System and method for cascading token generation and data de-identification

US 9,830,476 B2
Filed: 02/16/2017
Issued: 11/28/2017
Est. Priority Date: 06/03/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for de-identifying a plurality of records for a plurality of individuals, the plurality of records including identifying data for the plurality of individuals, comprising:

receiving a record for an individual, the record comprising a plurality of data elements identifying the individual;

generating, with at least one processor, a token based at least partially on the plurality of data elements identifying the individual;

encrypting, with at least one processor, the token based at least partially on a first encryption key, resulting in an encrypted token;

encrypting, with at least one processor, the encrypted token based at least partially on a second encryption key, resulting in encrypted output data; and

transmitting the encrypted output data to a data processing system;

decrypting, with at least one processor at the data processing system, the encrypted output data and the encrypted token; and

encrypting, with at least one processor at the data processing system, the token with a third encryption key to produce a new token, wherein the third encryption key is unique to a client and/or data supplier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for de-identifying data by creating tokens through a cascading algorithm includes the steps of processing at least one record comprising a plurality of data elements to identify a subset of data elements comprising data identifying at least one individual; generating, with at least one processor, a first hash by hashing at least one first data element with at least one second data element of the subset of data elements; generating, with at least one processor, a second hash by hashing the first hash with at least one third data element of the subset of data elements; creating at least one token based at least partially on the second hash or a subsequent hash derived from the second hash, wherein the token identifies the at least one individual; and associating at least a portion of a remainder of the data elements with the at least one token.

19 Citations

View as Search Results

18 Claims

1. A computer-implemented method for de-identifying a plurality of records for a plurality of individuals, the plurality of records including identifying data for the plurality of individuals, comprising:
- receiving a record for an individual, the record comprising a plurality of data elements identifying the individual;
  
  generating, with at least one processor, a token based at least partially on the plurality of data elements identifying the individual;
  
  encrypting, with at least one processor, the token based at least partially on a first encryption key, resulting in an encrypted token;
  
  encrypting, with at least one processor, the encrypted token based at least partially on a second encryption key, resulting in encrypted output data; and
  
  transmitting the encrypted output data to a data processing system;
  
  decrypting, with at least one processor at the data processing system, the encrypted output data and the encrypted token; and
  
  encrypting, with at least one processor at the data processing system, the token with a third encryption key to produce a new token, wherein the third encryption key is unique to a client and/or data supplier.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, further comprising:
    - generating a de-identified record based at least partially on the new token and a plurality of non-identifying data elements;
      
      matching the new token to at least one other data record for the individual;
      
      linking the de-identified record to the at least one other data record for the individual.
  - 3. The computer-implemented method of claim 2, wherein generating the de-identified record based at least partially on the new token and the plurality of non-identifying data elements comprises creating a record including the new token and the plurality of non-identifying data elements, and wherein matching the new token to the at least one other data record for the individual comprises matching the new token to the at least one other data record.
  - 4. The computer-implemented method of claim 1, wherein the second encryption key comprises a public encryption key associated with a data supplier, the public encryption key corresponding to a private encryption key unique to the data supplier.
  - 5. The computer-implemented method of claim 1, further comprising:
    - generating at least one output file comprising the encrypted output data, wherein the at least one output file comprises the plurality of non-identifying data elements of the record; and
      
      creating, with at least one processor, a de-identified record comprising the plurality of non-identifying data elements of the record and the new token.
  - 6. The computer-implemented method of claim 1, wherein encrypting the token with the third encryption key comprises hashing the token with the third encryption key.
  - 7. The computer-implemented method of claim 1, wherein the token is generated based at least partially on a data supplier tag uniquely identifying a data supplier.

8. A computer program product for de-identifying a plurality of records for a plurality of individuals, the plurality of records including identifying data for the plurality of individuals, comprising at least one non-transitory computer-readable medium comprising program instructions that, when executed by at least one processor, cause the at least one processor to:
- receive a record for an individual, the record comprising a plurality of data elements identifying the individual;
  
  generate a token based at least partially on the plurality of data elements identifying the individual;
  
  encrypt the token based at least partially on a first encryption key, resulting in an encrypted token;
  
  encrypt the encrypted token based at least partially on a second encryption key, resulting in encrypted output data;
  
  transmit the encrypted output data to a data processing system;
  
  decrypt, at the data processing system, the encrypted output data and the encrypted token; and
  
  encrypt, at the data processing system, the token with a third encryption key to produce a new token, wherein the third encryption key is unique to a client and/or data supplier.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein the at least one non-transitory computer-readable medium comprises a first computer-readable medium and a second computer-readable medium, the first computer-readable medium installed on a data supplier computer and including program instructions for generating the token, the second computer-readable medium installed on a data processing computer remote from the data supplier computer and including program instructions that, when executed by the data processing computer, cause the data processing computer to:
    - generate a de-identified record based at least partially on the new token and a plurality of non-identifying data elements;
      
      match the new token to at least one other data record for the individual; and
      
      link the de-identified record to the at least one other data record for the individual.
  - 10. The computer program product of claim 9, wherein generating the de-identified record based at least partially on the new token and the plurality of non-identifying data elements comprises creating a record including the new token and the plurality of non-identifying data elements.
  - 11. The computer program product of claim 8, wherein the second encryption key comprises a public encryption key associated with a data supplier, the public encryption key corresponding to a private encryption key unique to the data supplier.
  - 12. The computer program product of claim 8, wherein the program instructions, when executed by the at least one processor, further cause the at least one processor to:
    - generate at least one output file comprising the encrypted output data, wherein the at least one output file comprises the plurality of non-identifying data elements of the record; and
      
      create a de-identified record comprising the plurality of non-identifying data elements of the record and the new token.
  - 13. The computer program product of claim 8, wherein encrypting the token with the third encryption key comprises hashing the token with the third encryption key.
  - 14. The computer program product of claim 8, wherein the token is generated based at least partially on a data supplier tag uniquely identifying a data supplier associated with the record.

15. A system for de-identifying data, comprising:
- (a) a de-identification subsystem comprising at least one hardware processor configured to;
  
  (i) process a data record comprising a plurality of data elements, wherein a subset of data elements of the plurality of data elements comprises personally identifying information for an individual;
  
  (ii) generate a token based at least partially on the subset of data elements;
  
  (iii) encrypt at least the token to generate an encrypted token; and
  
  (iv) generate encrypted data by encrypting the encrypted token with a second key; and
  
  (b) a token processing subsystem comprising at least one hardware processor configured to;
  
  (i) receive the encrypted data;
  
  (ii) decrypt the encrypted data, resulting in the encrypted token;
  
  (iii) decrypt the encrypted token;
  
  (iv) encrypt the token with a key unique to a client and/or data supplier, resulting in a new token; and
  
  (v) link the new token and unencrypted data elements with at least one other record for the individual.
- View Dependent Claims (16)
- - 16. The system of claim 15, further comprising a computer, the computer comprising the de-identification subsystem and the token processing subsystem.

17. A de-identification system, comprising:
- (a) a de-identification subsystem comprising at least one non-transitory computer-readable medium containing program instructions which, when executed by at least one processor, causes the at least one processor to;
  
  (i) create a token from at least one record comprising at least one data element including personally-identifying information;
  
  (ii) encrypt the token with a randomly-generated encryption key, forming an encrypted token; and
  
  (iii) encrypt the encrypted token with a second key, forming encrypted data; and
  
  (b) a record processing subsystem comprising at least one non-transitory computer-readable medium containing program instructions which, when executed by at least one processor, causes the at least one processor to;
  
  (i) receive the encrypted data;
  
  (ii) decrypt the encrypted data with the second key or a key corresponding to the second key, resulting in the encrypted token;
  
  (iii) decrypt the encrypted token with the randomly-generated encryption key;
  
  (iv) generate a new token based at least partially on the token and a key unique to a client and/or data supplier; and
  
  (v) generate a de-identified record based at least partially on the new token.
- View Dependent Claims (18)
- - 18. The de-identification system of claim 17, further comprising a computer, the computer comprising the de-identification subsystem and the record processing subsystem.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Management Science Associates Incorporated (Clark Consulting LLC)
Original Assignee
Management Science Associates Incorporated (Clark Consulting LLC)
Inventors
Fontecchio, Tony
Primary Examiner(s)
Tran, Tri

Application Number

US15/434,708
Publication Number

US 20170161521A1
Time in Patent Office

285 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2463/062   applying encryption of the ...

H04L 63/0421   Anonymous communication, i....

H04L 63/0442   wherein the sending and rec...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0876   based on the identity of th...

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0869   involving random numbers or...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3234   involving additional secure...

H04L 9/3239   involving non-keyed hash fu...

H04W 12/02   Protecting privacy or anony...

System and method for cascading token generation and data de-identification

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for cascading token generation and data de-identification

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links