Patent Application Titled “System And Method For Data Privacy Compliance” Published Online (USPTO 20240095396): Thales

2024 APR 10 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Washington, D.C., by NewsRx journalists, a patent application by the inventors KHAN, Mohd Shahab (New Delhi, IN); RAJBHANDARI, Ilika (Noida, IN); TOPE, Mukul (Noida, IN), filed on September 20, 2022, was made available online on March 21, 2024.

The assignee for this patent application is Thales (Austin, Texas, United States).

Reporters obtained the following quote from the background information supplied by the inventors: “Traditional PKI models for securing devices and messages between ever-increasing multitudes of devices fail to be scalable and secure in terms of privacy. They also fail to provide an easy way to comply with various privacy laws and standards. There are situations where it is desirable to selectively delete or otherwise render inaccessible certain data contained in fields of stored data records. For instance, in the United States HIPPA (Health Insurance Portability and Accountability Act) regulations require that a person’s health-related data be kept confidential and not disclosed except to authorized entities. In another example, to protect the privacy of individuals, the European Union established GDPR or the General Data Protection Regulation in May 2018. GDPR regulates organizations to protect personal information collected and instructs them to erase it under “Right to be forgotten” when it is no longer required or when requested by the Data owner or Data Subject. However, the organizations do not have a solution that ensures all the data collected, stored, and distributed is secure and can be removed at the owner’s request or at their control.

“The right to be forgotten has been defined as the right to silence on past events in life that are no longer occurring, and leads to allowing individuals to have information, videos or photographs about themselves deleted from certain internet records so that they cannot be found by search engines. Personal data must be erased immediately where the data are no longer needed for their original processing purpose, or the data subject has withdrawn consent and there is no other legal ground for processing, the data subject has objected and there are no overriding legitimate grounds for the processing, or erasure is required to fulfill a statutory obligation under the EU law. This right to be forgotten requires holders of a person’s private personal data such as names, identification numbers, financial and social security information, credit card data, etc., to erase all or particular parts of such data from data records upon request of the person so that the data are inaccessible. This applies not only to production copies of the data, but also to data residing in all backup copies as well. The penalties on holders of private personal data for failure to comply may be severe.

“This requirement to delete a user’s personal data, and similar other requirements to make inaccessible certain types of data, poses a complex challenge to organizations which hold both primary and secondary copies of relevant data. Personal data are typically stored in particular predetermined fields of a user’s record in a database. Organizations can implement with reasonable effort personal data erasure in a production database by accessing a user’s record and either deleting or altering them by overwriting the private data fields with arbitrary or random data. However, it is a bigger challenge to erase or delete these fields in all other copies of the database that are stored as backups on the same or on another storage system, and on disaster recovery copies in another location. There is no easy way to access and delete or alter specific records in database secondary copies which does not require accessing all such copies. To delete these other copies of data, the database copies must be presented by the backup/data recovery system and either attached to a database host for deletion of the relevant data fields, or a special tool must be used for changing these data fields without a database host. Where the copies are at a remote site, or reside on tape with no immediate physical access and must be delivered to a facility where they can be mounted and processed, it is an even more complex and resource-intensive endeavor, especially where the remote copies are stored in a cloud. Such approaches are far too complex and challenging to be acceptable to most organizations.

“When data is stored in the cloud, traditional firewalls are not able to effectively control the downloading and uploading of data. Data security depends on users’ credentials. An attacker can gain access to a host by exploiting an application or operating system vulnerability, manipulating a user, leveraging stolen credentials, or taking advantage of lax security practices. Usage anomalies, such as an employee downloading, sharing, or uploading data from an app excessively or logins from multiple locations can indicate compromised credentials. In one example, alerting on new or rare authentication activity identifies compromised credentials. These usage anomalies can indicate out-of-compliance behaviors and even the presence of malware. Besides not truly having control of their own data, such instances can also leave a data subject out of controlling their right to privacy including their ability to enforce their right to be forgotten.

“U.S. patent Ser. No. 11/151,280 issued on Oct. 19, 2021 to assignee EMC Corp. entitled “Simplified deletion of personal private data in cloud backup storage for GDPR compliance” discloses a public cloud that stores data in a database system for a plurality of entities as primary data and as one or more secondary backup copies of the primary data, the data being stored in predefined data fields of data records, personal private data of each entity is stored encrypted using an encryption/decryption key that is unique to each different entity. The encryption/decryption keys are stored in the cloud in a key store of a key management system. To delete the personal private data of a particular entity, as to comply with the right to be forgotten pursuant to GDPR regulations, or otherwise, the encryption/decryption key for that particular entity is deleted from the key store to render permanently inaccessible all copies of that entity’s personal private data. Unfortunately, keys can be compromised in such a system and such a system lacks total control of personal data by the data owner.

“A data owner may request directly from an organization to remove their data. However, it does not ensure that all the primary and secondary copies of the data have or will be removed.

“All of the subject matter discussed in the Background section is not necessarily prior art and should not be assumed to be prior art merely as a result of its discussion in the Background section. Along these lines, any recognition of problems in the prior art discussed in the Background section or associated with such subject matter should not be treated as prior art unless expressly stated to be prior art. Instead, the discussion of any subject matter in the Background section should be treated as part of the inventor’s approach to the particular problem, which, in and of itself, may also be inventive.”

In addition to obtaining background information on this patent application, NewsRx editors also obtained the inventors’ summary information for this patent application: “In some embodiments, a method of providing data privacy compliance at a server with respect to a right to be forgotten can include one or more processors and memory coupled to the one or more processors, where the memory includes computer instructions which when executed by the one or more processors causes the one or more processors at the server at an organization to perform certain operations. Such operations can include receiving key information, data, and an expiration date in response to a request to create a key by a data subject to a key management service, sending a request to the key management service for the key, receiving the key from the key management system in response to the request from the server to the key management service, encrypting the data at the server with the key to provide encrypted data, storing the encrypted data in a storage, receiving a request at the server to access the data, attempting to retrieve the key by the server from the key management service, and denying access to the data in response to the request to access the data after a request from the data subject to revoke the key since the server was unable to obtain the key. In some embodiments, the key information received by the server is a Hold Your Own Key. In some embodiments the encrypting of the data is a Hold Your Own Encryption.

“In some embodiments, the key management service is a cloud key management service.

“In some embodiments, the step of encrypting the data includes the steps at an encryption agent coupled to the server of receiving a request to encrypt the data from the server, encrypting the data at the encryption agent, sending the encrypted data as an encrypted file to a storage and receiving a file path at the encryption agent that can be shared. In some embodiments, the encryption agent shares the file path for the encrypted file with the server. In some embodiments, the method further includes receiving a request at the server to view the data by a requestor at the organization, and authenticating access by the server to allow viewing of the data by the requestor.

“In some embodiments, the method further includes the step at a server of sending a link corresponding to the file path to the requestor, sending by the storage to the encryption agent a request to view a file corresponding to the data in response to a selection or click of the link by the requestor, authenticating the requestor if the request to view the file is done before the expiration date of the data.

“In some embodiments, the method further includes the steps at the encryption agent of requesting the key from the key management service to decrypt the encrypted data, receiving the key from the key management service, and granting access to the requestor to the data from a decrypted file.

“In some embodiments, the method further includes the steps at the server of automatically sending an error message to the requestor that the expiration date has been reached, receiving a request from the requestor to delete the data in response to the error message, and sending an instruction to delete the data to the storage.

“In some embodiments, in response to a request by the data subject to the key management service to delete the key, the server fails to decrypt an encrypted file containing the data when a requester requests access to the encrypted file.

“In some embodiments, a system of providing data privacy compliance at a server with respect to a right to be forgotten by a data subject includes one or more processors and memory coupled to the one or more processors, where the memory includes computer instructions which when executed by the one or more processors causes the one or more processors at the server at an organization to perform certain operation. In some embodiments, the operations include the operations to send a request to the key management service for the key, receive the key from the key management system in response to the request from the server to the key management service, encrypt the data at the server with the key to provide encrypted data, store the encrypted data in a storage, receive a request at the server to access the data, attempt to retrieve the key by the server from the key management service, and deny access to the data in response to the request to access the data upon a request from the data subject to revoke the key since the server was unable to obtain the key. In some embodiments, the key information received by the server is a Hold Your Own Key and the type of encryption performed at the server is Hold Your Own Encryption.

“In some embodiments, the key management service is a cloud key management service.

“In some embodiments, the step of encrypting the data includes the steps at an encryption agent coupled to the server of receiving a request to encrypt the data from the server, encrypting the data at the encryption agent, sending the encrypted data as an encrypted file to a storage and receiving a file path at the encryption agent that can be shared. In some embodiments, the encryption agent shares the file path for the encrypted file with the server and the server authenticates access to allow viewing of the data by a requestor at the organization in response to receiving the request at the server.

“In some embodiments, a system of providing data privacy compliance by an organization with respect to a right to be forgotten by a data subject includes one or more processors and memory coupled to the one or more processors, where the memory includes computer instructions which when executed by the one or more processors causes the one or more processors at one or more of the server, an encryption agent, and a storage affiliated with the organization to perform certain operations. In some embodiments, the operations include operations to receive key information, data, and an expiration date in response to a request to create a key by the data subject to a key management service in communication with the encryption agent, send a request to the key management service for the key from the encryption agent, receive at the encryption agent the key from the key management system in response to the request from the encryption agent, encrypt the data at the encryption agent with the key to provide encrypted data, store the encrypted data in the storage, receive a request at the server to access the data, attempt to retrieve the key by the server from the key management service, and deny access to the data in response to the request to access the data after a request from the data subject to revoke the key. In some embodiments, the key information received by the server is a Hold Your Own Key. In some embodiments the encrypting of the data is a Hold Your Own Encryption.

“In some embodiments, the encryption agent includes a cloud key manager and an encryption and decryption engine. In some embodiments, the encryption agent includes a cloud key manager in communication with a cloud key service and an encryption and decryption engine in communication with the cloud key manager and the storage. In some embodiments, the system is compliant with the GDPR.

“In some embodiments, the system further includes the one or processors further configured to send an error message to the requestor in response to requesting access to the encrypted data after the data subject revokes the key.”

The claims supplied by the inventors are:

“1. A method of providing data privacy compliance at a server with respect to a right to be forgotten, comprising: one or more processors and memory coupled to the one or more processors, wherein the memory includes computer instructions which when executed by the one or more processors causes the one or more processors at the server at an organization to perform the operations of: receiving key information, data, and an expiration date in response to a request to create a key by a data subject to a key management service; sending a request to the key management service for the key; receiving the key from the key management system in response to the request from the server to the key management service; encrypting the data at the server with the key to provide encrypted data; storing the encrypted data in a storage; receiving a request at the server to access the data; attempting to retrieve the key by the server from the key management service; and denying access to the data in response to the request to access the data after a data subject revokes the key.

“2. The method of claim 1, wherein the key information received by the server is a Hold Your Own Key.

“3. The method of claim 1, wherein the key management service is a cloud key management service.

“4. The method of claim 1, wherein the step of encrypting the data comprises the steps at an encryption agent coupled to the server of receiving a request to encrypt the data from the server, encrypting the data at the encryption agent, sending the encrypted data as an encrypted file to a storage and receiving a file path at the encryption agent that can be shared.

“5. The method of claim 4, wherein the encryption agent shares the file path for the encrypted file with the server.

“6. The method of claim 5, wherein the method further comprises receiving a request at the server to view the data by a requestor at the organization, and authenticating access by the server to allow viewing of the data by the requestor.

“7. The method of claim 6, wherein the method further comprises the step at a server of sending a link corresponding to the file path to the requestor, sending by the storage to the encryption agent a request to view a file corresponding to the data in response to a selection or click of the link by the requestor, authenticating the requestor if the request to view the file is done before the expiration date of the data.

“8. The method of claim 6, wherein the method further comprises the steps at the encryption agent of requesting the key from the key management service to decrypt the encrypted data, receiving the key from the key management service, and granting access to the requestor to the data from a decrypted file.

“9. The method of claim 7, wherein the method further comprises the steps at the server of automatically sending an error message to the requestor that the expiration date has been reached, receiving a request from the requestor to delete the data in response to the error message, and sending an instruction to delete the data to the storage.

“10. The method of claim 5, wherein in response to a request by the data subject to the key management service to delete the key, the server fails to decrypt an encrypted file containing the data when a requester requests access to the encrypted file.

“11. A system of providing data privacy compliance at a server with respect to a right to be forgotten by a data subject, comprising: one or more processors and memory coupled to the one or more processors, wherein the memory includes computer instructions which when executed by the one or more processors causes the one or more processors at the server at an organization to perform the operations of: receive key information, data, and an expiration date in response to a request to create a key by the data subject to a key management service; send a request to the key management service for the key; receive the key from the key management system in response to the request from the server to the key management service; encrypt the data at the server with the key to provide encrypted data; store the encrypted data in a storage; receive a request at the server to access the data; attempt to retrieve the key by the server from the key management service; and deny access to the data in response to the request to access the data after the data subject revokes the key since the server was unable to obtain the key.

“12. The system of claim 11, wherein the key information received by the server is a Hold Your Own Key and the type of encryption performed at the server is Hold Your Own Encryption.

“13. The system of claim 11, wherein the key management service is a cloud key management service.

“14. The system of claim 11, wherein the step of encrypting the data comprises the steps at an encryption agent coupled to the server of receiving a request to encrypt the data from the server, encrypting the data at the encryption agent, sending the encrypted data as an encrypted file to a storage and receiving a file path at the encryption agent that can be shared.

“15. The system of claim 14, wherein the encryption agent shares the file path for the encrypted file with the server and the server authenticates access to allow viewing of the data by a requestor at the organization in response to receiving the request at the server.

“16. A system of providing data privacy compliance by an organization with respect to a right to be forgotten by a data subject, comprising: one or more processors and memory coupled to the one or more processors, wherein the memory includes computer instructions which when executed by the one or more processors causes the one or more processors at one or more of the server, an encryption agent, and a storage affiliated with the organization to perform the operations of: receive key information, data, and an expiration date in response to a request to create a key by the data subject to a key management service in communication with the encryption agent; send a request to the key management service for the key from the encryption agent; receive at the encryption agent the key from the key management system in response to the request from the encryption agent; encrypt the data at the encryption agent with the key to provide encrypted data; store the encrypted data in the storage; receive a request at the server to access the data; attempt to retrieve the key by the server from the key management service; and deny access to the data in response to the request to access the data after the data subject revokes the key.

“17. The system of claim 16, wherein the encryption agent comprises a cloud key manager and an encryption and decryption engine.

“18. The system of claim 16, wherein the encryption agent comprises a cloud key manager in communication with a cloud key service and an encryption and decryption engine in communication with the cloud key manager and the storage.

“19. The system of claim 16, wherein the system is compliant with the GDPR.

“20. The system of claim 16, wherein the system further comprises the one or processors further configured to send an error message to the requestor in response to requesting access to the encrypted data after the data subject revokes the key.”

For more information, see this patent application: KHAN, Mohd Shahab; RAJBHANDARI, Ilika; TOPE, Mukul. System And Method For Data Privacy Compliance. U.S. Patent Application Number 20240095396, filed September 20, 2022 and posted March 21, 2024. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(20240095396)&db=US-PGPUB&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)