;
  
  generating, by the client component of the identity protector system, a pre-pseudonym (PI) based on the unique identifiers and a protected hash function;
  
  sending, by the client component of the identity protector system, the PI with the source identifier to the source computing system;
  
  erasing, by the client component of the identity protector system, the person-specific data from the client component of the identity protector system;
  
  receiving, by a master component of the identity protector system, the PI with the source identifier from the source computing system;
  
  generating, by the master component of the identity protector system, a pseudonym (PPI) based on the PI and the source ID, wherein generating the PPI is performed in response to a request for possible re-identification for a data record corresponding to the source identifier from the destination computing system; and
  
  transmitting, by the master component of the identity protector system, the PPI to the destination computing system; and
  
  storing, at a trusted database component of the identity protector system, an assignment of the PPI to the PI and the source ID to facilitate re-identification for the data record corresponding to the source identifier.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method according to claim 1, further comprising:
    - receiving, by the identity protector system, information from the destination computing system regarding conditions under which the destination computing system is permitted to receive psedonymized data in place of anonymized data.
  - 3. The method according to claim 1, further comprising:
    - providing, by a trust center component of the identity protector system, re-identification for the data record corresponding to the source identifier.
  - 4. The method according to claim 3, wherein providing the re-identification comprises releasing the assignment of the PPI to the PI and the source ID from the trusted database component using a private key.
  - 5. The method according to claim 4, wherein the private key comprises multiple partial keys distributed over multiple trust entities.
  - 6. The method according to claim 1, wherein generating the PPI is further based on a time value and an erratic value.

7. An identity protector system for pseudonymizing digital data records for transmission from a source computing system to a destination computing system, the system comprising:
- a client component, configured to;
  
  receive person-specific data from a source computing system provided with a source identifier, wherein the person-specific data comprises unique identifiers corresponding to a person;
  
  generate a pre-pseudonym (PI) based on the unique identifiers and a protected hash function;
  
  send the PI with the source identifier to the source computing system; and
  
  erase the person-specific data from the client component of the identity protector system;
  
  a master component, configured to;
  
  receive the PI with the source identifier from the source computing system;
  
  generate a pseudonym (PPI) based on the PI and the source ID, in response to a request for possible re-identification for a data record corresponding to the source identifier from the destination computing system; and
  
  transmit the PPI to the destination computing system; and
  
  a trusted database component, configured to store an assignment of the PPI to the PI and the source ID, to facilitate re-identification for the data record corresponding to the source identifier.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The identity protector system according to claim 7, further comprising:
    - a trust center component, configured to provide re-identification for the data record corresponding to the source identifier.
  - 9. The identity protector system according to claim 8, wherein the re-identification includes releasing the assignment of the PPI to the PI and the source ID from the trusted database component using a private key.
  - 10. The identity protector system according to claim 9, wherein the private key comprises multiple partial keys distributed over multiple trust entities.
  - 11. The identity protector system according to claim 7, wherein generating the PPI is further based on a time value and an erratic value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Deutsche Telekom AG
Original Assignee
Deutsche Telekom AG
Inventors
Ehrenschwender, Dieter, Henkel, Gerhard, Kalck, Stefan, Kern, Heiko
Primary Examiner(s)
Choi, Peter H
Assistant Examiner(s)
Mandel, Monica A

Application Number

US12/293,203
Publication Number

US 20090265788A1
Time in Patent Office

4,528 Days
Field of Search

726 26
US Class Current
CPC Class Codes

G06F 21/6254 by anonymising data, e.g. d...

Method and device for the pseudonymization of digital data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method and device for the pseudonymization of digital data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links