EP3903463A1 - Plattform zum sichern von daten - Google Patents
Plattform zum sichern von datenInfo
- Publication number
- EP3903463A1 EP3903463A1 EP19836809.4A EP19836809A EP3903463A1 EP 3903463 A1 EP3903463 A1 EP 3903463A1 EP 19836809 A EP19836809 A EP 19836809A EP 3903463 A1 EP3903463 A1 EP 3903463A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- data
- security
- client
- platform
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 54
- 238000012545 processing Methods 0.000 claims description 45
- 238000000586 desensitisation Methods 0.000 claims description 20
- 230000006870 function Effects 0.000 claims description 18
- 238000004422 calculation algorithm Methods 0.000 claims description 15
- 238000003860 storage Methods 0.000 claims description 13
- 238000004891 communication Methods 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 9
- 230000002776 aggregation Effects 0.000 claims description 7
- 238000004220 aggregation Methods 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 claims description 7
- 230000000873 masking effect Effects 0.000 claims description 7
- 238000003672 processing method Methods 0.000 claims description 7
- 230000002427 irreversible effect Effects 0.000 claims description 6
- 238000006467 substitution reaction Methods 0.000 claims description 6
- 238000005304 joining Methods 0.000 claims description 4
- 230000010076 replication Effects 0.000 claims description 4
- 238000004458 analytical method Methods 0.000 claims description 3
- 238000012986 modification Methods 0.000 claims description 3
- 230000004048 modification Effects 0.000 claims description 3
- 230000003362 replicative effect Effects 0.000 claims description 2
- 238000012546 transfer Methods 0.000 claims 2
- 230000009466 transformation Effects 0.000 description 9
- 230000008901 benefit Effects 0.000 description 6
- 230000002441 reversible effect Effects 0.000 description 6
- 230000001052 transient effect Effects 0.000 description 6
- 238000000844 transformation Methods 0.000 description 5
- 238000013480 data collection Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000011282 treatment Methods 0.000 description 3
- 101100422889 Arabidopsis thaliana SWI3A gene Proteins 0.000 description 2
- ZLSSXLNNHMPGJW-UHFFFAOYSA-N [1-hydroxy-4-[methyl(pentyl)amino]-1-phosphonobutyl]phosphonic acid Chemical compound CCCCCN(C)CCCC(O)(P(O)(O)=O)P(O)(O)=O ZLSSXLNNHMPGJW-UHFFFAOYSA-N 0.000 description 2
- 238000012550 audit Methods 0.000 description 2
- 230000006835 compression Effects 0.000 description 2
- 238000007906 compression Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 238000010801 machine learning Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000005184 irreversible process Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000002994 raw material Substances 0.000 description 1
- 238000012958 reprocessing Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000008685 targeting Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
- 238000005303 weighing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
Definitions
- the present invention relates to the field of detection of intellectual property infringement in a completely distributed environment open to sharing and in particular data security.
- the collection server upon receipt of encrypted collected profile data, the collection server selects a targeted advertisement based on the decrypted profile data, - the collection server transmits to the anonymization server a targeted message including the anonymized identification data and the targeted advertisement
- the anonymization server transmits the targeted announcement to the user terminal corresponding to the decrypted identification data.
- This system teaches the use of an anonymization server by a data collection server.
- the document US2014304825 or EP 2 734 953 teaches a data anonymization method comprising: the reading of parameters of an anonymization procedure from a configurable anonymization procedure resource, the reading parameters defining a flow of job to receive data to anonymize and apply one or more transformations to it, and in which the read parameters also include an indication of an authorized number of simultaneous processing threads to receive the data and apply the transformation (s) anonymization; receiving data to be anonymized from a data source in accordance with the defined workflow, the data source being identifiable from one or more of the read parameters; and applying one or more anonymization transformations to the data received according to the defined workflow, in which the transformation or transformations comprise the transformation of at least an original part of the data received into a transformed part, and in which the steps consisting to receive data and apply one or more anonymization transformations are performed using no more than the allowed number of concurrent processing threads specified in the read parameters.
- This document teaches a limitation to a number of authorized threads, which is incompatible with a public platform intended for any user and any reprocessing of the data with a view to its protection.
- This document limits the anonymization transformation (s) applied which are one or more selected from the group comprising: a hash; write; filter; find and replace; replacement with random values; validation; and masking.
- the offer of data security and / or desensitization services must not be limited by a number of threads or by the choice of transformations.
- the present invention aims to overcome certain drawbacks of the prior art and in particular to encourage and facilitate the sharing of data in a decentralized environment, by offering the owner the possibility of protecting or and securing all or part of his data. .
- the present invention relates to a platform for securing data managed or manipulated in an information system (IS), the platform comprising:
- At least one multiprocessing service comprising at least:
- a request service comprising an IT and software infrastructure to analyze the requests transmitted by each client via a client / web service channel interface (webservice);
- at least one processing server comprising at least one processor, a memory comprising a set of programs / algorithms, the execution of which on said processor implements a set of processing methods for securing client data, for storing them in a database, said set of processing methods comprising at least:
- the platform being characterized in that said set of methods also includes a combined security method of tokenization and anonymization of data, the choice of implementation of choice being carried out automatically by the result of the analysis of the needs formulated by the client in his request (s) and security instructions formulated by the manager.
- the requests are transmitted encrypted from the client terminal by a key assigned to the user or the company, the platform receiving the user's certificate authenticates it, searches the trunk for the associated decryption key and decrypts and analyzes the data in the request message.
- the platform for securing data managed or manipulated in an information system comprises at least one manager interface to allow a client manager of an IS to transmit data securing instruction files specific to each client of said IS.
- the platform for securing data managed or manipulated in an information system comprises at least one certificate service comprising at least one IT infrastructure comprising at least one processor, a memory containing at least one program of which the execution on the processor generates an authentication certificate specific to each client of said SI to connect to the platform and / or to the multiprocessing service and issue data security processing requests.
- the platform for securing data managed or manipulated in an information system (IS) is characterized in that the multiprocessing service comprises a program, the execution of which on said processor makes it possible to compare entries made by the client as and when with the data of the GDPR file stored in its own dedicated secure safe audit client and generate an error indication or a modification suggestion satisfying the GDPR standard, the entries validated by the client being stored in said safe and, in the event that the client overrides the suggestion, systematically send a message with a token or anonymous message with a flag indicating GDPR non-compatibility.
- the multiprocessing service comprises a program, the execution of which on said processor makes it possible to compare entries made by the client as and when with the data of the GDPR file stored in its own dedicated secure safe audit client and generate an error indication or a modification suggestion satisfying the GDPR standard, the entries validated by the client being stored in said safe and, in the event that the client overrides the suggestion, systematically send a message with a token or anonymous message with a flag indicating GDPR non-comp
- the multiprocessing service is based on a multi-column and multi-site architecture and comprises at least two data centers having a column structure for data processing, at least one data replicator device for configuring each data center data so as to obtain identical data in each of the columns of the data centers, at least one load distributor (4) configured to distribute dynamically and without interruption treatment requests independently on each of the columns according to their load, at least a data bus configured to allow synchronization of the data between said data centers, each column comprising at least one processing server and at least one secure database.
- each data center (10a, 10b) comprises at least one security layer comprising at least one device comprising at least one processor, a memory comprising a set of programs whose execution makes it possible to generate, store and protect cryptographic keys to secure at least the data processed.
- the data processing server is connected to the device of the security layer via a communication means in order to recover cryptographic keys used to secure the data according to the type of processing requested by each client of the IS.
- the processing server of each data center comprises wired / wireless communication means for transferring the processed data into at least one secure database and securing access to said data via the cryptographic keys recovered in the security device of the security layer.
- the processing server of each data center comprises wired / wireless communication means for connecting to the dedicated dedicated safe of each IS client and transferring the data processed by said customer according to his preferences.
- the data is first sent to the tokenization module and then the anonymization module having received the data during the tokenization combines the data with the token received from the token creation module. (tokenizer) to generate tokenized-anonymized information to send to the client.
- the invention also relates to a server, comprising one or more computer safes and implementing a service allowing an information system (IS) accessing the server to set up security for its sensitive data which it stores and / or manipulates, by: implementing the correct security methods, such as anonymization or pseudonymization, vis-à-vis sensitive data by configuring the configuration of the security instructions transmitted by an interface the manager and authorizing their storage in one or more areas of safes dedicated to each manager,
- IS information system
- the desensitization of a data can be carried out by association of the token (Token) with a concatenation of personal data (Name, First name, Address, Telephone number, ...) and storage.
- a final object of the invention is to propose an architecture allowing the implementation of the service. This goal is achieved by a multi-column and multi-site computer system, allowing batch processing, comprising an application web interface with firewall, a server as described in the present request, as well as a database.
- each manager to memorize the security configurations as a function of the data or of a plurality of users to memorize each certificate assigned to each user and other security services for each column, a load balancing device allowing requests to be broadcast independently on all columns of the architecture and a replication system allowing identical columns, each server providing specific reception for IS managers via a specific interface allowing the definition of '' at least one storage security for each type of data and user authentication and p opening providing each user with a token serving as pivot data.
- the server includes a software tool for
- a second Randomization to reduce the accuracy of the data by adding noise, by replacing one data with another while keeping the substitution or permutation in the memory of the safe.
- the server (60, 6a, 6b, 6c, 6d) provides a specific reception for IS managers realizing an interface for the manager's terminal to allow the manager to define by selection in several menus the type of data (personal, scientific, technical, commercial,) for each type a data definition attribute, for personnel, name, telephone, home address, employer, office address, etc., for scientist, calculations, new product, etc. ..., for commercial: new market, etc ).
- type of data personal, scientific, technical, commercial,
- the server provides a specific reception of the IS managers realizing an interface for the terminal to define a plurality of users with for each a certificate to allow an authentication of each user and a definition of the types of accessible data or types of accessible services, this data being stored in a safe specific to the company represented by the manager.
- the server providing a specific reception for the IS managers realizes an interface to define according to the classifications of the data the Desensitization Rules to be respected according to the classification of the data.
- the desensitization of a data is carried out in association with the Token with a concatenation of the personal data (Name, First name, Address, Telephone number, ...) and storage.
- FIG 1 Figure 1 schematically shows an SI system architecture according to the invention.
- Figure 2 shows schematically the use of the platform
- FIG 3 presents the scenario which makes it possible to replace the data with an irreversible token while retaining the uniqueness of the entry;
- FIG. 4 presents the scenario allowing anonymization of personal data by the application of a blurring method .
- FIG. 6 shows an example of the result of using the data desensitization rules applied to a bank card
- FIG. 7 shows an example of algorithm (tokenization) generation of a token corresponding to a data
- the present invention relates to a data security platform.
- the solution works on a multi-column and multi-site IT architecture allowing batch processing comprising a load distribution device (4) allowing requests to be broadcast independently on all columns.
- a replication system makes it possible to have identical columns.
- This multi-column architecture or computer system or “redundant architecture” allows for a service close to continuous service despite the technical and security developments that are imposed to comply with a security policy.
- Each IS management client is isolated on a specific reception by a specific interface allowing secure storage and authentication.
- the data security platform managed or manipulated in an information system includes:
- At least one multiprocessing service comprising at least:
- a request service comprising an IT and software infrastructure for analyzing the requests transmitted by each client via a client / web service channel interface (webservice);
- At least one processing server (60, 6a, 6b, 6c, 6d) comprising at least one processor, a memory comprising a set of programs / algorithms whose execution on said processor implements a set of processing methods securing customer data, to save it in a database (7a, 7b, 7c, 7d), said set of processing methods comprising at least:
- Said set of processing methods also includes a combined security method of tokenization and anonymization of the data, the choice of implementation according to choice being carried out automatically by the result of the analysis of the needs formulated by the customer in his or its requests and security instructions formulated by the manager
- the solution allows, through machine learning, using numerous use cases, to be able to produce different results according to the constraints linked to the GDPR standard.
- the solution provides one or more data desensitization methods, for example by anonymizing predefined personal data and / or by providing a reference token on this data.
- the solution allows the clear data to be given back to the user who has the token by simply calling this token on the server.
- batch processing allows large volumes to be taken into account.
- the solution works on a quad-column architecture with an input load distributor (4).
- This technical architecture is distributed, for example, on two datacenters (data center (10a, 10b)).
- the columns are application synchronized by a data bus (5) (for example and without limitation, a payment bus) between the two data centers.
- a data bus (5) for example and without limitation, a payment bus
- the offer is deployed on dedicated physical servers to allow monitoring of permanent security and application upgrades.
- the reception of flows can be done according to expected volumes on dedicated or shared safes (71, 72).
- the safe (71, 72) can hold up to 200 million sensitive data (PAN, IBAN or other ..).
- the data is stored on a MYSQL database (7a, 7b, 7c, 7d).
- the architecture also includes in each column or data center (10a, 10b) and of computation (datacenter) a security layer comprising at least one device (8a, 8b, 8c, 8d) or one (Hardware Security Module HSM) Hardware Module Security which is a device considered inviolable offering cryptographic functions.
- a security layer comprising at least one device (8a, 8b, 8c, 8d) or one (Hardware Security Module HSM) Hardware Module Security which is a device considered inviolable offering cryptographic functions.
- the security keys are present in the HSM (8a, 8b, 8c, 8d) of the security layer.
- a security hardware module (HSM) is a dedicated encryption processor, specially designed to offer a security service which consists of generating, storing and protecting security cryptographic keys throughout their life cycle.
- the multiprocessing service is based on a multi-column and multi-site architecture and comprises at least two data centers having a columnar structure for data processing, at least one replicating device for configuring each data center (10a, 10b ) so as to obtain identical data in each of the columns of the data centers, at least one load distributor (4) configured to distribute dynamically and without interruption treatment requests independently on each of the columns according to their load, at least a data bus (5) configured to allow synchronization of data between said data centers, each column comprising at least one processing server and at least one secure database (7a, 7b, 7c, 7d).
- each data center (10a, 10b) comprises at least one security layer comprising at least one device (8a, 8b, 8c, 8d) comprising at least one processor, a memory comprising a set of programs including the execution makes it possible to generate, store and protect cryptographic keys to secure at least the data processed.
- the data processing server is connected to the device (8a, 8b, 8c, 8d) of the security layer via a communication means in order to retrieve cryptographic keys used to secure the data according to the type of processing requested by each IS customer.
- the processing server of each data center (10a, 10b) comprises wired / wireless communication means for transferring the data processed in at least one database (7a, 7b, 7c, 7d) secure and secure access to said data via the cryptographic keys recovered in the security device (8a, 8b, 8c, 8d) of the security layer.
- the processing server of each data center (10a, 10b) comprises wired / wireless communication means for connecting to the dedicated secure safe (71, 72) of each IS client and transferring the data processed by said customer according to his preferences.
- the requests are transmitted encrypted from the client terminal by a key assigned to the user or the company, the platform receiving the user's certificate authenticates it, searches in the safe (71, 72) the key associated decryption and decrypts and then analyzes the data of the request message.
- the platform comprises at least one manager interface to allow a client managing an IS to transmit data security instruction files specific to each client of said SI.
- K-anonymity / Aggregation consists of modifying the actual data (partially or totally)
- K-anonymity / Aggregation The techniques of aggregation and k-anonymity aim to prevent a data subject from being isolated by grouping it with, at least, k other individuals.
- the connections to the safe (71, 72) are made by WEBServices with a client certificate.
- it comprises at least one certificate service comprising at least one IT infrastructure comprising at least one processor, a memory containing at least one program whose execution on the processor generates an authentication certificate specific to each client of said IS to connect to the platform and / or the multiprocessing service and issue data security processing requests.
- the multiprocessing service includes a program, the execution of which on said processor makes it possible to compare entries made by the client as they go along with the data of the GDPR file stored in the dedicated dedicated safe (71, 72) own customer audit and generate a error indication or a modification suggestion satisfying the GDPR standard, the entries validated by the customer being memorized in said safe (71, 72) and, in the event that the customer exceeds (overdoes) the suggestion, systematically send a message with a token or anonymous message with a flag indicating GDPR non-compatibility.
- the tool uses various and combinable techniques of data desensitization and at the choice of the user.
- pseudonymization can be an alternative to anonymization. Unlike the latter, pseudonymization is a reversible process which consists in replacing one attribute by another within a record. Pseudonymization is a technique, for example, preferred in projects where the identity of an individual is not essential
- the tool (63) (DANNY.
- the Danny tool can include at least one tokenizer (62)) for data desensitization is based on three nested concepts:
- Authentication Control of the validity of the certificate (1 per calling customer) certified by a certification authority.
- This authentication is mutual authentication
- this authentication allows entry into the PCI zone; only the serial number of the certificate allows access to the associated safe (71, 72).
- Second concept -The implementation of a large number of anonymization and / or pseudonymization methods existing on the server to meet any need to secure sensitive data.
- Pseudonymization Make impossible any link between the pseudonym and the real person, so reversibility is impossible.
- BPS Preserving Encryption
- Masking consists of modifying the actual data (partially or totally)
- K-anonymity / Aggregation The techniques of aggregation and k-anonymity aim to prevent a data subject from being isolated by grouping them together with at least k other individuals.
- the pivot data can be composed of an elementary data or the concatenation of several data. This pivotal data will be encrypted using a algorithm which will respect the unique input.
- the cryptographic implementation allows irreversibility and respects uniqueness. It is subjected to robustness tests.
- a scenario allows both to anonymize and tokenize data.
- This processing consists in tokenizing a pivot data and in associating with this token (3) additional data for customer feedback with this anonymized data.
- the data is first sent to the tokenization module and then the anonymization module having received the data during the tokenization combines the data with the token received from the tokeniser (62). to generate tokenized- anonymized information to send to the customer.
- Associated services can be:
- the server may preferably implement, in its tokenization software component (63) a BPS encryption algorithm, with n iterations, preserving the format of the initial data.
- the principle of this algorithm is represented in FIG. 7 and consists in the first iteration to truncate or decompose the sensitive data into two character strings (CHAO and CHBO) then to use the right chain CHBO in an encryption function F performing an encryption of (CHBO) from a key K contained in HSM (8a, 8b, 8c, 8d) and a setting value Tr to which the value zero is added, the result of this function being added to the left chain (CHAO) to form the result (CHA1) of the first iteration and (CHBO) becoming (CHB1).
- CHBO tokenization software component
- the result on the left (CHA1) is used in the same encryption function F to perform an encryption of (CHA1) using the same key K and the setting value TL to which the value 1 is added. to generate the result added to the previous right chain (CHB1) to constitute the next right chain (CHB2), the left result (CHA1) becoming (CHA2).
- the left (CHAw) and right (CHBw) chains are obtained to be concatenated and constitute the number (CHy).
- a discrete logarithm calculation Ld is applied to the value (CHy) to generate the token (3).
- the tokenization module can also implement a FF3 process for tokenizing very long data (beyond 19 characters, for example).
- the method may include a combination of the BPS algorithm or method described above and an algorithm known as "elliptical curves".
- the BPS method is first used, with at least 10 turns or iterations, the result is then coupled to the "elliptic curves" algorithm to give it (the token) this irreversibility function.
- the job can be done as follows:
- the token generated retains the length of the initial PAN, in addition it may or may not retain certain characteristics of the PAN.
- the MULTI algorithm which allows the tokenization of any type of data (PAN, BIC, IBAN, telephone numbers, email addresses 7), the field to be tokenized is an area of 10 to 96 characters.
- the length of the token generated may vary depending on the length of the data received as input.
- the tool (63) can propose desensitization of personal data by association of the Token with a concatenation of personal data (Name, First name, Address, Telephone number, ... ).
- the server (6a, 6b, 6c, 6d, 60) provides a specific reception for IS managers realizing an interface for the manager's terminal to allow the manager to define by selection in several menus the type of data (personal, scientific, technical, commercial,) for each type a data definition attribute, for personnel: telephone name, home address, employer, office address, etc., for scientist: calculations, new product, etc., for salesperson : new market, etc ...), and associate with each type or attribute a processing of the data or associated service to desensitize and secure it.
- type of data personal, scientific, technical, commercial,
- the server (60) thus allows the manager to determine the rules to be respected, the data classifications, the security methods to be applied according to the types of data, it also makes it possible to determine the user certificates associated with each user managed by the manager, the certificate having to be received by the server before any processing for securing the data.
- the inference can we deduce information about an individual? b.
- the data classification is at least one of the following:
- Pseudo Direct Data giving access to a single individual (Data correlation)
- Indirect Data called non-personal but allowing to find the person (Joining of various information)
- the security method (s) are chosen at least from one of the following:
- Pseudonymisation reversible, hash or token (FPE or not)
- the server (60) allows at least one proposal for data desensitization, such as for example:
- Figure 3 presents the scenario which makes it possible to replace the data with an irreversible token (3) while retaining the uniqueness of the entry.
- the pivot data being the PAN or another data defined during configuration as pivot data by the client manager
- this data will be sent encrypted to the server by a key belonging to or associated with the client in HSM and the server 60 will decrypt the data, will analyze it according to the criteria defined during configuration and will trigger the appropriate processing, namely in this case tokenization.
- the pivot / token data pair is stored in a safe (71, 72) secured to authorize associated services stored during configuration such as:
- Figure 4 presents the scenario allowing anonymization of personal data by the application of a blurring method contained in the tool (63).
- the data is not kept during processing and during configuration by the client manager, the blurred data was defined as data requiring irreversibility and the manager chose blurring as the anonymization type in its configuration menu.
- the configuration being stored in the safe (71, 72) corresponding to the company represented by the manager, each time an authenticated user sends data of the same type in a secure manner, it will be returned blurred to the user
- FIG. 5 shows the scenario for both anonymizing and tokenizing data.
- Data (1) is made up of pivot data and additional data.
- the processing consists in tokenizing the pivot data (2) and in processing the additional data by the anonymization tool then in associating this additional anonymized data with the token (3) for a return of the token to the customer with this anonymized data.
- the associated services during configuration can be:
- the invention also relates to a server for securing the data.
- the server comprises one or more computer safes (71, 72) and implementing a service allowing an information system (IS) accessing the server to set up security for its sensitive data that it stores and / or handles, by setting up the right security methods with regard to sensitive data by configuring by an interface the configuration of the security instructions transmitted by the manager and by authorizing their saving in one or more several safe zones (71, 72) dedicated to each manager,
- IS information system
- desensitization of data can be achieved by associating the token with a concatenation of personal data (Name, First name, Address, Telephone number, ...) and storage.
- the invention also relates to a computer architecture for secure data processing.
- the IT architecture is multi-column and multi-site. It allows batch processing, and includes an application web interface with firewall (5a, 5b, 5c, 5d), a server and a database (7a, 7b, 7c, 7d) managing one or more safes.
- each manager to memorize the security configurations as a function of the data or of a plurality of users to memorize each certificate assigned to each user and other security services for each column
- a load distribution device (4) allowing the requests to be broadcast independently on all the columns of the architecture and a replication system allowing identical columns
- each server providing a specific reception for IS managers via an interface specific allowing the definition of at least one storage security for each type of data and user authentication and which can provide each user with a token serving as pivot data.
- the computer architecture server includes a software tool for data desensitization using two families of methods:
- a Generalization first to cancel the uniqueness of the data, such as by Masking or by K-anonymity / Aggregation;
- a second Randomization to reduce the accuracy of the data by Adding noise, by replacing one data by another while keeping the memory in the safe (71, 72) the substitution or by permutation.
- the server (6a, 6b, 6c, 6d, 60) provides a specific reception for IS managers realizing an interface for the manager's terminal to allow the manager to define by selection in several menus the type of data (personal, scientific, technical, commercial,) for each type a data definition attribute, for personnel: telephone name, home address, employer, office address, etc., for scientist: calculations, new product, etc. ..., for commercial: new market, etc ).
- type of data personal, scientific, technical, commercial,
- the server provides a specific reception for the IS managers realizing an interface for the terminal to define a plurality of users with, for each one, a certificate to allow authentication of each user and a definition of the types of data accessible or accessible types of services, these data being stored in a safe (71, 72) specific to the company represented by the manager.
- the server providing a specific reception for the IS managers realizes an interface to define according to the data classifications the Desensitization Rules to be respected according to the classification of the data.
- the rules to be observed, in the IT architecture or the server are:
- the data classification rules, in the IT architecture or the server are:
- Direct Nickname Data giving access to a unique individual (Data correlation)
- Indirect Data said to be non-personal but used to find the person (Joining of various information).
- the desensitization of a data, in the IT architecture or the server is carried out in association with the token with a concatenation of personal data (Name, First name, Address, Telephone number, ...) and memorization.
- modules can be implemented by electronic circuit, such as an integrated circuit for example or by other types of arrangement of components, such as for example semiconductors, logic gates, transistors or other discrete components.
- modules can also be implemented by one or more software application (s) or portion (s) of executable code (s) within at least one software environment, for execution by various types of
- An identified module can, for example, include one or more physical or logical blocks of machine instructions which can, for example, be organized into object, process, or function.
- routines and instructions of an identified module do not need to be physically located together, but can include disparate instructions stored in different locations which, when joined functionally and logically together, form the module and perform the purpose indicated for the module.
- a module can be a single executable code instruction, or a plurality of instructions, and can even be distributed among several different code segments or among different programs and stored in several memory blocks.
- operational data can be identified and illustrated in modules, and can be incorporated in any suitable form and organized in any suitable type of data structure. Operational data may be collected or may be distributed to different locations including different finished storage devices, and may exist, at least partially, simply as signals
- system is understood here to mean any type of terminal or device arranged to perform the functions described with reference to the modules.
- the system includes data processing means enabling these described functions to be carried out and may therefore include specific circuits performing these functions or, in general, include computer resources making it possible to execute the instructions described above.
- references in the present description to an implementation, an embodiment or an alternative embodiment means that a device, or a module, or a structure, or a particular characteristic described is included in at least one embodiment of the present invention and that the different examples do not necessarily relate to the same embodiment.
- One or more devices, processors or processing devices can be configured to perform the function or functions of each of the elements and modules of the structural arrangement described here.
- the device (s), processors or processing devices may be configured to execute one or more sequences of one or more instructions executable by the machine contained in a main memory in order to implement the method (s) or the method (s) functions described herein.
- the execution of the sequences of instructions contained in a main memory causes the processors to execute at least some of the steps of the process or of the functions of the elements described here.
- One or more processors in a multiprocessing arrangement can also be used to execute sequences of instructions contained in main memory or a memory readable computer.
- wired circuits can be used in place of or in combination with software instructions.
- the embodiments are not limited to any specific combination of hardware and software circuits.
- Non-volatile media include, for example, optical or magnetic discs.
- Volatile media include dynamic memory.
- Transmission media include coaxial cables, copper wire and optical fibers.
- Computer-readable media include, for example, a floppy disk, flexible disk, hard drive, magnetic tape, other magnetic media, CD-ROM, DVD, other optical media, punch cards, another physical medium with hole patterns, RAM, PROM and EPROM, FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described below, or any other medium that can be read by a computer .
- Various forms of computer-readable media may be involved in transporting one or more sequences of one or more instructions to the processor for execution.
- Computer programs comprising instructions executable by a machine for the implementation of at least one of the steps of the methods and / or aspects and / or concepts of the invention described here or one or more functions of various elements of the structural arrangement described here can be implemented or several computers comprising at least one interface, a physical processor and a non-transient memory (also generally called a non-transient machine-readable storage or read medium) .
- the computer is a special purpose computer because it is programmed to perform specific steps in the process (es) described above.
- the non-transient memory is coded or programmed with specific code instructions for implementing the above method or methods and its associated steps.
- the non-transient memory can be arranged in communication with the physical processor so that the physical processor, in use, reads and executes the specific code instructions incorporated in the non-transient memory.
- the interface of the special purpose computer can be arranged in communication with the physical processor and receive input parameters which are processed by the physical processor.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
- Hardware Redundancy (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR1874254A FR3091369B1 (fr) | 2018-12-27 | 2018-12-27 | Plateforme de sécurisation de données |
PCT/EP2019/087026 WO2020136206A1 (fr) | 2018-12-27 | 2019-12-24 | Plateforme de sécurisation de données |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3903463A1 true EP3903463A1 (de) | 2021-11-03 |
Family
ID=67999695
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP19836809.4A Pending EP3903463A1 (de) | 2018-12-27 | 2019-12-24 | Plattform zum sichern von daten |
Country Status (3)
Country | Link |
---|---|
EP (1) | EP3903463A1 (de) |
FR (1) | FR3091369B1 (de) |
WO (1) | WO2020136206A1 (de) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114564744A (zh) * | 2022-02-22 | 2022-05-31 | 国人康乐医学研究院(北京)有限公司 | 用于医疗健康档案管理系统的数据保护方法及装置 |
CN115622715B (zh) * | 2022-11-16 | 2023-03-03 | 深圳市杉岩数据技术有限公司 | 一种基于令牌的分布式存储系统、网关和方法 |
CN116149546B (zh) * | 2022-12-14 | 2023-11-17 | 湖北华中电力科技开发有限责任公司 | 一种基于大数据平台的数据安全存储方法 |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2002254564A1 (en) * | 2001-04-10 | 2002-10-28 | Latanya Sweeney | Systems and methods for deidentifying entries in a data source |
FR2871012B1 (fr) * | 2004-05-28 | 2006-08-11 | Sagem | Procede de chargement de fichiers depuis un client vers un serveur cible et dispositif pour la mise en oeuvre du procede |
GB201112665D0 (en) | 2011-07-22 | 2011-09-07 | Vodafone Ip Licensing Ltd | Data anonymisation |
EP2672418A1 (de) | 2012-06-06 | 2013-12-11 | Gemalto SA | Anonymisierungsverfahren |
US10572684B2 (en) * | 2013-11-01 | 2020-02-25 | Anonos Inc. | Systems and methods for enforcing centralized privacy controls in de-centralized systems |
US10498772B2 (en) * | 2016-03-21 | 2019-12-03 | Vireshwar K. Adhar | Method and system for digital privacy management |
-
2018
- 2018-12-27 FR FR1874254A patent/FR3091369B1/fr active Active
-
2019
- 2019-12-24 WO PCT/EP2019/087026 patent/WO2020136206A1/fr unknown
- 2019-12-24 EP EP19836809.4A patent/EP3903463A1/de active Pending
Also Published As
Publication number | Publication date |
---|---|
FR3091369B1 (fr) | 2022-11-11 |
WO2020136206A1 (fr) | 2020-07-02 |
FR3091369A1 (fr) | 2020-07-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3547203B1 (de) | Methode und system für die zugriffsverwaltung von personenbezogenen daten mithilfe eines intelligenten vertrags | |
US11652608B2 (en) | System and method to protect sensitive information via distributed trust | |
EP3547202B1 (de) | Zugriffsmethode auf anonymisierte daten | |
US11983298B2 (en) | Computer system and method of operating same for handling anonymous data | |
JP5639660B2 (ja) | ラッパ複合を通じたデータのための確認可能な信頼 | |
WO2020136206A1 (fr) | Plateforme de sécurisation de données | |
CA3142763A1 (fr) | Procede de chiffrement et de stockage de fichiers informatiques et dispositif de chiffrement et de stockage associe. | |
JP2023551124A (ja) | 自己監査ブロックチェーン | |
WO2022132718A1 (en) | Technologies for trust protocol with immutable chain storage and invocation tracking | |
Antony Saviour et al. | IPFS based file storage access control and authentication model for secure data transfer using block chain technique | |
CH716295A2 (fr) | Procédé de signature multiple d'une transaction destinée à une blockchain, au moyen de clés cryptographiques distribuées parmi les noeuds d'un réseau pair-à-pair. | |
CH716294A2 (fr) | Procédé de signature décentralisée, sous contrôle biométrique et sous conditions d'identification personnelle et de géolocalisation, d'une transaction destinée à une blockchain. | |
Pavithra et al. | Enhanced Secure Big Data in Distributed Mobile Cloud Computing Using Fuzzy Encryption Model | |
CH716276A2 (fr) | Procédé de traitement, au sein d'un réseau blockchain et sous enclave, de données informatiques chiffrées au moyen d'une application chiffrée, pour un tiers autorisé. | |
Devi | Bio Metric Based Security using Cloud Centric File System. | |
CH716261A2 (fr) | Procédé de stockage de données informatiques par distribution d'un conteneur crypté et de sa clé de déchiffrement sur un réseau blockchain. | |
CH716277A2 (fr) | Procédé de traitement, au sein d'un réseau blockchain et sous enclave, de données informatiques chiffrées au moyen d'une application chiffrée, sous condition de géolocalisation. | |
CH716262A2 (fr) | Procédé de stockage de données informatiques par distribution d'un conteneur crypté et de sa clé de déchiffrement sur des noeuds distincts d'un réseau blockchain. | |
Beley et al. | A Management of Keys of Data Sheet in Data Warehouse | |
CH716281A2 (fr) | Procédé de traitement, au sein d'un réseau blockchain et sous enclave, de données informatiques chiffrées au moyen d'une application chiffrée. | |
CH716275A2 (fr) | Procédé de traitement, au sein d'un réseau blockchain et sous enclave, de données informatiques chiffrées au moyen d'une application chiffrée. | |
CH716284A2 (fr) | Procédé de traitement distribué, au sein d'un réseau blockchain et sous enclaves, de données informatiques chiffrées avec une clé fragmentée. | |
CH716300A2 (fr) | Procédé de signature d'une transaction destinée à une blockchain, au moyen d'une clé cryptographique distribuée parmi les noeuds d'un réseau pair-à-pair sur lequel est déployée cette blockchain. | |
CH716266A2 (fr) | Procédé de stockage de données informatiques sur un réseau blockchain avec preuve de stockage à partir d'un noeud de stockage équipé d'une enclave cryptographique. | |
CH716267A2 (fr) | Procédé de stockage de données informatiques sur un réseau blockchain avec preuve de stockage à partir d'un noeud de calcul épuipé d'une enclave cryptographique. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20210726 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230527 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: EXAMINATION IS IN PROGRESS |
|
17Q | First examination report despatched |
Effective date: 20240417 |