System and method to anonymize data transmitted to a destination computing device

US 9,356,993 B1
Filed: 03/15/2013
Issued: 05/31/2016
Est. Priority Date: 03/08/2011
Status: Active Grant

First Claim

Patent Images

1. A method for anonymizing data to be transmitted to a destination computing device, comprising:

receiving data to be transmitted from a user computing device to the destination computing device over a network for storage, the data received by a computing device, the data including a plurality of characters;

providing a plurality of seed values, each of the seed values having a corresponding seed value identifier;

selecting one of the plurality of seed values;

generating an initialization vector using the selected seed value, using an initialization vector generator executed on the computing device;

anonymizing the received data using an anonymization module executed on the computing device to derive an anonymized data, using the generated initialization vector; and

transmitting anonymized received data and the seed value identifier of the selected seed value to the destination computing device for storage, over a network,wherein, upon receipt of a search request with a search term from the user computing device to search received data stored in the destination computing device,generating a plurality of anonymized search terms that correspond to the received search term, using the plurality of initialization vectors generated using the plurality of seed values; and

transmitting a modified search request with the generated plurality of anonymized search terms for processing by the destination computing device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. The data includes a plurality of characters. An initialization vector is generated using a seed value, the seed value having a corresponding seed value identifier. The data is anonymized using an anonymization module, to derive an anonymized data, using the generated initialization vector. The anonymized data and the seed value identifier is transmitted to the destination computer over a network.

72 Citations

View as Search Results

24 Claims

1. A method for anonymizing data to be transmitted to a destination computing device, comprising:
- receiving data to be transmitted from a user computing device to the destination computing device over a network for storage, the data received by a computing device, the data including a plurality of characters;
  
  providing a plurality of seed values, each of the seed values having a corresponding seed value identifier;
  
  selecting one of the plurality of seed values;
  
  generating an initialization vector using the selected seed value, using an initialization vector generator executed on the computing device;
  
  anonymizing the received data using an anonymization module executed on the computing device to derive an anonymized data, using the generated initialization vector; and
  
  transmitting anonymized received data and the seed value identifier of the selected seed value to the destination computing device for storage, over a network,wherein, upon receipt of a search request with a search term from the user computing device to search received data stored in the destination computing device,generating a plurality of anonymized search terms that correspond to the received search term, using the plurality of initialization vectors generated using the plurality of seed values; and
  
  transmitting a modified search request with the generated plurality of anonymized search terms for processing by the destination computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further including receiving one or more search results from the destination computing device, in response to the modified search request;
    - deanonymizing the received one or more search results using the plurality of initialization vectors; and
      
      selecting the deanonymized received search result matching the received search term from the user computing device.
  - 3. The method of claim 2, wherein deanonymizing the received one or more search results further including:
    - retrieving the anonymized data corresponding to the search result along with the corresponding seed value identifier;
      
      using the seed value identifier, retrieving the corresponding seed value;
      
      regenerating the initialization vector using the corresponding seed value; and
      
      deanonymizing the anonymized data using the regenerated initialization vector.
  - 4. The method of claim 1, wherein generating an initialization vector further including:
    - providing a plurality of sets of seed values, wherein each of the seed value within a set of seed values having a corresponding seed value identifier;
      
      selecting one of the plurality of set of seed values;
      
      selecting one of the seed values within the selected set of seed values; and
      
      generating the initialization vector using the selected one of the plurality of seed values within the selected set of seed values.
  - 5. The method of claim 4, wherein selecting one of the plurality of set of seed values further including:
    - identifying a characteristic of the data; and
      
      based on the identified characteristic of the data, selecting one of the set of plurality of seed values.
  - 6. The method of claim 5, wherein one of the characteristic of the data is frequency of occurrence of the data.
  - 7. The method of claim 6, wherein one set of seed values has greater number of seed values than another set of seed values and the one set of seed values is selected if the frequency of occurrence of the data is above a threshold value.

8. A method for anonymizing data to be stored in a destination computing device, comprising:
- receiving data to be transmitted from a user computing device to the destination computing device over a network for storage, the data received by a computing device, the data including a plurality of characters;
  
  providing a plurality of seed values, each of the seed values having a corresponding seed value identifier;
  
  selecting one of the plurality of seed values;
  
  generating an initialization vector using the selected, using an initialization vector generator executed on the computing device;
  
  anonymizing the received data using an anonymization module executed on the computing device to derive an anonymized data, using the generated initialization vector;
  
  transmitting anonymized received data and the seed value identifier of the selected seed value to the destination computing device for storage, over a network;
  
  receiving a request from the user computing device to search the anonymized data stored at the destination computing device, using a search term;
  
  intercepting the request by the computing device;
  
  generating a plurality of anonymized search terms that correspond to the received search search term, using a plurality of initialization vectors generated using the plurality of seed values;
  
  sending a plurality of search requests to the destination computing device using the generated plurality of anonymized search terms;
  
  receiving results for the plurality of search requests;
  
  deanonymizing the received result using the plurality of initialization vectors; and
  
  selecting the deanonymized received result matching the received search term.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein generating an initialization vector further including:
    - providing a plurality of sets of seed values, wherein each of the seed value within a set of seed values having a corresponding seed value identifier;
      
      selecting one of the plurality of set of seed values;
      
      selecting one of the seed values within the selected set of seed values; and
      
      generating the initialization vector using the selected one of the plurality of seed values within the selected set of seed values.
  - 10. The method of claim 9, wherein selecting one of the plurality of set of seed values further including:
    - identifying a characteristic of the data; and
      
      based on the identified characteristic of the data, selecting one of the set of plurality of seed values.
  - 11. The method of claim 10, wherein one of the characteristic of the data is frequency of occurrence of the data.
  - 12. The method of claim 11, wherein one set of seed values has greater number of seed values than another set of seed values and the one set of seed values is selected if the frequency of occurrence of the data is above a threshold value.

13. An anonymization system to anonymize data to be stored a destination computing device, comprising:
- an anonymization strategy module executed on a computing device to store anonymization strategy for data anonymization in a data store;
  
  a logic executed on the computing device to receive data to be stored in the destination computing device, from a user computer;
  
  a seed value generator executed on the computing device to generate a plurality of seed values, each of the seed values having a corresponding seed value identifier;
  
  an initialization vector generator executed on the computing device to generate an initialization vector using a selected one of the seed values; and
  
  an anonymization module executed on the computing device toanonymize the received data based on a selected anonymization strategy, using the generated initialization vector; and
  
  transmit the anonymized data and the seed value identifier that corresponds to the selected seed value to the destination computing device for storage, over a network,wherein, upon receipt of a search request with a search term from the user computing device to search received data stored in the destination computing device,a plurality of anonymized search terms that corresponds to the received search term is generated using the plurality of initialization vectors generated using the plurality of seed values, anda modified search request is transmitted with the generated plurality of anonymized search terms for processing by the destination computing device.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, wherein, one or more search results are received from the destination computing device, in response to the modified search request;
    - the received one or more search results are deanonymized using the plurality of initialization vectors; and
      
      deanonymized received search result matching the received search term from the user computing device is selected.
  - 15. The system of claim 14, wherein,the anonymized data corresponding to the search result is retrieved along with the corresponding seed value identifier from the destination computing device;
    - the seed value identifier is used to retrieve the corresponding seed value;
      
      the initialization vector is generated using the corresponding seed value; and
      
      the anonymized data is de-anonymized using the regenerated initialization vector.
  - 16. The system of claim 13, wherein,a plurality of sets of seed values are provided, wherein each of the seed value within a set of seed values having a corresponding seed value identifier;
    - one of the plurality of set of seed values is selected;
      
      one of the seed values within the selected set of seed values is selected; and
      
      the initialization vector is generated using the selected one of the plurality of seed values within the selected set of seed values.
  - 17. The system of claim 16, further including:
    - a characteristic of the data is identified; and
      
      based on the identified characteristic of the data, one of the set of plurality of seed values is selected.
  - 18. The system of claim 17, wherein one of the characteristic of the data is frequency of occurrence of the data.
  - 19. The system of claim 18, wherein one set of seed values has greater number of seed values than another set of seed values and the one set of seed values is selected if the frequency of occurrence of the data is above a threshold value.

20. An anonymization system to anonymize data to be stored in a destination computing device, comprising:
- an anonymization strategy module executed on a computing device to store anonymization strategy for data anonymization in a data store;
  
  a logic executed on the computing device to receive data to be stored in the destination computing device, from a user computer;
  
  a seed value generator executed on the computing device to generate a plurality of seed values, each of the seed values having a corresponding seed value identifier;
  
  an initialization vector generator executed on the computing device to generate an initialization vector using a selected one of the seed values;
  
  an anonymization module executed on the computing device toanonymize the received data based on a selected anonymization strategy, using the generated initialization vector; and
  
  transmit the anonymized data and the seed value identifier that corresponds to the selected seed value to the destination computing device for storage, over a network;
  
  a request to search the anonymized data stored at the destination computing device, using a search term is received from the user computing device and intercepted by the computing device;
  
  a plurality of anonymized search terms that corresponds to the received search term are generated using a plurality of initialization vectors generated using the plurality of seed values;
  
  a plurality of search requests are sent to the destination computing device using the generated plurality of anonymized search terms;
  
  results for the plurality of search requests are received;
  
  the received result are de-anonymized using the plurality of initialization vectors; and
  
  the deanonymized received result that matches the search term is selected.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The system of claim 20, wherein,a plurality of sets of seed values are provided, wherein each of the seed value within a set of seed values having a corresponding seed value identifier;
    - one of the plurality of set of seed values is selected;
      
      one of the seed values within the selected set of seed values is selected; and
      
      the initialization vector is generated using the selected one of the plurality of seed values within the selected set of seed values.
  - 22. The system of claim 21, further including:
    - a characteristic of the data is identified; and
      
      based on the characteristic of the data, one of the set of plurality of seed values is selected.
  - 23. The system of claim 22, wherein one of the characteristic of the data is frequency of occurrence of the data.
  - 24. The system of claim 23, wherein one set of seed values has greater number of seed values than another set of seed values and the one set of seed values is selected if the frequency of occurrence of the data is above a threshold value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Ciphercloud Incorporated
Inventors
Kothari, Pravin, Dash, Debabrata
Primary Examiner(s)
Chai, Longbit

Application Number

US13/844,509
Time in Patent Office

1,173 Days
Field of Search

726/26
US Class Current

1/1
CPC Class Codes

G06F 16/258   Data format conversion from...

G06F 21/1075   Editing

G06F 21/602   Providing cryptographic fac...

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/6263   during internet communicati...

H04L 63/0407   wherein the identity of one...

H04L 63/0421   Anonymous communication, i....

H04L 63/0435   wherein the sending and rec...

H04L 67/06   specially adapted for file ...

System and method to anonymize data transmitted to a destination computing device

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to anonymize data transmitted to a destination computing device

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links