Method and apparatus for securing the privacy of sensitive information in a data-handling system

US 20070192630A1
Filed: 01/23/2006
Published: 08/16/2007
Est. Priority Date: 01/24/2005
Status: Active Grant

First Claim

Patent Images

1. A method of securing the privacy of sensitive information in a data-handling system, comprising:

using the data-handling system to search through data it holds for instances of sensitive information as identified by reference to at least one sensitive-information identifier held by the system, the or each identifier identifying one or more items of sensitive information and being so formed or protected as to not reveal any such item; and

following an instance of sensitive information being found by the search, replacing it with a reference to an instance of the item of sensitive information concerned that is held in protected storage of the data-handling system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data-handling system (20) is arranged to scan through data it holds for instances of sensitive information as identified by reference (35) to a set of sensitive-information identifiers held by the system. Each identifier identifies one or more items of sensitive information (25) and is so formed or protected as to not reveal any such item. Following an instance of sensitive information being found by the scan, it is replaced by a reference to an instance of the corresponding sensitive-information item (25) held in protected storage (21). As a result, in due course the only instances of, sensitive information held by the system (20) will be those in the protected storage (21).

Citations

23 Claims

1. A method of securing the privacy of sensitive information in a data-handling system, comprising:
- using the data-handling system to search through data it holds for instances of sensitive information as identified by reference to at least one sensitive-information identifier held by the system, the or each identifier identifying one or more items of sensitive information and being so formed or protected as to not reveal any such item; and
  
  following an instance of sensitive information being found by the search, replacing it with a reference to an instance of the item of sensitive information concerned that is held in protected storage of the data-handling system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. A method according to claim 1, wherein the instance of the item of sensitive information that is held in protected storage and is indicated by said reference, is already present in the protected storage at the time that the instance in said data is found by the search.
  - 3. A method according to claim 1, wherein the instance of the item of sensitive information that is held in protected storage and is indicated by said reference, is provided to the protected storage by removing the instance, found during search of said data, to the protected store.
  - 4. A method according to claim 1, wherein said protected storage is provided by a detachable module intended for removal by a user from the data-handling system.
  - 5. A method according to claim 1, wherein at least one said identifier comprises a said item of sensitive information held in the protected storage of the data-handling system.
  - 6. A method according to claim 1, wherein at least one said identifier comprises a hash of a said item of sensitive information.
  - 7. A method according to claim 1, wherein the protected storage holding the or each item of sensitive information is provided by a detachable module intended for removal by a user from the data-handling system;
    - at least one said identifier comprising a hash of a said item of sensitive information, said hash being stored in the data-handling system outside of said detachable module whereby in the event of the user removing the detachable module, searching for instances of sensitive information can continue.
  - 8. A method according to claim 1, wherein at least one said identifier comprises a template indicative of a generic form possessed by multiple items of sensitive information.
  - 9. A method according to claim 1, wherein in searching for instances of sensitive information, candidate instances are identified by reference to at least one template indicative of a generic form possessed by one of more said items of sensitive information, each candidate instance being checked against at least one said identifier to determine whether the candidate instance is an actual instance of sensitive information.
  - 10. A method according to claim 9, wherein where the checking of a candidate instance against the or each identifier fails to indicate that the candidate instance is an actual instance of sensitive information, the data-handling system asks a user to indicate whether the candidate instance is to be treated as an item of sensitive information and, if so indicated by the user, creates a corresponding identifier for future use.
  - 11. A method according to claim 9, wherein said data is first searched to generate a set of candidate instances, after which each candidate instance found is checked against at least one identifier to determine whether the candidate instance is an actual instance of sensitive information.
  - 12. A method according to claim 1, wherein said at least one sensitive-information identifier is held in protected storage and is referenced in the course of searching said data for instances of sensitive information, by means of a mechanism protected against subversive monitoring.
  - 13. A method according to claim 1, wherein the method further comprises subsequently replacing a said reference in a file accessed by a user with the corresponding item of sensitive information copied from the protected storage only after that user has provided an appropriate enabling input.
  - 14. A method according to claim 1, wherein the method is carried out upon user input of data and in such a manner as to find and protect instances of sensitive information input by the user before they are stored to a file system.

15. Data-handling apparatus comprising:
- a data storage arrangement comprising unprotected storage and protected storage, the data storage arrangement being arranged to hold at least one sensitive-information identifier identifying one or more items of sensitive information and so formed or protected as to not reveal any such item;
  
  a scanning arrangement for searching through data in the unprotected storage for instances of sensitive information as identified by said at least one sensitive-information identifier; and
  
  a privacy-secural arrangement arranged, following an instance of sensitive information being found by the scanning arrangement, to replace it with a reference to an instance of the item of sensitive information concerned that is held in said protected storage.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. Data-handling apparatus according to claim 15, wherein said protected storage is provided by a detachable module intended for removal by a user from the data-handling system.
  - 17. Data-handling apparatus according to claim 15, wherein at least one said identifier comprises one of:
    - a said item of sensitive information held in the protected storage;
      
      a hash of a said item of sensitive information;
      
      a template indicative of a generic form possessed by multiple items of sensitive information.
  - 18. Data-handling apparatus according to claim 15, wherein the protected storage holding the or each item of sensitive information is provided by a detachable module intended for removal by a user from the data-handling system;
    - at least part of the unprotected storage being outside of said detachable module and being arranged to store at least one said identifier whereby in the event of the user removing the detachable module, the scanning arrangement can continue to search for instances of sensitive information.
  - 19. Data-handling apparatus according to claim 15, wherein the scanning arrangement is arranged to search for candidates instances of sensitive information that match a template indicative of a generic form possessed by one of more said items of sensitive information, the scanning arrangement being further arranged to check each candidate instance against at least one said identifier to determine whether the candidate instance is an actual instance of sensitive information.
  - 20. Data-handling apparatus according to claim 19, wherein the scanning arrangement is so arranged that if checking of a candidate instance against the or each identifier fails to indicate that the candidate instance is an actual instance of sensitive information, the data-handling system is caused to ask a user to indicate whether the candidate instance is to be treated as an item of sensitive information, the scanning arrangement being arranged to respond the user indicating that said candidate instance is to be treated as an item of sensitive information by creating a corresponding identifier for future use.
  - 21. Data-handling apparatus according to claim 15, wherein said at least one sensitive-information identifier is arranged to be held in said protected storage, the scanning arrangement comprising a mechanism, protected against subversive monitoring, that is arranged to reference said at least one identifier in the course of searching said data for instances of sensitive information.
  - 22. Data-handling apparatus according to claim 15, wherein the data-handling apparatus is arranged to replace a said reference in a file accessed by a user, with the corresponding item of sensitive information copied from the protected storage but only after that user has provided an appropriate enabling input.

23. A computer program product for conditioning a data-handling system to carry out operations of:
- searching through data held by the data-handling system for instances of sensitive information as identified by reference to at least one sensitive-information identifier held by the system, the or each identifier identifying one or more items of sensitive information and being so formed or protected as to not reveal any such item; and
  
  following an instance of sensitive information being found by the search, replacing it with a reference to an instance of the item of sensitive information concerned that is held in protected storage of the data-handling system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Smith, Richard, Crane, Stephen

Granted Patent

US 8,046,592 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

Method and apparatus for securing the privacy of sensitive information in a data-handling system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for securing the privacy of sensitive information in a data-handling system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links