Method and system for anonymizing data during export

US 8,949,209 B2
Filed: 05/24/2012
Issued: 02/03/2015
Est. Priority Date: 04/18/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of anonymizing data of a database, the database including a plurality of data records, with each one of the plurality of data records including a plurality of content elements, each one of the plurality of data records adhering to a first defined structural relationship based on the plurality of content elements, the method comprising:

anonymizing, in connection with at least one processor, at least one of the plurality of content elements for each one of the plurality of data records to produce at least one corresponding anonymized content element; and

exporting, in connection with the anonymizing, the plurality of data records,wherein each one of the plurality of exported data records includes the at least one corresponding anonymized content element instead of the at least one of the plurality of content elements,wherein each one of the exported plurality of data records adheres to a second defined structural relationship, andpreserving, in connection with the anonymizing, the structural relationship between the content elements for each one of the plurality of data records through the anonymization of at least one of the plurality of content elements for each one of the plurality of data records such that the first defined structural relationship of the plurality of content elements prior to anoymization is equal to the second defined structural relationship,generating a random encryption key; and

deleting the random encryption key in connection with completion of anonymization of the at least one of the plurality of content elements,wherein the at least one corresponding anonymized content element is anonymized with the random encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention refers to a computer-implemented method of anonymizing data of a database (2), wherein the method comprises the following steps:

a. exporting at least one data record (10) from the database (2), wherein the data record (10) has a structure and comprises content (100); and
b. anonymizing at least part of the content (100) to produce at least one anonymized data record (3);
c. wherein the anonymized data record (3) has the same structure than the data record (10) read from the database (2).

23 Citations

View as Search Results

19 Claims

1. A computer-implemented method of anonymizing data of a database, the database including a plurality of data records, with each one of the plurality of data records including a plurality of content elements, each one of the plurality of data records adhering to a first defined structural relationship based on the plurality of content elements, the method comprising:
- anonymizing, in connection with at least one processor, at least one of the plurality of content elements for each one of the plurality of data records to produce at least one corresponding anonymized content element; and
  
  exporting, in connection with the anonymizing, the plurality of data records,wherein each one of the plurality of exported data records includes the at least one corresponding anonymized content element instead of the at least one of the plurality of content elements,wherein each one of the exported plurality of data records adheres to a second defined structural relationship, andpreserving, in connection with the anonymizing, the structural relationship between the content elements for each one of the plurality of data records through the anonymization of at least one of the plurality of content elements for each one of the plurality of data records such that the first defined structural relationship of the plurality of content elements prior to anoymization is equal to the second defined structural relationship,generating a random encryption key; and
  
  deleting the random encryption key in connection with completion of anonymization of the at least one of the plurality of content elements,wherein the at least one corresponding anonymized content element is anonymized with the random encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the anonymizing is performed during the exporting, so that no confidential content is stored outside of the database during the exporting process.
  - 3. The method of claim 1, further comprising selecting the at least one of the plurality of content elements for each one of the plurality of data records that are to be anonymized.
  - 4. The method of claim 1, wherein the anonymizing is performed in a deterministic manner.
  - 5. The method of claim 4, wherein the anonymizing is performed using a cryptographic hash function.
  - 6. The method of claim 5, wherein the cryptographic hash function is the Message-Digest Algorithm 5 (MD5) and/or the Secure Hash Algorithm (SHA).
  - 7. The method of claim 4, wherein the anonymizing is performed using a random anonymizing process and using a cache to remember already created anonymized content.
  - 8. The method of claim 1, wherein the content to be anonymized adheres to at least one data type and wherein the anonymizing preserves the validity of the anonymized content in accordance with the at least one data type.
  - 9. The method of claim 1, wherein the anonymizing is performed using one or more predefined transformation rules.
  - 10. The method of claim 9, wherein the one or more predefined transformation rules are provided as code annotations and/or as a configuration file.
  - 11. The method of claim 10, wherein the one or more predefined transformation rules are provided as an XML file.
  - 12. The method of claim 1, wherein the at least one of the plurality of content elements for each one of the plurality of data records comprises confidential data and wherein the corresponding anonymized data record is usable for being investigated while preserving the confidentiality of the confidential data.

13. A system for anonymizing data of a database, the database including a plurality of data records, with each one of the plurality of data records includes a content element, the system comprising:
- processing resources including at least one processor and a memory, the at least one processor being configured to control a plurality of computer-related components including;
  
  an exporter component configured to export the plurality of data records at least one data record from the database along with the included content element for each one of the plurality of data record;
  
  an anonymizer component configured to anonymize the content element for each one of the plurality of data records to produce a corresponding anonymized content element such that the content element for each one of the plurality of data records and the corresponding anonymized content element for each one of the data records is consistent in size and/or an amount of content; and
  
  an encryption key component configured to generate a random encryption key and delete the random encryption key in connection with completion of the anonymization the content element for each one of the plurality of data records,wherein the anonymizer component is further configured to anonymize the content elemrnt for each one of the plurality of data records in accordance with the generated random encryption key.
- View Dependent Claims (14, 15, 16)
- - 14. The system of claim 13, wherein the content element for each one of the plurality of data records adheres to a data type and wherein the anonymizer component is configured to preserve the validity of the corresponding anonymized content element in accordance with the data type.
  - 15. The system of claim 13, further comprising a transformation rule library configured to store one or more predefined transformation rules to be used by the anonymizer component.
  - 16. The system of claim 13, further comprising a graphical user interface configured to enable a user to select content element to be anonymized, wherein the anonymizer component is configured to anonymize only the selected content.

17. A non-transitory computer-readable storage medium tangibly storing instructions for use with a database system, the database system including a with a plurality of data records, with each one of the plurality of data records including a plurality of content elements, each one of the plurality of data records adhering to a first defined structural relationship based on the plurality of content elements, the stored instructions comprising instructions that, when executed by at least one processor of a computer system, are configured to:
- anonymize at least one of the plurality of content elements for each one of the plurality of data records to produce at least one corresponding part of the content to produce at least one anonymized content element data record; and
  
  export, in connection with the anonymizing, the plurality of data records,wherein each one of the plurality of exported data records includes the at least one corresponding anonymized content element instead of the at least one of the plurality of content elements,wherein each one of the exported plurality of data records adheres to a second defined structural relationship, andpreserve, in connection with the anonymizing, the structural relationship between the content elements for each one of the plurality of data records through the anonymization of at least one of the plurality of content elements for each one of the plurality of data records such that the first defined structural relationship of the plurality of content elements prior to anonymization is equal to the second defined structural relationship,wherein the anonymizing is performed using a deterministic function such that successive anonymization of the same content will result in the same anonymized content.
- View Dependent Claims (18, 19)
- - 18. The non-transitory computer-readable storage medium of claim 17, wherein the stored instructions comprise further instructions that, when executed by at least one processor of a computer system, are configured to:
    - load, from a storage medium, at least one previously defined transformation rule,wherein the anonymization of the at least one of the plurality of content elements for each one of the plurality of data records is carried out according to the loaded at least one previously defined transformation rule.
  - 19. The non-transitory computer-readable storage medium of claim 18, wherein the at least one of the plurality of content elements for each one of the plurality of data records is equal in size and/or amount of content to the corresponding anonymized content element included in the exported plurality of data records.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Software AG
Original Assignee
Software AG
Inventors
Prowald, Mathias, Khin, Gerald
Primary Examiner(s)
Corrielus, Jean M

Application Number

US13/479,775
Publication Number

US 20130282679A1
Time in Patent Office

985 Days
Field of Search

707/698, 707/736, 709/201, 713/193
US Class Current

707/698
CPC Class Codes

G06F 16/258 Data format conversion from...

G06F 21/6254 by anonymising data, e.g. d...

Method and system for anonymizing data during export

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for anonymizing data during export

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links