Systems and methods to secure searchable data having personally identifiable information

US 10,476,674 B2
Filed: 05/18/2017
Issued: 11/12/2019
Est. Priority Date: 05/18/2017
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a computer system hosting a three-dimensional virtual reality world, the method comprising:

storing, in the computer system, a global key;

storing, in the computer system but separately from the global key, a set of searchable records, wherein each respective record in the set of searchable records includes;

a searchable hash of at least a portion of personally identifiable information; and

an encrypted identity, wherein the encrypted identity is decryptable, using an encryption key generated based at least in part on the searchable hash and the global key, to provide an identity of a user having the personally identifiable information, the identity uniquely identifying the user among users of the three-dimensional virtual reality world;

receiving, in the computer system, a search request having at least a portion of first personally identifiable information;

generating, by the computer system using a first cryptographic hash function, a first searchable hash from at least the portion of the first personally identifiable information;

determining, by the computer system and from the set of searchable records, a first searchable record having a searchable hash that is equal to the first searchable hash;

generating, by the computer system, a first encryption key from the first searchable hash and the global key;

extracting, by the computing system from the first searchable record, a first encrypted identity;

decrypting, by the computing system using the first encryption key, the first encrypted identity to obtain a first identity of a first user of the three-dimensional virtual reality world; and

providing, by the computing system, a search result based at least in part on the first identity of the first user.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method implemented in a computing system hosting a three-dimensional virtual reality world. The computer system stores a set of searchable records, each having: a searchable hash of at least a portion of personally identifiable information; and an encrypted identity, decryptable using an encryption key generated based at least in part on the searchable hash and a global key. In response to a search request identifying at least a portion of personally identifiable information as a search criterion, the computer system generates a hash of the search criterion, and finds a matching searchable record that has a searchable hash equal to the hash computed from the search criterion. An encryption key is computed based on the global key and the matched searchable record to decrypt an encrypted identity of a user having at least the portion of personally identifiable information that is the search criterion in the search request.

21 Citations

View as Search Results

20 Claims

1. A method implemented in a computer system hosting a three-dimensional virtual reality world, the method comprising:
- storing, in the computer system, a global key;
  
  storing, in the computer system but separately from the global key, a set of searchable records, wherein each respective record in the set of searchable records includes;
  
  a searchable hash of at least a portion of personally identifiable information; and
  
  an encrypted identity, wherein the encrypted identity is decryptable, using an encryption key generated based at least in part on the searchable hash and the global key, to provide an identity of a user having the personally identifiable information, the identity uniquely identifying the user among users of the three-dimensional virtual reality world;
  
  receiving, in the computer system, a search request having at least a portion of first personally identifiable information;
  
  generating, by the computer system using a first cryptographic hash function, a first searchable hash from at least the portion of the first personally identifiable information;
  
  determining, by the computer system and from the set of searchable records, a first searchable record having a searchable hash that is equal to the first searchable hash;
  
  generating, by the computer system, a first encryption key from the first searchable hash and the global key;
  
  extracting, by the computing system from the first searchable record, a first encrypted identity;
  
  decrypting, by the computing system using the first encryption key, the first encrypted identity to obtain a first identity of a first user of the three-dimensional virtual reality world; and
  
  providing, by the computing system, a search result based at least in part on the first identity of the first user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the first searchable record in the set of searchable records further includes a salt;
    - and the first encryption key is generated from the salt, the first searchable record, and the global key.
  - 3. The method of claim 2, wherein the first encryption key is generated, using a resource-intensive password-based key derivation function, from the salt, the first searchable hash, and the global key.
  - 4. The method of claim 3, wherein the resource-intensive password-based key derivation function is a scrypt function.
  - 5. The method of claim 4, further comprising:
    - generating the first searchable record by;
      
      computing the searchable hash of the first searchable record from at least the portion of the first personally identifiable information of the first user;
      
      determining the salt;
      
      computing the first encryption key from the salt, the first searchable hash, and the global key; and
      
      encrypting, using the first encryption key, the first identity of the first user to generate the first encrypted identity.
  - 6. The method of claim 5, wherein the first searchable record further includes an identification of the first cryptographic hash function selected from a plurality of hash functions and used to generate the searchable hash of the first searchable record.
  - 7. The method of claim 6, wherein the determining of the first searchable record is based on computing, using the plurality of hash functions, a plurality of hashes of at least the portion of the first personally identifiable information and finding the first searchable record having:
    - a searchable hash that is equal to one of the plurality of hashes; and
      
      an identification of the first cryptographic hash function corresponding to a hash function used to compute the one of the plurality of hashes.
  - 8. The method of claim 7, wherein the first identity of the first user includes an account identifier of the first user uniquely identifying a user account of the first user among a plurality of user accounts for accessing the three-dimensional virtual reality world.
  - 9. The method of claim 8, wherein the first encryption key is not stored in the computer system.
  - 10. The method of claim 9, further comprising:
    - purging, from the computer system, the first encryption key computed during the generating of the first searchable record, after the encrypting of the first identity of the first user to generate the first encrypted identity.
  - 11. The method of claim 10, further comprising:
    - purging, from the computer system, the first encryption key generated in response to the first searchable record being identified for the search request, after the decrypting of the first encrypted identity to obtain the first identity of the first user.

12. A computing system hosting a three-dimensional virtual reality world, the system comprising:
- a key master;
  
  a server system;
  
  a first data storage device controlled by the server system and storing;
  
  a three-dimensional model of the virtual reality world;
  
  avatar models representing residences of the virtual reality world; and
  
  a set of searchable records, wherein each respective record in the set of searchable records includes;
  
  a searchable hash of at least a portion of personally identifiable information; and
  
  an encrypted identity, wherein the encrypted identity is decryptable, using an encryption key generated based at least in part on the searchable hash and a global key, to provide an identity of a user having the personally identifiable information, the identity uniquely identifying the user among users of the three-dimensional virtual reality world; and
  
  a second data storage device controlled by the key master and storing the global key;
  
  wherein, in response to a search request having at least a portion of first personally identifiable information, the server system;
  
  generates, using a first cryptographic hash function, a first searchable hash from at least the portion of the first personally identifiable information; and
  
  identifies, from the set of searchable records, a first searchable record having a searchable hash that is equal to the first searchable hash;
  
  wherein, after the first searchable record is identified for the search request, the key master generates a first encryption key from the first searchable hash and the global key; and
  
  wherein the server system provides a search result responsive to the search request by;
  
  extracting, from the first searchable record, a first encrypted identity; and
  
  decrypting, using the first encryption key, the first encrypted identity to obtain a first identity of a first user of the three-dimensional virtual reality world.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The computer system of claim 12, wherein presence of the first encryption key is transient in the computer system.
  - 14. The computer system of claim 13, wherein the server system queries the key master for the first encryption key using:
    - the searchable hash of the first searchable record that is equal to the first searchable hash; and
      
      a salt retrieved from the first searchable record.
  - 15. The computer system of claim 14, wherein the first identity of the first user includes an account identifier of the first user and the first personally identifiable information.
  - 16. The computer system of claim 14, wherein the first encryption key is generated using a resource-intensive password-based key derivation function.
  - 17. The computer system of claim 16, wherein the function is a scrypt function.

18. A non-transitory computer storage medium storing instructions which, when executed on a computer system, cause the computer system to perform a method, the method comprising:
- storing, in the computer system, a global key;
  
  storing, in the computer system but separately from the global key, a set of searchable records, wherein each respective record in the set of searchable records includes;
  
  a searchable hash of at least a portion of personally identifiable information; and
  
  an encrypted identity, wherein the encrypted identity is decryptable, using an encryption key generated based at least in part on the searchable hash and the global key, to provide an identity of a user having the personally identifiable information, the identity uniquely identifying the user among users of the computer system;
  
  receiving, in the computer system, a search request having at least a portion of first personally identifiable information;
  
  generating, by the computer system using a first cryptographic hash function, a first searchable hash from at least the portion of the first personally identifiable information;
  
  determining, by the computer system and from the set of searchable records, a first searchable record having a searchable hash that is equal to the first searchable hash;
  
  generating, by the computer system, a first encryption key from the first searchable hash and the global key;
  
  extracting, by the computing system from the first searchable record, a first encrypted identity;
  
  decrypting, by the computing system using the first encryption key, the first encrypted identity to obtain a first identity of a first user of the computer system; and
  
  providing, by the computing system, a search result based at least in part on the first identity of the first user.
- View Dependent Claims (19, 20)
- - 19. The non-transitory computer storage medium of claim 18, wherein the method further comprises generating the first searchable record by:
    - computing the searchable hash of the first searchable record from at least the portion of the first personally identifiable information of the first user;
      
      determining a salt;
      
      computing the first encryption key from the salt, the first searchable hash, and the global key; and
      
      encrypting, using the first encryption key, the first identity of the first user to generate the first encrypted identity.
  - 20. The non-transitory computer storage medium of claim 19, wherein the first searchable record further includes the salt and an identification of the first cryptographic hash function;
    - and the first encryption key is generated by applying a scrypt function to the salt, the first searchable hash, and the global key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Linden Research Incorporated
Original Assignee
Linden Research Incorporated
Inventors
Scheiblauer, Nicolas J., Torres, Aaron, Nowell, Christopher Allen
Primary Examiner(s)
Shaw, Yin Chen
Assistant Examiner(s)
Amorin, Carlos E

Application Number

US15/599,230
Publication Number

US 20180337778A1
Time in Patent Office

908 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/6254   by anonymising data, e.g. d...

G06F 2221/2107   File encryption

H04L 9/0866   involving user or device id...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3239   involving non-keyed hash fu...

Systems and methods to secure searchable data having personally identifiable information

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods to secure searchable data having personally identifiable information

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links