Privacy-preserving data deduplication

What is claimed is: 1. A method comprising: receiving, by a server computer from a first data provider computer, encrypted data derived from first identity data and a cryptographic key or derivative thereof stored at the first data provider computer; transmitting, by the server computer to a second data provider computer, the encrypted data and/or the cryptographic key or derivative thereof; responsive to transmitting the encrypted data and/or the cryptographic key, receiving, by the server computer from the second data provider computer, intermediate data derived from second identity data stored at the second data provider computer; responsive to receiving the intermediate data, determining, by the server computer, if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted; and responsive to determining if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted, removing, by the server computer, one of the first identity data in encrypted form, and the second identity data in encrypted form from a memory in the server computer. 2. The method of claim 1 , wherein the cryptographic key or derivative thereof is a first public key, wherein the encrypted data is the first identity data that is doubly encrypted, and wherein receiving the encrypted data and the cryptographic key or derivative thereof comprises: receiving, by the server computer, the doubly encrypted first identity data, the first public key, and a first secret key from the first data provider computer, wherein the doubly encrypted first identity data comprises the first identity data encrypted using the first public key and a second public key. 3. The method of claim 2 , wherein transmitting, to the second data provider computer, the doubly encrypted first identity data and/or the first public key comprises: transmitting, by the server computer, the first public key and the doubly encrypted first identity data to the second data provider computer, and wherein in the method the second data provider computer uses a second secret key to remove a layer of encryption from the doubly encrypted first identity data to retrieve singly encrypted first identity data and thereafter uses second identity data and the first public key to generate the intermediate data based on the first identity data and the second identity data. 4. The method of claim 3 , wherein determining if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted comprises: decrypting, by the server computer, the intermediate data using the first secret key to retrieve a comparison value between the first identity data and the second identity data, which indicates if the first identity data and the second identity data are duplicates. 5. The method of claim 1 , wherein the cryptographic key or derivative thereof is an encrypted master secret key and wherein receiving the encrypted data and the cryptographic key or derivative thereof comprises: receiving, by the server computer, the encrypted data and the encrypted master secret key, wherein the encrypted first identity data comprises the first identity data encrypted using a master secret key, and wherein the encrypted master secret key comprises the master secret key encrypted using a public key. 6. The method of claim 5 , wherein transmitting, to the second data provider computer, the encrypted data and/or the cryptographic key or derivative thereof comprises: transmitting, by the server computer to the second data provider computer, the encrypted master secret key, and wherein in the method the second data provider computer decrypts the encrypted master secret key using a secret key to retrieve the master secret key and uses the second identity data and the master secret key to generate the intermediate data, wherein the intermediate data is a restricted secret key. 7. The method of claim 6 , wherein determining if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted comprises: decrypting, by the server computer, the encrypted data using the restricted secret key to retrieve a comparison value between the first identity data and the second identity data that indicates if the first identity data and the second identity data are duplicates. 8. The method of claim 1 , wherein the cryptographic key or derivative thereof is an encrypted first public key, and wherein receiving the encrypted data and the cryptographic key or derivative thereof comprises: receiving, by the server computer from the first data provider computer, a trapdoor, the encrypted data, and the encrypted first public key, and wherein in the method, the encrypted data comprises the first identity data encrypted using a first public key, and wherein the encrypted first public key comprises the first public key encrypted using a second public key. 9. The method of claim 8 , wherein transmitting, to the second data provider computer, the encrypted data and/or the cryptographic key or derivative thereof comprises: transmitting, by the server computer to the second data provider computer, the encrypted first public key, and wherein in the method the second data provider computer decrypts the encrypted first public key using a second secret key to retrieve the first public key and thereafter uses second identity data and the first public key to generate intermediate data. 10. The method of claim 9 , wherein determining if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted further comprises: comparing, by the server computer, the encrypted data to the intermediate data using the trapdoor to retrieve a comparison value between the first identity data and the second identity data that indicates if the first identity data and the second identity data are duplicates. 11. The method of claim 1 , wherein the first identity data includes data associated with a first user, wherein the second identity data includes data associated with a second user, and wherein if the first identity data and the second identity data are duplicates the first user is the second user. 12. The method of claim 1 , wherein prior to receiving the encrypted data and the cryptographic key or derivative thereof, the method further comprises: receiving, by the server computer, the encrypted first identity data from the first data provider computer; and receiving, by the server computer, the encrypted second identity data from the second data provider computer. 13. The method of claim 12 further comprising: after receiving the encrypted first identity data and the encrypted second identity data, storing the encrypted first identity data and the encrypted second identity data into the memory; and prior to receiving the encrypted data derived from the first identity data and the cryptographic key or derivative thereof, determining to perform a data deduplication process on the encrypted first identity data and the encrypted second identity data. 14. The method of claim 13 further comprising: generating a data deduplication request message requesting the encrypted data derived from the first identity data and the cryptographic key or derivative thereof; and providing the data deduplication request message to the first data provider computer. 15. A server computer comprising: