Enforcement of data privacy to maintain obfuscation of certain data

US 9,129,119 B2
Filed: 08/16/2013
Issued: 09/08/2015
Est. Priority Date: 05/10/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

determining, by a microprocessor, whether data to be released from a database maps to at least one confidential mapping between sets of data in the database; and

in response to the data mapping to the at least one confidential mapping, determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy, wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy further comprises performing static enforcement of the anonymity policy by analyzing program code without executing the program code, wherein the program code performs release of the data at one or more release points when the program code is executed, and wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy and performing static enforcement of the anonymity policy further comprises;

determining, during the static enforcement whether an invocation of an obfuscation function is performed in the program code on at least one path from a query to at least one of the one or more release points at which the data would be released by the program code when the program code is executed; and

in response to an invocation of the obfuscation function not being performed in the program code on the at least the path from the query to the at least one release point at which the data would be released by the program code, performing during the static enforcement at least one action.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-readable medium is disclosed that tangibly embodies a program of machine-readable instructions executable by a digital processing apparatus to perform operations including determining whether data to be released from a database is associated with one or more confidential mappings between sets of data in the database. The operations also include, in response to the data being associated with the one or more confidential mappings, determining whether release of the data meets one or more predetermined anonymity requirements of an anonymity policy. Methods and apparatus are also disclosed.

14 Citations

View as Search Results

14 Claims

1. A method, comprising:
- determining, by a microprocessor, whether data to be released from a database maps to at least one confidential mapping between sets of data in the database; and
  
  in response to the data mapping to the at least one confidential mapping, determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy, wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy further comprises performing static enforcement of the anonymity policy by analyzing program code without executing the program code, wherein the program code performs release of the data at one or more release points when the program code is executed, and wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy and performing static enforcement of the anonymity policy further comprises;
  
  determining, during the static enforcement whether an invocation of an obfuscation function is performed in the program code on at least one path from a query to at least one of the one or more release points at which the data would be released by the program code when the program code is executed; and
  
  in response to an invocation of the obfuscation function not being performed in the program code on the at least the path from the query to the at least one release point at which the data would be released by the program code, performing during the static enforcement at least one action.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein determining whether an invocation of an obfuscation function is performed further comprises determining whether an invocation of an obfuscation function is performed in the program code on every one of the at least one paths from the query to the at least one release points at which the data would be released.
  - 3. The method of claim 1, further comprising receiving an obfuscation function from a user and wherein performing at least one action comprises inserting during the static enforcement and in the program code a call to the received obfuscation function, the call inserted in the at least one path from the query to the at least one release point at which the data would be released by the program code.
  - 4. The method of claim 1, wherein performing the at least one action comprises notifying a user of lack of invocation of an obfuscation function on the at least one path.
  - 5. The method of claim 1, wherein performing the at least one action comprises inserting a call to an obfuscation function in the program code in one or more of the at least one paths.
  - 6. The method of claim 1, wherein each of the sets corresponds to a column of the database.

7. An apparatus, comprising:
- at least one processor; and
  
  at least one memory including instructions,the at least one processor configured, in response to executing the instructions, to cause the apparatus to perform at least the following;
  
  determining whether data to be released from a database maps to at least one confidential mapping between sets of data in the database; and
  
  in response to the data mapping to the at least one confidential mapping, determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy, wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy further comprises performing static enforcement of the anonymity policy by analyzing program code without executing the program code, wherein the program code performs release of the data at one or more release points when the program code is executed, and wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy and performing static enforcement of the anonymity policy further comprises;
  
  determining the one or more release points in the program code; and
  
  determining, during the static enforcement, whether the release or the data from the one or more release points is in accordance with a k-anonymity requirement specified by the anonymity policy.
- View Dependent Claims (8, 9, 10)
- - 8. The apparatus of claim 7, wherein determining whether the release of the data is in accordance with a k-anonymity requirement specified by the anonymity policy and performing static enforcement of the anonymity policy further comprises generating, during the static enforcement, a check function that determines whether the release of the data would be in accordance with the k-anonymity requirement.
  - 9. The apparatus of claim 7, wherein determining whether the release of the data is in accordance with a k-anonymity requirement specified by the anonymity policy and performing static enforcement of the anonymity policy further comprises generating and performing, during the static enforcement, a cardinality check to ensure cardinality greater than k for at least data to be released in at least one of the sets of data associated with a corresponding at least one confidential mapping.
  - 10. The apparatus of claim 9, wherein the at least one confidential mapping further comprises a plurality of confidential mappings between a plurality of sets of data in the database.

11. A method, comprising:
- determining, by a microprocessor, whether data to be released from a database maps to at least one confidential mapping between sets of data in the database; and
  
  in response to the data mapping to the at least one confidential mapping, determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy, wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy further comprises performing static enforcement of the anonymity policy by analyzing program code without executing the program code, wherein the program code performs release of the data at one or more release points when the program code is executed, and wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy and performing, static enforcement in the anonymity policy further comprises;
  
  determining the one or more release points in the program code; and
  
  determining, during the static enforcement, whether the release of the data from the one or more release points is in accordance with a k-anonymity requirement specified by the anonymity policy.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11, wherein determining whether the release of the data is in accordance with a k-anonymity requirement specified by the anonymity policy and performing static enforcement of the anonymity policy farther comprises generating, during the static enforcement, a check function that determines whether the release of the data would be in accordance with the k-anonymity requirement.
  - 13. The method of claim 11, wherein determining whether the release of the data is in accordance with a k-anonymity requirement specified by the anonymity policy and performing static enforcement of the anonymity policy further comprises generating and performing, during the static enforcement, a cardinality check to ensure cardinality greater than k for at least data to be released in at least one of the sets of data associated with a corresponding at least one confidential mapping.
  - 14. The method of claim 11, wherein the at least one confidential mapping further comprises a plurality of confidential mappings between a plurality of sets of data in the database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Burke, Michael George, Peshansky, Igor, Pistoia, Marco, Tripp, Omer
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
TRUONG, THONG P

Application Number

US13/968,478
Publication Number

US 20130332990A1
Time in Patent Office

753 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/6245   Protecting personal data, e...

G16H 10/60   for patient-specific data, ...

Enforcement of data privacy to maintain obfuscation of certain data

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Enforcement of data privacy to maintain obfuscation of certain data

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links