×

Data obfuscation

  • US 9,946,895 B1
  • Filed: 12/15/2015
  • Issued: 04/17/2018
  • Est. Priority Date: 12/15/2015
  • Status: Expired due to Fees
First Claim
Patent Images

1. A computer-implemented method, comprising:

  • receiving, from a processing system of a multi-tenant environment, a request for customer data stored by a data storage system of the multi-tenant environment, the customer data associated with a customer having an account with a provider of the multi-tenant environment;

    determining, per an access policy specified by the customer, that a portion of the customer data for the request is sensitive data that is restricted from full access by the processing system;

    determining a first key and a separate second key corresponding to the sensitive data;

    generating a token for the sensitive data, the token generated using the first key and ciphertext of the sensitive data generated using the second key, an initialization vector, and padding;

    providing the token for the sensitive data, along with other non-sensitive customer data for the request, to the processing system; and

    causing the processing system to aggregate the sensitive data, and other non-sensitive customer data, with additional data for additional customers, wherein aggregated data analysis is enabled to be performed by the processing system without the processing system having access to an unencrypted form of the sensitive data for the customer.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×