Preservation of user data privacy in a network
First Claim
1. An apparatus comprising:
- at least one processor; and
at least one memory including computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following;
generate a pseudonym of personal data of a user using a first secret key;
encrypt a unique identifier of the user using a second secret key;
prepare the pseudonym and the encrypted unique identifier for transmission to a remote apparatus for storage of the personal data in a database under the pseudonym, the personal data indexed by the encrypted unique identifier, the first and second secret keys being known to one or more other users authorized to access the personal data, and the first and second secret keys being unknown to the remote apparatus; and
prepare an access control policy for transmission to a second apparatus, the access control policy grants the one or more other users authorization to access the personal data.
2 Assignments
0 Petitions
Accused Products
Abstract
An example apparatus is provided that receives a pseudonym and encrypted identifier, where the pseudonym is of a user'"'"'s personal data. The pseudonym has been generated using a first secret key, and the encrypted identifier has been generated by encrypting the identifier using a second secret key. The first and second secret keys are known to other user(s) authorized to access the data, and are unknown to the apparatus. The operations also include storing the personal data in a database under the pseudonym, and indexed by the encrypted identifier. The keys used for encryption and pseudorandom generation can be provided by a second apparatus (e.g. an offline security manager), which may employ a proxy re-encryption scheme to provide proper keys to the apparatus based on access policies. Only the authorized users can decrypt the keys with their private keys, thus can query the user records stored in the apparatus.
-
Citations
18 Claims
-
1. An apparatus comprising:
-
at least one processor; and at least one memory including computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following; generate a pseudonym of personal data of a user using a first secret key; encrypt a unique identifier of the user using a second secret key; prepare the pseudonym and the encrypted unique identifier for transmission to a remote apparatus for storage of the personal data in a database under the pseudonym, the personal data indexed by the encrypted unique identifier, the first and second secret keys being known to one or more other users authorized to access the personal data, and the first and second secret keys being unknown to the remote apparatus; and prepare an access control policy for transmission to a second apparatus, the access control policy grants the one or more other users authorization to access the personal data. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus comprising:
-
at least one processor; and at least one memory including computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following; receive a pseudonym and an encrypted identifier at the apparatus, the pseudonym being of personal data of a user having a unique identifier, the pseudonym having been generated using a first secret key, and the encrypted identifier having been generated by at least encrypting the identifier using a second secret key, the first and second secret keys being known to one or more other users authorized to access the data, and the first and second secret keys being unknown to the apparatus; receive an access control policy for transmission to a second apparatus, the access control policy grants the one or more other users authorization to access the personal data; and provide for storage of the personal data in a database under the pseudonym, the personal data indexed by the encrypted identifier. - View Dependent Claims (7, 8)
-
-
9. An apparatus comprising:
-
at least one processor; and at least one memory including computer program code configured to, with the at least one processor, cause the apparatus to perform at least the following; receive encrypted first and second secret keys that have been generated by encrypting the first and second secret keys using a public key of the apparatus; generate a re-encryption key using the public key of an authorized user and the public key and a private key of the apparatus; generate the re-encrypted first and second secret keys using the re-encryption key; and prepare the re-encrypted first and second secret keys for transmission to the authorized user for decrypting the re-encrypted first and second secret keys using the private key of the authorized user to thereby obtain the first and second secret keys; receive an access control policy granting one or more other users authorization to access personal data. - View Dependent Claims (10)
-
-
11. A method comprising:
-
generating a pseudonym of personal data of a user using a first private key; encrypting a unique identifier of the user using a second private key; preparing the pseudonym and the encrypted unique identifier for transmission to a remote apparatus for storing the personal data in a database under the pseudonym, the personal data indexed by the encrypted unique identifier, the first and second secret keys being known to one or more other users authorized to access the personal data, and the first and second secret keys being unknown to the remote apparatus, wherein the generating the pseudonym, the encrypting the identifier, and the preparing the pseudonym and the encrypted unique identifier for transmission are performed by at least one processor; and prepare an access control policy for transmission to a second apparatus, the access control policy grants the one or more other users authorization to access the personal data. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method comprising:
-
receiving a pseudonym and an encrypted identifier at an apparatus, the pseudonym being of personal data of a user having a unique identifier, the pseudonym having been generated using a first secret key, and the encrypted identifier having been generated by encrypting the identifier using a second secret key, the first and second secret keys being known to one or more other users authorized to access the personal data, and the first and second secret keys being unknown to the apparatus; providing for storage of the personal data in a database under the pseudonym, the personal data indexed by the encrypted identifier, wherein the receiving the pseudonym and the encrypted identifier and the providing for storage of the personal data are performed by at least one processor; and receive an access control policy for transmission to a second apparatus, the access control policy grants the one or more other users authorization to access the personal data. - View Dependent Claims (17, 18)
-
Specification