Systems and methods for package component visualizations
US-2018285426-A1 · Oct 4, 2018 · US
Method and apparatus for linked encryption tokenization of user traceable data
US10783259B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10783259-B2 |
| Application number | US-201816051403-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 31, 2018 |
| Priority date | May 3, 2018 |
| Publication date | Sep 22, 2020 |
| Grant date | Sep 22, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method and apparatus for tokenization of user-traceable data are described. User traceable data is data that is not directly personal data but can be traced back to the identity or an activity of the user. A first raw value is encrypted into a first token using a symmetric key encryption mechanism based on a combination of a second raw value including personal data of a user and a second token resulting from the tokenization of the second raw value where the first token is an anonymized representation of the first raw value.
First claim
Opening claim text (preview).
What is claimed is: 1. A method of tokenization of user traceable data for enabling support of a right to be forgotten privacy requirement upon receipt of a request to be forgotten from a user of a system that handles log records resulting from operations of one or more applications used by the user, the method comprising: receiving a raw log record including a set of one or more fields storing raw data related to an event that occurred in an application, wherein a first field and a second field of the set of fields are respectively to store a first raw value that represents user traceable data that can be traced back to an identity or an activity of the user and a second raw value; determining whether the second field from the set of fields has stored therein the second raw value that represents personal data of a user; in response to determining that the second field from the set of fields has stored therein the second raw value that represents personal data of a user, encrypting the first raw value to generate a first token using a first symmetric key encryption mechanism based at least in part on a combination of the second raw value that represents personal data of the user and a second token resulting from the tokenization of the second raw value, wherein the first token and the second token are respectively an anonymized representation of the first raw value and the second raw value; responsive to determining that the second field from the set of fields does not have stored therein the second raw value, encrypting the first raw value to generate the first token using a second symmetric key encryption mechanism based on a cryptographic key associated with a time window after which the cryptographic key is to no longer be valid to detokenize tokens; and outputting a tokenized log record generated based on the raw log record, the first token, and the second token to be used by one or more log record consumers. 2. The method of claim 1 , wherein the time window after which the cryptographic key is to no longer be valid to detokenize tokens is shorter than a period of time within which personal data is to be forgotten responsive to a request from the user. 3. The method of claim 1 , wherein the tokenization of the second raw value includes generation of a one to one mapping between the second raw value and the second token and storage of the one to one mapping, and the method further comprises: responsive to receiving a request to forget the personal data of the user, deleting the one to one mapping between the second raw value and the second token so that the first token can no longer be detokenized based on the one to one mapping. 4. The method of claim 1 , wherein the encrypting of the first raw value to generate the first token using the symmetric key encryption mechanism based at least in part on the combination of the second raw value and the second token resulting from the tokenization of the second raw value includes: using the combination of the second raw value and the second token as a key of the symmetric key encryption mechanism, wherein the combination is at least one of a concatenation of the second raw value and the second token and a hash of the concatenation of the second raw value and the second token. 5. The method of claim 1 , wherein the encrypting of the first raw value to generate the first token using the symmetric key encryption mechanism based at least in part on the combination of the second raw value of the second field and the second token resulting from the tokenization of the second raw value includes: using one of the second raw value and the second token as a key for the symmetric key encryption mechanism; and using the other one of the second raw value and the second token as an initialization vector of the symmetric key encryption mechanism. 6. The method of claim 1 , wherein the raw log record was generated responsive to activity of a first of a plurality of organizations assigned different organization identifiers in a multi-tenant system, and wherein the encrypting of the first raw value to generate the first token using the first symmetric key encryption mechanism based at least in part on the combination of the second raw value and the second token is further based on an organization identifier uniquely identifying the first of the plurality of organizations. 7. A non-transitory machine readable medium that stores instructions that, when executed by one or more processors of electronic devices, cause the electronic devices to enable support of a right to be forgotten privacy requirement upon receipt of a request to be forgotten from a user of a system that handles log records resulting from operations of one or more applications used by the user, by performing the following operations: receiving a raw log record including a set of one or more fields storing raw data related to an event that occurred in an application, wherein a first field and a second field of the set of fields are respectively to store a first raw value that represents user traceable data that can be traced back to an identity or an activity of the user and a second raw value; determining whether the second field from the set of fields has stored therein the second raw value that represents personal data of a user; in response to determining that the second field from the set of fields has stored therein the second raw value that represents personal data of a user, encrypting the first raw value to generate a first token using a first symmetric key encryption mechanism based at least in part on a combination of the second raw value that represents personal data of the user and a second token resulting from the tokenization of the second raw value, wherein the first token and the second token are respectively an anonymized representation of the first raw value and the second raw value; responsive to determining that the second field from the set of fields does not have stored therein the second raw value, encrypting the first raw value to generate the first token using a second symmetric key encryption mechanism based on a cryptographic key associated with a time window after which the cryptographic key is to no longer be valid to detokenize tokens; and outputting a tokenized log record generated based on the raw log record, the first token, and the second token to be used by one or more log record consumers. 8. The non-transitory machine readable medium of claim 7 , wherein the time window after which the cryptographic key is to no longer be valid to detokenize tokens is shorter than a period of time within which personal data is to be forgotten responsive to a request from the user. 9. The non-transitory machine readable medium of claim 7 , wherein the tokenization of the second raw value includes generation of a one to one mapping between the second raw value and the second token and storage of the one to one mapping, and the operation further comprise: responsive to receiving a request to forget the personal data of the user, deleting the one to one mapping between the second raw value and the second token so that the first token can no longer be detokenized based on the one to one mapping. 10. The non-transitory machine readable medium of claim 7 , wherein the encrypting of the first raw value to generate the first token using the symmetric key encryption mechanism based at least in part on the combination of the second raw value and the second token resulting from the tokenization of the second raw value includes: using the combination of the second raw value and the second token as a key of the symmetric key encryption mechanism, wherein the combination is at least one of a concatenation of the se
Assignees
Inventors
Classifications
using third party service providers · CPC title
Tracking the activity of the user (network monitoring arrangements H04L43/00; recording of computer activity G06F11/34) · CPC title
involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token (network architectures or network communication protocols for supporting authentication of entities using an additional device in a packet data network H04L63/0853) · CPC title
Data logging (G06F11/14, G06F11/2205 take precedence) · CPC title
when the policy decisions are valid for a limited amount of time · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10783259B2 cover?
- A method and apparatus for tokenization of user-traceable data are described. User traceable data is data that is not directly personal data but can be traced back to the identity or an activity of the user. A first raw value is encrypted into a first token using a symmetric key encryption mechanism based on a combination of a second raw value including personal data of a user and a second toke…
- Who is the assignee on this patent?
- Salesforce Com Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/602. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 22 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).