System and method for the anonymisation of sensitive personal data and method of obtaining such data

US 8,607,332 B2
Filed: 01/26/2006
Issued: 12/10/2013
Est. Priority Date: 01/26/2005
Status: Active Grant

First Claim

Patent Images

1. A system for managing patient medical records, comprising:

a first data processing subsystem including;

a generating unit configured to generate a common key from data identifying a person; and

a private database configured to associate said common key with said identification data; and

a second data processing subsystem including;

an obtaining unit configured to obtain said common key;

a generating unit configured to generate a random number from said common key;

a receiving unit configured to receive a registration message for a medical service including at least sensitive medical personal data of said person and said random number from outside said second data processing subsystem; and

a storing unit configured to store said sensitive medical personal data in a second database in association with said random number and said common key, wherein the association between said common key and said identification data is unknown from the second data processing subsystem and the association between the common key and the random number is unknown from the first data processing subsystem, wherein the second data processing subsystem is configured to perform a calculation based at least in part on the sensitive medical personal data of the registration message and send a result of the calculation to the first data processing subsystem, and the first data processing subsystem is configured to supply said person with said result of the calculation,wherein the result of the calculation is a reimbursement amount for the medical service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for managing sensitive personal data includes a first data processing subsystem and a second data processing subsystem. The first data processing subsystem includes a generating unit and a private database. The generating unit generates a common key from data identifying a person. The private database associates the common key with the identification data. The second data processing subsystem includes an obtaining unit, a generating unit, a receiving unit and a storing unit. The obtaining unit obtains the common key. The generating unit generates a random number from the common key. The receiving unit receives a registration message including sensitive personal data of the person and the random number. The storing unit stores the personal data in a second database in association with the random number and the common key.

16 Citations

View as Search Results

17 Claims

1. A system for managing patient medical records, comprising:
- a first data processing subsystem including;
  
  a generating unit configured to generate a common key from data identifying a person; and
  
  a private database configured to associate said common key with said identification data; and
  
  a second data processing subsystem including;
  
  an obtaining unit configured to obtain said common key;
  
  a generating unit configured to generate a random number from said common key;
  
  a receiving unit configured to receive a registration message for a medical service including at least sensitive medical personal data of said person and said random number from outside said second data processing subsystem; and
  
  a storing unit configured to store said sensitive medical personal data in a second database in association with said random number and said common key, wherein the association between said common key and said identification data is unknown from the second data processing subsystem and the association between the common key and the random number is unknown from the first data processing subsystem, wherein the second data processing subsystem is configured to perform a calculation based at least in part on the sensitive medical personal data of the registration message and send a result of the calculation to the first data processing subsystem, and the first data processing subsystem is configured to supply said person with said result of the calculation,wherein the result of the calculation is a reimbursement amount for the medical service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15)
- - 2. The system according to claim 1, wherein the second data processing subsystem includes:
    - an obtaining unit configured to obtain reduced data from the sensitive medical personal data; and
      
      a sending unit configured to send said first data processing subsystem a message including said reduced data and the common key associated with said sensitive medical personal data in the storing unit.
  - 3. The system according to claim 1, wherein the second data processing subsystem includes a statistical processing unit configured to statistically process said sensitive medical personal data stored in the storing unit.
  - 4. The system according to claim 1, wherein the second data processing subsystem includes a creation unit configured to create a private encryption/public encryption key pair;
    - wherein in the system said person uses a personal digital storage medium to calculate encrypted data from said sensitive medical personal data, said random number and said public encryption key, said encrypted data being sent to said second data processing subsystem via a reader of the medium, the second data processing subsystem including;
      
      a receiving unit configured to receive said encrypted data from said reader; and
      
      a decrypting unit configured to decrypt said encrypted data using said private encryption key and obtaining said random number and said sensitive medical personal data in order to store them in said storing unit.
  - 5. The system according to claim 4, wherein said medium is configured to obtain said sensitive medical personal data from said reader.
  - 6. The system according to claim 1, wherein said first data processing subsystem includes:
    - a receiving unit configured to receive from a requestor a request for obtaining particular sensitive medical personal data of said person; and
      
      a sending unit configured to send the second data processing subsystem a request for authentication of said requestor, said authentication request including an identifier of said particular sensitive medical personal data and the common key generated from data identifying said person; and
      
      said second processing subsystem includes;
      
      a receiving unit configured to receive said authentication request;
      
      an authentication unit configured to authenticate said requestor; and
      
      a sending unit configured to send said particular sensitive medical personal data to said first data processing subsystem if said authentication is successful.
  - 7. The system according to claim 1, wherein said sensitive medical personal data consists of:
    - detailed medical data relating to a medical service provided for a patient and associated with reduced medical data; and
      
      complementary information including an amount charged for said service.
  - 8. The system according to claim 7, wherein the storing unit stores information representing entitlements of a patient in association with said common key generated for the patient;
    - andwherein the second data processing subsystem includes;
      
      a calculation unit configured to calculate a reimbursement amount from the entitlements of the patient and the amount charged for the service received in the form of encrypted data from the reader of a healthcare professional adapted to read the personal digital storage medium of said patient; and
      
      a sending unit configured to send said reimbursement amount to said reader or to the first data processing subsystem.
  - 15. A system according to claim 1, wherein the result of the calculation is non-confidential information.

9. A method of managing patient medical records, comprising:
- generating a common key in a first data processing subsystem from data identifying a person, wherein said common key is associated with said identification data, and wherein the common key is obtained by a second data processing subsystem;
  
  generating in the second data processing subsystem a random number from said common key;
  
  receiving in the second data processing subsystem a registration message for a medical service including sensitive medical personal data of said person and said random number from outside said second data processing subsystem; and
  
  storing said sensitive medical personal data in a database of said second data processing subsystem in association with said random number and said common key, wherein the association between said common key and said identification data is unknown from the second data processing subsystem and the association between the common key and the random number is unknown from the first data processing subsystem, wherein the second data processing subsystem performs a calculation based at least in part on the sensitive medical personal data of the registration message and sends a result of the calculation to the first data processing subsystem, and the first data processing subsystem supplies said person with said result of the calculation,wherein the result of the calculation is a reimbursement amount for the medical service.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The method according to claim 9, comprising:
    - obtaining in the second data processing subsystem reduced data from said sensitive medical personal data; and
      
      sending the first data processing subsystem a message including said reduced data and the common key associated with said sensitive medical personal data in the second database.
  - 11. The method according to claim 9, further comprising:
    - receiving in the second data processing subsystem encrypted data calculated from sensitive medical personal data, a random number and a public encryption key; and
      
      decrypting in the second data processing subsystem said encrypted data using a private encryption key associated with said public key to obtain said random number and said sensitive medical personal data in order to store them in said second data base.
  - 12. The method according to claim 9, wherein said sensitive medical personal data consists of:
    - detailed medical data relating to a medical service provided for a patient, that detailed medical data being associated with reduced medical data; and
      
      complementary data including an amount charged for said service; and
      
      wherein the second database stores in association with said common key generated for a patient information representing entitlements of the patient, wherein the method comprises;
      
      calculating in the second data processing subsystem a reimbursement amount from the entitlements of the patient and the amount charged for the service received in the form of encrypted data from a reader of a personal digital storage medium of said patient; and
      
      sending said reimbursement amount to said reader or to the first data processing subsystem.
  - 13. The method according to claim 9, comprising:
    - receiving in the first data processing subsystem a request from a requestor for obtaining particular personal sensitive medical data of said person;
      
      receiving in the second data processing subsystem from said first data processing subsystem an authentication request including an identifier of said particular sensitive medical personal data and a common key generated from data identifying said person;
      
      authenticating said requestor; and
      
      sending said particular sensitive medical personal data to said first data processing subsystem if said authentication is successful.

14. A non-transitory computer readable medium comprising a computer program, the computer program including instructions for managing patient medical records which when executed by a second data processing subsystem perform a method comprising:
- generating a common key in a first data processing subsystem from data identifying a person, wherein said common key is associated with said identification data, and wherein the common key is obtained by a second data processing subsystem;
  
  generating in the second data processing subsystem a random number from said common key;
  
  receiving in the second data processing subsystem a registration message for a medical service including sensitive medical personal data of said person and said random number from outside said second data processing subsystem; and
  
  storing said sensitive medical personal data in a database of said second data processing subsystem in association with said random number and said common key, wherein the association between said common key and said identification data is unknown from the second data processing subsystem and the association between the common key and the random number is unknown from the first data processing subsystem, wherein the second data processing subsystem performs a calculation based at least in part on the sensitive medical personal data of the registration message and sends a result of the calculation to the first data processing subsystem, and the first data processing subsystem supplies said person with said result of the calculation,wherein the result of the calculation is a reimbursement amount for the medical service.

16. A system for managing sensitive personal data, comprising:
- a first data processing subsystem including;
  
  a generating unit configured to generate a common key from data identifying a person; and
  
  a private database configured to associate said common key with said identification data; and
  
  a second data processing subsystem including;
  
  an obtaining unit configured to obtain said common key;
  
  a generating unit configured to generate a random number from said common key;
  
  a receiving unit configured to receive a registration message including at least sensitive personal data of said person and said random number from outside said second data processing subsystem; and
  
  a storing unit configured to store said sensitive personal data in a second database in association with said random number and said common key,wherein the association between said common key and said identification data is unknown from the second data processing subsystem and the association between the common key and the random number is unknown from the first data processing subsystem,wherein the second data processing subsystem includes a statistical processing unit configured to statistically process said sensitive personal data stored in the storing unit, andwherein the second data processing subsystem is configured to obtain reduced data from said sensitive personal data and send the first data processing subsystem a message including said reduced data and the common key associated with said sensitive personal data in the second database.

17. A system for managing sensitive personal data, comprising:
- a first data processing subsystem including;
  
  a generating unit configured to generate a common key from data identifying a person; and
  
  a private database configured to associate said common key with said identification data; and
  
  a second data processing subsystem including;
  
  an obtaining unit configured to obtain said common key;
  
  a generating unit configured to generate a random number from said common key;
  
  a receiving unit configured to receive a registration message including at least sensitive personal data of said person and said random number from outside said second data processing subsystem; and
  
  a storing unit configured to store said sensitive personal data in a second database in association with said random number and said common key,wherein the association between said common key and said identification data is unknown from the second data processing subsystem and the association between the common key and the random number is unknown from the first data processing subsystem,wherein the second data processing subsystem is configured to perform a calculation from the registration message and send a result of the calculation to the first data processing subsystem, and the first data processing subsystem is configured to supply said person with said result of the calculation, andwherein the second data processing subsystem includes a statistical processing unit configured to statistically process said sensitive personal data stored in the storing unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Orange S.A.
Original Assignee
Orange S.A.
Inventors
Canard, Sbastien, Guilloteau, Stphane, Boudet, Franois
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US11/883,267
Publication Number

US 20080304663A1
Time in Patent Office

2,875 Days
Field of Search

None
US Class Current

726/20
CPC Class Codes

G06F 21/6254 by anonymising data, e.g. d...

G06F 2221/2153 Using hardware token as a s...

System and method for the anonymisation of sensitive personal data and method of obtaining such data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for the anonymisation of sensitive personal data and method of obtaining such data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links