System and method to anonymize data transmitted to a destination computing device
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
출원번호
US-0609402
(2015-01-29)
등록번호
US-9432342
(2016-08-30)
발명자
/ 주소
Kothari, Pravin
Gorantla, Malakondayya
출원인 / 주소
CIPHERCLOUD, INC.
대리인 / 주소
Minisandram Law Firm
인용정보
피인용 횟수 :
4인용 특허 :
19
초록▼
A method and system for anonymizing data is disclosed. Data to be anonymized is received by an anonymization system. A request for a data encryption key is generated. A masked data encryption key is received in response to the request. The data encryption key is retrieved from the masked data encryp
A method and system for anonymizing data is disclosed. Data to be anonymized is received by an anonymization system. A request for a data encryption key is generated. A masked data encryption key is received in response to the request. The data encryption key is retrieved from the masked data encryption key. The data is anonymized using an anonymization module to derive an anonymized data using the data encryption key.
대표청구항▼
1. A method for anonymizing data, comprising: receiving data to be anonymized by an anonymization system executed on a computing device, the data including a plurality of characters;generating a request for a data encryption key with a corresponding request identifier;providing a data store associat
1. A method for anonymizing data, comprising: receiving data to be anonymized by an anonymization system executed on a computing device, the data including a plurality of characters;generating a request for a data encryption key with a corresponding request identifier;providing a data store associating a plurality of generated masked data encryption key with their corresponding request identifier;verifying if there is a match between the corresponding request identifier and a stored request identifier; when there is a match, receiving the associated masked data encryption key corresponding to the request identifier for the data encryption key in response to the request;when there is no match, generating a masked data encryption key corresponding to the request identifier for the data encryption key by providing a first encryption key, a second encryption key and a master key;masking the master key with the first encryption key using a computer implemented first crypto function to generate a masked master key; andgenerating the masked data encryption key using a computer implemented second crypto function and the masked master key;receiving the generated masked data encryption key in response to the request;retrieving the data encryption key from the received masked data encryption key by de-masking the masked data encryption key using a computer implemented third crypto function and the second encryption key; andanonymizing the data using an anonymization module executed on the computing device to derive an anonymized data using the retrieved data encryption key. 2. The method of claim 1, further including: storing the request identifier and corresponding generated masked data encryption key in the data store. 3. The method of claim 1, wherein the first crypto function is configured such that the master key may not be derived from the masked master key and the first encryption key. 4. The method of claim 3, wherein the second crypto function and the third crypto function are configured such that effect of first encryption key on the masked data encryption key generated using the second crypto function is negated by the second encryption key using the third crypto function. 5. The method of claim 1, wherein, the first crypto function is executed in an administrator system; the second crypto function is executed in a key manager system; andthe third crypto function is executed in the anonymization system. 6. The method of claim 5, further including: receiving the request for the data encryption key by the key manager system; generating the masked data encryption key by the key manager system; andresponding with the masked data encryption key by the key manager system. 7. The method of claim 1, further including: feeding a DEK seed and the masked master key to the second crypto function as input to generate the masked data encryption key. 8. The method of claim 7, further including: storing the request identifier and the DEK seed corresponding to the generated masked data encryption key in a data store;receiving a subsequent request for a data encryption key with a corresponding request identifier; verifying if there is a match between the corresponding request identifier and the stored request identifier; andwhen there is a match, regenerating the masked data encryption key by using the masked master key and the DEK seed corresponding to the stored request identifier and responding with the regenerated masked data encryption key;when there is no match, generating a new masked data encryption key and responding with the new generated masked data encryption key. 9. The method of claim 5, wherein the administrator system transmits the masked master key to the key manager system and transmits the second encryption key to the anonymization system. 10. A system to anonymize data, comprising: an anonymization system executed on a computing device configured to receive data to be anonymized, the data including a plurality of characters; generate a request for a data encryption key with a corresponding request identifier;receive a masked data encryption key in response to the request;retrieve the data encryption key from the masked data encryption key; andanonymize the data using an anonymization module executed on the computing device to derive an anonymized data using the retrieved data encryption key,wherein the system further including: a data store with each generated masked data encryption key associated with their corresponding request identifier;a match between the corresponding request identifier and a stored request identifier is verified for a match by the system, andwhen there is a match, the masked data encryption key corresponding to the request identifier is received in response to the request;when there is no match, a masked data encryption key corresponding to the request identifier for the data encryption key is generated and received in response to the request, wherein a masked master key is generated by masking a master key with a first encryption key using a computer implemented first crypto function; andthe masked data encryption key is generated using a computer implemented second crypto function and the masked master key; andwherein, the data encryption key is retrieved from the received masked data encryption key by de-masking the masked data encryption key using a computer implemented third crypto function and a second encryption key. 11. The system of claim 10, wherein the request identifier and the corresponding generated masked data encryption key is stored in the data store. 12. The system of claim 10, wherein the first crypto function is configured such that the master key may not be derived from the masked master key and the first encryption key. 13. The system of claim 12, wherein the second crypto function and the third crypto function are configured such that effect of first encryption key on the masked data encryption key generated using the second crypto function is negated by the second encryption key using the third crypto function. 14. The system of claim 10, wherein, the first crypto function is executed in an administrator system; the second crypto function is executed in a key manager system; andthe third crypto function is executed in the anonymization system. 15. The system of claim 14, wherein the key manager system receives the request for the data encryption key; generates the masked data encryption key; andresponds with the masked data encryption key. 16. The system of claim 10, wherein a DEK seed and the masked master key is fed to the second crypto function as input to generate the masked data encryption key. 17. The system of claim 16, wherein the request identifier and the DEK seed corresponding to the generated masked data encryption key is stored in a data store;upon receipt of a subsequent request for a data encryption key with a corresponding request identifier, the corresponding request identifier is compared with the stored request identifier; andwhen there is a match between the corresponding request identifier and the stored request identifier, the masked data encryption key is regenerated by using the masked master key and the DEK seed corresponding to the stored request identifier and the regenerated masked data encryption key is returned in response to the request;when there is no match, a new masked data encryption key is generated and the new generated masked data encryption key is returned in response to the request. 18. The system of claim 14, wherein the administrator system transmits the masked master key to the key manager system and transmits the second encryption key to the anonymization system.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (19)
Barker, Paul Andrew; Marson, Philip John, Apparatus and method for generating reports with masked confidential data.
Duane, William M.; Griffin, Robert W.; Harwood, John S.; Lazar, Gregory W.; Linnell, Thomas E., Apparatus for controlling embedded security on a storage platform.
Kollmyer,Brad; Baker,Brian; Shapiro,Eric; Kollmyer,Aric; Rutman,Mike; MacLean,Duncan; Robertson,Dan; Taylor,Neal; Hunsche,Dick; Walker,Amanda, Apparatus, system and method for selectively encrypting different portions of data sent over a network.
Farber David A. ; Lachman Ronald D., Data processing system using substantially unique identifiers to identify data items, whereby identical data items hav.
Chang Chung-Chia (San Jose CA) Davoll Gregory L. (Los Gatos CA) El-Ruby Mohamed H. (San Jose CA) Friske Craig A. (San Jose CA) Iyer Balakrishna R. (San Jose CA) Lazarus John P. (San Jose CA) Wilhite , Method and system for adaptively building a static Ziv-Lempel dictionary for database compression.
Kollmyer,Brad; Baker,Brian A.; Shapiro,Eric Bradley; Kollmyer,Aric; Rutman,Mike; MacLean,Charles Duncan; Robertson,Dan; Taylor,Neal; Hunsche,Dick; Walker,Amanda, Selectively encrypting different portions of data sent over a network.
York, Sean A.; Hellman, Scott A.; Wyatt, James; Rodriguez, Marko; Hill, Steven H., Methods and systems for network-based analysis, intervention, and anonymization.
York, Sean A.; Hellman, Scott A.; Wyatt, James; Rodriguez, Marko; Hill, Steven H., Methods and systems for network-based analysis, intervention, and anonymization.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.