Method and system for enabling log record consumers to comply with regulations and requirements regarding privacy and the handling of personal data

US 10,740,475 B2
Filed: 07/31/2018
Issued: 08/11/2020
Est. Priority Date: 05/03/2018
Status: Active Grant

First Claim

Patent Images

1. A method of enabling a plurality of log record consumers to comply with regulations and requirements regarding privacy and handling of data, wherein a set of one or more applications have access to data and generate raw log records responsive to events that occur in the set of applications, wherein each of the raw log records is of one of a plurality of log record formats, wherein the set of applications are expected to generate a plurality of raw log records that each stores pieces of the data that relate to an event that occurs in the set of applications, wherein each of the plurality of log record formats includes a specific plurality of fields for storing different pieces of the data to which the set of one or more applications have access, the method comprising:

receiving a raw log record that is of a first of the plurality of log record formats and that stores in the specific plurality of fields raw pieces of the data that relate to an event that occurred in one of the set of applications;

determining, based on the log record format being of a first of a plurality of log record types, that a first field from the raw log record is to be tokenized based on a first tokenization strategy of a plurality of tokenization strategies in the first log record type, wherein each of the plurality of tokenization strategies identifies a tokenization mechanism from a plurality of tokenization mechanisms to be used for generating a token from a raw value to enable compliance with a respective set of regulations and requirements regarding privacy and the handling of data, wherein each of the plurality of log records types specifies which one or more of the plurality of tokenization strategies to apply to one or more of the specific plurality of fields of one of the plurality of record formats;

generating for a first raw value in the first field of the raw log record a first token that is an anonymized representation of the first raw value using a first tokenization mechanism identified by the first tokenization strategy in the log record type; and

outputting a tokenized log record generated based on the raw log record and the first token to be used by one or more of the plurality of log record consumers.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and a system for enabling multiple log record consumers to comply with regulations and requirements regarding privacy and handling of data are described. A determination, based on a log record format being of a first of the log record types, that a first field from a raw log record is to be tokenized based on a first tokenization strategy of multiple tokenization strategies in the first log record type, is performed. Each one of the tokenization strategies identifies a tokenization mechanism from tokenization mechanisms for generating a token from a raw value to enable compliance with a set of regulations and requirements regarding privacy and the handling of data. For a first raw value in the first field a first token is generated that is an anonymized representation of the first raw value using a tokenization mechanism identified by the first tokenization strategy in the log record type.

Citations

21 Claims

1. A method of enabling a plurality of log record consumers to comply with regulations and requirements regarding privacy and handling of data, wherein a set of one or more applications have access to data and generate raw log records responsive to events that occur in the set of applications, wherein each of the raw log records is of one of a plurality of log record formats, wherein the set of applications are expected to generate a plurality of raw log records that each stores pieces of the data that relate to an event that occurs in the set of applications, wherein each of the plurality of log record formats includes a specific plurality of fields for storing different pieces of the data to which the set of one or more applications have access, the method comprising:
- receiving a raw log record that is of a first of the plurality of log record formats and that stores in the specific plurality of fields raw pieces of the data that relate to an event that occurred in one of the set of applications;
  
  determining, based on the log record format being of a first of a plurality of log record types, that a first field from the raw log record is to be tokenized based on a first tokenization strategy of a plurality of tokenization strategies in the first log record type, wherein each of the plurality of tokenization strategies identifies a tokenization mechanism from a plurality of tokenization mechanisms to be used for generating a token from a raw value to enable compliance with a respective set of regulations and requirements regarding privacy and the handling of data, wherein each of the plurality of log records types specifies which one or more of the plurality of tokenization strategies to apply to one or more of the specific plurality of fields of one of the plurality of record formats;
  
  generating for a first raw value in the first field of the raw log record a first token that is an anonymized representation of the first raw value using a first tokenization mechanism identified by the first tokenization strategy in the log record type; and
  
  outputting a tokenized log record generated based on the raw log record and the first token to be used by one or more of the plurality of log record consumers.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - determining, based on the log record format being of the first of the plurality of log record types, that a second field from the raw log record is to be tokenized based on a second tokenization strategy of the plurality of tokenization strategies identified in the first log record type that is different from the first tokenization strategy;
      
      generating for a second raw value in the second field of the raw log record a second token that is an anonymized representation of the second raw value using a second tokenization mechanism identified by the second tokenization strategy in the log record type, wherein the second tokenization mechanism is different from the first tokenization mechanism; and
      
      the outputting of the tokenized log record generated is also based on the second token.
  - 3. The method of claim 1, further comprising:
    - receiving a second raw log record that is of a second of the plurality of log record formats and that stores in a second specific plurality of fields second raw pieces of the data that relate to a second event that occurred in a second one of the set of applications, wherein the second log record format is different from the first log record format;
      
      determining, based on the second log record format being of a second of a plurality of log record types that is different from the first of a plurality of log record types, that a second field from the second raw log record is to be tokenized based on a second tokenization strategy of the plurality of tokenization strategies identified in the second log record type;
      
      generating for a second raw value in the second field of the second raw log record a second token that is an anonymized representation of the second raw value using a second tokenization mechanism identified by the second tokenization strategy in the second log record type; and
      
      outputting a second tokenized log record generated based on the second raw log record and the second token to be used by one or more of the plurality of log record consumers.
  - 4. The method of claim 1, wherein the first token is generated in a first space that has a first set of characteristics defining how log record consumers access raw values in fields tokenized in the first space, and the method further comprising:
    - generating for the first raw value a second token different from the first token, which is an anonymized representation of the first raw value in a second space that has a second set of characteristics different from the first set of characteristics, and which define how log record consumers access raw values of tokenized log records.
  - 5. The method of claim 4, wherein the first space allows for personal data of a user to be forgotten upon receipt of a request to forget the personal data and the second space does not allow for the personal data to be forgotten upon receipt of the request to forget the personal data.
  - 6. The method of claim 4, wherein the tokenized log record is a unified tokenized log record generated based on the raw log record, the first token, and the second token, and the first token is to be used by a first one from the plurality of log record consumers and the second token is to be used by a second one from the plurality of log record consumers.
  - 7. The method of claim 1, wherein the first tokenization strategy is selected based on a type of data that is to be stored in a first one of the specific plurality of fields of the first log record format.

8. A non-transitory machine readable medium that stores instructions that, when executed by one or more processors of electronic devices, cause the electronic devices to enable a plurality of log record consumers to comply with regulations and requirements regarding privacy and handling of data, wherein a set of one or more applications have access to data and generate raw log records responsive to events that occur in the set of applications, wherein each of the raw log records is of one of a plurality of log record formats, wherein the set of applications are expected to generate a plurality of raw log records that each stores pieces of the data that relate to an event that occurs in the set of applications, wherein each of the plurality of log record formats includes a specific plurality of fields for storing different pieces of the data to which the set of one or more applications have access, by performing the following operations:
- receiving a raw log record that is of a first of the plurality of log record formats and that stores in the specific plurality of fields raw pieces of the data that relate to an event that occurred in one of the set of applications;
  
  determining, based on the log record format being of a first of a plurality of log record types, that a first field from the raw log record is to be tokenized based on a first tokenization strategy of a plurality of tokenization strategies in the first log record type, wherein each of the plurality of tokenization strategies identifies a tokenization mechanism from a plurality of tokenization mechanisms to be used for generating a token from a raw value to enable compliance with a respective set of regulations and requirements regarding privacy and the handling of data, wherein each of the plurality of log records types specifies which one or more of the plurality of tokenization strategies to apply to one or more of the specific plurality of fields of one of the plurality of record formats;
  
  generating for a first raw value in the first field of the raw log record a first token that is an anonymized representation of the first raw value using a first tokenization mechanism identified by the first tokenization strategy in the log record type; and
  
  outputting a tokenized log record generated based on the raw log record and the first token to be used by one or more of the plurality of log record consumers.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory machine readable medium of claim 8, wherein the operations further comprise:
    - determining, based on the log record format being of the first of the plurality of log record types, that a second field from the raw log record is to be tokenized based on a second tokenization strategy of the plurality of tokenization strategies identified in the first log record type that is different from the first tokenization strategy;
      
      generating for a second raw value in the second field of the raw log record a second token that is an anonymized representation of the second raw value using a second tokenization mechanism identified by the second tokenization strategy in the log record type, wherein the second tokenization mechanism is different from the first tokenization mechanism; and
      
      the outputting of the tokenized log record generated is also based on the second token.
  - 10. The non-transitory machine readable medium of claim 8, wherein the operations further comprise:
    - receiving a second raw log record that is of a second of the plurality of log record formats and that stores in a second specific plurality of fields second raw pieces of the data that relate to a second event that occurred in a second one of the set of applications, wherein the second log record format is different from the first log record format;
      
      determining, based on the second log record format being of a second of a plurality of log record types that is different from the first of a plurality of log record types, that a second field from the second raw log record is to be tokenized based on a second tokenization strategy of the plurality of tokenization strategies identified in the second log record type;
      
      generating for a second raw value in the second field of the second raw log record a second token that is an anonymized representation of the second raw value using a second tokenization mechanism identified by the second tokenization strategy in the second log record type; and
      
      outputting a second tokenized log record generated based on the second raw log record and the second token to be used by one or more of the plurality of log record consumers.
  - 11. The non-transitory machine readable medium of claim 8, wherein the first token is generated in a first space that has a first set of characteristics defining how log record consumers access raw values in fields tokenized in the first space, and wherein the operations further comprise:
    - generating for the first raw value a second token different from the first token, which is an anonymized representation of the first raw value in a second space that has a second set of characteristics different from the first set of characteristics, and which define how log record consumers access raw values of tokenized log records.
  - 12. The non-transitory machine readable medium of claim 11, wherein the first space allows for personal data of a user to be forgotten upon receipt of a request to forget the personal data and the second space does not allow for the personal data to be forgotten upon receipt of the request to forget the personal data.
  - 13. The non-transitory machine readable medium of claim 11, wherein the tokenized log record is a unified tokenized log record generated based on the raw log record, the first token, and the second token, and the first token is to be used by a first one from the plurality of log record consumers and the second token is to be used by a second one from the plurality of log record consumers.
  - 14. The non-transitory machine readable medium of claim 8, wherein the first tokenization strategy is selected based on a type of data that is to be stored in a first one of the specific plurality of fields of the first log record format.

15. A system for enabling a plurality of log record consumers to comply with regulations and requirements regarding privacy and handling of data, wherein a set of one or more applications have access to data and generate raw log records responsive to events that occur in the set of applications, wherein each of the raw log records is of one of a plurality of log record formats, wherein the set of applications are expected to generate a plurality of raw log records that each stores pieces of the data that relate to an event that occurs in the set of applications, wherein each of the plurality of log record formats includes a specific plurality of fields for storing different pieces of the data to which the set of one or more applications have access, the system comprising:
- one or more processors; and
  
  a non-transitory machine-readable storage medium having stored therein instructions that, when executed by the one or more processors, cause the one or more processors to perform operations comprising;
  
  receiving a raw log record that is of a first of the plurality of log record formats and that stores in the specific plurality of fields raw pieces of the data that relate to an event that occurred in one of the set of applications;
  
  determining, based on the log record format being of a first of a plurality of log record types, that a first field from the raw log record is to be tokenized based on a first tokenization strategy of a plurality of tokenization strategies in the first log record type, wherein each of the plurality of tokenization strategies identifies a tokenization mechanism from a plurality of tokenization mechanisms to be used for generating a token from a raw value to enable compliance with a respective set of regulations and requirements regarding privacy and the handling of data, wherein each of the plurality of log records types specifies which one or more of the plurality of tokenization strategies to apply to one or more of the specific plurality of fields of one of the plurality of record formats;
  
  generating for a first raw value in the first field of the raw log record a first token that is an anonymized representation of the first raw value using a first tokenization mechanism identified by the first tokenization strategy in the log record type; and
  
  outputting a tokenized log record generated based on the raw log record and the first token to be used by one or more of the plurality of log record consumers.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The system of claim 15, wherein the operations further comprise:
    - determining, based on the log record format being of the first of the plurality of log record types, that a second field from the raw log record is to be tokenized based on a second tokenization strategy of the plurality of tokenization strategies identified in the first log record type that is different from the first tokenization strategy;
      
      generating for a second raw value in the second field of the raw log record a second token that is an anonymized representation of the second raw value using a second tokenization mechanism identified by the second tokenization strategy in the log record type, wherein the second tokenization mechanism is different from the first tokenization mechanism; and
      
      the outputting of the tokenized log record generated is also based on the second token.
  - 17. The system of claim 15, wherein the operations further comprise:
    - receiving a second raw log record that is of a second of the plurality of log record formats and that stores in a second specific plurality of fields second raw pieces of the data that relate to a second event that occurred in a second one of the set of applications, wherein the second log record format is different from the first log record format;
      
      determining, based on the second log record format being of a second of a plurality of log record types that is different from the first of a plurality of log record types, that a second field from the second raw log record is to be tokenized based on a second tokenization strategy of the plurality of tokenization strategies identified in the second log record type;
      
      generating for a second raw value in the second field of the second raw log record a second token that is an anonymized representation of the second raw value using a second tokenization mechanism identified by the second tokenization strategy in the second log record type; and
      
      outputting a second tokenized log record generated based on the second raw log record and the second token to be used by one or more of the plurality of log record consumers.
  - 18. The system of claim 15, wherein the first token is generated in a first space that has a first set of characteristics defining how log record consumers access raw values in fields tokenized in the first space, and wherein the operations further comprise:
    - generating for the first raw value a second token different from the first token, which is an anonymized representation of the first raw value in a second space that has a second set of characteristics different from the first set of characteristics, and which define how log record consumers access raw values of tokenized log records.
  - 19. The system of claim 18, wherein the first space allows for personal data of a user to be forgotten upon receipt of a request to forget the personal data and the second space does not allow for the personal data to be forgotten upon receipt of the request to forget the personal data.
  - 20. The system of claim 18, wherein the tokenized log record is a unified tokenized log record generated based on the raw log record, the first token, and the second token, and the first token is to be used by a first one from the plurality of log record consumers and the second token is to be used by a second one from the plurality of log record consumers.
  - 21. The system of claim 15, wherein the first tokenization strategy is selected based on a type of data that is to be stored in a first one of the specific plurality of fields of the first log record format.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Eidson, William C., Hacker, David, Chen, Yu, Kwong, Hui Fung Herman, Krause, Wolfgang
Primary Examiner(s)
Giddins, Nelson S.

Application Number

US16/051,414
Publication Number

US 20190340388A1
Time in Patent Office

742 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/3072   where the reporting involve...

G06F 11/3466   Performance evaluation by t...

G06F 11/3476   Data logging G06F11/14, G06...

G06F 21/602   Providing cryptographic fac...

G06F 21/62   Protecting access to data v...

G06F 21/6254   by anonymising data, e.g. d...

G06F 2201/865   Monitoring of software

G06F 2221/2141   Access rights, e.g. capabil...

G06F 9/542   Event management; Broadcast...

G06Q 20/3821   Electronic credentials

G06Q 20/383   Anonymous user system

G06Q 20/385   using an alias or single-us...

G06Q 20/389   Keeping log of transactions...

G06Q 20/4014   Identity check for transact...

H04L 2209/42   Anonymization, e.g. involvi...

H04L 63/0407   wherein the identity of one...

H04L 63/0435   wherein the sending and rec...

H04L 63/108   when the policy decisions a...

H04L 63/20   for managing network securi...

H04L 67/53   using third party service p...

H04L 67/535 : Tracking the activity of th...

H04L 9/0822 : using key encryption key

H04L 9/0861 : Generation of secret inform...

H04L 9/088 : Usage controlling of secret...

H04L 9/0891 : Revocation or update of sec...

H04L 9/14 : using a plurality of keys o...

H04L 9/3213 : using tickets or tokens, e....

H04L 9/3234 : involving additional secure...

View All

Method and system for enabling log record consumers to comply with regulations and requirements regarding privacy and the handling of personal data

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for enabling log record consumers to comply with regulations and requirements regarding privacy and the handling of personal data

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links