On-demand de-identification of data in computer storage systems
US-2019303610-A1 · Oct 3, 2019 · US
Obfuscation and deletion of personal data in a loosely-coupled distributed system
US11157652B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11157652-B2 |
| Application number | US-201816215549-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 10, 2018 |
| Priority date | May 16, 2018 |
| Publication date | Oct 26, 2021 |
| Grant date | Oct 26, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A real-time event processing system receives event data containing telemetric data and one or more personal identifiers. The personal identifier in the event data is replaced with an obfuscated value so that the telemetric data may be used without reference to the personal identifier. A reversible map is used to reverse the obfuscated personal identifier to its original value. In the case when a request is received to delete the mapped personal identifier, the link to the entry in the reversible map is broken by associating the personal identifier with a different obfuscated value.
First claim
Opening claim text (preview).
What is claimed: 1. A system comprising: at least one domain, wherein the at least one domain includes one or more processors and a memory; wherein the at least one domain includes at least one module that performs actions that: obtain an event including a personal identifier; generate an obfuscated value to replace the personal identifier; search for the obfuscated value in a delete table, wherein the delete table includes a plurality of entries, an entry including a first obfuscated value and a second obfuscated value, the first obfuscated value associated with a first-generation randomized value, the second obfuscated value based on a current-generation randomized value; when the obfuscated value is not found in the delete table, replace the personal identifier in the event with the obfuscated value and store in a reversible map table; when the obfuscated value is found in the delete table, obtain the second obfuscated value of the personal identifier from the delete table and replace the personal identifier in the event with the second obfuscated value; and utilize the event without reference to the personal identifier. 2. The system of claim 1 , wherein the at least one module performs actions that: receive a delete request for the personal identifier; generate the obfuscated value of the personal identifier; search for the obfuscated value in the delete table; and when the obfuscated value exists in the delete table: generate a new obfuscated value; and store the new obfuscated value as the second obfuscated value in the delete table in an entry associated with the personal identifier, wherein the new obfuscated value delinks access to the reversible map table for the personal identifier. 3. The system of claim 2 , wherein the at least one module performs further actions that: when the obfuscated value does not exist in the delete table, generate an entry in the delete table for the personal identifier, the entry including the obfuscated value as the first obfuscated value. 4. The system of claim 2 , wherein a size of the obfuscated value differentiates the obfuscated value from the second obfuscated value. 5. The system of claim 1 , further comprising: an update domain including at least one processor and a memory; at least one module in the update domain configured to performs actions that: generate an identifier table to store dependent personal identifiers associated with the personal identifier in the event; and construct an updated delete table to reflect personal identifiers received in events from any domain having been subject to a delete request. 6. The system of claim 5 , wherein the at least one module in the update domain performs further actions that: create entries in the updated delete table for a personal identifier subject to a delete request that does not exist in the delete table; and update an obfuscated value associated with a personal identifier existing in the delete table. 7. The system of claim 6 , wherein the at least one module in the update domain performs further actions that remove entries in the reversible map for a personal identifier subject to a delete request. 8. The system of claim 7 , wherein the at least one module in the update domain performs further actions that update the current-generation randomized value. 9. A method, comprising: obtaining a first delete request at an ingest node of a computing system to remove a personal identifier, the ingest node including at least one processor and a memory, the personal identifier stored in a reversible map table of the ingest node, the personal identifier accessed in the reversible map table by an obfuscated value; generating the obfuscated value to replace the personal identifier; searching for the personal identifier in a delete table using the obfuscated value, wherein the delete table includes a plurality of entries, an entry including a first obfuscated value and a second obfuscated value, the first obfuscated value associated with a first-generation randomized value, the second obfuscated value based on a current-generation randomized value; when the personal identifier is not found in the delete table, inserting an entry in the delete table for the personal identifier, the entry containing the obfuscated value; when the personal identifier is found in the delete table, delinking access to the personal identifier in the reversible map table by replacing the second obfuscated value in the delete table with a new obfuscated value; and utilizing telemetric data associated with the personal identifier without reference to the personal identifier. 10. The method of claim 9 , wherein searching for the at least one personal identifier in a delete table further comprises generating the obfuscated value using the personal identifier and a first randomized value. 11. The method of claim 9 , further comprising: obtaining an event including the personal identifier; searching for the personal identifiers in the delete table; when the personal identifier has a corresponding entry in the delete table, storing the personal identifier in the reversible map table using the second obfuscated value from the delete table. 12. The method of claim 11 , further comprising: obtaining a second delete request for the personal identifier; and delinking access to the personal identifier in the reversible map table by replacing the second obfuscated value in the delete table with a new obfuscated value. 13. The method of claim 9 , further comprising: obtaining an event associated with a first personal identifier; determining that the first personal identifier is not associated with an entry in the delete table; generating an obfuscated value for the first personal identifier; storing the obfuscated value for the first personal identifier in the reversible map table; replacing the first personal identifier with the obfuscated value for the first personal identifier in the event; and utilizing data in the event without reference to the first personal identifier. 14. A device, comprising: at least one processor and a memory; wherein the at least one processor is configured to: generate a delete table having a plurality of entries, an entry maps a first obfuscation value to a second obfuscation value; generate a reversible map table having a plurality of entries, an entry maps the first obfuscation value to a personal identifier; obtain event data including the personal identifier; generate the first obfuscation value to replace the personal identifier; replace the personal identifier in the event data with the first obfuscation value, when the first obfuscation value is not found in the delete table; replace the personal identifier in the event data with the second obfuscation value, when the first obfuscation value is found in the delete table; and retain the event data without the personal identifier. 15. The device of claim 14 , wherein the first obfuscated value is based on the personal identifier and a first randomized value and the second obfuscated value is based on the personal identifier and a second randomized value, the first randomized value differs from the second randomized value. 16. The device of claim 14 , wherein the at least one processor is further configured to: receive a first delete request for the personal identifier; delink access to the reversible map table entry of the personal identifier by altering the second obfuscation value in the delete table. 17. The device of claim 16 , wherein the at least one pro
Assignees
Inventors
Classifications
Hash functions, e.g. MD5, SHA, HMAC or f9 MAC · CPC title
- G06F21/6254Primary
by anonymising data, e.g. decorrelating personal data from the owner's identification · CPC title
Obfuscation or hiding, e.g. involving white box · CPC title
Updates performed during online database operations; commit processing · CPC title
involving long-term monitoring or reporting · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11157652B2 cover?
- A real-time event processing system receives event data containing telemetric data and one or more personal identifiers. The personal identifier in the event data is replaced with an obfuscated value so that the telemetric data may be used without reference to the personal identifier. A reversible map is used to reverse the obfuscated personal identifier to its original value. In the case when …
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6254. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 26 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).