Media Agnostic, Distributed, and Defendable Data Retention

US 20120331284A1
Filed: 06/23/2011
Published: 12/27/2012
Est. Priority Date: 06/23/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving user data associated with a user'"'"'s interaction with Web content;

responsive to receiving the user data, processing the user data to identify sensitive data in the user data;

accessing, from a key manager computing device, a time-limited encryption key;

encrypting the sensitive data with the time-limited encryption key effective to provide encrypted sensitive data; and

providing the encrypted sensitive data to a data consumer.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data protector is described. In an implementation, the data protector promotes and enforces a data retention policy of a data consumer. In an implementation, the data protector limits access to sensitive data to the data consumers. A key manager provides a time-limited encryption key to the data protector. Responsive to collection of the time-limited encryption key from the key manager and sensitive data from a data provider, the data protector encrypts the sensitive data with the time-limited encryption key effective to produce encrypted sensitive data. In some embodiments, the data protector'"'"' provides a data consumer with access to the encrypted sensitive data and the key manager provides the data consumer with access to the time-limited encryption key to decrypt the encrypted sensitive data. The key manager deletes the time-limited encryption key in compliance with the data retention policy of the data consumer.

73 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- receiving user data associated with a user'"'"'s interaction with Web content;
  
  responsive to receiving the user data, processing the user data to identify sensitive data in the user data;
  
  accessing, from a key manager computing device, a time-limited encryption key;
  
  encrypting the sensitive data with the time-limited encryption key effective to provide encrypted sensitive data; and
  
  providing the encrypted sensitive data to a data consumer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the user data is associated with the user'"'"'s interaction with an advertisement.
  - 3. The method of claim 1, wherein the user data is associated with the user'"'"'s interaction with a search engine.
  - 4. The method of claim 1, wherein the sensitive data comprises one or more of an IP address, location data, a name, or financial data.
  - 5. The method of claim 1 wherein the time-limited encryption key is associated with the data consumer.
  - 6. The method of claim 1, further comprising deleting the time-limited encryption key at a defined time.
  - 7. The method of claim 1, further comprising:
    - generating a request for the time-limited encryption key;
      
      delivering the request for the time-limited encryption key to the key manager computing device; and
      
      responsive to said delivering, receiving the time-limited encryption key from the key manager computing device.
  - 8. The method of claim 1, further comprising:
    - identifying an entity identifier associated with the sensitive data effective to define entity specific sensitive data;
      
      generating a request for an entity specific time-limited encryption key according to the entity identifier;
      
      delivering the request for the entity specific time-limited encryption key to the key manager computing device;
      
      receiving the entity specific time-limited encryption key from the key manager computing device;
      
      encrypting the entity specific sensitive data with the entity specific time-limited encryption key effective to produce encrypted entity specific sensitive data; and
      
      providing the data consumer associated with the encrypted entity specific sensitive data with access to the encrypted entity specific sensitive data.
  - 9. The method of claim 1, wherein the time-limited encryption key comprises a time-stamped encryption key.

10. One or more computer-readable storage media comprising instructions that are executable to cause a computing device to perform a process comprising:
- receiving user data;
  
  processing the user data to identify one or more entity identifiers associated with one or more respective entities;
  
  identifying entity specific sensitive data within the user data, the entity specific sensitive data being associated with at least one of the entities; and
  
  encrypting the entity specific sensitive data with a time-limited encryption key specifically associated with said at least one of the entities effective to produce encrypted entity specific sensitive data.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The one or more computer-readable storage media of claim 10, wherein the process further comprises providing the encrypted entity specific sensitive data to said at least one of the entities.
  - 12. The one or more computer-readable storage media of claim 11, wherein said receiving the user data comprises receiving the user data in association with a user'"'"'s online interaction with Web content.
  - 13. The one or more computer-readable storage media of claim 11, wherein the process further comprises deleting the time-limited encryption key.
  - 14. The one or more computer-readable storage media of claim 11, wherein the time-limited encryption key comprises a time-stamped encryption key.
  - 15. The one or more computer-readable storage media of claim 11, wherein said processing the user data identifies multiple entity identifiers associated with multiple respective entities, said identifying entity specific sensitive data comprising identifying entity specific sensitive data associated, respectively, with the multiple respective entities;
    - said encrypting the entity specific sensitive data comprising encrypting entity specific data portions associated with individual entities of the multiple respective entities with respective entity specific time-limited encryption keys each of which being associated with an individual entity;
      
      said providing encrypted entity specific sensitive data comprising providing encrypted sensitive data portions to a respective associated entity.
  - 16. The one or more computer-readable storage media of claim 11, wherein the process further comprises:
    - generating a request for an entity specific time-limited encryption key according to the entity identifier;
      
      delivering the request for the entity specific time-limited encryption key to a key manager computing device;
      
      receiving the entity specific time-limited encryption key from the key manager computing device;
      
      encrypting the entity specific sensitive data with the entity specific time-limited encryption key effective to produce encrypted entity specific sensitive data; and
      
      providing an entity associated with the encrypted entity specific sensitive data with access to the encrypted entity specific sensitive data.
  - 17. The one or more computer-readable storage media of claim 10, wherein the process further comprises:
    - providing a controlled representation of the entity specific sensitive data to a data consumer, wherein the entity specific sensitive data does not have copy capabilities and becomes inaccessible at a data retention deadline; and
      
      deleting the time-limited encryption key.

18. A system comprising:
- one or more processors;
  
  one or more computer readable storage media;
  
  one or more modules embodied on the one or more computer readable storage media and executable under the influence of the one or more processors to;
  
  generate a key generation instruction according to a key generation policy;
  
  responsive to the key generation instruction, generate a time-limited encryption key;
  
  store the time-limited encryption key in a protected database;
  
  generate an encryption key access instruction according to a data access policy; and
  
  responsive to the encryption key access instruction, provide an online service provider with access to the protected database storing the time-limited encryption key.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the one or more modules are further executable to:
    - receive a request for the time-limited encryption key from an advertising center; and
      
      responsive to receiving the request for the time-limited encryption key, identify the key generation policy to follow.
  - 20. The system of claim 18, wherein the one or more modules are further executable to:
    - select a data retention policy with a data retention policy deadline to enforce;
      
      identify a date and time associated with the time-limited encryption key stored in the protected database;
      
      compare the date and time with the data retention policy deadline; and
      
      delete from the protected database the time-limited encryption key at the data retention policy deadline.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kouladjie, Kambiz, Blanch, Robert, Devine, Robert

Granted Patent

US 10,237,060 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 9/083 involving central third par...

H04L 9/088 Usage controlling of secret...

Media Agnostic, Distributed, and Defendable Data Retention

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Media Agnostic, Distributed, and Defendable Data Retention

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links