Privacy firewall

US 10,586,054 B2
Filed: 12/26/2018
Issued: 03/10/2020
Est. Priority Date: 08/10/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a recipient computer located outside a secure area, an anonymized message from a privacy computer located within the secure area, wherein the privacy computer generated the anonymized message by anonymizing a message including sensitive data based on a context of the message, and wherein the message was received by the privacy computer from a user computer, wherein anonymizing the message includes at least two different data alteration processes;

obtaining, by the recipient computer, one or more privacy rules applicable to the anonymized message; and

recreating, by the recipient computer, at least a portion of the sensitive data by applying the one or more privacy rules to the anonymized message,wherein the anonymized message includes an embedded hidden record, and wherein the embedded hidden record includes instructions for recreating at least the portion of the sensitive data using the one or more privacy rules,wherein the at least two different data alteration processes include two or more of the following;

removing unnecessary sensitive data;

masking the sensitive data to maintain format;

separate the sensitive data into associated data groupings; and

de-contexting the sensitive data.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention relate to systems and methods for providing an anonymization engine. One embodiment of the present invention relates to a method comprising receiving a message directed at a recipient computer located outside a secure area by a privacy computer located within a secure area. The privacy computer may identify private information using a plurality of privacy rules and anonymize the message according to the plurality of privacy rules. Another embodiment may be directed to a method comprising receiving a request for sensitive data from a requesting computer. An anonymization computer may determine a sensitive data record associated with the request and may anonymize the sensitive data record by performing at least two of: removing unnecessary sensitive data entries from the sensitive data record, masking the sensitive data entries to maintain format, separating the sensitive data entries into associated data groupings, and de-contexting the data.

537 Citations

12 Claims

1. A method comprising:
- receiving, by a recipient computer located outside a secure area, an anonymized message from a privacy computer located within the secure area, wherein the privacy computer generated the anonymized message by anonymizing a message including sensitive data based on a context of the message, and wherein the message was received by the privacy computer from a user computer, wherein anonymizing the message includes at least two different data alteration processes;
  
  obtaining, by the recipient computer, one or more privacy rules applicable to the anonymized message; and
  
  recreating, by the recipient computer, at least a portion of the sensitive data by applying the one or more privacy rules to the anonymized message,wherein the anonymized message includes an embedded hidden record, and wherein the embedded hidden record includes instructions for recreating at least the portion of the sensitive data using the one or more privacy rules,wherein the at least two different data alteration processes include two or more of the following;
  
  removing unnecessary sensitive data;
  
  masking the sensitive data to maintain format;
  
  separate the sensitive data into associated data groupings; and
  
  de-contexting the sensitive data.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the context of the message includes at least one of an identity of the user computer, an identity of the recipient computer, an access right of the recipient computer, or the one or more privacy rules associated with the recipient computer.
  - 3. The method of claim 1, wherein at least the portion of the sensitive data is recreated by reversing anonymization of at least the portion of the sensitive data using the one or more privacy rules.
  - 4. The method of claim 1, wherein the anonymized message includes permanently altered data.
  - 5. The method of claim 4, wherein the permanently altered data is unusable by the recipient computer.
  - 6. The method of claim 4, wherein the privacy computer generates the permanently altered data by applying at least one of scrambling or polymorphism.

7. A recipient computer located outside a secure area, the recipient computer comprising one or more processors and a non-transitory machine-readable storage medium, including instructions that, when executed by the one or more processors, cause the one or more processors to:
- receive an anonymized message from a privacy computer located within the secure area, wherein the privacy computer generated the anonymized message by anonymizing a message including sensitive data based on a context of the message, and wherein the message was received by the privacy computer from a user computer located within the secure area, wherein anonymizing the message includes at least two different data alteration processes;
  
  obtain one or more privacy rules applicable to the anonymized message; and
  
  recreate at least a portion of the sensitive data by applying the one or more privacy rules to the anonymized message,wherein the anonymized message includes an embedded hidden record, and wherein the embedded hidden record includes instructions for recreating at least the portion of the sensitive data using the one or more privacy rules,wherein the at least two different data alteration processes include two or more of the following;
  
  removing unnecessary sensitive data;
  
  masking the sensitive data to maintain format;
  
  separate the sensitive data into associated data groupings; and
  
  de-contexting the sensitive data.
- View Dependent Claims (8, 9)
- - 8. The recipient computer of claim 7, wherein the context of the message includes at least one of an identity of the user computer, an identity of the recipient computer, an access right of the recipient computer, or the one or more privacy rules associated with the recipient computer.
  - 9. The recipient computer of claim 7, wherein at least the portion of the sensitive data is recreated by reversing anonymization of at least the portion of the sensitive data using the one or more privacy rules.

10. A method comprising:
- receiving, by a privacy computer located within a secure area, a message directed at a recipient computer located outside the secure area, wherein the message includes sensitive data;
  
  identifying, by the privacy computer, the sensitive data using a plurality of privacy rules;
  
  anonymizing, by the privacy computer, the sensitive data according to the plurality of privacy rules to generate anonymized data, wherein anonymizing the sensitive data according to the plurality of privacy rules includes using at least two data alteration processes;
  
  generating, by the privacy computer, a hidden record including the anonymized data; and
  
  forwarding the hidden record and the message including the anonymized data to the recipient computer located outside the secure area,wherein the hidden record includes instructions for recreating at least a portion of the sensitive data using the plurality of privacy rules,wherein the at least two different data alteration processes include two or more of the following;
  
  removing unnecessary sensitive data;
  
  masking the sensitive data to maintain format;
  
  separate the sensitive data into associated data groupings; and
  
  de-contexting the sensitive data.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10, wherein the plurality of privacy rules include limitations on the type of information that is allowed to be sent outside the secure area.
  - 12. The method of claim 10, wherein identifying the sensitive data using the plurality of privacy rules further comprises:
    - determining a set of the plurality of privacy rules associated with the recipient computer; and
      
      comparing the sensitive data to the set of the plurality of privacy rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Visa International Service Association (Visa, Inc.)
Original Assignee
Visa International Service Association (Visa, Inc.)
Inventors
Nagasundaram, Sekhar, Aissi, Selim
Primary Examiner(s)
Hailu, Teshome

Application Number

US16/232,767
Publication Number

US 20190130115A1
Time in Patent Office

440 Days
Field of Search

713150
US Class Current
CPC Class Codes

G06F 16/285   Clustering or classification

G06F 21/60   Protecting data

G06F 21/606   by securing the transmissio...

G06F 21/6254   by anonymising data, e.g. d...

H04L 63/0209   Architectural arrangements,...

H04L 63/107   wherein the security polici...

Privacy firewall

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

537 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy firewall

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

537 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links