Video surveillance systems using out of band key exchange
US-12177293-B2 · Dec 24, 2024 · US
Privacy-preserving data deduplication
US2025260676A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2025260676-A1 |
| Application number | US-202519197868-A |
| Country | US |
| Kind code | A1 |
| Filing date | May 2, 2025 |
| Priority date | Feb 25, 2022 |
| Publication date | Aug 14, 2025 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method includes a server computer receiving, from a first data provider computer, encrypted data derived from first identity data and a cryptographic key or derivative thereof stored at the first data provider computer. The server computer transmits, to a second data provider computer, the encrypted data and/or the cryptographic key or derivative thereof. The server computer receives, from the second data provider computer, intermediate data derived from second identity data stored at the second data provider computer. The server computer determines if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted. The server computer removes one of encrypted first identity data, derived from the first identity data, and encrypted second identity data, derived from the second identity data, from a memory in the server computer.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: encrypting, by a first data provider computer using a cryptographic key or derivative thereof, first identity data to form encrypted data; storing, by the first data provider computer, the encrypted data; and transmitting, by the first data provider computer to a server computer, the encrypted data and the cryptographic key or derivative thereof, wherein the server computer comprises a processor and a computer readable medium comprising code executable by the processor to perform operations comprising: receiving, from the first data provider computer, the encrypted data and the cryptographic key or derivative thereof; transmitting, to a second data provider computer, the encrypted data and/or the cryptographic key or derivative thereof; receiving, from the second data provider computer, intermediate data derived from second identity data stored at the second data provider computer; determining if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted; and responsive to determining if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted, remove one of the first identity data in encrypted form, and the second identity data in encrypted form from a memory in the server computer. 2 . The method of claim 1 , wherein the cryptographic key or derivative thereof is a first public key, wherein the encrypted data is the first identity data that is doubly encrypted, and wherein receiving the encrypted data and the cryptographic key or derivative thereof comprises: receiving, by the server computer, the doubly encrypted first identity data, the first public key, and a first secret key from the first data provider computer, wherein the doubly encrypted first identity data comprises the first identity data encrypted using the first public key and a second public key. 3 . The method of claim 2 , wherein transmitting, to the second data provider computer, the doubly encrypted first identity data and/or the first public key comprises: transmitting, by the server computer, the first public key and the doubly encrypted first identity data to the second data provider computer, and wherein the second data provider computer is configured to use a second secret key to remove a layer of encryption from the doubly encrypted first identity data to retrieve singly encrypted first identity data and thereafter use second identity data and the first public key to generate the intermediate data based on the first identity data and the second identity data. 4 . The method of claim 3 , wherein determining if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted comprises: decrypting, by the server computer, the intermediate data using the first secret key to retrieve a comparison value between the first identity data and the second identity data, which indicates if the first identity data and the second identity data are duplicates. 5 . The method of claim 1 , wherein the encrypted data is encrypted first identity data, and wherein the cryptographic key or derivative thereof is an encrypted master secret key and wherein receiving the encrypted data and the cryptographic key or derivative thereof comprises: receiving, by the server computer, the encrypted data and the encrypted master secret key, wherein the encrypted first identity data comprises the first identity data encrypted using a master secret key, and wherein the encrypted master secret key comprises the master secret key encrypted using a public key. 6 . The method of claim 5 , wherein transmitting, to the second data provider computer, the encrypted data and/or the cryptographic key or derivative thereof comprises: transmitting, by the server computer to the second data provider computer, the encrypted master secret key, and wherein the second data provider computer is configured to decrypt the encrypted master secret key using a secret key to retrieve the master secret key and use the second identity data and the master secret key to generate the intermediate data, wherein the intermediate data is a restricted secret key. 7 . The method of claim 6 , wherein determining if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted comprises: decrypting, by the server computer, the encrypted data using the restricted secret key to retrieve a comparison value between the first identity data and the second identity data that indicates if the first identity data and the second identity data are duplicates. 8 . The method of claim 1 , wherein the cryptographic key or derivative thereof is an encrypted first public key, and wherein receiving the encrypted data and the cryptographic key or derivative thereof comprises: receiving, by the server computer from the first data provider computer, a trapdoor, the encrypted data, and the encrypted first public key, and wherein in the method, the encrypted data comprises the first identity data encrypted using a first public key, and wherein the encrypted first public key comprises the first public key encrypted using a second public key. 9 . The method of claim 8 , wherein transmitting, to the second data provider computer, the encrypted data and/or the cryptographic key or derivative thereof comprises: transmitting, by the server computer to the second data provider computer, the encrypted first public key, and wherein in the method the second data provider computer decrypts the encrypted first public key using a second secret key to retrieve the first public key and thereafter uses second identity data and the first public key to generate the intermediate data. 10 . The method of claim 9 , wherein determining if the first identity data and the second identity data are duplicates while the first identity data and the second identity data are encrypted further comprises: comparing, by the server computer, the encrypted data to the intermediate data using the trapdoor to retrieve a comparison value between the first identity data and the second identity data that indicates if the first identity data and the second identity data are duplicates. 11 . The method of claim 1 , wherein the first identity data includes data associated with a first user, wherein the second identity data includes data associated with a second user, and wherein if the first identity data and the second identity data are duplicates the first user is the second user. 12 . The method of claim 1 , wherein the operations further comprise: receiving the encrypted second identity data from the second data provider computer. 13 . The method of claim 12 , wherein the encrypted data is encrypted first identity data, and wherein the operations further comprise: after receiving the encrypted first identity data and the encrypted second identity data, storing the encrypted first identity data and the encrypted second identity data into the memory; and prior to receiving the encrypted data derived from the first identity data and the cryptographic key or derivative thereof, determining to perform a data deduplication process on the encrypted first identity data and the encrypted second identity data. 14 . The method of claim 13 , wherein the operations further comprise generating a data deduplication request message requesting the encrypted data derived from the first identity da
Assignees
Inventors
Classifications
Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy · CPC title
Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
- H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
involving homomorphic encryption · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2025260676A1 cover?
- A method includes a server computer receiving, from a first data provider computer, encrypted data derived from first identity data and a cryptographic key or derivative thereof stored at the first data provider computer. The server computer transmits, to a second data provider computer, the encrypted data and/or the cryptographic key or derivative thereof. The server computer receives, from th…
- Who is the assignee on this patent?
- Visa Int Service Ass
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Aug 14 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).