Preservation of User Data Privacy in a Network

US 20120239942A1
Filed: 12/07/2009
Published: 09/20/2012
Est. Priority Date: 12/07/2009
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising a processor and a memory storing executable instructions that in response to execution by the processor cause the apparatus to at least perform the following:

generate a pseudonym of personal data of a user using a first secret key;

encrypt a unique identifier of the user using a second secret key; and

prepare the pseudonym and encrypted identifier for transmission to a remote apparatus for storage of the personal data in a database under the pseudonym, and indexed by the encrypted identifier, the first and second secret keys being known to one or more other users authorized to access the data, and the first and second secret keys being unknown to the remote apparatus.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An example apparatus is provided that receives a pseudonym and encrypted identifier, where the pseudonym is of a user'"'"'s personal data. The pseudonym has been generated using a first secret key, and the encrypted identifier has been generated by encrypting the identifier using a second secret key. The first and second secret keys are known to other user(s) authorized to access the data, and are unknown to the apparatus. The operations also include storing the personal data in a database under the pseudonym, and indexed by the encrypted identifier. The keys used for encryption and pseudorandom generation can be provided by a second apparatus (e.g. an offline security manager), which may employ a proxy re-encryption scheme to provide proper keys to the apparatus based on access policies. Only the authorized users can decrypt the keys with their private keys, thus can query the user records stored in the apparatus.

Citations

19 Claims

1. An apparatus comprising a processor and a memory storing executable instructions that in response to execution by the processor cause the apparatus to at least perform the following:
- generate a pseudonym of personal data of a user using a first secret key;
  
  encrypt a unique identifier of the user using a second secret key; and
  
  prepare the pseudonym and encrypted identifier for transmission to a remote apparatus for storage of the personal data in a database under the pseudonym, and indexed by the encrypted identifier, the first and second secret keys being known to one or more other users authorized to access the data, and the first and second secret keys being unknown to the remote apparatus.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The apparatus of claim 1, wherein generate a pseudonym of the data comprises applying apply a hash function to the data using the second secret key.
  - 3. The apparatus of claim 1, wherein encrypt the identifier comprises encrypt the identifier according to a chosen-plaintext attack-secure symmetric encryption technique.
  - 4. The apparatus of claim 1, wherein the apparatus comprises a first apparatus, and wherein the memory stores executable instructions that in response to execution by the processor cause the apparatus to further perform the following:
    - receive a public key of a second apparatus distinct from the first apparatus;
      
      encrypt the first and second secret keys using the public key of the second apparatus; and
      
      prepare the encrypted first and second secret keys for transmission to the second apparatus for generating and transmitting to an authorized user re-encrypted first and second secret keys that have been re-encrypted using a re-encryption key that has been generated using a public key of an authorized user and the public key and a private key of the second apparatus.
  - 5. The apparatus of claim 4, wherein the memory stores executable instructions that in response to execution by the processor cause the apparatus to further perform the following:
    - prepare an access control policy for transmission to the second apparatus for generating and transmitting to the authorized user the re-encrypted keys in accordance with the access control policy, the access control policy grante the one or more authorized users access to the personal data.

6. An apparatus comprising a processor and a memory storing executable instructions that in response to execution by the processor cause the apparatus to at least perform the following:
- receive a pseudonym and encrypted identifier at the apparatus, the pseudonym being of personal data of a user having a unique identifier, the pseudonym having been generated using a first secret key, and the encrypted identifier having been generated by encrypting the identifier using a second secret key, the first and second secret keys being known to one or more other users authorized to access the data, and the first and second secret keys being unknown to the apparatus; and
  
  provide for storage of the personal data in a database under the pseudonym, and indexed by the encrypted identifier.
- View Dependent Claims (7, 8)
- - 7. The apparatus of claim 6, wherein the memory stores executable instructions that in response to execution by the processor cause the apparatus to further perform the following:
    - receive a query for the personal data from an authorized user, the query includes the pseudonym and encrypted identifier both having been generated by the authorized user;
      
      retrieve the personal data from the database based on the pseudonym and encrypted identifier; and
      
      prepare the personal data for transmission to the authorized user.
  - 8. The apparatus of claim 7, wherein receiving receive a pseudonym and encrypted identifier comprises receive a pseudonym and encrypted identifier for a plurality of users, wherein prepare for storage of the personal data comprises provide for storage of the personal data in the database under the respective pseudonyms, and indexed by the respective encrypted identifiers,wherein receive a query comprises receive a query for the personal data of some of the users, the query including includes the pseudonyms and encrypted identifiers of the respective users, all of the pseudonyms and encrypted identifiers having been generated by the authorized user.

9. An apparatus comprising a processor and a memory storing executable instructions that in response to execution by the processor cause the apparatus to further perform the following:
- receive encrypted first and second secret keys that have been generated by encrypting the first and second secret keys using a public key of the apparatus;
  
  generate a re-encryption key using the public key of an authorized user and the public key and a private key of the apparatus;
  
  generate the re-encrypted first and second secret keys using the re-encryption key; and
  
  prepare the re-encrypted first and second secret keys for transmission to the authorized user for decrypting the re-encrypted first and second secret keys using the private key of the authorized user to thereby obtain the first and second secret keys.
- View Dependent Claims (10)
- - 10. The apparatus of claim 9, wherein the memory stores executable instructions that in response to execution by the processor cause the apparatus to further perform the following:
    - receive an access control policy granting the one or more authorized users access to the personal data,wherein generate the re-encrypted first and second secret keys and prepare the second re-encryption key for transmission occur in accordance with the access control policy.

11. A method comprising:
- generating a pseudonym of personal data of a user using a first private key;
  
  encrypting a unique identifier of the user using a second private key; and
  
  preparing the pseudonym and encrypted identifier for transmission to a remote apparatus for storing the personal data in a database under the pseudonym, and indexed by the encrypted identifier, the first and second secret keys being known to one or more other users authorized to access the data, and the first and second secret keys being unknown to the remote apparatus,wherein generating a pseudonym, encrypting the identifier and preparing the pseudonym and encrypted identifier for transmission are performed by at least one processor configured to generate the pseudonym, encrypt the identifier and preparing the pseudonym and encrypted identifier for transmission.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein generating a pseudonym of the data comprises applying a hash function to the data using the second secret key.
  - 13. The method of claim 11, wherein encrypting the identifier comprises encrypting the identifier according to a chosen-plaintext attack-secure symmetric encryption technique.
  - 14. The method of claim 11 further comprising:
    - receiving a public key of a second apparatus;
      
      encrypting the first and second secret keys using the public key of the second apparatus; and
      
      preparing the encrypted first and second secret keys for transmission to the second apparatus for generating and transmitting to an authorized user re-encrypted first and second secret keys that have been re-encrypted using a re-encryption key that has been generated using a public key of an authorized user and the public key and a private key of the second apparatus.
  - 15. The method of claim 14 further comprising:
    - preparing an access control policy for transmission to the second apparatus for generating and transmitting to the authorized user the re-encrypted keys in accordance with the access control policy, the access control policy granting the one or more authorized users access to the personal data.

16. A method comprising:
- receiving a pseudonym and encrypted identifier at an apparatus, the pseudonym being of personal data of a user having a unique identifier, the pseudonym having been generated using a first secret key, and the encrypted identifier having been generated by encrypting the identifier using a second secret key, the first and second secret keys being known to one or more other users authorized to access the data, and the first and second secret keys being unknown to the apparatus; and
  
  providing for storage of the personal data in a database under the pseudonym, and indexed by the encrypted identifier,wherein receiving a pseudonym and encrypted identifier and storing the personal data are performed by at least one processor of the apparatus configured to receive the pseudonym and encrypted identifier and store the personal data.
- View Dependent Claims (17, 18)
- - 17. The method of claim 16 further comprising:
    - receiving a query for the personal data from an authorized user, the query including the pseudonym and encrypted identifier both having been generated by the authorized user;
      
      retrieving the personal data from the database based on the pseudonym and encrypted identifier; and
      
      preparing the personal data for transmission to the authorized user.
  - 18. The method of claim 17, wherein receiving a pseudonym and encrypted identifier comprises receiving a pseudonym and encrypted identifier for a plurality of users, wherein providing for storage of the personal data comprises providing for storage of the personal data in the database under the respective pseudonyms, and indexed by the respective encrypted identifiers,wherein receiving a query comprises receiving a query for the personal data of some of the users, the query including the pseudonyms and encrypted identifiers of the respective users, all of the pseudonyms and encrypted identifiers having been generated by the authorized user.

19-20. -20. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Technologies Oy (Nokia Corporation)
Original Assignee
Nokia Corporation
Inventors
Yan, Zheng

Granted Patent

US 9,077,690 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

H04L 63/0421   Anonymous communication, i....

H04W 8/18   Processing of user or subsc...

H04W 8/24   Transfer of terminal data

Preservation of User Data Privacy in a Network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Preservation of User Data Privacy in a Network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links