Systems and methods for automatic and customizable data minimization of electronic data stores
First Claim
1. A system comprising:
- a data store configured to store computer-executable instructions; and
a hardware processor in communication with the data store, wherein the computer-executable instructions, when executed, configure the hardware processor to;
receive, from a presentation server, a first request to access an item of protected information;
determine, based at least in part on at least one of the first request or an information type of the item of protected information, that the item of protected information is to be minimized;
obtain the item of protected information;
identify, based at least in part on the information type of the item of protected information, a transformation function from a plurality of transformation functions, wherein individual transformation functions are identified from the plurality of transformation functions on a per-request or per-item basis;
cause the transformation function to be applied to the item of protected information to produce an item of minimized information that preserves one or more characteristics of the item of protected information, wherein the item of minimized information reduces a determinable association between the item of minimized information and an identity associated with the item of protected information;
cause the presentation server to display a user interface to render the item of minimized information that preserves one or more characteristics of the item of protected information instead of the item of protected information;
receive, from the presentation server, a second request to access the item of protected information;
determine, based at least in part on a physical location associated with the second request or a security of a connection associated with the second request, that access to the item of protected information is to be allowed; and
cause the presentation server to display an updated user interface to replace the item of minimized information with the item of protected information.
8 Assignments
0 Petitions
Accused Products
Abstract
A dynamic data minimization server implements minimization protocols to entity-specific information based on access rights (e.g., privacy rights) of a requesting entity. The minimization may be applied on the fly (e.g., as the entity-specific information is requested) and the level, type, protocol, etc., of encryption (or other minimization process) may be selected based on a particular type of a data item. The dynamic data minimization server may determine and apply transformation functions, such as encryption, to items of protected information, transforming those items of protected information into items of minimized information. If a requesting entity has appropriate rights, the dynamic data minimization server may selectively apply a reverse transformation function, such as decryption, to recover the original information. The systems and methods include generation and presentation of user interfaces for presenting minimized information and processing requests to de-minimize information, and may be used to provide minimization services to pre-existing data stores.
133 Citations
19 Claims
-
1. A system comprising:
-
a data store configured to store computer-executable instructions; and a hardware processor in communication with the data store, wherein the computer-executable instructions, when executed, configure the hardware processor to; receive, from a presentation server, a first request to access an item of protected information; determine, based at least in part on at least one of the first request or an information type of the item of protected information, that the item of protected information is to be minimized; obtain the item of protected information; identify, based at least in part on the information type of the item of protected information, a transformation function from a plurality of transformation functions, wherein individual transformation functions are identified from the plurality of transformation functions on a per-request or per-item basis; cause the transformation function to be applied to the item of protected information to produce an item of minimized information that preserves one or more characteristics of the item of protected information, wherein the item of minimized information reduces a determinable association between the item of minimized information and an identity associated with the item of protected information; cause the presentation server to display a user interface to render the item of minimized information that preserves one or more characteristics of the item of protected information instead of the item of protected information; receive, from the presentation server, a second request to access the item of protected information; determine, based at least in part on a physical location associated with the second request or a security of a connection associated with the second request, that access to the item of protected information is to be allowed; and cause the presentation server to display an updated user interface to replace the item of minimized information with the item of protected information. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method comprising:
-
determining, by a first computing device, that an item of protected information is to be minimized; identifying, by the first computing device, a transformation function from a plurality of transformation functions based at least in part on an information type of the item of protected information, wherein individual transformation functions are identified from the plurality of transformation functions on a per-request or per-item basis; applying, by the first computing device, the transformation function to the item of protected information to produce an item of minimized information that preserves one or more characteristics of the item of protected information, and wherein the item of minimized information reduces a determinable association between the item of minimized information and an identity associated with the item of protected information; transmitting, by the first computing device, the item of minimized information to a second computing device, wherein transmitting the item of minimized information causes the second computing device to display a user interface that includes the item of minimized information that preserves one or more characteristics of the item of protected information and excludes the item of protected information; receiving, by the first computing device, a request from the second computing device to de-minimize the item of minimized information; determining, based at least in part on a physical location associated with the request, that access to the item of protected information is to be allowed; and transmitting, by the first computing device, the item of protected information to the second computing device, wherein transmitting the item of protected information causes the second computing device to display an updated user interface that includes the item of protected information. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium including computer-executable instructions that, when executed by a processor, configure the processor to:
-
determine that an item of protected information is to be minimized; identify, based at least in part on an information type of the item of protected information, a transformation function from a plurality of transformation functions, wherein individual transformation functions are identified from the plurality of transformation functions on a per-request or per-item basis; apply the transformation function to the item of protected information to produce an item of minimized information that preserves one or more characteristics of the item of protected information, and wherein the item of minimized information reduces a determinable associated between the item of minimized information and an identity associated with the item of protected information; cause a presentation server to display a user interface that includes the item of minimized information that preserves one or more characteristics of the item of protected information and excludes the item of protected information; receive, from the presentation server, a request to access the item of protected information; determine, based at least in part on a security of a connection associated with the request, that access to the item of protected information is to be allowed; and cause the presentation server to display an updated user interface that includes the item of protected information. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification