Data privacy management
US-2016132696-A1 · May 12, 2016 · US
Systems and methods for automatic and customizable data minimization of electronic data stores
US10657273B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10657273-B2 |
| Application number | US-201815912490-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 5, 2018 |
| Priority date | Dec 29, 2015 |
| Publication date | May 19, 2020 |
| Grant date | May 19, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A dynamic data minimization server implements minimization protocols to entity-specific information based on access rights (e.g., privacy rights) of a requesting entity. The minimization may be applied on the fly (e.g., as the entity-specific information is requested) and the level, type, protocol, etc., of encryption (or other minimization process) may be selected based on a particular type of a data item. The dynamic data minimization server may determine and apply transformation functions, such as encryption, to items of protected information, transforming those items of protected information into items of minimized information. If a requesting entity has appropriate rights, the dynamic data minimization server may selectively apply a reverse transformation function, such as decryption, to recover the original information. The systems and methods include generation and presentation of user interfaces for presenting minimized information and processing requests to de-minimize information, and may be used to provide minimization services to pre-existing data stores.
First claim
Opening claim text (preview).
What is claimed is: 1. A system comprising: a data store configured to store computer-executable instructions; and a hardware processor in communication with the data store, wherein the computer-executable instructions, when executed, configure the hardware processor to: receive, from a presentation server, a first request to access an item of protected information; determine, based at least in part on at least one of the first request or an information type of the item of protected information, that the item of protected information is to be minimized; obtain the item of protected information; identify, based at least in part on the information type of the item of protected information, a transformation function from a plurality of transformation functions, wherein individual transformation functions are identified from the plurality of transformation functions on a per-request or per-item basis; cause the transformation function to be applied to the item of protected information to produce an item of minimized information that preserves one or more characteristics of the item of protected information, wherein the item of minimized information reduces a determinable association between the item of minimized information and an identity associated with the item of protected information; cause the presentation server to display a user interface to render the item of minimized information that preserves one or more characteristics of the item of protected information instead of the item of protected information; receive, from the presentation server, a second request to access the item of protected information; determine, based at least in part on a physical location associated with the second request or a security of a connection associated with the second request, that access to the item of protected information is to be allowed; and cause the presentation server to display an updated user interface to replace the item of minimized information with the item of protected information. 2. The system of claim 1 , wherein the transformation function comprises one or more of a generalizing function, a depersonalizing function, an anonymizing function, a character masking function, an encryption function, a hashing function, a bucketing function, a randomizing function, or a precision decreasing function. 3. The system of claim 1 , wherein the information type of the item of protected information comprises a name type, an address type, a telephone number type, an identification number type, a location type, a salary type, an income type, a password type, a date type, a health record type, or a test score type. 4. The system of claim 1 , wherein the hardware processor is further configured to generate user interface data useable to render the item of minimized information. 5. The system of claim 1 , wherein the hardware processor is further configured to determine the one or more characteristics of the item of protected information that are preserved by the item of minimized information. 6. The system of claim 5 , wherein the one or more characteristics are determined based at least in part on the first request. 7. A computer-implemented method comprising: determining, by a first computing device, that an item of protected information is to be minimized; identifying, by the first computing device, a transformation function from a plurality of transformation functions based at least in part on an information type of the item of protected information, wherein individual transformation functions are identified from the plurality of transformation functions on a per-request or per-item basis; applying, by the first computing device, the transformation function to the item of protected information to produce an item of minimized information that preserves one or more characteristics of the item of protected information, and wherein the item of minimized information reduces a determinable association between the item of minimized information and an identity associated with the item of protected information; transmitting, by the first computing device, the item of minimized information to a second computing device, wherein transmitting the item of minimized information causes the second computing device to display a user interface that includes the item of minimized information that preserves one or more characteristics of the item of protected information and excludes the item of protected information; receiving, by the first computing device, a request from the second computing device to de-minimize the item of minimized information; determining, based at least in part on a physical location associated with the request, that access to the item of protected information is to be allowed; and transmitting, by the first computing device, the item of protected information to the second computing device, wherein transmitting the item of protected information causes the second computing device to display an updated user interface that includes the item of protected information. 8. The computer-implemented method of claim 7 , wherein determining that the item of protected information is to be minimized is based at least in part on the item of protected information. 9. The computer-implemented method of claim 7 , wherein determining that the item of protected information is to be minimized is based at least in part on a previous request for the item of protected information. 10. The computer-implemented method of claim 9 , wherein the previous request for the item of protected information identifies a requesting entity, and wherein determining that the item of protected information is to be minimized is based at least in part on the requesting entity. 11. The computer-implemented method of claim 7 , wherein the user interface further includes at least a user interface control that, when selected, generates the request to de-minimize the item of minimized information. 12. The computer-implemented method of claim 11 further comprising: determining, by the first computing device, a reverse transformation function associated with the transformation function; and applying, by the first computing device, the reverse transformation function to the item of minimized information to produce the item of protected information. 13. The computer-implemented method of claim 7 , wherein the one or more characteristics of the item of protected information that are preserved by the item of minimized information include one or more of a portion of the item of protected information, a geographic region corresponding to the item of protected information, or a numerical range corresponding to the item of protected information. 14. A non-transitory computer-readable storage medium including computer-executable instructions that, when executed by a processor, configure the processor to: determine that an item of protected information is to be minimized; identify, based at least in part on an information type of the item of protected information, a transformation function from a plurality of transformation functions, wherein individual transformation functions are identified from the plurality of transformation functions on a per-request or per-item basis; apply the transformation function to the item of protected information to produce an item of minimized information that preserves one or more characteristics of the item of protected information, and wherein the item of minimized information reduces a determinable associated between the item of minimized information and an identity associated with the item of protected information; cause a presentation server to
Assignees
Inventors
Classifications
Tools and structures for managing or administering access control systems · CPC title
where protection concerns the structure of data, e.g. records, types, queries · CPC title
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
- G06F21/6209Primary
to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself · CPC title
based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10657273B2 cover?
- A dynamic data minimization server implements minimization protocols to entity-specific information based on access rights (e.g., privacy rights) of a requesting entity. The minimization may be applied on the fly (e.g., as the entity-specific information is requested) and the level, type, protocol, etc., of encryption (or other minimization process) may be selected based on a particular type of…
- Who is the assignee on this patent?
- Palantir Technologies Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6209. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 19 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).