Preservation of user data privacy in a network

US 9,077,690 B2
Filed: 12/07/2009
Issued: 07/07/2015
Est. Priority Date: 12/07/2009
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

at least one processor; and

at least one memory including computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following;

generate a pseudonym of personal data of a user using a first secret key;

encrypt a unique identifier of the user using a second secret key;

prepare the pseudonym and the encrypted unique identifier for transmission to a remote apparatus for storage of the personal data in a database under the pseudonym, the personal data indexed by the encrypted unique identifier, the first and second secret keys being known to one or more other users authorized to access the personal data, and the first and second secret keys being unknown to the remote apparatus; and

prepare an access control policy for transmission to a second apparatus, the access control policy grants the one or more other users authorization to access the personal data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example apparatus is provided that receives a pseudonym and encrypted identifier, where the pseudonym is of a user'"'"'s personal data. The pseudonym has been generated using a first secret key, and the encrypted identifier has been generated by encrypting the identifier using a second secret key. The first and second secret keys are known to other user(s) authorized to access the data, and are unknown to the apparatus. The operations also include storing the personal data in a database under the pseudonym, and indexed by the encrypted identifier. The keys used for encryption and pseudorandom generation can be provided by a second apparatus (e.g. an offline security manager), which may employ a proxy re-encryption scheme to provide proper keys to the apparatus based on access policies. Only the authorized users can decrypt the keys with their private keys, thus can query the user records stored in the apparatus.

17 Citations

View as Search Results

18 Claims

1. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following;
  
  generate a pseudonym of personal data of a user using a first secret key;
  
  encrypt a unique identifier of the user using a second secret key;
  
  prepare the pseudonym and the encrypted unique identifier for transmission to a remote apparatus for storage of the personal data in a database under the pseudonym, the personal data indexed by the encrypted unique identifier, the first and second secret keys being known to one or more other users authorized to access the personal data, and the first and second secret keys being unknown to the remote apparatus; and
  
  prepare an access control policy for transmission to a second apparatus, the access control policy grants the one or more other users authorization to access the personal data.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein the apparatus is further configured to at least generate a pseudonym of the personal data by at least applying a hash function to the personal data using the second secret key.
  - 3. The apparatus of claim 1, wherein the apparatus is further configured to at least encrypt the identifier by at least encrypting the identifier according to a chosen-plaintext attack-secure symmetric encryption technique.
  - 4. The apparatus of claim 1, wherein the apparatus comprises a first apparatus, and wherein the apparatus is further configured to at least:
    - receive a public key of the second apparatus distinct from the first apparatus;
      
      encrypt the first and second secret keys using the public key of the second apparatus; and
      
      prepare the encrypted first and second secret keys for transmission to the second apparatus for generating and transmitting to an authorized user re-encrypted first and second secret keys that have been re-encrypted using a re-encryption key that has been generated using a public key of an authorized user and the public key and a private key of the second apparatus.
  - 5. The apparatus of claim 4, wherein theaccess control policy for transmission to the second apparatus is for generating and transmitting to the authorized user the re-encrypted keys in accordance with the access control policy.

6. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following;
  
  receive a pseudonym and an encrypted identifier at the apparatus, the pseudonym being of personal data of a user having a unique identifier, the pseudonym having been generated using a first secret key, and the encrypted identifier having been generated by at least encrypting the identifier using a second secret key, the first and second secret keys being known to one or more other users authorized to access the data, and the first and second secret keys being unknown to the apparatus;
  
  receive an access control policy for transmission to a second apparatus, the access control policy grants the one or more other users authorization to access the personal data; and
  
  provide for storage of the personal data in a database under the pseudonym, the personal data indexed by the encrypted identifier.
- View Dependent Claims (7, 8)
- - 7. The apparatus of claim 6, wherein the apparatus is further configured to at least:
    - receive a query for the personal data from an authorized user, the query includes the pseudonym and the encrypted identifier both having been generated by the authorized user;
      
      retrieve the personal data from the database based on the pseudonym and the encrypted identifier; and
      
      prepare the personal data for transmission to the authorized user.
  - 8. The apparatus of claim 7, wherein the apparatus is further configured to at least receive the pseudonym and the encrypted identifier by at least receiving the pseudonym and the encrypted identifier for a plurality of users, wherein the provide for storage of the personal data comprises provide for storage of the personal data in the database under the respective pseudonyms,wherein the receive a query comprises receive a query for the personal data of some of the users, the query includes the pseudonyms and encrypted identifiers of the respective users, all of the pseudonyms and encrypted identifiers having been generated by the authorized user.

9. An apparatus comprising:
- at least one processor; and
  
  at least one memory including computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following;
  
  receive encrypted first and second secret keys that have been generated by encrypting the first and second secret keys using a public key of the apparatus;
  
  generate a re-encryption key using the public key of an authorized user and the public key and a private key of the apparatus;
  
  generate the re-encrypted first and second secret keys using the re-encryption key; and
  
  prepare the re-encrypted first and second secret keys for transmission to the authorized user for decrypting the re-encrypted first and second secret keys using the private key of the authorized user to thereby obtain the first and second secret keys;
  
  receive an access control policy granting one or more other users authorization to access personal data.
- View Dependent Claims (10)
- - 10. The apparatus of claim 9, wherein the apparatus is further configured to at least:
    - wherein the generate the re-encrypted first and second secret keys and the prepare the second re-encryption key for transmission occur in accordance with the access control policy.

11. A method comprising:
- generating a pseudonym of personal data of a user using a first private key;
  
  encrypting a unique identifier of the user using a second private key;
  
  preparing the pseudonym and the encrypted unique identifier for transmission to a remote apparatus for storing the personal data in a database under the pseudonym, the personal data indexed by the encrypted unique identifier, the first and second secret keys being known to one or more other users authorized to access the personal data, and the first and second secret keys being unknown to the remote apparatus,wherein the generating the pseudonym, the encrypting the identifier, and the preparing the pseudonym and the encrypted unique identifier for transmission are performed by at least one processor; and
  
  prepare an access control policy for transmission to a second apparatus, the access control policy grants the one or more other users authorization to access the personal data.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein the generating the pseudonym of the personal data comprises:
    - applying a hash function to the personal data using the second secret key.
  - 13. The method of claim 11, wherein the encrypting the identifier comprises:
    - encrypting the identifier according to a chosen-plaintext attack-secure symmetric encryption technique.
  - 14. The method of claim 11, further comprising:
    - receiving a public key of the second apparatus;
      
      encrypting the first and second secret keys using the public key of the second apparatus; and
      
      preparing the encrypted first and second secret keys for transmission to the second apparatus for generating and transmitting to an authorized user re-encrypted first and second secret keys that have been re-encrypted using a re-encryption key that has been generated using a public key of an authorized user and the public key and a private key of the second apparatus.
  - 15. The method of claim 14,wherein the access control policy for transmission to the second apparatus is for generating and transmitting to the authorized user the re-encrypted keys in accordance with the access control policy.

16. A method comprising:
- receiving a pseudonym and an encrypted identifier at an apparatus, the pseudonym being of personal data of a user having a unique identifier, the pseudonym having been generated using a first secret key, and the encrypted identifier having been generated by encrypting the identifier using a second secret key, the first and second secret keys being known to one or more other users authorized to access the personal data, and the first and second secret keys being unknown to the apparatus;
  
  providing for storage of the personal data in a database under the pseudonym, the personal data indexed by the encrypted identifier,wherein the receiving the pseudonym and the encrypted identifier and the providing for storage of the personal data are performed by at least one processor; and
  
  receive an access control policy for transmission to a second apparatus, the access control policy grants the one or more other users authorization to access the personal data.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16, further comprising:
    - receiving a query for the personal data from an authorized user, the query including the pseudonym and the encrypted identifier both having been generated by the authorized user;
      
      retrieving the personal data from the database based on the pseudonym and the encrypted identifier; and
      
      preparing the personal data for transmission to the authorized user.
  - 18. The method of claim 17, wherein the receiving the pseudonym and the encrypted identifier comprises receiving the pseudonym and the encrypted identifier for a plurality of users, wherein the providing for storage of the personal data comprises providing for storage of the personal data in the database under the respective pseudonyms,wherein the receiving the query comprises receiving the query for the personal data of some of the users, the query including the pseudonyms and the encrypted identifiers of the respective users, all of the pseudonyms and encrypted identifiers having been generated by the authorized user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Yan, Zheng
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Kusyk, Janusz

Application Number

US13/514,022
Publication Number

US 20120239942A1
Time in Patent Office

2,038 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

H04L 63/0421   Anonymous communication, i....

H04W 8/18   Processing of user or subsc...

H04W 8/24   Transfer of terminal data

Preservation of user data privacy in a network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Preservation of user data privacy in a network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links