ENHANCING DATA SECURITY USING RE-ENCRYPTION

US 20140245012A1
Filed: 02/26/2013
Published: 08/28/2014
Est. Priority Date: 02/26/2013
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a data source configured to provide usage data including subscriber identifiers and associated information indicative of subscriber device locations and usage; and

a data warehouse server configured to perform operations comprising;

decrypting subscriber identifiers included in usage data received from the data source using a two-way rolling key groups methodology;

re-encrypting the subscriber identifiers decrypted from the usage data to create secure encrypted identifiers using a one-way secured encryption algorithm; and

correlating the subscriber identifiers in the decrypted usage data with the corresponding re-encrypted identifiers.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data source may be configured to provide usage data including subscriber identifiers and associated information indicative of subscriber device locations and usage. A data warehouse server may be configured to perform operations including: decrypting subscriber identifiers included in usage data received from the data source using a two-way rolling key groups algorithm; re-encrypting the subscriber identifiers decrypted from the usage data to create secure encrypted identifiers using a one-way secured encryption algorithm; and correlating the subscriber identifiers in the decrypted usage data with the corresponding re-encrypted identifiers.

18 Citations

View as Search Results

28 Claims

1. A system, comprising:
- a data source configured to provide usage data including subscriber identifiers and associated information indicative of subscriber device locations and usage; and
  
  a data warehouse server configured to perform operations comprising;
  
  decrypting subscriber identifiers included in usage data received from the data source using a two-way rolling key groups methodology;
  
  re-encrypting the subscriber identifiers decrypted from the usage data to create secure encrypted identifiers using a one-way secured encryption algorithm; and
  
  correlating the subscriber identifiers in the decrypted usage data with the corresponding re-encrypted identifiers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, further comprising a key manager configured to receive a query from the data source requesting updated rolling key information;
    - and providing the updated rolling key information responsive to the request.
  - 3. The system of claim 2, wherein the key manager is further configured to determine a group assignment to be used in the two-way rolling key groups methodology by assigning ranges of subscriber identifiers into key groups, such that each key group is associated with a different two-way encryption key, and usage data associated with a subscriber identifier in the range of subscriber identifiers is encrypted using the respective associated two-way encryption key.
  - 4. The system of claim 1, wherein the data warehouse server is further configured to perform operations comprising:
    - providing the re-encrypted identifiers to an advertiser, each re-encrypted identifier corresponding to a respective subscriber and accompanied by the associated information; and
      
      receiving from the advertiser indications of at least a subset of the re-encrypted identifiers to receive a targeted advertisement based on the associated information.
  - 5. The system of claim 1, wherein the data source is further configured to filter the usage data according to a privacy configuration to remove usage data associated with at least one of:
    - non-consenting subscribers, ineligible subscribers and restricted locations.
  - 6. The system of claim 1, wherein the data warehouse server is further configured to determine a key group of the rolling key groups to use to decrypt a usage record based on a predetermined initial number of bytes of the usage record to be decrypted.
  - 7. The system of claim 1, wherein the two-way rolling key groups algorithm includes N keys groups, each of the N key groups being staggered such that each of the N key groups is used for N time periods, and one of the N key groups expires per time period.
  - 8. The system of claim 1, wherein the data warehouse server is further configured to perform the one-way secured encryption algorithm by performing a hash of the subscriber identifiers into digests with a salt value, encoding the digests into text strings, and further applying a truncation to the text strings to create the re-encrypted identifiers, thereby protecting the integrity of the subscriber identifiers.
  - 9. The system of claim 8, wherein the subscriber identifiers are mobile telephone numbers, the digests are 256 bits in length, and wherein the truncation creates the re-encrypted identifiers using the first 90 bytes of the encrypted identifiers.

10. A method, comprising:
- decrypting usage data, by a data warehouse server, using a two-way rolling key groups algorithm, the usage data including subscriber identifiers and associated information indicative of subscriber device locations and usage;
  
  re-encrypting, by the data warehouse server, the subscriber identifiers decrypted from the usage data to create secure encrypted identifiers using a one-way secured encryption algorithm; and
  
  correlating, by the data warehouse server, the subscriber identifiers in the decrypted usage data with the corresponding re-encrypted identifiers.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, further comprising:
    - providing the re-encrypted identifiers to an advertiser, each re-encrypted identifier corresponding to a respective subscriber and accompanied by the associated information; and
      
      receiving from the advertiser indications of at least a subset of the re-encrypted identifiers to receive a targeted advertisement based on the associated information.
  - 12. The method of claim 10, further comprising:
    - determining a key expiration according to the two-way rolling key groups methodology;
      
      querying a key manager for updated rolling key information based on the key expiration; and
      
      receiving the updated rolling key information responsive to the request.
  - 13. The method of claim 10, further comprising further comprising assigning keys groups to be used in the rolling key groups algorithm according to ranges of subscriber identifiers.
  - 14. The method of claim 10, further comprising filtering the usage data according to a privacy configuration to remove usage data associated with at least one of:
    - non-consenting subscribers, ineligible subscribers and restricted locations.
  - 15. The method of claim 10, further comprising determining a key group of the rolling key groups to use to decrypt a usage record based on a predetermined initial number of bytes of the usage record to be decrypted.
  - 16. The method of claim 10, wherein the two-way rolling key groups algorithm includes N keys groups, each of the N key groups being staggered such that each of the N key groups is used for N time periods, and one of the N key groups expires per time period.
  - 17. The method of claim 10, further comprising performing the one-way secured encryption algorithm by performing a hash of the subscriber identifiers into digests with a salt value, encoding the digests into text strings, and further applying truncation to the text strings to create the re-encrypted identifiers, thereby protecting the integrity of the subscriber identifiers.

18. A non-transitory computer readable medium storing computer-executable instructions executable by a computing device to provide operations comprising:
- decrypting usage data using a two-way rolling key groups algorithm, the usage data including subscriber identifiers and associated information indicative of subscriber device locations and usage;
  
  re-encrypting the subscriber identifiers decrypted from the usage data to create secure encrypted identifiers using a one-way secured encryption algorithm; and
  
  correlating the subscriber identifiers in the decrypted usage data with the corresponding re-encrypted identifiers.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The non-transitory computer readable medium of claim 18, further providing for operations comprising:
    - providing the re-encrypted identifiers to an advertiser, each re-encrypted identifier corresponding to a respective subscriber and accompanied by the associated information; and
      
      receiving from the advertiser indications of at least a subset of the re-encrypted identifiers to receive a targeted advertisement based on the associated information.
  - 20. The non-transitory computer readable medium of claim 18, further providing for operations comprising assigning keys groups to be used in the rolling key groups algorithm according to ranges of subscriber identifiers.
  - 21. The non-transitory computer readable medium of claim 18, further providing for operations comprising determining a key group of the rolling key groups to use to decrypt a usage record based on a predetermined initial number of bytes of the usage record to be decrypted.
  - 22. The non-transitory computer readable medium of claim 18, wherein the two-way rolling key groups algorithm includes N keys groups, each of the N key groups being staggered such that each of the N key groups is used for N time periods, and one of the N key groups expires per time period.
  - 23. The non-transitory computer readable medium of claim 18, further providing for operations comprising performing the one-way secured encryption algorithm by performing a hash of the subscriber identifiers into digests with a salt value, encoding the digests into text strings, and further applying a truncation, thereby protecting the integrity of the subscriber identifiers.

24. A non-transitory computer readable medium storing computer-executable instructions executable by a computing device to provide operations comprising:
- maintaining a group assignment indicating ranges of subscriber identifiers and associated rolling key groups, each range of subscriber identifiers being associated with a different rolling key group;
  
  identifying a rolling key group to which a particular subscriber identifier is assigned by determining which of the ranges of subscriber identifiers includes the particular subscriber identifier;
  
  encrypting user data associated with the particular subscriber identifier into an encrypted record according to a two-way encryption key associated with the identified rolling key group; and
  
  including in the encrypted record an indication of the identified rolling key group to facilitate decrypting the encrypted user data.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The non-transitory computer readable medium of claim 24, further providing for operations comprising maintaining N keys groups in the group assignment, each of the N key groups being staggered such that each of the N key groups is used for N different time periods, and a subset of the N key groups expires per a specific time period.
  - 26. The non-transitory computer readable medium of claim 24, further providing for operations comprising including an equal number of subscriber identifiers in each of the ranges of subscriber identifiers of the group assignment.
  - 27. The non-transitory computer readable medium of claim 24, wherein the subscriber identifiers are telephone numbers, and further providing for operations comprising using a device number of a subscriber device with which the user data is associated as the subscriber identifier.
  - 28. The non-transitory computer readable medium of claim 24, further providing for operations comprising determining a particular key group of the rolling key groups to use to decrypt the encrypted record based on the indication of the identified rolling key group included in the encrypted record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Original Assignee
Cellco Partnership, Inc. (Verizon Communications Inc.)
Inventors
Libonate, Brian, Arya, Siddartha Kumar

Granted Patent

US 9,037,861 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 63/0464 using hop-by-hop encryption...

ENHANCING DATA SECURITY USING RE-ENCRYPTION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

ENHANCING DATA SECURITY USING RE-ENCRYPTION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links