User data deidentification system for ip addresses
US-2024411929-A1 · Dec 12, 2024 · US
De-identification of data
US9323948B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9323948-B2 |
| Application number | US-96766610-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 14, 2010 |
| Priority date | Dec 14, 2010 |
| Publication date | Apr 26, 2016 |
| Grant date | Apr 26, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present invention relates to a method, computer program product and system for de-identifying data, wherein a de-identification protocol is selectively mapped to a business rule at runtime via an ETL tool.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer program product for dynamically de-identifying sensitive data from a data source for a target application, the computer program product comprising a computer readable storage device having computer readable program code embodied therewith, the computer readable program code being configured to cause a hardware processor to: generate a default rule set including at least one rule, the default rule set including a default de-identification protocol to produce de-identified data from an Extract/Transform/Load (ETL) tool, wherein the default de-identification protocol is selected based on business rules; map the default rule set to data definitions each generated by a discovery tool and associated with a corresponding sensitive data element identified in the data; specify a runtime rule set comprising at least one runtime rule, the runtime rule including a runtime de-identification protocol to produce de-identified data from the ETL tool, wherein the runtime rule set is specified via an interface; replace the default rule set with the runtime rule set to change the default de-identification protocol to the runtime de-identification protocol at runtime to accommodate changing de-identification requirements of a target environment, and map the runtime rule set to the data definitions, wherein each data definition includes a data object comprising metadata, including an indicator of a type of sensitive data from among a plurality of types of sensitive data and information indicating the location of the data element within the data source, for that data element, and each runtime rule is mapped to a corresponding data definition of a sensitive data element based on the type of sensitive data; and receive the data and the data definitions, and for each data definition: obtain the runtime rule mapped to that data definition; and apply the obtained runtime rule to the sensitive data element corresponding to that data definition in the received data and dynamically de-identify the sensitive data element for the target application by the ETL tool at runtime via the runtime de-identification protocol of the obtained runtime rule. 2. The computer program product of claim 1 , wherein the computer readable program code is further configured to cause a hardware processor to: consume the generated data definitions and apply the default de-identification protocol mapped to the sensitive data element data definition. 3. The computer program product of claim 2 , wherein the computer readable program code is further configured to cause a hardware processor to: compare the output of applying the default de-identification protocol with the output of applying the runtime de-identification protocol; and display the comparison for review. 4. The computer program product of claim 2 , wherein the computer readable program code is further configured to cause a hardware processor to selectively re-identify the de-identified data element in accordance with rules to produce an unmasked data element. 5. The computer program product of claim 1 , wherein the replacing further comprises: overriding the generated default rule set with the runtime rule set, wherein the default rule set and the runtime rule set correspond to different target environments having different de-identification requirements. 6. The computer program product of claim 1 , wherein the computer readable program code is further configured to cause a hardware processor to enable specification of the runtime rule set by designating a file location for the runtime rule set via the interface. 7. The computer program product of claim 1 , wherein the computer readable program code is further configured to cause a hardware processor to enable specification of the runtime rule set via a text box provided on the interface. 8. A system for dynamically de-identifying sensitive data from a data source for a target application, the system comprising a computer system including at least one hardware processor configured to: generate a default rule set including at least one rule, the default rule set including a default de-identification protocol to produce de-identified data from an Extract/Transform/Load (ETL) tool, wherein the default de-identification protocol is selected based on business rules; map the default rule set to data definitions each generated by a discovery tool and associated with a corresponding sensitive data element identified in the data; specify a runtime rule set comprising at least one runtime rule, the runtime rule including a runtime de-identification protocol to produce de-identified data from the ETL tool, wherein the runtime rule set is specified via an interface; replace the default rule set with the runtime rule set to change the default de-identification protocol to the runtime de-identification protocol at runtime to accommodate changing de-identification requirements of a target environment, and map the runtime rule set to the data definitions, wherein each data definition includes a data object comprising metadata, including an indicator of a type of sensitive data from among a plurality of types of sensitive data and information indicating the location of the data element within the data source, for that data element, and each runtime rule is mapped to a corresponding data definition of a sensitive data element based on the type of sensitive data; and receive the data and the data definitions, and for each data definition: obtain the runtime rule mapped to that data definition; and apply the obtained runtime rule to the sensitive data element corresponding to that data definition in the received data and dynamically de-identify the sensitive data element for the target application by the ETL tool at runtime via the runtime de-identification protocol of the obtained runtime rule. 9. The system of claim 8 , wherein the at least one hardware processor is further configured to: consume the generated data definitions and apply and apply the default de-identification protocol mapped to the sensitive data element data definition. 10. The system of claim 9 , wherein the at least one hardware processor is further configured to: compare the output of applying the default de-identification protocol with the output of applying the runtime de-identification protocol; and display the comparison for review. 11. The system of claim 9 , wherein the at least one hardware processor is further configured to selectively re-identify the de-identified data element in accordance with rules to produce an unmasked data element. 12. The system of claim 8 , wherein the replacing further comprises: overriding the generated default rule set with the runtime rule set, wherein the default rule set and the runtime rule set correspond to different target environments having different de-identification requirements. 13. The system of claim 8 , wherein the at least one hardware processor is further configured to enable specification of the runtime rule set by designating a file location for the runtime rule set via the interface. 14. The system of claim 8 , wherein the at least one hardware processor is further configured to enable specification of the runtime rule set via a text box provided on the interface. 15. The computer program product of claim 1 , wherein each data definition is in the form of an Extensible Markup Language (XML) file. 16. The system of claim 8 , wherein each data definition is in the form of an Extensible Markup Language (XML) file. 17. A system for dynamically de-iden
Assignees
Inventors
Classifications
- G06F21/6254Primary
by anonymising data, e.g. decorrelating personal data from the owner's identification · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9323948B2 cover?
- The present invention relates to a method, computer program product and system for de-identifying data, wherein a de-identification protocol is selectively mapped to a business rule at runtime via an ETL tool.
- Who is the assignee on this patent?
- Gupta Ritesh K, Nagaraj Prathima, Padmanabhan Sriram K, and 1 more
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6254. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 26 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).