System, method, and computer program for preserving service continuity in a network function virtualization (NFV) based communication network
US-9384028-B1 · Jul 5, 2016 · US
Systems and methods for automatic and customizable data minimization of electronic data stores
US9916465B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9916465-B1 |
| Application number | US-201615071064-A |
| Country | US |
| Kind code | B1 |
| Filing date | Mar 15, 2016 |
| Priority date | Dec 29, 2015 |
| Publication date | Mar 13, 2018 |
| Grant date | Mar 13, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A dynamic data minimization server implements minimization protocols to entity-specific information based on access rights (e.g., privacy rights) of a requesting entity. The minimization may be applied on the fly (e.g., as the entity-specific information is requested) and the level, type, protocol, etc., of encryption (or other minimization process) may be selected based on a particular type of a data item. The dynamic data minimization server may determine and apply transformation functions, such as encryption, to items of protected information, transforming those items of protected information into items of minimized information. If a requesting entity has appropriate rights, the dynamic data minimization server may selectively apply a reverse transformation function, such as decryption, to recover the original information. The systems and methods include generation and presentation of user interfaces for presenting minimized information and processing requests to de-minimize information, and may be used to provide minimization services to pre-existing data stores.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method comprising: receiving, at a first computing server, a request to access entity data, the entity data including at least an item of protected information; determining, based at least in part on a minimization rule and an access level associated with the at least one of the request or the item of protected information, that the item of protected information is to be minimized; obtaining, by the first computing server, a set of data from a data store, the set of data corresponding to the request; sending, by the first computing server and to a second computing server, a request to transform the item of protected information; determining, by the first computing server, an information type of the item of protected information; determining, by the first computing server and based at least in part on the minimization rule, a type of transformation to apply to the item of protected information based on the information type of the item of protected information, wherein the type of transformation is applied using a transformation function associated with the type of transformation; causing the second computing server to apply the transformation function to the item of protected information to produce an item of minimized information, wherein: the item of minimized information is different from the item of protected information, the item of minimized information is at least partly based on the item of protected information, and the item of minimized information preserves one or more characteristics of the item of protected information while reducing a determinable association between the item of minimized information and an identity associated with the item of protected information; and generating, by the first computing server, user interface data renderable to depict a user interface including at least the item of minimized information. 2. The computer-implemented method of claim 1 , wherein applying the transformation function to the item of protected information comprises: producing the item of minimized information to include fewer significant digits than the item of protected information while retaining at least some significant digits of the item of protected information. 3. The computer-implemented method of claim 2 , wherein the item of minimized information is less precise than the item of protected information. 4. The computer-implemented method of claim 1 , wherein the transformation function specifies at least one of: a character masking function, an encryption function, a hashing function, a bucketing function, a randomizing function, or a precision decreasing function. 5. The computer-implemented method of claim 1 further comprising: receiving, by the first computing server, an indication of a selection of the item of minimized information; determining, based at least in part on an access level associated with the selection, that the item of protected information should be provided in response to the selection; and updating, by the first computing server, the user interface data to replace the item of minimized information with the item of protected information in the user interface. 6. The computer-implemented method of claim 1 , wherein applying the transformation function to the item of protected information comprises: producing the item of minimized information to include a number of characters equal to a number of characters of the item of protected information. 7. A system comprising: a data store configured to store data and computer-executable instructions; a hardware processor, wherein the computer-executable instructions, when executed, configure the processor to: receive a request to access data, the data including at least an item of protected information; determine, based at least in part on a minimization rule and an access level associated with the at least one of the request or the item of protected information, that the item of protected information is to be minimized; obtain the data from the data store, the data corresponding to the request and including at least the item of protected information; determine an information type of the item of protected information; determine, based at least in part on the minimization rule, a type of transformation to apply to the item of protected information based on the information type of the item of protected information, wherein the type of transformation is applied using a transformation function associated with the type of transformation; send, to a data minimization server, a request to transform the item of protected information; cause the data minimization server to apply the transformation function to the item of protected information to produce an item of minimized information, wherein: the item of minimized information is different from the item of protected information, the item of minimized information is at least partly based on the item of protected information, and the item of minimized information preserves one or more characteristics of the item of protected information while reducing a determinable association between the item of minimized information and an identity associated with the item of protected information; and generate user interface data useable to render a user interface including at least the item of minimized information. 8. The system of claim 7 , wherein the computer-executable instructions further configure the processor to: store the item of minimized information in the data store; and remove the item of protected information from the data store. 9. The system of claim 8 , wherein the transformation function is reversible, and wherein the computer-executable instructions further configure the processor to: receive a second request to access the item of protected information; determine, based at least in part on an access level associated with the second request, that the second request should be granted; determine a reverse transformation function based at least in part on the transformation function; apply the reverse transformation function to the item of minimized information to produce the item of protected information; and generate user interface data useable to render a second user interface including at least the item of protected information. 10. The system of claim 9 , wherein the computer-executable instructions further configure the processor to determine the access level associated with the second request. 11. The system of claim 10 , wherein the access level associated with the second request is determined based at least in part on a previous request to access the item of protected information. 12. The system of claim 7 , wherein the item of protected information is associated with an item of open information in the data store, and wherein the transformation function specifies dissociating the item of protected information from the item of open information in the data store. 13. The system of claim 12 , wherein the transformation function further specifies associating the item of protected information with a different item of open information in the data store. 14. The system of claim 7 , wherein applying the transformation function to the item of protected information comprises: producing the item of minimized information to include fewer significant digits than the item of protected information while retaining at least some significant digits of the item of protected information; and producing the item of minimized information to include a number of characters equal to a number of characters of the item of protected infor
Assignees
Inventors
Classifications
where protection concerns the structure of data, e.g. records, types, queries · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
Tools and structures for managing or administering access control systems · CPC title
based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance · CPC title
Protecting access to data via a platform, e.g. using keys or access control rules · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9916465B1 cover?
- A dynamic data minimization server implements minimization protocols to entity-specific information based on access rights (e.g., privacy rights) of a requesting entity. The minimization may be applied on the fly (e.g., as the entity-specific information is requested) and the level, type, protocol, etc., of encryption (or other minimization process) may be selected based on a particular type of…
- Who is the assignee on this patent?
- Palantir Technologies Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6209. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 13 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).