Two-stage anonymization of mobile network subscriber personal information
First Claim
1. A device for processing the anonymizing identifier associated with a user of a network comprising:
- a network probe;
a memory; and
a computer processor in communication with the memory, the processor executes a program stored on said memory to perform the steps of;
tapping traffic traversing a portion of the network to collect session data;
extracting the identifier wherein the identifier is one of mobile station international subscriber directory number (MSISDN), international mobile equipment identity (IMEI), or international mobile subscriber identity (IMSI) from the tapped traffic;
applying by the network probe a cryptographic hash function Hash-based Message Authentication Code-Secure Hash Algorithm 1 (HMAC-SHA1) at least once to the extracted identifier to generate an anonymized subscriber identifier (ASI);
applying twice in succession the HMAC-SHA1 to the MSISDN, IMEI, or IMSI respectively using two separate keysinserting the ASI into the session data; and
sending the session data with inserted ASI to a network intelligence solution (NIS);
generating random subscriber identifier (RSI) using random generator;
enabling the NIS to associate the ASI to a strictly random subscriber identifier (RSI); and
storing the associated ASI and RSI in a lookup table.
0 Assignments
0 Petitions
Accused Products
Abstract
A two-stage anonymization process is applied to monitored network traffic in which unique user identifiers, such as the MSISDN (Mobile Station International Subscriber Directory Number), are extracted from the traffic and anonymized to generate an ASI (anonymized subscriber identifier). A strictly random RSI (random subscriber identifier) is generated and used to replace the ASI. The RSI is generated upon a first occurrence of an ASI and stored in a lookup table for utilization upon subsequent ASI occurrences. Use of the strictly random RSI enables various studies and analysis of user behavior to be performed at a heightened level of privacy protection as compared with conventional anonymization schemes that do not utilize strictly random identifiers.
-
Citations
15 Claims
-
1. A device for processing the anonymizing identifier associated with a user of a network comprising:
-
a network probe; a memory; and a computer processor in communication with the memory, the processor executes a program stored on said memory to perform the steps of; tapping traffic traversing a portion of the network to collect session data; extracting the identifier wherein the identifier is one of mobile station international subscriber directory number (MSISDN), international mobile equipment identity (IMEI), or international mobile subscriber identity (IMSI) from the tapped traffic; applying by the network probe a cryptographic hash function Hash-based Message Authentication Code-Secure Hash Algorithm 1 (HMAC-SHA1) at least once to the extracted identifier to generate an anonymized subscriber identifier (ASI); applying twice in succession the HMAC-SHA1 to the MSISDN, IMEI, or IMSI respectively using two separate keys inserting the ASI into the session data; and sending the session data with inserted ASI to a network intelligence solution (NIS); generating random subscriber identifier (RSI) using random generator; enabling the NIS to associate the ASI to a strictly random subscriber identifier (RSI); and storing the associated ASI and RSI in a lookup table. - View Dependent Claims (2)
-
-
3. One or more non-transitory computer-readable storage media storing instructions which, when executed by one or more processors disposed in an electronic device, perform a method for generating a strictly random identifier for a user of a communications network, the method comprising the steps of:
-
receiving, at a network intelligence solution (NIS), an anonymized subscriber identifier (ASI) generated at a network probe by applying twice of one or more cryptographic hash functions HMAC-SHA1 to a unique identifier associated with the user, the unique identifier being extracted from traffic traversing the network, and the ASI received as part of session data sent from the network probe to the NIS; generating a strictly random subscriber identifier (RSI) responsively to the received ASI in the session data; storing an association between the received ASI and generated RSI in a lookup table; and retrieving the RSI from the lookup table upon a subsequent receipt of the ASI at the NIS assigning a time-to-live (TTL) to the RSI and deleting the association between the ASI and RSI in the lookup table when the TTL value is exceeded; assigning an aging threshold to the ASI and deleting the ASI from the lookup table when the threshold is exceeded. - View Dependent Claims (4, 5, 6, 7)
-
-
8. A computer-implemented method for anonymizing indirect personally identifiable information (PII) associated with a subscriber to a mobile communications network using a two-stage anonymization process, the method comprising the steps of:
-
inserting a probe at a node of the mobile communications network to tap general packet radio service tunneling protocol (GTP) traffic; extracting a unique identifier from the traffic that exposes the subscriber PII; applying twice in a first stage of the two-stage anonymization process, a cryptographic hash HMAC-SHA1 at least once at the probe to the extracted unique identifier to generate an anonymized subscriber identifier (ASI); sending the generated ASI in GTP session data to a network intelligence solution (NIS) that is operatively coupled to the probe; repeating the steps of extracting, applying, and sending, until a succession of ASIs is sent from the probe to the NIS; generating in a second stage of the two-stage anonymization process, a random subscriber identifier (RSI) at the NIS responsively to an initial occurrence of an ASI where the RSI is strictly random; storing the ASI and RSI as an associated pair in a lookup table; assigning a time-to-live (TTL) to the RSI;
upon receipt of a subsequent occurrence of the ASI,persisting the RSI from the lookup table if the TTL is not expired, otherwise generating a new RSI; and writing the RSI to a file to support analyses of subscriber behavior or Internet usage using the GTP session data. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
Specification