Method and device for the pseudonymization of digital data
First Claim
1. A method for pseudonymizing digital data records for transmission from a source computing system to a destination computing system, the method comprising:
- receiving, by a client component of an identity protector system, person-specific data from a source computing system provided with a source identifier, wherein the person-specific data comprises unique identifiers corresponding to a person;
generating, by the client component of the identity protector system, a pre-pseudonym (PI) based on the unique identifiers and a protected hash function;
sending, by the client component of the identity protector system, the PI with the source identifier to the source computing system;
erasing, by the client component of the identity protector system, the person-specific data from the client component of the identity protector system;
receiving, by a master component of the identity protector system, the PI with the source identifier from the source computing system;
generating, by the master component of the identity protector system, a pseudonym (PPI) based on the PI and the source ID, wherein generating the PPI is performed in response to a request for possible re-identification for a data record corresponding to the source identifier from the destination computing system; and
transmitting, by the master component of the identity protector system, the PPI to the destination computing system; and
storing, at a trusted database component of the identity protector system, an assignment of the PPI to the PI and the source ID to facilitate re-identification for the data record corresponding to the source identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for pseudonymizing digital data records sent from a source system to a destination system, using an identity protector client system and an identity protector master system, includes the steps of receiving, at the identity protector client, person-specific data from a source system provided with a source identifier. The digital data records are pre-pseudonymized by the identity protector client, and the processed digital data records are marked with a source identifier which references the source file in the source system. The pre-pseudonymized digital data records are transmitted to the identity protector master. For every data record, a pseudonym is created by the identity protector master from the pre-pseudonym, the source identifier, and at least one other value generated from an erratic value and a time value. The pseudonym is transmitted to the destination system.
22 Citations
11 Claims
-
1. A method for pseudonymizing digital data records for transmission from a source computing system to a destination computing system, the method comprising:
-
receiving, by a client component of an identity protector system, person-specific data from a source computing system provided with a source identifier, wherein the person-specific data comprises unique identifiers corresponding to a person; generating, by the client component of the identity protector system, a pre-pseudonym (PI) based on the unique identifiers and a protected hash function; sending, by the client component of the identity protector system, the PI with the source identifier to the source computing system; erasing, by the client component of the identity protector system, the person-specific data from the client component of the identity protector system; receiving, by a master component of the identity protector system, the PI with the source identifier from the source computing system; generating, by the master component of the identity protector system, a pseudonym (PPI) based on the PI and the source ID, wherein generating the PPI is performed in response to a request for possible re-identification for a data record corresponding to the source identifier from the destination computing system; and transmitting, by the master component of the identity protector system, the PPI to the destination computing system; and storing, at a trusted database component of the identity protector system, an assignment of the PPI to the PI and the source ID to facilitate re-identification for the data record corresponding to the source identifier. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An identity protector system for pseudonymizing digital data records for transmission from a source computing system to a destination computing system, the system comprising:
-
a client component, configured to; receive person-specific data from a source computing system provided with a source identifier, wherein the person-specific data comprises unique identifiers corresponding to a person; generate a pre-pseudonym (PI) based on the unique identifiers and a protected hash function; send the PI with the source identifier to the source computing system; and erase the person-specific data from the client component of the identity protector system; a master component, configured to; receive the PI with the source identifier from the source computing system; generate a pseudonym (PPI) based on the PI and the source ID, in response to a request for possible re-identification for a data record corresponding to the source identifier from the destination computing system; and transmit the PPI to the destination computing system; and a trusted database component, configured to store an assignment of the PPI to the PI and the source ID, to facilitate re-identification for the data record corresponding to the source identifier. - View Dependent Claims (8, 9, 10, 11)
-
Specification