Apparatus and method for data matching and anonymization

US 9,934,409 B2
Filed: 03/09/2015
Issued: 04/03/2018
Est. Priority Date: 08/01/2014
Status: Active Grant

First Claim

Patent Images

1. A method for data matching and anonymization, comprising:

executing instructions in a memory and processor of an apparatus in order to perform the following steps;

storing by the processor, in at least one of volatile or non-volatile storage, a plurality of data sets, each respective data set of the plurality of data sets including a respective identifier field, the plurality of data sets including a first data set and a second group of data sets, the first data set mapping unique identifiers in the respective identifier field to a first type of information comprising sensitive household information, the second group of data sets including a second data set mapping unique identifiers in the respective identifier field to a second type of information comprising transaction information and a third data set mapping unique identifiers in the respective identifier field to a third type of information comprising advertising information, wherein the first type of information is associable with the second type of information by matching unique identifiers in the first data set and second data set and associable with the third type of information by matching unique identifiers in the first data set and the third data set;

generating, by the processor, a key map including a key identifier field and an anonymous identifier field, the key identifier field for the key map including unique identifiers of the first data set of the plurality of data sets, the anonymous identifier field including unique anonymous identifiers, each anonymous identifier corresponding to a unique identifier in the key identifier field of the key map, wherein each anonymous identifier is different from the unique identifier to which the anonymous identifier corresponds;

encrypting, by the processor, the key map with an encryption scheme;

storing, by the processor, the key map;

rendering, by the processor, each data set of the second group of data sets as unassociable with the first data set by replacing, based on the key map, each unique identifier in the respective identifier field of the second group of data sets with the anonymous identifier in the key map to which the unique identifier corresponds, wherein the second type of information is associable with the third type of information by matching anonymous identifiers in the respective identifier fields of the second data set and the third data set; and

executing, by the processor, an analytical query that correlates the second type of information in at least one entry of the second data set with the third type of information of at least one entry in the third data set by matching anonymous identifiers in respective identifier fields of the second data set and third data set, wherein the first type of information in the first dataset is unassociable, by the analytical query, with the second type of information and the third type of information based on the matching anonymous identifiers, wherein the first type of information, the second type of information, and the third type of information are distinct and different types of information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes receiving a plurality of data sets. Each data set includes a customer identifier field specifying a unique customer identifier associated with each entry in each data set. The plurality of data sets includes a first group of data sets and a second group of data sets. The method further includes storing the plurality of data sets, and generating a key map including the customer identifier field including unique customer identifiers of the first group of data sets of the plurality of data sets, and an anonymous identifier field including unique anonymous identifiers. Each anonymous identifier corresponds to a customer identifier of the key map. The method further includes replacing each unique customer identifier in the second group of data sets with the corresponding anonymous identifier.

64 Citations

View as Search Results

18 Claims

1. A method for data matching and anonymization, comprising:
- executing instructions in a memory and processor of an apparatus in order to perform the following steps;
  
  storing by the processor, in at least one of volatile or non-volatile storage, a plurality of data sets, each respective data set of the plurality of data sets including a respective identifier field, the plurality of data sets including a first data set and a second group of data sets, the first data set mapping unique identifiers in the respective identifier field to a first type of information comprising sensitive household information, the second group of data sets including a second data set mapping unique identifiers in the respective identifier field to a second type of information comprising transaction information and a third data set mapping unique identifiers in the respective identifier field to a third type of information comprising advertising information, wherein the first type of information is associable with the second type of information by matching unique identifiers in the first data set and second data set and associable with the third type of information by matching unique identifiers in the first data set and the third data set;
  
  generating, by the processor, a key map including a key identifier field and an anonymous identifier field, the key identifier field for the key map including unique identifiers of the first data set of the plurality of data sets, the anonymous identifier field including unique anonymous identifiers, each anonymous identifier corresponding to a unique identifier in the key identifier field of the key map, wherein each anonymous identifier is different from the unique identifier to which the anonymous identifier corresponds;
  
  encrypting, by the processor, the key map with an encryption scheme;
  
  storing, by the processor, the key map;
  
  rendering, by the processor, each data set of the second group of data sets as unassociable with the first data set by replacing, based on the key map, each unique identifier in the respective identifier field of the second group of data sets with the anonymous identifier in the key map to which the unique identifier corresponds, wherein the second type of information is associable with the third type of information by matching anonymous identifiers in the respective identifier fields of the second data set and the third data set; and
  
  executing, by the processor, an analytical query that correlates the second type of information in at least one entry of the second data set with the third type of information of at least one entry in the third data set by matching anonymous identifiers in respective identifier fields of the second data set and third data set, wherein the first type of information in the first dataset is unassociable, by the analytical query, with the second type of information and the third type of information based on the matching anonymous identifiers, wherein the first type of information, the second type of information, and the third type of information are distinct and different types of information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the key map is stored in a different location than the plurality of data sets.
  - 3. The method of claim 1, wherein the second type of information in the at least one entry of the second data set is correlated with the at least one entry in the third data set without employing the first data set or the key map.
  - 4. The method of claim 1, wherein the encrypting of the key map is performed by selecting the encryption scheme from the following:
    - a public-key encryption scheme and a symmetric key encryption scheme.
  - 5. The method of claim 1, wherein the first data set includes demographic information for a plurality of households, and the second group of data sets includes transaction information for the plurality of households.
  - 6. The method of claim 1, wherein the unique identifiers in the respective identifier fields of the plurality of data fields corresponds to a household identifier.
  - 7. The method of claim 1, further comprising encrypting the key map with a split-key encryption key such that keys are distributed to a plurality of holders, wherein access to the key map is prevented unless two or more holders of the plurality of holders provide separate keys.
  - 8. The method of claim 7, further comprising restricting access to the first data set unless the two or more holders of the plurality of holders provide separate keys.
  - 9. The method of claim 1, wherein generating the key map comprises scanning data sets that are to be rendered unassociable to create a list of unique identifiers;
    - for each unique identifier, generating a random, non-repeating anonymous value.

10. A non-transitory computer-readable medium, storing instructions, which when executed by one or more hardware processors, cause operations comprising:
- storing, in at least one of volatile or non-volatile storage, a plurality of data sets, each respective data set of the plurality of data sets including a respective identifier field, the plurality of data sets including a first data set and a second group of data sets, the first data set mapping unique identifiers in the respective identifier field to a first type of information comprising sensitive household information, the second group of data sets including a second data set mapping unique identifiers in the respective identifier field to a second type of information comprising transaction information and a third data set mapping unique identifiers in the respective identifier field to a third type of information comprising advertising information, wherein the first type of information is associable with the second type of information by matching unique identifiers in the first data set and second data set and associable with the third type of information by matching unique identifiers in the first data set and the third data set;
  
  generating a key map including a key identifier field and an anonymous identifier field, the key identifier field for the key map including unique identifiers of the first data set of the plurality of data sets, the anonymous identifier field including unique anonymous identifiers, each anonymous identifier corresponding to a unique identifier in the key identifier field of the key map, wherein each anonymous identifier is different from the unique identifier to which the anonymous identifier corresponds;
  
  encrypting the key map with an encryption scheme;
  
  storing the key map;
  
  rendering each data set of the second group of data sets as unassociable with the first data set by replacing, based on the key map, each unique identifier in the respective identifier field of the second group of data sets with the anonymous identifier in the key map to which the unique identifier corresponds, wherein the second type of information is associable with the third type of information by matching anonymous identifiers in the respective identifier fields of the second data set and the third data set; and
  
  executing an analytical query that correlates the second type of information in at least one entry of the second data set with the third type of information of at least one entry in the third data set by matching anonymous identifiers in respective identifier fields of the second data set and third data set, wherein the first type of information in the first dataset is unassociable, by the analytical query, with the second type of information and the third type of information based on the matching anonymous identifiers, wherein the first type of information, the second type of information, and the third type of information are distinct and different types of information.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The non-transitory computer-readable medium of claim 10, wherein the key map is stored in a different location than the plurality of data sets.
  - 12. The non-transitory computer-readable medium of claim 10, wherein the second type of information in the at least one entry of the second data set is correlated with the at least one entry in the third data set without employing the first data set or the key map.
  - 13. The non-transitory computer-readable medium of claim 10, wherein encrypting of the key map is performed by selecting the encryption scheme from the following:
    - a public-key encryption scheme and a symmetric key encryption scheme.
  - 14. The non-transitory computer-readable medium of claim 10, wherein the first data set includes demographic information for a plurality of households, and the second group of data sets includes transaction information for the plurality of households.
  - 15. The non-transitory computer-readable medium of claim 10, wherein the unique identifiers in the respective identifier fields of the plurality of data fields corresponds to a household identifier.
  - 16. The non-transitory computer-readable medium of claim 10, the instructions further causing operations comprising encrypting the key map with a split-key encryption key such that keys are distributed to a plurality of holders, wherein access to the key map is prevented unless two or more holders of the plurality of holders provide separate keys.
  - 17. The non-transitory computer-readable medium of claim 16, the instructions further causing operations comprising restricting access to the first data set unless the two or more holders of the plurality of holders provide separate keys.
  - 18. The non-transitory computer-readable medium of claim 10, wherein instructions for generating the key map comprise instructions for scanning data sets that are to be rendered unassociable to create a list of unique identifiers;
    - for each unique identifier, generating a random, non-repeating anonymous value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
DataLogix Holdings, Inc. (Oracle Corporation)
Original Assignee
DataLogix Holdings, Inc. (Oracle Corporation)
Inventors
Cuthbertson, Robert John
Primary Examiner(s)
Lynch, Sharon

Application Number

US14/642,041
Publication Number

US 20160034714A1
Time in Patent Office

1,121 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6254   by anonymising data, e.g. d...

H04L 2209/42   Anonymization, e.g. involvi...

H04L 63/0407   wherein the identity of one...

H04L 67/306   User profiles

H04L 67/535   Tracking the activity of th...

H04L 9/0894   Escrow, recovery or storing...

Apparatus and method for data matching and anonymization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Apparatus and method for data matching and anonymization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others