System and method for cascading token generation and data de-identification

US 9,292,707 B1
Filed: 05/30/2014
Issued: 03/22/2016
Est. Priority Date: 06/03/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for de-identifying data by creating tokens through a cascading algorithm, comprising:

processing at least one record comprising a plurality of data elements to identify a subset of data elements, each data element of the subset comprising identifying information for at least one individual;

generating, with at least one processor, a first hash by hashing at least one first data element with at least a client tag unique to a particular client system;

generating, with at least one processor, a second hash by hashing the first hash with at least one other data element of the subset of data elements;

creating at least one token based at least partially on the second hash or a subsequent hash derived from the second hash, wherein the token identifies the at least one individual; and

linking the at least one token and at least a portion of a remainder of the data elements of the plurality of data elements with at least one other record for the at least one individual based at least partially on the at least one token.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for de-identifying data by creating tokens through a cascading algorithm includes the steps of processing at least one record comprising a plurality of data elements to identify a subset of data elements comprising data identifying at least one individual; generating, with at least one processor, a first hash by hashing at least one first data element with at least one second data element of the subset of data elements; generating, with at least one processor, a second hash by hashing the first hash with at least one third data element of the subset of data elements; creating at least one token based at least partially on the second hash or a subsequent hash derived from the second hash, wherein the token identifies the at least one individual; and associating at least a portion of a remainder of the data elements with the at least one token.

42 Citations

View as Search Results

20 Claims

1. A computer-implemented method for de-identifying data by creating tokens through a cascading algorithm, comprising:
- processing at least one record comprising a plurality of data elements to identify a subset of data elements, each data element of the subset comprising identifying information for at least one individual;
  
  generating, with at least one processor, a first hash by hashing at least one first data element with at least a client tag unique to a particular client system;
  
  generating, with at least one processor, a second hash by hashing the first hash with at least one other data element of the subset of data elements;
  
  creating at least one token based at least partially on the second hash or a subsequent hash derived from the second hash, wherein the token identifies the at least one individual; and
  
  linking the at least one token and at least a portion of a remainder of the data elements of the plurality of data elements with at least one other record for the at least one individual based at least partially on the at least one token.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein the first hash comprises a SHA-3 hash.
  - 3. The computer-implemented method of claim 1, wherein the at least one token is created based at least partially on the subsequent hash, and wherein the subsequent hash comprises a final hash in a series of hashes in which a previous hash is used as an input to a hash algorithm to hash a next data field.
  - 4. The computer-implemented method of claim 1, wherein the at least one record comprises at least one patient record, the at least one patient record uniquely identifying at least one patient in a healthcare system.
  - 5. The computer-implemented method of claim 1, wherein the at least one record comprises at least one consumer record, the at least one consumer record uniquely identifying at least one consumer of goods or services.
  - 6. The computer-implemented method of claim 1, wherein the first hash is generated at least partially based on the at least one first data element, the client tag, and at least one additional data element of the plurality of data elements.
  - 7. The computer-implemented method of claim 1, wherein the client tag uniquely identifies at least one of a client and a data supplier.

8. A system for de-identifying data, comprising:
- (a) a data supplier computer comprising at least one processor and a de-identification engine, the de-identification engine configured to;
  
  (i) process a data record comprising a plurality of data elements, wherein a subset of data elements of the plurality of data elements comprises personally identifying information for an individual;
  
  (ii) generate a token based at least partially on a series of hashes of individual data elements of the subset of data elements, wherein a plurality of hashes in the series of hashes are generated by hashing a previous hash result in the series of hashes with a next individual data element, wherein the previous hash result is based on hashing at least a previous individual data element, and wherein the token is generated at least partially based on a client tag uniquely identifying at least one of a client system and a data supplier;
  
  (iii) encrypt at least the token to generate an encrypted token;
  
  (b) a data processing entity computer remote from the data supplier computer, the data processing computer comprising at least one processor configured to;
  
  (i) receive the encrypted token and unencrypted data elements from the data supplier computer;
  
  (ii) decrypt the encrypted token, resulting in the token;
  
  (iii) link the token and unencrypted data elements with at least one other record for the individual based at least partially on the token.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim 8, wherein the de-identification engine encrypts at least the token to generate the encrypted token by:
    - (iv) generating a random key value;
      
      (v) encrypting the token with the random key value, creating the encrypted token; and
      
      (vi) creating encrypted data by encrypting the encrypted token and the random key value with a public key corresponding to a private key,wherein the at least one processor receives the encrypted token by decrypting the encrypted data with the private key.
  - 10. The system of claim 8, wherein the client tag is used to generate the token by at least one of an exclusive-or operation and a hash operation.
  - 11. The system of claim 8, wherein the client tag is incorporated into the token by at least one of a first hash operation and a subsequent hash operation.

12. A de-identification system, comprising:
- (a) a de-identification subsystem comprising at least one computer-readable medium containing program instructions which, when executed by at least one remote processor at a data supplier, causes the at least one remote processor to;
  
  (i) create a token from at least one record, the token created by performing at least one hash operation on a client tap uniquely identifying a client system and at least one data element of at least one record, wherein the at least one data element comprises personally-identifying information;
  
  (ii) encrypt the token with a randomly-generated encryption key, forming an encrypted token; and
  
  (iii) encrypt the encrypted token and the randomly-generated encryption key with a public key, forming encrypted data;
  
  (b) a record processing subsystem comprising a server and at least one computer-readable medium containing program instructions which, when executed by at least one processor, causes the at least one processor to;
  
  (i) receive the encrypted data;
  
  (ii) decrypt the encrypted data with a private key corresponding to the public key, resulting in the randomly-generated encryption key and the encrypted token; and
  
  (iii) decrypt the encrypted token with the randomly-generated encryption key.
- View Dependent Claims (13, 14)
- - 13. The de-identification system of claim 12, wherein the record processing subsystem further causes the at least one processor to:
    - (iv) hash the token with a key unique to a data supplier or client associated with the de-identification subsystem; and
      
      (v) link at least a portion of the data record with at least one other data record based at least partially on the new token.
  - 14. The de-identification system of claim 12, wherein the token is created based at least partially on a client tag uniquely identifying at least one of a client and a data supplier.

15. A de-identification engine for de-identifying at least one record comprising a plurality of data elements, wherein a subset of the plurality of data elements comprise personally-identifying data for an individual, the de-identification engine comprising at least one computer-readable medium containing program instructions that, when executed by at least one processor of at least one computer, cause the at least one computer to:
- (a) generate an initial hash by hashing at least one key and a first data element of the subset of data elements;
  
  (b) generate a second hash by hashing a second data element of the subset of data elements with the initial hash;
  
  (c) generate a next hash by hashing a previous hash with a next data element of the subset of data elements; and
  
  (d) repeat step (c) for all remaining data elements of the subset of data elements, resulting in a final hash value,wherein at least one of the initial hash, the second hash, the next hash, and the final hash value is generated based at least partially on a client tag uniquely identifying at least one of a client system and a data supplier, andwherein at least a portion of a remainder of the plurality of data elements are linked to at least one other record for the individual based on the final hash value.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The de-identification engine of claim 15, wherein the program instructions further cause the at least one computer to:
    - (d) generate at least one random key value;
      
      (e) encrypt the final hash value based at least partially on the random key value, resulting in an encrypted token; and
      
      (f) encrypt the encrypted token and the random key value with a public key, resulting in encrypted output data.
  - 17. The de-identification engine of claim 16, wherein the program instructions further cause the at least one computer to transmit the encrypted output data to a data processing entity.
  - 18. The de-identification engine of claim 15, wherein step (b) is repeated for at least two iterations.
  - 19. The de-identification engine of claim 15, wherein the at least one record comprises at least one patient record, the at least one patient record uniquely identifying at least one patient in a healthcare system.
  - 20. The de-identification engine of claim 15, wherein the client tag comprises the at least one key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Management Science Associates Incorporated (Clark Consulting LLC), Management Sscience Associates, Inc.
Original Assignee
Management Science Associates Incorporated (Clark Consulting LLC)
Inventors
Fontecchio, Tony
Primary Examiner(s)
Kim, Jung
Assistant Examiner(s)
Tran, Tri

Application Number

US14/291,805
Time in Patent Office

662 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2463/062   applying encryption of the ...

H04L 63/0421   Anonymous communication, i....

H04L 63/0442   wherein the sending and rec...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0876   based on the identity of th...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0869   involving random numbers or...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3234   involving additional secure...

H04L 9/3239   involving non-keyed hash fu...

H04W 12/02   Protecting privacy or anony...

System and method for cascading token generation and data de-identification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for cascading token generation and data de-identification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links