De-identification of data

US 9,323,948 B2
Filed: 12/14/2010
Issued: 04/26/2016
Est. Priority Date: 12/14/2010
Status: Active Grant

First Claim

Patent Images

1. A computer program product for dynamically de-identifying sensitive data from a data source for a target application, the computer program product comprising a computer readable storage device having computer readable program code embodied therewith, the computer readable program code being configured to cause a hardware processor to:

generate a default rule set including at least one rule, the default rule set including a default de-identification protocol to produce de-identified data from an Extract/Transform/Load (ETL) tool, wherein the default de-identification protocol is selected based on business rules;

map the default rule set to data definitions each generated by a discovery tool and associated with a corresponding sensitive data element identified in the data;

specify a runtime rule set comprising at least one runtime rule, the runtime rule including a runtime de-identification protocol to produce de-identified data from the ETL tool, wherein the runtime rule set is specified via an interface;

replace the default rule set with the runtime rule set to change the default de-identification protocol to the runtime de-identification protocol at runtime to accommodate changing de-identification requirements of a target environment, and map the runtime rule set to the data definitions, whereineach data definition includes a data object comprising metadata, including an indicator of a type of sensitive data from among a plurality of types of sensitive data and information indicating the location of the data element within the data source, for that data element, andeach runtime rule is mapped to a corresponding data definition of a sensitive data element based on the type of sensitive data; and

receive the data and the data definitions, and for each data definition;

obtain the runtime rule mapped to that data definition; and

apply the obtained runtime rule to the sensitive data element corresponding to that data definition in the received data and dynamically de-identify the sensitive data element for the target application by the ETL tool at runtime via the runtime de-identification protocol of the obtained runtime rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method, computer program product and system for de-identifying data, wherein a de-identification protocol is selectively mapped to a business rule at runtime via an ETL tool.

24 Citations

View as Search Results

17 Claims

1. A computer program product for dynamically de-identifying sensitive data from a data source for a target application, the computer program product comprising a computer readable storage device having computer readable program code embodied therewith, the computer readable program code being configured to cause a hardware processor to:
- generate a default rule set including at least one rule, the default rule set including a default de-identification protocol to produce de-identified data from an Extract/Transform/Load (ETL) tool, wherein the default de-identification protocol is selected based on business rules;
  
  map the default rule set to data definitions each generated by a discovery tool and associated with a corresponding sensitive data element identified in the data;
  
  specify a runtime rule set comprising at least one runtime rule, the runtime rule including a runtime de-identification protocol to produce de-identified data from the ETL tool, wherein the runtime rule set is specified via an interface;
  
  replace the default rule set with the runtime rule set to change the default de-identification protocol to the runtime de-identification protocol at runtime to accommodate changing de-identification requirements of a target environment, and map the runtime rule set to the data definitions, whereineach data definition includes a data object comprising metadata, including an indicator of a type of sensitive data from among a plurality of types of sensitive data and information indicating the location of the data element within the data source, for that data element, andeach runtime rule is mapped to a corresponding data definition of a sensitive data element based on the type of sensitive data; and
  
  receive the data and the data definitions, and for each data definition;
  
  obtain the runtime rule mapped to that data definition; and
  
  apply the obtained runtime rule to the sensitive data element corresponding to that data definition in the received data and dynamically de-identify the sensitive data element for the target application by the ETL tool at runtime via the runtime de-identification protocol of the obtained runtime rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 15)
- - 2. The computer program product of claim 1, wherein the computer readable program code is further configured to cause a hardware processor to:
    - consume the generated data definitions and apply the default de-identification protocol mapped to the sensitive data element data definition.
  - 3. The computer program product of claim 2, wherein the computer readable program code is further configured to cause a hardware processor to:
    - compare the output of applying the default de-identification protocol with the output of applying the runtime de-identification protocol; and
      
      display the comparison for review.
  - 4. The computer program product of claim 2, wherein the computer readable program code is further configured to cause a hardware processor to selectively re-identify the de-identified data element in accordance with rules to produce an unmasked data element.
  - 5. The computer program product of claim 1, wherein the replacing further comprises:
    - overriding the generated default rule set with the runtime rule set, wherein the default rule set and the runtime rule set correspond to different target environments having different de-identification requirements.
  - 6. The computer program product of claim 1, wherein the computer readable program code is further configured to cause a hardware processor to enable specification of the runtime rule set by designating a file location for the runtime rule set via the interface.
  - 7. The computer program product of claim 1, wherein the computer readable program code is further configured to cause a hardware processor to enable specification of the runtime rule set via a text box provided on the interface.
  - 15. The computer program product of claim 1, wherein each data definition is in the form of an Extensible Markup Language (XML) file.

8. A system for dynamically de-identifying sensitive data from a data source for a target application, the system comprising a computer system including at least one hardware processor configured to:
- generate a default rule set including at least one rule, the default rule set including a default de-identification protocol to produce de-identified data from an Extract/Transform/Load (ETL) tool, wherein the default de-identification protocol is selected based on business rules;
  
  map the default rule set to data definitions each generated by a discovery tool and associated with a corresponding sensitive data element identified in the data;
  
  specify a runtime rule set comprising at least one runtime rule, the runtime rule including a runtime de-identification protocol to produce de-identified data from the ETL tool, wherein the runtime rule set is specified via an interface;
  
  replace the default rule set with the runtime rule set to change the default de-identification protocol to the runtime de-identification protocol at runtime to accommodate changing de-identification requirements of a target environment, and map the runtime rule set to the data definitions, whereineach data definition includes a data object comprising metadata, including an indicator of a type of sensitive data from among a plurality of types of sensitive data and information indicating the location of the data element within the data source, for that data element, andeach runtime rule is mapped to a corresponding data definition of a sensitive data element based on the type of sensitive data; and
  
  receive the data and the data definitions, and for each data definition;
  
  obtain the runtime rule mapped to that data definition; and
  
  apply the obtained runtime rule to the sensitive data element corresponding to that data definition in the received data and dynamically de-identify the sensitive data element for the target application by the ETL tool at runtime via the runtime de-identification protocol of the obtained runtime rule.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 16)
- - 9. The system of claim 8, wherein the at least one hardware processor is further configured to:
    - consume the generated data definitions and apply and apply the default de-identification protocol mapped to the sensitive data element data definition.
  - 10. The system of claim 9, wherein the at least one hardware processor is further configured to:
    - compare the output of applying the default de-identification protocol with the output of applying the runtime de-identification protocol; and
      
      display the comparison for review.
  - 11. The system of claim 9, wherein the at least one hardware processor is further configured to selectively re-identify the de-identified data element in accordance with rules to produce an unmasked data element.
  - 12. The system of claim 8, wherein the replacing further comprises:
    - overriding the generated default rule set with the runtime rule set, wherein the default rule set and the runtime rule set correspond to different target environments having different de-identification requirements.
  - 13. The system of claim 8, wherein the at least one hardware processor is further configured to enable specification of the runtime rule set by designating a file location for the runtime rule set via the interface.
  - 14. The system of claim 8, wherein the at least one hardware processor is further configured to enable specification of the runtime rule set via a text box provided on the interface.
  - 16. The system of claim 8, wherein each data definition is in the form of an Extensible Markup Language (XML) file.

17. A system for dynamically de-identifying sensitive data from a data source for a target application, the system comprising a computer system including at least one hardware processor configured to:
- identify sensitive data elements in the data via a discovery tool, wherein identifying a sensitive data element comprises associating the data element with a type of sensitive data from among a plurality of types of sensitive data;
  
  generate data definitions via the discovery tool, wherein each data definition is associated with an identified sensitive data element and includes a data object comprising metadata, including an indicator of a type of sensitive data and information indicating the location of the data element within the data source, for that data element;
  
  specify a default rule set comprising at least one runtime rule, the default rule set including a default de-identification protocol to produce de-identified data from an Extract/Transform/Load (ETL) tool, wherein the default de-identification protocol is selected based on business rules;
  
  map the default rule set to the data definitions generated by the discovery tool for the identified sensitive data elements;
  
  replace the default rule set with a runtime rule set comprising at least one runtime rule, the runtime rule including a runtime de-identification protocol to produce de-identified data from the ETL tool, wherein the runtime rule set is specified via an interface and the replacing changes the default de-identification protocol to the runtime de-identification protocol at runtime to accommodate changing de-identification requirements of a target environment;
  
  map the runtime rule set to the data definitions generated by the discovery tool and associated with a corresponding sensitive data element identified in the data, wherein each runtime rule is mapped to a corresponding data definition of a sensitive data element based on the type of sensitive data; and
  
  receive the data and the data definitions, and for each data definition;
  
  obtain the runtime rule mapped to that data definition; and
  
  apply the obtained runtime rule to the sensitive data element corresponding to that data definition in the received data and dynamically de-identify the sensitive data element for the target application by the ETL tool at runtime via the runtime de-identification protocol of the obtained runtime rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Gupta, Ritesh K., Nagaraj, Prathima, Padmanabhan, Sriram K.
Primary Examiner(s)
Kim, Tae
Assistant Examiner(s)
KU, SHIUH-HUEI P

Application Number

US12/967,666
Publication Number

US 20120151597A1
Time in Patent Office

1,960 Days
Field of Search

705/3, 705/34, 713/189, 726/1, 726/26
US Class Current

1/1
CPC Class Codes

G06F 21/6254 by anonymising data, e.g. d...

De-identification of data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

De-identification of data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links