Preservation of User Data Privacy in a Network
First Claim
1. An apparatus comprising a processor and a memory storing executable instructions that in response to execution by the processor cause the apparatus to at least perform the following:
- generate a pseudonym of personal data of a user using a first secret key;
encrypt a unique identifier of the user using a second secret key; and
prepare the pseudonym and encrypted identifier for transmission to a remote apparatus for storage of the personal data in a database under the pseudonym, and indexed by the encrypted identifier, the first and second secret keys being known to one or more other users authorized to access the data, and the first and second secret keys being unknown to the remote apparatus.
2 Assignments
0 Petitions
Accused Products
Abstract
An example apparatus is provided that receives a pseudonym and encrypted identifier, where the pseudonym is of a user'"'"'s personal data. The pseudonym has been generated using a first secret key, and the encrypted identifier has been generated by encrypting the identifier using a second secret key. The first and second secret keys are known to other user(s) authorized to access the data, and are unknown to the apparatus. The operations also include storing the personal data in a database under the pseudonym, and indexed by the encrypted identifier. The keys used for encryption and pseudorandom generation can be provided by a second apparatus (e.g. an offline security manager), which may employ a proxy re-encryption scheme to provide proper keys to the apparatus based on access policies. Only the authorized users can decrypt the keys with their private keys, thus can query the user records stored in the apparatus.
-
Citations
19 Claims
-
1. An apparatus comprising a processor and a memory storing executable instructions that in response to execution by the processor cause the apparatus to at least perform the following:
-
generate a pseudonym of personal data of a user using a first secret key; encrypt a unique identifier of the user using a second secret key; and prepare the pseudonym and encrypted identifier for transmission to a remote apparatus for storage of the personal data in a database under the pseudonym, and indexed by the encrypted identifier, the first and second secret keys being known to one or more other users authorized to access the data, and the first and second secret keys being unknown to the remote apparatus. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus comprising a processor and a memory storing executable instructions that in response to execution by the processor cause the apparatus to at least perform the following:
-
receive a pseudonym and encrypted identifier at the apparatus, the pseudonym being of personal data of a user having a unique identifier, the pseudonym having been generated using a first secret key, and the encrypted identifier having been generated by encrypting the identifier using a second secret key, the first and second secret keys being known to one or more other users authorized to access the data, and the first and second secret keys being unknown to the apparatus; and provide for storage of the personal data in a database under the pseudonym, and indexed by the encrypted identifier. - View Dependent Claims (7, 8)
-
-
9. An apparatus comprising a processor and a memory storing executable instructions that in response to execution by the processor cause the apparatus to further perform the following:
-
receive encrypted first and second secret keys that have been generated by encrypting the first and second secret keys using a public key of the apparatus; generate a re-encryption key using the public key of an authorized user and the public key and a private key of the apparatus; generate the re-encrypted first and second secret keys using the re-encryption key; and prepare the re-encrypted first and second secret keys for transmission to the authorized user for decrypting the re-encrypted first and second secret keys using the private key of the authorized user to thereby obtain the first and second secret keys. - View Dependent Claims (10)
-
-
11. A method comprising:
-
generating a pseudonym of personal data of a user using a first private key; encrypting a unique identifier of the user using a second private key; and preparing the pseudonym and encrypted identifier for transmission to a remote apparatus for storing the personal data in a database under the pseudonym, and indexed by the encrypted identifier, the first and second secret keys being known to one or more other users authorized to access the data, and the first and second secret keys being unknown to the remote apparatus, wherein generating a pseudonym, encrypting the identifier and preparing the pseudonym and encrypted identifier for transmission are performed by at least one processor configured to generate the pseudonym, encrypt the identifier and preparing the pseudonym and encrypted identifier for transmission. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method comprising:
-
receiving a pseudonym and encrypted identifier at an apparatus, the pseudonym being of personal data of a user having a unique identifier, the pseudonym having been generated using a first secret key, and the encrypted identifier having been generated by encrypting the identifier using a second secret key, the first and second secret keys being known to one or more other users authorized to access the data, and the first and second secret keys being unknown to the apparatus; and providing for storage of the personal data in a database under the pseudonym, and indexed by the encrypted identifier, wherein receiving a pseudonym and encrypted identifier and storing the personal data are performed by at least one processor of the apparatus configured to receive the pseudonym and encrypted identifier and store the personal data. - View Dependent Claims (17, 18)
-
-
19-20. -20. (canceled)
Specification