WO2019008548A1 - Method, computer system and computer program product for managing personal data - Google Patents

Method, computer system and computer program product for managing personal data Download PDF

Info

Publication number
WO2019008548A1
WO2019008548A1 PCT/IB2018/054996 IB2018054996W WO2019008548A1 WO 2019008548 A1 WO2019008548 A1 WO 2019008548A1 IB 2018054996 W IB2018054996 W IB 2018054996W WO 2019008548 A1 WO2019008548 A1 WO 2019008548A1
Authority
WO
WIPO (PCT)
Prior art keywords
personal data
microservice
code
data item
user database
Prior art date
Application number
PCT/IB2018/054996
Other languages
French (fr)
Inventor
Jorik ROMBOUTS
Original Assignee
Rombit Nv
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rombit Nv filed Critical Rombit Nv
Priority to EP18749870.4A priority Critical patent/EP3649591A1/en
Publication of WO2019008548A1 publication Critical patent/WO2019008548A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/26Government or public services
    • G06Q50/265Personal security, identity or safety

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Tourism & Hospitality (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • General Business, Economics & Management (AREA)
  • Bioethics (AREA)
  • Marketing (AREA)
  • Educational Administration (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • General Engineering & Computer Science (AREA)
  • Primary Health Care (AREA)
  • Development Economics (AREA)
  • Computer Hardware Design (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention relates to a method, a computer system and a computer program product for managing personal data. An event log and a user database are stored on a data storage system. The user database comprises a plurality of personal data items. A first microservice is configured for changing a personal data item in the user database and adding to the event log a change event concerning the modification of the personal data item and comprising a code. A second microservice is configured to, if necessary, request the modified personal data item from the first microservice using the code, based on the detection of a message concerning the change event.

Description

METHOD, COMPUTER SYSTEM AND COMPUTER PROGRAM PRODUCT FOR MANAGI NG PERSONAL DATA
TECH N I CAL Fl ELD
The invention relates to methods, computer systems and computer program products for managing personal data in a microservice architecture.
PRI OR ART
A microservice architecture is a software architecture wherein an application is built up from a collection of interacting microservices. This improves the modularity, clarity, development and testing of software. Different autonomous teams can independently develop and test microservices.
A microservice is controlled by its environment, i.e. other microservices or a user. A microservice can be linked to an event log, to which a microservice can add events. Through the exchange of events, the microservices become an interacting whole. The events can be distributed by a message broker.
Data changes can be added to the event log ('event sourcing'). In this way a complete history of data changes is created, on the basis of which the current situation can be determined. A reference point can be created at regular intervals, so that not all changes have to be traced to the absolute beginning in order to build a given state. The event log comprises the complete history of data changes, which is advantageous because an audit trail is left behind, so that the origin of a failure can easily be detected, which is further advantageous to put the system back into operation in the event of a failure. Edge computing is often used for internet-connected devices (Internet of Things (loT)). In edge computing, data from a device is processed near the device, for sending the data and/or processed data over a network. This is advantageous because in this way the complete data originating from the device does not need to be transmitted over the network, and/or the data to be transmitted can be encrypted and/or anonymised. The General Data Protection Regulation (GDPR) comprises various articles to protect personally identifiable information (Pll). Article 17 of the GDPR concerns the right to erasure. Article 20 of the GDPR states that personal data must be transferable between two data processing systems. Article 25 of the GDPR states that privacy must be built into a software program as standard and intentionally. However, the use of Event Sourcing (ES) in a microservice architecture makes it difficult to comply with Article 17 of the GDPR. Modification of a personal data item is a data change, which is difficult to erase once the data change has been added to the event log.
US 2010/0 199 098 describes methods and devices for protecting personal data by decoupling the user identity. An anonymous token is associated with each user that is decoupled from the user identity. Personal data is stored in association with this anonymous token. However, the document does not describe a microservice architecture or event log.
US 2016/0 232 624 describes microservice software components (MSSC) for managing events related to food. The document discloses that in an embodiment, a microservice software component can manage a consumer's privacy policy (which also includes access to their profile) and wherein another microservice software component may contain relevant information about an event related to food. However, the document does not disclose an event log.
US 2017/0 060 574 discloses a system for edge computing. The document also mentions the use of a microservice architecture. The document also mentions processing patient data at the source to optimise services and privacy. However, the document does not disclose managing user data.
The present invention aims to solve at least some of the problems mentioned above.
BRIEF SUMMARY OF THE INVENTION
In a first aspect, the present invention relates to a method for managing personal data, according to claim 1. In a second aspect, the present invention relates to a computer system for managing personal data, according to claim 12.
In a third aspect, the present invention relates to a computer program product for managing personal data, according to claim 13.
The use of m icroservices provides a scalable data processing system. In addition, different m icroservices can be developed and tested separately by different independent teams. The use of event sourcing (ES), in which data changes are recorded in the event log, is advantageous for the responsiveness, the autonomy of the m icroservices, the scalability and the performance. In addition, in that case an event log comprises an audit trail so that the origin of a failure can easily be detected, in addition to the fact that the system still comprises all events to put it back into operation. The use of ES, however, makes compatibility with Article 17 of the GDPR difficult.
The present invention is advantageous because personally identifiable information (PI I) is managed in a separate user database by a first microservice. When a personal data item is changed, this first microservice adds a change event to the event log. This change event comprises a code but does not comprise personal data. A message broker can send a message about the change event to another, second microservice. The second microservice can detect the message and request the modified personal data item from the first microservice using the code. Because the personal data itself is stored in a state database (the user database) instead of an incremental data change database (audit trail), it can easily be deleted, and is completely in accordance with Article 17 of the GDPR.
In this document, changes may concern overwriting, adding, or deleting. If a personal data item was removed, the first microservice can deliver to the second microservice an indication of the removal when requesting the personal data item. Alternatively, or additionally, the change event may comprise an indication that it concerns a deletion. BRI EF DESCRI PTI ON OF THE DRAWI NGS
Figure 1 shows a schematic representation of a system according to a preferred embodiment of the present invention. The system comprises m icroservices (5, 6, 7) and various databases (4, 9, 10, 10')-
DETAI LED DESCRI PTI ON
The invention relates to a method, a computer system and a computer program product. The invention was summarised in the section provided for this purpose. In the following, the invention is described in detail, preferred embodiments are explained, and the invention is illustrated by way of examples.
Unless otherwise defined, all terms used in the description of the invention, including technical and scientific terms, have the meaning as commonly understood by a person skilled in the art to which the invention pertains. For a better understanding of the description of the invention, the following terms are explained explicitly. In this document, 'a' and 'the' refer to both the singular and the plural, unless the context presupposes otherwise. For example, 'a segment' means one or more segments.
The terms 'comprise', 'comprising', 'consist of, 'consisting of, 'provided with', 'have', 'having', 'include', 'including', 'contain', 'containing' are synonyms and are inclusive or open terms that indicate the presence of what follows, and which do not exclude or prevent the presence of other components, characteristics, elements, members, steps, as known from or disclosed in the prior art. In a first aspect, the present invention relates to a method for managing personal data. A data storage system comprising one or more tangible non-transitory computer-readable storage media is provided. An event log and a user database are provided on the data storage system, the user database comprising a plurality of personal data items. The method further comprises the steps of changing a personal data item of the plurality of personal data items in the user database; adding to the event log a change event comprising a code; sending a message regarding the change event, the message comprising the code; and requesting, based on the message, the modified personal data item from the user database using the code.
In a second aspect, the present invention relates to a computer system for managing personal data. The computer system comprises one or more central processing units (CPUs), as well as a data storage system comprising one or more tangible non-transitory computer-readable storage media. The data storage system comprises an event log and a user database. The user database comprises a plurality of personal data items. The computer system is configured to perform a first microservice and a second microservice on at least one of the one or more central processing units. The first microservice is configured for changing a personal data item of the plurality of personal data items in the user database; adding to the event log a change event comprising a code; and looking up and supplying a personal data item based on a code. The second microservice is configured for detecting a message regarding a change event, the message and the change event comprising the same code; and requesting a modified personal data item from the user database from the first microservice using the code from the detected message. In a third aspect, the present invention relates to a computer program product for managing personal data. The computer program product comprises a tangible non- transitory computer-readable storage medium comprising a first and a second set of instructions for execution on a computer system. The computer system comprises one or more central processing units and a data storage system comprising one or more tangible non-transitory computer-readable storage media. The data storage system comprises an event log and a user database. The user database comprises a plurality of personal data items. The first set of instructions comprises instructions for changing a personal data item of the plurality of personal data items in the user database; then adding to the event log of a change event regarding the modification of the personal data item, the change event comprising a code; and looking up and supplying a personal data item based on a code. The second set of instructions comprises instructions for detecting a message regarding a change event, the message and the change event comprising the same code; and requesting a modified personal data item from the user database by calling the instructions of the first set of instructions for looking up and supplying a personal data item based on the code of the detected message. A person having ordinary skill in the art will appreciate that the method is implemented in the computer program product and executed using the computer system. In what follows, the three aspects of the present invention are therefore treated together.
The present invention is advantageous because personally identifiable information (PI I) is managed in a separate user database by a first microservice. When a personal data item is changed, this first microservice adds a change event to the event log. This change event comprises a code but does not comprise personal data. A message broker can send a message about the change event to another, second microservice. The second microservice can detect the message and request the modified personal data item via the first microservice using the code. The user database is a state database and not an audit trail, allowing personal data to be easily deleted, in accordance with Article 17 of the GDPR. Because the user database is a state database, personal data can also be easily exported, in accordance with Article 20 of the GDPR. Preferably, the event log is an append-only database, it only being possible to add events, but not change or delete them.
In this document, changes to a personal data item may concern overwriting, adding or deleting. If a personal data item is removed, the first microservice can deliver to the second microservice an indication of the removal when requesting the personal data item. Alternatively, or additionally, the change event may comprise an indication that it concerns a deletion. Sending a message regarding a change event may involve performing a query on the event log. Based on this query, events that are relevant to the second microservice are filtered. Preferably, this query is performed by a message broker which filters out the relevant events for the second microservice. In a query performed by a message broker, the second microservice is notified about the change event by the message broker sending a message about the change event to the second microservice.
Preferably, adding and detecting events in the event log is managed with Command and Query Responsibility Separation (CQRS), which ensures the filtering out and/or detection of events in the event log without altering the event log. Preferably, microservices communicate via a hypertext transfer protocol (HTTP) resource application programming interface (API). Herein, the second microservice requests the modified personal data item from the first microservice via an HTTP resource API, whereby the code is delivered to the first microservice via the HTTP resource API. This is advantageous because an HTTP resource API allows interacting microservices to be developed in different programming languages. Moreover, an HTTP resource API is simple and does not require many computer resources. In a preferred embodiment, the user database comprises a plurality of users. A user of the plurality of users comprises one or more personal data items. A non- exhaustive sample list of types of personal data comprises: an address, a bank detail, a bank card detail, a message on a social network site, a biometric data item, an email address, a photograph, a date of birth, a place of birth, an IP address, a registration number of a vehicle, a login name, a name, a passport number, a national register number, a social security number, a criminal record, a telephone number, a fingerprint, a first name, financial information, genetic information, medical information, training information and employment information. Preferably, the code is linked one-to-one with a user. The change event can in this case include both the code and a type of personal data.
The code can be any anonymous form of identification. The code can be used to store data, e.g. by the second microservice, in an anonymous manner. If the data and the code are read, a reader will not learn any personal data related to the data or code.
In a preferred embodiment, a hash table is provided on the data storage system, the hash table being suitable for converting codes into lookup codes. To obtain the modified personal data item, the code (of the change event) is converted into a lookup code using the hash table. The modified personal data item can then be obtained from the user database with the help of the lookup code. This conversion can be performed by the second microservice. Preferably, this conversion is performed by the first microservice, and the second microservice passes the code to the first microservice when calling the instructions for looking up and supplying a personal data item . In an embodiment, each microservice comprises a microservice-specific hash table for converting a microservice-specific storage code (e.g. the lookup code for the first microservice) into a micro-service universal code (e.g. 'the code'). The microservice-specific storage code can be used to store data on the data storage system, e.g. in a database of the microservice. The microservice universal code is used for communication between the various microservices. If the microservice- specific hash tables are stored separately from the corresponding database or encrypted, this results in an additional decoupling of data stored by different m icroservices.
In a preferred embodiment, the user database comprises the personal data items in encrypted form. In this preferred embodiment, the first microservice has access to a database comprising an encryption and/or decryption key. Preferably, this database is physically separated from the user database. Changing a personal data item by the first microservice in this case comprises encrypting the modified personal data item; and introducing (storing) the encrypted personal data item into the user database. In this case, looking up and supplying a personal data item by the first microservice comprises reading the encrypted personal data item from the user database and decrypting the encrypted personal data item.
In a preferred embodiment, the computer system comprises a device associated with a user. This device may, for example, concern an Internet of Things (loT) device. To protect the privacy of the user as well as possible, the data of the device is processed before it is sent via the internet to the data storage system. In this edge computing, the raw data is converted into processed data. The processed data may concern compressed data, calculation results, a trigger based on the raw data, anonymised data and/or encrypted data. The processed data can then be stored on the data storage system in conjunction with the code or a microservice-specific code that is one-to-one linked to the user.
A person having ordinary skill in the art will appreciate that in the previous preferred embodiment, the computer system comprises several central processing units, and that these can be physically separated from each other. A microservice can be carried out on a central processing unit that is responsible for the data processing near the loT device (edge computing device). On another central processing unit of the computer system, another microservice may be carried out for further processing of the received processed data for storage in the data storage system. Analogously, the data storage system may comprise a plurality of tangible non-transitory computer-readable storage media, which may also be physically separated from each other. When different m icroservices are carried out on central processing units that are themselves physically separate from each other, a person having ordinary skill in the art will appreciate that a tangible non-transitory computer-readable storage medium can correspond with each group of central processing units at a given location. Further, the data storage system may also comprise cloud-based tangible non-transitory computer-readable storage media. Furthermore, the computing power of the computer system can also be partially or completely taken care of by cloud computing. When storing data on a cloud-based tangible non-transitory computer-readable storage medium, the data is preferably encrypted. Even more preferably, the whole is configured so that only the microservice that encrypted the data and stored the encrypted data on the cloud- based tangible non-transitory computer-readable storage medium is capable of decrypting the data, according to the principle of least privilege.
ALTERNATI VE EM BOD I MENTS
The preferred embodiment as described above provides a first microservice that manages the plurality of personal data items in a state database (the user database), which is advantageous to be in accordance with Article 17 of the GDPR.
In an alternative embodiment, the plurality of personal data items can be stored by data changes in the event log (event sourcing). This has the advantage that the second microservice does not have to request the modified personal data item from the first microservice. However, this has the disadvantage that the removal of personal data from the system is difficult. Manipulating events in the event log can cause inconsistencies or reduced performance. The preferred embodiment as described above provides that other m icroservices (e.g., the second microservice) request personal data from the first microservice on the basis of necessity. These microservices do not store personal data locally, except for a (hashed) code to be able to request a personal data item of a user. When a personal data item of a user is changed, the first microservice in the preferred embodiment as described above adds a change event to the event log. This change event includes the code related to the user and preferably also the type of personal data item that has been changed as well as an indication of whether the personal data item has been added/overwritten or has been deleted. A message broker can then send a message concerning this change event to the second microservice, the message including the code. In an alternative embodiment, the first microservice can change the personal data item, without adding a change event to the event log. The other m icroservices must then regularly request a personal data item to check whether a change was made.
In yet another alternative embodiment, the first microservice adds a change event to the event log, the change event comprising the modified personal data item, and the change event having a limited lifespan, i.e., the change event only being present in the event log for a certain time. The message from the message broker can then also comprise the modified personal data item, and the second microservice no longer has to request the changed personal data item from the first microservice. Moreover, the whole is in this way also in accordance with Article 17 of the GDPR.
In what follows, the invention will be described by way of non-limiting examples illustrating the invention, and which are not intended to and should not be interpreted as limiting the scope of the invention.
EXAMPLES
EXAMPLE 1 : CLOUD-BASED DATABASES PER Ml CROSERVI CE
Figure 1 shows a schematic representation of a system according to a preferred embodiment of the present invention. The m icroservices (5, 6, 7) of a set (1) of interacting microservices each have their own database (9, 10, 10') on a cloud- based tangible non-transitory computer-readable storage medium (3). Only the microservice corresponding to a database can read (31, 33, 33') and write (30, 32, 32') to this database. The microservices (5, 6, 7) can request data (50, 51, 50', 51', 50", 51") from each other. Furthermore, the microservices (5, 6, 7) can also interact asynchronously via a message broker. A user microservice (5) is coupled to an event log (2) comprising events (8, 8', 8", 8"', 8""), and can add (40) and request (41) events from the event log (2). If an event relevant to another microservice (6, 7) is added to the event log (2), the message broker can filter out this event and send (43, 43') a message concerning the event to said other microservice (6, 7). This message may comprise the event itself, a reference to the event, and/or a processing of the event.
The user microservice (5) manages a user database (9) comprising a plurality of users. A plurality of personal data items is associated with each user (12), such as e.g. a photograph (13), a name (14), an address (15), an email address (16) and a telephone number (17). The user database (9) comprises the personal data items in encrypted form. The user microservice (5) can request (34) and obtain (35) an encryption key and/or decryption key from another database (4) to encrypt and/or decrypt the personal data. Preferably, each database (9, 10, 10') associated with a microservice (5, 6, 7) is encrypted in such a manner. The interaction (50, 50', 50", 51, 51', 51") between the microservices is preferably based on a HTTP resource API. Preferably, adding and requesting events to/from the event log (2) are separated from each other as in CQRS-based systems.
A user wishes to change a personal data item. They log into a website for entering this change. The website here forms an interface to the data managed in the system. This interface is preferably a separate interface microservice. The interface microservice requests the personal data item of the user from the user microservice (5) via a code that is one-to-one linked to the user and sends the necessary data to the computer of the user for displaying the current personal data item on the screen of the computer. The user overwrites the personal data item via the website and clicks on Save. The interface microservice sends the modified personal data item to the user microservice (5), which encrypts it and introduces it (30) into the user database (9). The user microservice (5) also adds a change event (40) to the event log (2). The change event comprises the code and the type of personal data. A billing microphone service receives a message concerning the change event from the message broker, the message also comprising the code and the type of personal data and requests the modified personal data item on the basis of the code and the type of personal data from the user microservice (5) and adapts the invoice for the user. EXAMPLE 2 : PARKI NG SPACE RESERVATI ON SYSTEM
A parking space reservation system for use with digital traffic signs as disclosed in BE 1 023 270 is discussed in this example. The parking space reservation system comprises a plurality of microservices:
• a user microservice manages the sensitive personally identifiable information (Pll) of users, such as name, address, email address, telephone number, payment details and the like;
• a request microservice processes reservation requests of users for a parking space;
• a document microservice manages permits associated with approved reservations;
• a template microservice generates documents and email content based on pre-defined templates;
· a payment microservice is responsible for processing payments;
• a cost calculation microservice calculates the cost of a request;
• a message microservice facilitates interactions between users and the local authority responsible for processing reservation requests;
• a traffic sign microservice is responsible for the management of a pool of digital traffic signs as disclosed in BE 1 023270;
• a planning microservice prepares the planning for the dropping off and picking up of digital traffic signs; and
• a city microservice manages each city's configuration settings. A user has the right to erasure according to Article 17 of the GDPR. By linking to the user microservice a state database for managing personal data per user, whereby when a personal data item is changed, the user microservice adds a change event to the event log comprising the code associated with the user and the type of personal data that has changed, no personal data is propagated in the event log, but must be requested from the user microservice.
A person having ordinary skill in the art will appreciate that the preferred embodiments discussed in the detailed description also apply in this example.

Claims

CLAI MS
Method for managing personal data, the method comprising the following steps:
- providing a data storage system comprising one or more tangible non-transitory computer-readable storage media;
- providing an event log and a user database on the data storage system, the user database comprising a plurality of personal data items;
- changing a personal data item of the plurality of personal data items in the user database;
- adding to the event log a change event comprising a code;
- sending a message regarding the change event, the message comprising the code; and
- requesting, based on the message, the modified personal data item from the user database using the code.
Method according to previous claim 1 , comprising the steps of:
- providing a hash table on the data storage system, the hash table suitable for converting codes into lookup codes;
- converting the code into a lookup code using the hash table; and
- looking up the modified personal data item in the user database with the aid of the lookup code.
Method according to any of the previous claims 1 and 2, the event log being an append-only database.
Method according to any of the previous claims 1 to 3, the user database comprising the personal data items in encrypted form.
Method according to any of the previous claims 1 to 4, a personal data item comprising one or more of the following: an address, a bank detail, a bank card detail, a message on a social network site, a biometric data item, an email address, a photograph, a date of birth, a place of birth, an IP address, a registration number of a vehicle, a login name, a name, a passport number, a national register number, a social security number, a criminal record, a telephone number, a fingerprint, a first name, financial information, genetic information, medical information, training information and employment information.
6. Method according to any of the previous claims 1 to 5, the user database comprising a plurality of users, a user of the plurality of users comprising one or more personal data items, and the code being one-to-one linked to a user.
7. Method according to previous claim 6, the change event comprising the code and a type of the modified personal data item.
8. Method according to any of the previous claims 6 and 7, the method comprising the steps of:
- providing a device associated with a user;
- processing data of the device;
- sending the processed data over the internet to the data storage system ; and
- storing the processed data in conjunction with the code one-to-one linked to the user on the data storage system.
9. Method according to any of the previous claims 1 to 8, comprising the steps of:
- providing a computer system comprising one or more central processing units;
- carrying out a first microservice and a second microservice on the computer system ;
- saving by the first microservice of the modified personal data item in the user database;
- adding by the first microservice to the event log of the change event; - sending the message regarding the change event to the second microservice; and
requesting by the second microservice from the first microservice of the modified personal data item using the code.
10. Method according to previous claims 4 and 9, the first microservice encrypting the modified personal data item, introducing the encrypted personal data item into the user database, reading the encrypted personal data item from the user database, and decrypting the encrypted personal data item .
11. Method according to any of the previous claims 9 and 10, the second microservice requesting the modified personal data item from the first microservice via a hypertext transfer protocol resource application programming interface.
12. Computer system for managing personal data comprising one or more central processing units and a data storage system comprising one or more tangible non-transitory computer-readable storage media, the data storage system comprising an event log and a user database, the user database comprising a plurality of personal data items, the computer system configured for carrying out a first microservice and a second microservice on at least one of the one or more central processing units, the first microservice configured for:
- changing a personal data item of the plurality of personal data items in the user database;
- adding to the event log a change event comprising a code; and
- looking up and supplying a personal data item based on a code, the second microservice configured for:
- detecting a message regarding a change event, the message and the change event each comprising the same code; and
- requesting a modified personal data item from the user database from the first microservice using the code from the detected message.
13. Computer program product for managing personal data comprising a tangible non-transitory computer-readable storage medium comprising a first and a second set of instructions for execution on a computer system comprising one or more central processing units and a data storage system comprising one or more tangible non-transitory computer-readable storage media, the data storage system comprising an event log and a user database, the user database comprising a plurality of personal data items, the first set of instructions comprising instructions for:
- changing a personal data item of the plurality of personal data items in the user database and then adding to the event log a change event regarding the modification of the personal data item, the change event comprising a code;
- looking up and supplying a personal data item based on a code, the second set of instructions comprising instructions for:
- detecting a message regarding a change event, the message and the change event each comprising the same code; and
- requesting a modified personal data item from the user database by calling the instructions of the first set of instructions for looking up and supplying a personal data item based on the code of the detected message.
14. Computer program product according to previous claim 13, the data storage system comprising a hash table, the hash table being suitable for converting codes into lookup codes, and the instructions for looking up and supplying a personal data item based on a code comprising instructions for:
- converting the code into a lookup code using the hash table; and
- looking up the modified personal data item in the user database with the aid of the lookup code. 15. Computer program product according to any of the previous claims 13 and 14, the event log being an append-only database.
PCT/IB2018/054996 2017-07-07 2018-07-06 Method, computer system and computer program product for managing personal data WO2019008548A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP18749870.4A EP3649591A1 (en) 2017-07-07 2018-07-06 Method, computer system and computer program product for managing personal data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
BE2017/5482A BE1024882B1 (en) 2017-07-07 2017-07-07 METHOD, COMPUTER SYSTEM AND COMPUTER PRODUCT FOR MANAGING PERSONAL DATA
BEBE2017/5482 2017-07-07

Publications (1)

Publication Number Publication Date
WO2019008548A1 true WO2019008548A1 (en) 2019-01-10

Family

ID=59366167

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2018/054996 WO2019008548A1 (en) 2017-07-07 2018-07-06 Method, computer system and computer program product for managing personal data

Country Status (3)

Country Link
EP (1) EP3649591A1 (en)
BE (1) BE1024882B1 (en)
WO (1) WO2019008548A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111126939A (en) * 2019-11-22 2020-05-08 河北瑞池工程项目管理有限公司 Project progress supervision control system
CN111209126A (en) * 2020-01-03 2020-05-29 北京明略软件系统有限公司 Data transmission method and device between microservices and electronic equipment
WO2021236292A1 (en) * 2020-05-20 2021-11-25 EMC IP Holding Company LLC Data masking in a microservice architecture
US11194928B2 (en) 2019-06-10 2021-12-07 International Business Machines Corporation Template-based identification and removal of stored personal information
US11347690B2 (en) 2020-05-20 2022-05-31 EMC IP Holding Company LLC Data masking in a microservice architecture
US11468193B2 (en) 2020-05-20 2022-10-11 EMC IP Holding Company LLC Data masking in a microservice architecture
US11475160B2 (en) 2020-05-20 2022-10-18 EMC IP Holding Company LLC Data masking in a microservice architecture
US11657368B2 (en) 2019-05-17 2023-05-23 Samsung Electronics Co., Ltd. Server and control method thereof
US11681822B2 (en) 2019-06-17 2023-06-20 International Business Machines Corporation Managing sensitive user information
US20230208817A1 (en) * 2020-03-02 2023-06-29 Cisco Technology, Inc. Policy based personally identifiable information leakage prevention in cloud native enviroments

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002005061A2 (en) * 2000-07-06 2002-01-17 David Paul Felsher Information record infrastructure, system and method
US20060026042A1 (en) * 2004-07-23 2006-02-02 Christian Awaraji Privacy compliant consent and data access management system and methods
US20100199098A1 (en) 2009-02-02 2010-08-05 Yahoo! Inc. Protecting privacy of shared personal information
US20160232624A1 (en) 2012-01-05 2016-08-11 Kitchology Inc. Method, apparatus and system for consumer profiling in support of food-related activities
BE1023270B1 (en) 2015-12-09 2017-01-18 Rombit Nv System and method for managing traffic sign systems and traffic sign systems with a tracking system
US20170060574A1 (en) 2015-08-27 2017-03-02 FogHorn Systems, Inc. Edge Intelligence Platform, and Internet of Things Sensor Streams System
WO2017066715A1 (en) * 2015-10-14 2017-04-20 Cambridge Blockchain, LLC Systems and methods for managing digital identities

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2002005061A2 (en) * 2000-07-06 2002-01-17 David Paul Felsher Information record infrastructure, system and method
US20060026042A1 (en) * 2004-07-23 2006-02-02 Christian Awaraji Privacy compliant consent and data access management system and methods
US20100199098A1 (en) 2009-02-02 2010-08-05 Yahoo! Inc. Protecting privacy of shared personal information
US20160232624A1 (en) 2012-01-05 2016-08-11 Kitchology Inc. Method, apparatus and system for consumer profiling in support of food-related activities
US20170060574A1 (en) 2015-08-27 2017-03-02 FogHorn Systems, Inc. Edge Intelligence Platform, and Internet of Things Sensor Streams System
WO2017066715A1 (en) * 2015-10-14 2017-04-20 Cambridge Blockchain, LLC Systems and methods for managing digital identities
BE1023270B1 (en) 2015-12-09 2017-01-18 Rombit Nv System and method for managing traffic sign systems and traffic sign systems with a tracking system

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11657368B2 (en) 2019-05-17 2023-05-23 Samsung Electronics Co., Ltd. Server and control method thereof
US11194928B2 (en) 2019-06-10 2021-12-07 International Business Machines Corporation Template-based identification and removal of stored personal information
US11681822B2 (en) 2019-06-17 2023-06-20 International Business Machines Corporation Managing sensitive user information
CN111126939A (en) * 2019-11-22 2020-05-08 河北瑞池工程项目管理有限公司 Project progress supervision control system
CN111126939B (en) * 2019-11-22 2023-10-03 河北瑞池工程项目管理有限公司 Project progress supervision control system
CN111209126A (en) * 2020-01-03 2020-05-29 北京明略软件系统有限公司 Data transmission method and device between microservices and electronic equipment
US20230208817A1 (en) * 2020-03-02 2023-06-29 Cisco Technology, Inc. Policy based personally identifiable information leakage prevention in cloud native enviroments
WO2021236292A1 (en) * 2020-05-20 2021-11-25 EMC IP Holding Company LLC Data masking in a microservice architecture
US11347690B2 (en) 2020-05-20 2022-05-31 EMC IP Holding Company LLC Data masking in a microservice architecture
US11468193B2 (en) 2020-05-20 2022-10-11 EMC IP Holding Company LLC Data masking in a microservice architecture
US11475160B2 (en) 2020-05-20 2022-10-18 EMC IP Holding Company LLC Data masking in a microservice architecture
GB2609122A (en) * 2020-05-20 2023-01-25 Emc Ip Holding Co Llc Data masking in a microservice architecture
US11580262B2 (en) 2020-05-20 2023-02-14 EMC IP Holding Company LLC Data masking in a microservice architecture
US11669638B2 (en) 2020-05-20 2023-06-06 EMC IP Holding Company LLC Data masking in a microservice architecture

Also Published As

Publication number Publication date
EP3649591A1 (en) 2020-05-13
BE1024882B1 (en) 2018-08-01

Similar Documents

Publication Publication Date Title
WO2019008548A1 (en) Method, computer system and computer program product for managing personal data
US11240251B2 (en) Methods and systems for virtual file storage and encryption
US11531781B2 (en) Encryption scheme for making secure patient data available to authorized parties
US20170277773A1 (en) Systems and methods for secure storage of user information in a user profile
US20170277774A1 (en) Systems and methods for secure storage of user information in a user profile
WO2019241359A1 (en) Blockchain distributed access, storage and transport
US20170140375A1 (en) System and Method for Permissioned Distributed Block Chain
US20150026823A1 (en) Method and system for entitlement setting, mapping, and monitoring in big data stores
US20120303616A1 (en) Data Perturbation and Anonymization Using One Way Hash
US20170277775A1 (en) Systems and methods for secure storage of user information in a user profile
US20150026462A1 (en) Method and system for access-controlled decryption in big data stores
JP2019521537A (en) System and method for securely storing user information in a user profile
DE102013203126B4 (en) System, method and program product for transparent access to encrypted non-relational data in real time
Kieseberg et al. A tamper-proof audit and control system for the doctor in the loop
US10893027B2 (en) Secure access to individual information
US20190327311A1 (en) Secure access to individual information
US20100262837A1 (en) Systems And Methods For Personal Digital Data Ownership And Vaulting
CA3136132A1 (en) Record reporting system
CN103971063A (en) Transfer medium for security-critical medical image contents
AU2022203651A1 (en) Rule-based targeted extraction and encryption of sensitive document features
WO2020004139A1 (en) Personal information analysis system and personal information analysis method
Balamurugan et al. An efficient framework for health system based on hybrid cloud with ABE-outsourced decryption
WO2016077219A1 (en) System and method for securely storing and sharing information
US20230129705A1 (en) System and method for certified data storage and retrieval
WO2021079925A1 (en) Information processing method, information processing system, and information processing program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18749870

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2018749870

Country of ref document: EP

Effective date: 20200207