TWM597905U - Data de-identification system - Google Patents

Data de-identification system Download PDF

Info

Publication number
TWM597905U
TWM597905U TW109201253U TW109201253U TWM597905U TW M597905 U TWM597905 U TW M597905U TW 109201253 U TW109201253 U TW 109201253U TW 109201253 U TW109201253 U TW 109201253U TW M597905 U TWM597905 U TW M597905U
Authority
TW
Taiwan
Prior art keywords
data
personal data
database
advanced
identification system
Prior art date
Application number
TW109201253U
Other languages
Chinese (zh)
Inventor
陳威成
Original Assignee
合作金庫商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 合作金庫商業銀行股份有限公司 filed Critical 合作金庫商業銀行股份有限公司
Priority to TW109201253U priority Critical patent/TWM597905U/en
Publication of TWM597905U publication Critical patent/TWM597905U/en

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

A data de-identification system includes a first database, a data de-identification device, and a second database. The first database includes an original personal data. The data de-identification device is signally connected to the first database and configured to receive the original personal data to convert the original personal data into a de-identification personal data. The second database is signally connected to the data de-identification device and configured to receive and store the de-identification personal data.

Description

資料去識別化系統 Data de-identification system

本揭露內容是有關於一種資料去識別化系統,且特別是有關於一種個人金融資料之去識別化系統。 The content of this disclosure is related to a data de-identification system, and especially to a personal financial data de-identification system.

一般而言,金融機構對於客戶的個人資料(例如,姓名、生日、身分證字號等)的保護通常是透過存取權限的設定以及資料的加密來達成。然而,透過設定存取權限來保護客戶的個人資料並無法防止金融機構的內部人員將個人資料外洩。另一方面,透過加密的方式來保護客戶的個人資料亦可能產生相當大的風險。舉例來說,若資料於解密的過程中處理不當,將增加資料外洩的風險;又或者當加密金鑰遺失時,加密後的資料將無法被還原,導致資料發生不可逆的毀損。 Generally speaking, the protection of the personal data (for example, name, birthday, ID number, etc.) of customers by financial institutions is usually achieved through the setting of access permissions and the encryption of data. However, protecting customers' personal data by setting access permissions cannot prevent internal personnel of financial institutions from leaking personal data. On the other hand, protecting customers' personal data through encryption may also pose considerable risks. For example, if the data is not handled properly during the decryption process, the risk of data leakage will increase; or when the encryption key is lost, the encrypted data will not be restored, resulting in irreversible damage to the data.

因此,如何保障客戶之個人資料的完整性,並避免客戶之個人資料因被不當地使用或竊取而導致個資外洩的情形發生為本領域目前亟需解決的課題。 Therefore, how to protect the integrity of the customer's personal data and avoid the leakage of the customer's personal data due to improper use or theft is an urgent issue in this field.

根據本揭露一實施方式,資料去識別化系統包含第一資料庫、資料去識別裝置以及第二資料庫。第一資料庫包含原始個人資料。資料去識別裝置訊號連接第一資料庫,且配置以接收原始個人資料,並將原始個人資料轉換為去識別化個人資料。第二資料庫訊號連接資料去識別裝置,且配置以接收並儲存去識別化個人資料。 According to an embodiment of the present disclosure, the data de-identification system includes a first database, a data de-identification device, and a second database. The first database contains original personal data. The data de-identification device signal connects to the first database and is configured to receive original personal data and convert the original personal data into de-identified personal data. The second database signal connects the data to identify the device, and is configured to receive and store the de-identified personal data.

在本揭露一實施方式中,資料去識別化系統更包含資料切片裝置,訊號連接第二資料庫,且配置以接收去識別化個人資料,並將去識別化個人資料進行切片以得到相同位元數的複數個進階資料。 In one embodiment of the present disclosure, the data de-identification system further includes a data slicing device, the signal is connected to the second database, and is configured to receive de-identified personal data, and slice the de-identified personal data to obtain the same bits A number of advanced materials.

在本揭露一實施方式中,資料去識別化系統更包含進階資料庫,訊號連接資料切片裝置,且配置以儲存進階資料。 In an embodiment of the present disclosure, the data de-identification system further includes an advanced database, the signal is connected to the data slicing device, and is configured to store advanced data.

在本揭露一實施方式中,進階資料庫包含複數個進階子資料庫,且進階資料分別儲存於不同的進階子資料庫中。 In one embodiment of this disclosure, the advanced database includes a plurality of advanced sub-databases, and the advanced data are stored in different advanced sub-databases.

在本揭露一實施方式中,資料去識別化系統更包含資料檢查裝置,訊號連接進階子資料庫,且配置以檢查位於不同的進階子資料庫中的進階資料是否具有相同的位元數。 In an embodiment of the present disclosure, the data de-identification system further includes a data checking device, the signal is connected to the advanced sub-database, and is configured to check whether the advanced data in different advanced sub-databases have the same bit. number.

在本揭露一實施方式中,資料去識別化系統更包含資料認證裝置,訊號連接資料去識別裝置,且配置以接收原始個人資料以及去識別化個人資料。 In one embodiment of this disclosure, the data de-identification system further includes a data authentication device, a signal connection data de-identification device, and is configured to receive original personal data and de-identify personal data.

在本揭露一實施方式中,資料認證裝置包含資料配對檔案,配置以儲存原始個人資料以及去識別化個人資料,且資料認證裝置配置以認證資料配對檔案中的原始個人資料以及去識別化個人資料的存取權限。 In one embodiment of this disclosure, the data authentication device includes a data matching file configured to store original personal data and de-identified personal data, and the data authentication device is configured to authenticate the original personal data and the de-identified personal data in the data pairing file Access rights.

在本揭露一實施方式中,資料去識別化系統更包含隨機數字單元,且原始個人資料與隨機數字單元合併以轉換為去識別化個人資料。 In one embodiment of the present disclosure, the data de-identification system further includes a random number unit, and the original personal data and the random number unit are combined to convert into de-identified personal data.

在本揭露一實施方式中,資料去識別化系統更包含資料配對檔案,配置以儲存原始個人資料、隨機數字單元以及去識別化個人資料。 In one embodiment of the present disclosure, the data de-identification system further includes a data matching file configured to store original personal data, random number units, and de-identified personal data.

在本揭露一實施方式中,資料去識別化系統更包含運算規則單元,且資料去識別裝置透過運算規則單元將原始個人資料轉換為去識別化個人資料。 In an embodiment of the present disclosure, the data de-identification system further includes an arithmetic rule unit, and the data de-identification device converts the original personal data into de-identifiable personal data through the arithmetic rule unit.

根據本揭露上述實施方式,藉由去識別裝置的設置,客戶的原始個人資料可被轉換為去識別化個人資料。由於去識別化個人資料無法呈現出可代表客戶身分的個人資訊,因此可降低原始個人資料外洩的風險,並進而保障客戶的權益。 According to the above-mentioned embodiments of the present disclosure, by setting the de-identification device, the customer's original personal data can be converted into de-identified personal data. Since de-identified personal data cannot present personal information that can represent the identity of the customer, the risk of leakage of the original personal data can be reduced, and the rights of customers can be protected.

100:資料去識別化系統 100: Data de-identification system

110:第一資料庫 110: First Database

120:資料去識別裝置 120: Data to identify the device

130:第二資料庫 130: The second database

140:資料認證裝置 140: Data authentication device

150:資料切片裝置 150: Data Slicing Device

160:進階資料庫 160: Advanced Database

170:進階子資料庫 170: Advanced sub-database

180:資料檢查裝置 180: data checking device

210~360:操作 210~360: Operation

為讓本揭露之上述和其他目的、特徵、優點與實施例能更明顯易懂,所附圖式之說明如下: In order to make the above and other objectives, features, advantages, and embodiments of this disclosure more comprehensible, the description of the accompanying drawings is as follows:

第1圖繪示根據本揭露一實施方式之資料去識別化系統的方塊圖。 FIG. 1 is a block diagram of a data de-identification system according to an embodiment of the present disclosure.

第2圖繪示根據本揭露一實施方式之資料配對檔案的示意圖。 Figure 2 is a schematic diagram of a data matching file according to an embodiment of the present disclosure.

第3圖繪示根據本揭露一實施方式之資料去識別化系統的使用方法的流程圖。 FIG. 3 is a flowchart of a method of using the data de-identification system according to an embodiment of the present disclosure.

第4圖繪示根據本揭露另一實施方式之資料去識別化系統的使用方法的流程圖。 FIG. 4 is a flowchart of a method of using the data de-identification system according to another embodiment of the present disclosure.

以下將以圖式揭露本揭露之複數個實施方式,為明確說明起見,許多實務上的細節將在以下敘述中一併說明。然而,應瞭解到,這些實務上的細節不應用以限制本揭露。也就是說,在本揭露部分實施方式中,這些實務上的細節是非必要的,因此不應用以限制本揭露。此外,為簡化圖式起見,一些習知慣用的結構與元件在圖式中將以簡單示意的方式繪示之。另外,為了便於讀者觀看,圖式中各元件的尺寸並非依實際比例繪示。 Hereinafter, multiple implementation manners of the present disclosure will be disclosed in diagrams. For the sake of clarity, many practical details will be described in the following description. However, it should be understood that these practical details should not be used to limit this disclosure. That is to say, in some implementations of this disclosure, these practical details are unnecessary, and therefore should not be used to limit this disclosure. In addition, in order to simplify the drawings, some conventionally used structures and elements are shown in the drawings in a simple and schematic manner. In addition, for the convenience of readers, the size of each element in the drawings is not drawn according to actual scale.

應瞭解到,本揭露所稱之「訊號連接」可包含有線連接、無線連接或上述方式之任意組合。舉例而言,有線連接可藉由數據纜線連接兩裝置;無線連接可藉由網際網路連接兩裝置;而有線無線混合之連接可先藉由有線連接之方式連接至中介裝置,再以無線連接之方式連接至目標裝置。 It should be understood that the "signal connection" referred to in this disclosure may include wired connection, wireless connection, or any combination of the above methods. For example, a wired connection can connect two devices through a data cable; a wireless connection can connect two devices through the Internet; and a wired-wireless hybrid connection can be connected to an intermediate device through a wired connection first, and then wirelessly Connect to the target device by way of connection.

第1圖繪示根據本揭露一實施方式之資料去識別化系統100的方塊圖。資料去識別化系統100包含第一資 料庫110、資料去識別裝置120以及第二資料庫130。第一資料庫110訊號連接資料去識別裝置120,且資料去識別裝置120訊號連接第二資料庫130。第一資料庫110配置以儲存對應至客戶身分之原始個人資料。在一些實施方式中,原始個人資料包含對應至客戶身分之身分證字號以及姓名。舉例而言,原始個人資料的呈現方式可例如是「A123456789,王小明」。應瞭解到,以上所列舉的原始個人資料僅作為例示,本揭露不以上述為限。 FIG. 1 shows a block diagram of a data de-identification system 100 according to an embodiment of the present disclosure. The data de-identification system 100 includes the first capital The material library 110, the data identification device 120, and the second database 130. The first database 110 signals to connect the data to identify the device 120, and the data to identify device 120 signals to connect to the second database 130. The first database 110 is configured to store original personal data corresponding to the customer's identity. In some embodiments, the original personal data includes the ID number and name corresponding to the client's identity. For example, the presentation method of the original personal data may be "A123456789, Wang Xiaoming". It should be understood that the original personal data listed above are only examples, and this disclosure is not limited to the above.

在一些實施方式中,第一資料庫110可將其所包含的原始個人資料傳輸至資料去識別裝置120中,而資料去識別裝置120可將原始個人資料轉換為去識別化個人資料。經由轉換後所產生的去識別化個人資料是以雜湊值(hash value)的形式呈現,亦即是以隨機字母與隨機數字所組成的字串來呈現,並不具有實質意義。換句話說,去識別化個人資料並無法呈現出可代表客戶身分的個人資訊(例如,身分證字號以及姓名)。詳細而言,資料去識別裝置120可將原始個人資料與一組隨機數字單元合併,並經由運算規則單元的轉換而產生與該原始個人資料相互對應之去識別化個人資料。舉例而言,資料去識別裝置120可將例如為「A123456789,王小明」的原始個人資料與例如為「779854234483115」的隨機數字單元合併,並接著經由上述運算規則單元的轉換而產生例如為「8A53A30EF1A01AF5E86CDA73F7A3B6E891FB6937C81711B329D828FB3B2E7C17」的去識別化 個人資料。 In some embodiments, the first database 110 can transmit the original personal data contained in it to the data de-identification device 120, and the data de-identification device 120 can convert the original personal data into de-identified personal data. The de-identified personal data generated after conversion is presented in the form of a hash value, that is, presented as a string of random letters and random numbers, and has no substantial meaning. In other words, de-identified personal data cannot present personal information that can represent the customer's identity (for example, ID number and name). In detail, the data de-identification device 120 may combine the original personal data with a set of random number units, and generate de-identified personal data corresponding to the original personal data through the conversion of the algorithm unit. For example, the data de-identification device 120 may combine the original personal data such as "A123456789, Wang Xiaoming" with a random number unit such as "779854234483115", and then convert the above-mentioned algorithm unit to generate, for example, "8A53A30EF1A01AF5E86CDA73F7A3B6E891FB693717C81711B329D828CFB3B2E" De-identification personal information.

在一些實施方式中,資料去識別裝置120將經由轉換後所得到之去識別化個人資料傳輸至第二資料庫130中,以進行資料的儲存。換句話說,第二資料庫130配置以儲存去識別化個人資料。由於去識別化個人資料並無法呈現出可代表客戶身分的個人資訊,因此由第二資料庫130中所取得的去識別化個人資料並無法被使用。如此一來,可避免客戶之原始個人資料被不當地使用或竊取,進而防止原始個人資料的外洩並保障客戶的權益。 In some embodiments, the data de-identification device 120 transmits the de-identified personal data obtained after the conversion to the second database 130 for data storage. In other words, the second database 130 is configured to store de-identified personal data. Since the de-identified personal data cannot present personal information that can represent the identity of the customer, the de-identified personal data obtained from the second database 130 cannot be used. In this way, customers' original personal data can be prevented from being improperly used or stolen, thereby preventing the leakage of original personal data and protecting the rights of customers.

在一些實施方式中,資料去識別化系統100更包含資料認證裝置140。資料認證裝置140訊號連接資料去識別裝置120,且資料認證裝置140包含資料配對檔案。具體而言,請參閱第2圖,其繪示根據本揭露一實施方式之資料配對檔案的示意圖。資料配對檔案至少包含對應至客戶身分之原始個人資料、與該原始個人資料合併之隨機數字單元以及對應至該原始個人資料之去識別化個人資料。詳細而言,請同時參閱第1圖及第2圖,當資料去識別裝置120將對應至客戶身分之原始個人資料轉換為去識別化個人資料後,資料去識別裝置120可將該原始個人資料、與該原始個人資料合併之隨機數字單元以及對應至該原始個人資料之去識別化個人資料傳輸至資料認證裝置140中,以於資料認證裝置140中建立出資料配對檔案。資料認證裝置140配置以儲存與維護資料配對檔案,並認證資料配對檔案中之資料的存取權限。藉此,具有權限之金融人員 需於通過資料認證裝置140的認證後,方可進入至資料認證裝置140中以存取資料配對檔案中的各項資料。 In some embodiments, the data de-identification system 100 further includes a data authentication device 140. The data authentication device 140 signals connection data to identify the device 120, and the data authentication device 140 includes a data matching file. Specifically, please refer to FIG. 2, which shows a schematic diagram of a data matching file according to an embodiment of the present disclosure. The data matching file contains at least the original personal data corresponding to the customer's identity, the random number unit combined with the original personal data, and the de-identified personal data corresponding to the original personal data. For details, please refer to Figure 1 and Figure 2 at the same time. After the data de-identification device 120 converts the original personal data corresponding to the customer's identity into de-identified personal data, the data de-identification device 120 can use the original personal data The random number unit combined with the original personal data and the de-identified personal data corresponding to the original personal data are transmitted to the data authentication device 140 to create a data matching file in the data authentication device 140. The data authentication device 140 is configured to store and maintain the data pair file, and authenticate the access authority of the data in the data pair file. In this way, financial personnel with authority It is necessary to pass the authentication of the data authentication device 140 before entering the data authentication device 140 to access various data in the data matching file.

在一些實施方式中,資料去識別化系統100更包含資料切片裝置150。資料切片裝置150訊號連接第二資料庫130,以將第二資料庫130中的去識別化個人資料進行切片。詳細而言,第二資料庫130可將其所包含的去識別化個人資料傳輸至資料切片裝置150中,而資料切片裝置150可進一步將其所接收到之去識別化個人資料的字串進行切片。舉例而言,資料切片裝置150可將例如為「8A53A30EF1A01AF5E86CDA73F7A3B6E891FB6937C81711B329D828FB3B2E7C17」的去識別化個人資料進行字串的切片以產生例如為「8A53A30EF1A01AF5」、「E86CDA73F7A3B6E8」、「91FB6937C81711B3」以及「29D828FB3B2E7C17」的多筆進階資料。應瞭解到,以上所列舉的進階資料僅作為例示,本揭露不以上述為限。在一些實施方式中,每一筆進階資料具有相同的位元數(byte)。 In some embodiments, the data de-identification system 100 further includes a data slicing device 150. The data slicing device 150 signals the second database 130 to slice the de-identified personal data in the second database 130. In detail, the second database 130 can transmit the de-identified personal data contained in it to the data slicing device 150, and the data slicing device 150 can further process the received de-identified personal data string. slice. For example, the data slicing device 150 can slice the de-identified personal data such as "8A53A30EF1A01AF5E86CDA73F7A3B6E891FB6937C81711B329D828FB3B2E7C17" to generate strings such as "8A53A30EF1A01AF5", "E86CDA73F6F7C81729D17, "E86CDA73F6F7A3B91F6F7A3B91F5", "E86CDA73F6F7A3B91F6" data. It should be understood that the advanced materials listed above are only examples, and this disclosure is not limited to the above. In some embodiments, each piece of advanced data has the same number of bits (byte).

在一些實施方式中,資料去識別化系統100更包含進階資料庫160。進階資料庫160訊號連接資料切片裝置150,使得資料切片裝置150可將經由切片後所得到之多筆進階資料傳輸至進階資料庫160中,以進行資料的長期儲存與備份。由於經由切片後所得到之每一筆進階資料皆不具有完整性,因此可進一步保障客戶之原始個人資料的安全性。在一些實施方式中,進階資料庫160包含多個 進階子資料庫170,而每一筆進階資料分別儲存於不同的進階子資料庫170中。藉由將每一筆進階資料分散地儲存於不同的進階子資料庫170中,可進一步降低客戶之原始個人資料被不當地使用或竊取的風險。 In some embodiments, the data de-identification system 100 further includes an advanced database 160. The advanced database 160 signals the data slicing device 150 so that the data slicing device 150 can transmit multiple pieces of advanced data obtained after slicing to the advanced database 160 for long-term data storage and backup. Since each piece of advanced data obtained after slicing is not complete, the security of the customer's original personal data can be further protected. In some embodiments, the advanced database 160 includes multiple The advanced sub-database 170, and each piece of advanced data is stored in a different advanced sub-database 170. By storing each piece of advanced data in a different advanced sub-database 170, the risk of improper use or theft of the customer's original personal data can be further reduced.

在一些實施方式中,資料去識別化系統100更包含資料檢查裝置180。資料檢查裝置180訊號連接進階資料庫160,以確認儲存於不同之進階子資料庫170中的進階資料的位元數是否彼此一致,進而確保多筆進階資料可被還原為原始個人資料。在一些實施方式中,資料檢查裝置180可透過執行循環冗餘檢查(cyclic redundancy check,CRC)來完成進階資料之位元數的檢查。 In some embodiments, the data de-identification system 100 further includes a data checking device 180. The data checking device 180 signals to the advanced database 160 to confirm whether the bit numbers of the advanced data stored in different advanced sub-databases 170 are consistent with each other, thereby ensuring that multiple advanced data can be restored to the original individual data. In some embodiments, the data checking device 180 can perform a cyclic redundancy check (CRC) to check the number of bits of the advanced data.

第3圖繪示根據本揭露一實施方式之資料去識別化系統的使用方法的流程圖。詳細而言,透過第3圖之資料去識別化系統的使用方法可將客戶之原始個人資料進行去識別化。資料去識別化系統的使用方法包含操作210至操作260。在以下敘述中,將進一步說明上述各操作。 FIG. 3 is a flowchart of a method of using the data de-identification system according to an embodiment of the present disclosure. In detail, the use of the data de-identification system in Figure 3 can de-identify customers' original personal data. The method of using the data de-identification system includes operations 210 to 260. In the following description, the above operations will be further explained.

請同時參閱第1圖及第3圖。首先,在操作210中,第一資料庫110將其所包含之客戶的個人原始資料傳輸至資料去識別裝置120中。接著,在操作220中,資料去識別裝置120將其所接收到的個人原始資料轉換為去識別化個人資料。隨後,在操作230中,資料去識別裝置120將經由轉換後所得之去識別化個人資料傳輸至第二資料庫130中,以進行儲存。於此同時,在操作240中,資料去識別裝置120將該原始個人資料、與該原始個人資料合併 之隨機數字單元以及對應至該原始個人資料之去識別化個人資料傳輸至資料認證裝置140中,以於資料認證裝置140中建立資料配對檔案。藉此,具有權限之金融人員可進入至資料認證裝置140中以存取資料配對檔案中的各項資料。接著,在操作250中,第二資料庫130將其所包含之去識別化個人資料傳輸至資料切片裝置150中,以得到多筆進階資料。隨後,在操作260中,資料切片裝置150將多筆進階資料傳輸至進階資料庫160中,以進行資料的長期儲存與備份。 Please refer to Figure 1 and Figure 3 at the same time. First, in operation 210, the first database 110 transmits the original personal data of the customers contained in it to the data identification device 120. Next, in operation 220, the data de-identification device 120 converts the received personal original data into de-identified personal data. Subsequently, in operation 230, the data de-identification device 120 transmits the de-identified personal data obtained after the conversion to the second database 130 for storage. At the same time, in operation 240, the data de-identification device 120 merges the original personal data with the original personal data The random number unit and the de-identified personal data corresponding to the original personal data are transmitted to the data authentication device 140 to create a data matching file in the data authentication device 140. In this way, a financial officer with authority can enter the data authentication device 140 to access various data in the data matching file. Then, in operation 250, the second database 130 transmits the de-identified personal data contained in the second database 130 to the data slicing device 150 to obtain multiple pieces of advanced data. Subsequently, in operation 260, the data slicing device 150 transmits multiple pieces of advanced data to the advanced database 160 for long-term storage and backup of the data.

藉由上述操作,客戶的原始個人資料得以被去識別化。如此一來,可避免原始個人資料被不當地使用或竊取,進而防止原始個人資料的外洩並保障客戶的權益。此外,透過將去識別化個人資料進行切片並長期保存與備份,可進一步保障資料的安全性。 Through the above operations, the customer's original personal information can be de-identified. In this way, the original personal data can be prevented from being used or stolen improperly, thereby preventing the leakage of the original personal data and protecting the rights and interests of customers. In addition, by slicing de-identified personal data and storing and backing up for a long time, data security can be further protected.

第4圖繪示根據本揭露一實施方式之資料去識別化系統的使用方法的流程圖。詳細而言,透過第4圖之資料去識別化系統的使用方法可將經由切片後所得之多筆進階資料還原為客戶的原始個人資料。資料去識別化系統的使用方法包含操作310至操作360。在以下敘述中,將進一步說明上述操作。 FIG. 4 shows a flowchart of a method of using the data de-identification system according to an embodiment of the present disclosure. In detail, through the use of the data de-identification system in Figure 4, the multiple pieces of advanced data obtained after slicing can be restored to the customer's original personal data. The method of using the data de-identification system includes operation 310 to operation 360. In the following description, the above operations will be further explained.

請同時參閱第1圖及第4圖。首先,在操作310中,資料檢查裝置180檢查儲存於不同之進階子資料庫170中的進階資料的位元數是否彼此一致。接著,在操作320中,各個進階子資料庫170將欲進行還原的進階資料 傳輸至資料切片裝置150中。隨後,在操作330中,資料切片裝置150將其所接收到的多筆進階資料合併以還原為去識別化個人資料。接著,在操作340中,資料切片裝置150將合併後所得之去識別化個人資料傳輸至第二資料庫130中。隨著,在操作350中,第二資料庫130將其所包含之去識別化個人資料傳輸至資料去識別裝置120中。接著,在操作360中,資料認證裝置140由資料去識別裝置120中擷取去識別化個人資料,並透過位於資料認證裝置140中的資料配對檔案找出對應至該去識別化個人資料的原始個人資料,進而提供具有權限之金融人員存取客戶之原始個人資料。 Please refer to Figure 1 and Figure 4 at the same time. First, in operation 310, the data checking device 180 checks whether the bit numbers of the advanced data stored in different advanced sub-databases 170 are consistent with each other. Next, in operation 320, each advanced sub-database 170 stores the advanced data to be restored Transfer to the data slicing device 150. Subsequently, in operation 330, the data slicing device 150 combines the multiple pieces of advanced data it has received to restore the de-identified personal data. Then, in operation 340, the data slicing device 150 transmits the combined de-identified personal data to the second database 130. Subsequently, in operation 350, the second database 130 transmits the de-identified personal data contained therein to the data de-identifying device 120. Then, in operation 360, the data authentication device 140 retrieves the de-identified personal data from the data de-identification device 120, and finds the original data corresponding to the de-identified personal data through the data matching file located in the data authentication device 140 Personal data, and then provide authorized financial personnel to access customers' original personal data.

藉由上述操作,客戶的原始個人資料得以被還原,以確保被去識別化後的原始個人資料不會毀損。此外,具有權限之金融人員需於通過資料認證裝置的認證後,方可進入至資料認證裝置中以存取資料配對檔案中的各項資料。如此一來,可進一步保障資料的安全性。 Through the above operations, the customer's original personal data can be restored to ensure that the de-identified original personal data will not be damaged. In addition, the authorized financial personnel must pass the authentication of the data authentication device before they can enter the data authentication device to access the data in the data matching file. In this way, data security can be further protected.

根據本揭露上述實施方式,藉由去識別裝置的設置,客戶的原始個人資料可被轉換為去識別化個人資料。由於去識別化個人資料無法呈現出可代表客戶身分的個人資訊,因此可降低原始個人資料外洩的風險,並進而保障客戶的權益。此外,藉由資料切片裝置的設置,原始個人資料可進一步被轉換為進階資料以長期保存與備份。另外,藉由資料認證裝置的設置,具有權限之金融人員需於通過認證後,方可存取客戶的原始個人資料,以進一步確保資料的 安全性。 According to the above-mentioned embodiments of the present disclosure, by setting the de-identification device, the customer's original personal data can be converted into de-identified personal data. Since de-identified personal data cannot present personal information that can represent the identity of the customer, the risk of leakage of the original personal data can be reduced, and the rights of customers can be protected. In addition, with the setting of the data slicing device, the original personal data can be further converted into advanced data for long-term preservation and backup. In addition, through the setting of the data authentication device, the authorized financial personnel must pass the authentication before they can access the customer’s original personal data to further ensure the data. safety.

雖然本揭露已以實施方式揭露如上,然其並非用以限定本揭露,在本揭露所屬技術領域中任何具有通常知識者,在不脫離本揭露之精神和範圍內,當可作各種之更動與潤飾,因此本揭露之保護範圍當視後附之申請專利範圍所界定者為準。 Although the present disclosure has been disclosed in the above implementation manners, it is not intended to limit the present disclosure. Anyone with ordinary knowledge in the technical field of the present disclosure can make various changes and changes without departing from the spirit and scope of the present disclosure. Retouching, therefore, the scope of protection of this disclosure shall be subject to the scope of the attached patent application.

100:資料去識別化系統 100: Data de-identification system

110:第一資料庫 110: First Database

120:資料去識別裝置 120: Data to identify the device

130:第二資料庫 130: The second database

140:資料認證裝置 140: Data authentication device

150:資料切片裝置 150: Data Slicing Device

160:進階資料庫 160: Advanced Database

170:進階子資料庫 170: Advanced sub-database

180:資料檢查裝置 180: data checking device

Claims (10)

一種資料去識別化系統,包含 A data de-identification system, including 一第一資料庫,包含一原始個人資料; A first database, containing an original personal data; 一資料去識別裝置,訊號連接該第一資料庫,其中該資料去識別裝置配置以接收該原始個人資料,並將該原始個人資料轉換為一去識別化個人資料;以及 A data de-identification device, signaled to the first database, wherein the data de-identification device is configured to receive the original personal data and convert the original personal data into a de-identified personal data; and 一第二資料庫,訊號連接該資料去識別裝置,且配置以接收並儲存該去識別化個人資料。 A second database, which signals the data de-identification device, and is configured to receive and store the de-identified personal data. 如請求項1所述的資料去識別化系統,更包含一資料切片裝置,訊號連接該第二資料庫,且配置以接收該去識別化個人資料,並將該去識別化個人資料進行切片以得到相同位元數的複數個進階資料。 The data de-identification system according to claim 1, further comprising a data slicing device connected to the second database with signals, and configured to receive the de-identified personal data, and slice the de-identified personal data to Obtain multiple advanced data with the same number of bits. 如請求項2所述的資料去識別化系統,更包含進階資料庫,訊號連接該資料切片裝置,且配置以儲存該些進階資料。 The data de-identification system described in claim 2 further includes an advanced database, the signal is connected to the data slicing device, and is configured to store the advanced data. 如請求項3所述的資料去識別化系統,其中該進階資料庫包含複數個進階子資料庫,其中每一該些進階資料分別儲存於不同的該些進階子資料庫中。 The data de-identification system according to claim 3, wherein the advanced database includes a plurality of advanced sub-databases, and each of the advanced data is stored in a different advanced sub-database. 如請求項4所述的資料去識別化系統,更包含一資料檢查裝置,訊號連接該些進階子資料庫,且配置 以檢查位於不同的該些進階子資料庫中的該些進階資料是否具有相同的位元數。 The data de-identification system described in claim 4 further includes a data checking device, the signal is connected to these advanced sub-databases, and the configuration To check whether the advanced data located in different advanced sub-databases have the same number of bits. 如請求項1所述的資料去識別化系統,更包含一資料認證裝置,訊號連接該資料去識別裝置,且配置以接收該原始個人資料以及該去識別化個人資料。 The data de-identification system described in claim 1 further includes a data authentication device, which is signal-connected to the data de-identification device and configured to receive the original personal data and the de-identified personal data. 如請求項6所述的資料去識別化系統,其中該資料認證裝置包含一資料配對檔案,配置以儲存該原始個人資料以及該去識別化個人資料,且該資料認證裝置配置以認證該資料配對檔案中的該原始個人資料以及該去識別化個人資料的一存取權限。 The data de-identification system according to claim 6, wherein the data authentication device includes a data matching file configured to store the original personal data and the de-identified personal data, and the data authentication device is configured to authenticate the data pairing The original personal data in the file and an access right of the de-identified personal data. 如請求項1所述的資料去識別化系統,更包含一隨機數字單元,其中該原始個人資料與該隨機數字單元合併以轉換為該去識別化個人資料。 The data de-identification system as described in claim 1, further comprising a random number unit, wherein the original personal data and the random number unit are combined to be converted into the de-identified personal data. 如請求項8所述的資料去識別化系統,更包含一資料配對檔案,配置以儲存該原始個人資料、該隨機數字單元以及去識別化個人資料。 For example, the data de-identification system described in claim 8 further includes a data matching file configured to store the original personal data, the random number unit, and the de-identified personal data. 如請求項1所述的資料去識別化系統,更包含一運算規則單元,其中該資料去識別裝置透過該運算規則單元將該原始個人資料轉換為該去識別化個人資料。 The data de-identification system according to claim 1 further includes an algorithm unit, wherein the data de-identification device converts the original personal data into the de-identified personal data through the algorithm unit.
TW109201253U 2020-02-04 2020-02-04 Data de-identification system TWM597905U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109201253U TWM597905U (en) 2020-02-04 2020-02-04 Data de-identification system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109201253U TWM597905U (en) 2020-02-04 2020-02-04 Data de-identification system

Publications (1)

Publication Number Publication Date
TWM597905U true TWM597905U (en) 2020-07-01

Family

ID=72602635

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109201253U TWM597905U (en) 2020-02-04 2020-02-04 Data de-identification system

Country Status (1)

Country Link
TW (1) TWM597905U (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI809704B (en) * 2021-02-09 2023-07-21 瑞典商安訊士有限公司 Devices and methods for safe storage of media containing personal data and erasure of stored personal data

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI809704B (en) * 2021-02-09 2023-07-21 瑞典商安訊士有限公司 Devices and methods for safe storage of media containing personal data and erasure of stored personal data

Similar Documents

Publication Publication Date Title
US20210099287A1 (en) Cryptographic key generation for logically sharded data stores
CA3066678C (en) Processing data queries in a logically sharded data store
US9288055B2 (en) Method for verifying correct encryption key utilization
US8494154B2 (en) Cryptographic ignition key system
CN103246842B (en) For verifying the method and apparatus with data encryption
CN100487715C (en) Date safety storing system, device and method
WO2008089202A2 (en) Format-preserving cryptographic systems
CN102508792B (en) Method for realizing secure access of data in hard disk
US8904176B2 (en) Protecting the information encoded in a bloom filter using encoded bits of data
CN106228084A (en) Data guard method that the sensitive field of based role dynamically adjusts and system
EP3711256B1 (en) Cryptographic key generation for logically sharded data stores
US11861027B2 (en) Enhanced securing of data at rest
CN105740725A (en) File protection method and system
CN105337722A (en) Data encryption method and apparatus
US11853445B2 (en) Enhanced securing and secured processing of data at rest
CN111461731A (en) Block chain monitoring system and method applied to financial transactions
TWM597905U (en) Data de-identification system
CN112637172A (en) Novel data security and confidentiality method
Jabbar et al. Design and Implementation of Hybrid EC-RSA Security Algorithm Based on TPA for Cloud Storage
CN103378966A (en) Secret key programming on safety dynamic piece
JP7234096B2 (en) Security management system and security management method
CN108449317A (en) A kind of access control system and its implementation carrying out safety verification based on SGX and homomorphic cryptography
EP3582133B1 (en) Method for de-identifying data
TWI444849B (en) System for monitoring personal data file based on server verifying and authorizing to decrypt and method thereof
US20210111870A1 (en) Authorizing and validating removable storage for use with critical infrastrcture computing systems