System and method to anonymize data transmitted to a destination computing device

US 9,852,311 B1
Filed: 03/30/2014
Issued: 12/26/2017
Est. Priority Date: 03/08/2011
Status: Active Grant

First Claim

Patent Images

1. A method for anonymizing data to be transmitted to a destination computing device, comprising:

receiving data to be transmitted to the destination from a user computer, the data including a plurality of characters and defining a clear data;

generating a modified clear data with a predefined number of characters greater than the number of characters in the clear data, wherein the modified clear data is created byappending a delimiter data of at least one character to the clear data; and

appending a pad data of one or more characters so that total number of characters in the modified clear data is equal to the predefined number of characters of the modified clear data;

anonymizing the modified clear data using an anonymization module to derive an anomymized modified clear data; and

transmitting the anonymized modified clear data to the destination computing device over a network for storage in the destination computing device,wherein generating the modified clear data further including;

generating a first initialization vector using a selective portion of the pad data as a first seed value;

anonymizing the clear data using the first initialization vector to generate a transformed clear data; and

substituting the clear data with transformed clear data so that modified clear data includes the transformed clear data, the delimiter data and the pad data.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. The data includes a plurality of characters and defines a clear data. A modified clear data with number of characters greater than the clear data is formed using the clear data, a delimiter data and a pad data. The modified clear data is anonymized to derive an anonymized data. The anonymized data is transmitted to the destination computer over a network. In one embodiment, a portion of the pad data is selected as a seed value to generate an initialization vector to anonymize the clear data.

69 Citations

View as Search Results

32 Claims

1. A method for anonymizing data to be transmitted to a destination computing device, comprising:
- receiving data to be transmitted to the destination from a user computer, the data including a plurality of characters and defining a clear data;
  
  generating a modified clear data with a predefined number of characters greater than the number of characters in the clear data, wherein the modified clear data is created byappending a delimiter data of at least one character to the clear data; and
  
  appending a pad data of one or more characters so that total number of characters in the modified clear data is equal to the predefined number of characters of the modified clear data;
  
  anonymizing the modified clear data using an anonymization module to derive an anomymized modified clear data; and
  
  transmitting the anonymized modified clear data to the destination computing device over a network for storage in the destination computing device,wherein generating the modified clear data further including;
  
  generating a first initialization vector using a selective portion of the pad data as a first seed value;
  
  anonymizing the clear data using the first initialization vector to generate a transformed clear data; and
  
  substituting the clear data with transformed clear data so that modified clear data includes the transformed clear data, the delimiter data and the pad data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 19, 20, 21, 22, 23, 24, 25)
- - 2. The method of claim 1, further including assigning at least one character from a set of characters as the delimiter data and assigning one or more characters from the set of characters other than the delimiter data to form the pad data.
  - 3. The method of claim 1, wherein the anonymized data has the same number of characters as the modified clear data.
  - 4. The method of claim 1 wherein anonymizing the modified clear data further including:
    - generating an initialization vector using a seed value; and
      
      anonymizing the modified clear data using the generated initialization vector.
  - 5. The method of claim 4 wherein transmitting the anonymized modified clear data further including transmitting a seed value identifier that corresponds to the seed value, to the destination computing device over a network for storage in the destination computing device.
  - 6. The method of claim 4, wherein generating an initialization vector further including:
    - selecting one of a plurality of seed values;
      
      designating the selected one of the plurality of seed values as a fixed seed value; and
      
      generating the initialization vector using the fixed seed value.
  - 7. The method of claim 4, further including:
    - retrieving the anonymized modified clear data;
      
      regenerating the initialization vector using the seed value;
      
      de-anonymizing the anonymized data using the regenerated initialization vector to derive the modified clear data with transformed clear data, delimiter data and pad data; and
      
      extracting the clear data from the modified clear data.
  - 8. The method of claim 4, further including generating an order indicator data indicative of the order of the clear data based on a value of the clear data and transmitting the order indicator data along with the anonymized data to the destination computing device over the network.
  - 9. The method of claim 8, further including:
    - receiving a request to sort the anonymized modified clear data stored at the destination computing device; and
      
      sorting the anonymized modified clear data based on the corresponding order indicator data.
  - 19. The method of claim 1, wherein anonymizing the modified clear data further including using a second initialization vector to anonymize the modified clear data with transformed clear data, the delimiter data and the pad data.
  - 20. The method of claim 19, further including generating the second initialization vector using a second seed value.
  - 21. The method of claim 20 wherein transmitting the anonymized modified clear data further including transmitting a seed value identifier that corresponds to the second seed value to the destination computing device over a network.
  - 22. The method of claim 20, wherein generating the second initialization vector further including:
    - selecting one of a plurality of seed values as the second seed value; and
      
      generating the second initialization vector using selected one of the plurality of seed values.
  - 23. The method of claim 21, further including:
    - retrieving the anonymized modified clear data;
      
      regenerating the second initialization vector using the second seed value;
      
      de-anonymizing the anonymized modified clear data using the regenerated second initialization vector to derive the modified clear data with transformed clear data, the delimiter data and the pad data;
      
      extracting the transformed clear data from the modified clear data;
      
      regenerating the first initialization vector using the selective portion of the retrieved pad data as the seed value; and
      
      de-anonymizing the transformed clear data using the first initialization vector to derive the clear data.
  - 24. The method of claim 1, further including generating an order indicator data indicative of the order of the clear data and transmitting the order indicator data along with the anonymized modified clear data to the destination computing device over the network.
  - 25. The method of claim 24, further including:
    - receiving a request to sort the anonymized data stored at the destination computing device; and
      
      sorting the anonymized modified clear data based on the corresponding order indicator data.

10. An anonymization system to anonymize data transmitted to a destination computing device, comprising:
- an anonymization strategy module to store anonymization strategy for data anonymization;
  
  a logic to receive data to be transmitted to the destination computing device, from a user computer, the data including a plurality of characters and defines a clear data;
  
  a logic to generate a modified clear data with a predefined number of characters greater than the number of characters in the clear data, wherein the logicappends a delimiter data of at least one character to the clear data; and
  
  appends a pad data of one or more characters to the delimiter data to generate the modified clear data so that total number of characters in the modified clear data is equal to the predefined number of characters of the modified clear data; and
  
  an anonymization module toanonymize the modified clear data based on an anonymization strategy; and
  
  transmit the anonymized modified clear data to the destination computing device over a network for storage in the destination computing device,wherein a selective portion of the pad data is used as a seed value to generate a first initialization vector;
  
  the clear data is anonymized using the first initialization vector to generate a transformed clear data; and
  
  the clear data is substituted with the transformed clear data to form the modified clear data so that modified clear data includes the transformed clear data, the delimiter data and the pad data.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 26, 27, 28, 29, 30, 31, 32)
- - 11. The system of claim 10, wherein at least one character from a set of characters is assigned as the delimiter data and one or more characters from the set of characters other than the delimiter data is assigned for the pad data.
  - 12. The system of claim 10, wherein the anonymized modified clear data has the same number of characters as the modified clear data.
  - 13. The system of claim 10, further including an initialization vector generator to generate an initialization vector using a seed value;
    - andthe anonymization module anonymizes the modified clear data using the generated initialization vector.
  - 14. The system of claim 13, wherein the seed value has a corresponding seed value identifier, and the anonymization module transmits the seed value identifier along with the anonymized modified clear data to the destination computing device.
  - 15. The system of claim 13, whereina plurality of seed values are provided;
    - one of a plurality of seed values is selected;
      
      the initialization vector is generated using selected one of the plurality of seed values.
  - 16. The system of claim 15, further including:
    - the anonymized data is retrieved from the destination computing device;
      
      the initialization vector is generated using the selected seed value;
      
      the anonymized data is de-anonymized using the regenerated initialization vector to derive the modified clear data with transformed clear data, delimiter data and pad data; and
      
      the clear data is extracted from the transformed clear data.
  - 17. The system of claim 13, further including an order indicator generator to generate an order indicator data indicative of the order of the clear data based on a value of the clear data;
    - andthe order indicator data is transmitted along with the anonymized data to the destination computing device over the network.
  - 18. The system of claim 17, further including:
    - a logic to receive a request to sort the anonymized modified clear data stored at the destination computing device; and
      
      the anonymized clear data is sorted based on the corresponding order indicator data.
  - 26. The system of claim 10, wherein the modified clear data with the transformed clear data, the delimiter data and the pad data is anonymized using a second initialization vector.
  - 27. The system of claim 26, wherein the second initialization vector is generated using a second seed value.
  - 28. The system of claim 27, wherein a seed value identifier that corresponds to the second seed value is transmitted along with the anonymized modified clear data, to the destination computing device.
  - 29. The system of claim 26, wherein one of a plurality of seed values are selected as a second seed value, each of the seed values having a corresponding seed value identifier;
    - andthe second initialization vector is generated using the selected one of the plurality of seed values.
  - 30. The system of claim 28, further including:
    - the anonymized modified clear data is retrieved;
      
      the second initialization vector is regenerated using the second seed value;
      
      the anonymized modified clear data is de-anonymized using the regenerated second initialization vector to derive the modified clear data with the transformed clear data, the delimiter data and the pad data;
      
      the transformed clear data is extracted from the modified clear data;
      
      the selective portion of the retrieved pad data is used as the seed value to regenerate the first initialization vector; and
      
      the transformed clear data is de-anonymized using the regenerated first initialization vector to derive clear data.
  - 31. The system of claim 10, wherein the system further including an order indicator generator to generate an order indicator data indicative of the order of the clear data;
    - andThe order indicator data is transmitted along with the anonymized modified clear data to the destination computing device over the network.
  - 32. The system of claim 31, further including:
    - a logic to receive a request to sort the anonymized modified clear data stored at the destination computing device; and
      
      the anonymized modified clear data is sorted based on the corresponding order indicator data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Ciphercloud Incorporated
Inventors
Kothari, Pravin, Dash, Debabrata, Kaganovich, Yevgeniy, Liu, Jing
Primary Examiner(s)
Gergiso, Techane
Assistant Examiner(s)
Ho, Thomas

Application Number

US14/229,956
Time in Patent Office

1,367 Days
Field of Search

726 26, 380262
US Class Current
CPC Class Codes

G06F 21/606 by securing the transmissio...

G06F 21/6254 by anonymising data, e.g. d...

System and method to anonymize data transmitted to a destination computing device

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

System and method to anonymize data transmitted to a destination computing device

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links