Patent Issued for Data processing permits system with keys (USPTO 11870882): Salesforce Inc.
2024 JAN 31 (NewsRx) -- By a
The patent’s assignee for patent number 11870882 is
News editors obtained the following quote from the background information supplied by the inventors: “Any system, company, or organization that interacts with data may need to follow regulations to correctly handle the data. For example, a system may store or handle data if the system has a legitimate reason to store or handle that data, and otherwise the system may not store the data. These regulations may apply to any personal data, including both “hard” identifiers explicitly indicating a user and “soft” identifiers implicitly indicating a user. Some examples of such regulations may include the European Union’s General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA) for health-related data privacy, and the Federal Trade Commission’s (FTC’s) data and privacy regulations for financial institutions, among other such regulations. Additionally, the regulations for data handling may change based on new laws, new industries, new security concerns, etc., and these regulations may be different for different jurisdictions. As such, a static system for handling data protection is not sufficient for following rapidly changing regulations or managing regulations across multiple jurisdictions. Furthermore, implementing a system that handles user consent separately from data processing may fail to ensure technically that the system uses the data in the proper manner, resulting in a great deal of risk for the organization running the system. That is, simply claiming to follow the rules may not meet the high standards of some data protection regulations, leaving an organization liable or facing prohibitive cost if the system uses any user data incorrectly (e.g., without the proper consent or legitimizing reason). Furthermore, some regulations may require a system to provide, to a user upon request, a vast amount of information about how the user’s data is managed. Many systems may have no structures or functionality in place to support receiving such requests, processing such requests, or sending the requested information to the user.”
As a supplement to the background information on this patent, NewsRx correspondents also obtained the inventors’ summary information for this patent: “Data regulations may set rules and/or restrictions for how a data management system may collect, store, and process user data. For example, in some cases, a data management system may not store user data without specific consent from the relevant user. Additionally or alternatively, the system may provide information to the user upon request indicating how the user’s data is used within the system. The data regulations for a system may change based on new laws, new industries, new security concerns, etc., and may be different across different jurisdictions. To handle these data regulations, the system may implement data processing permits and cryptographic techniques to tie legitimizing reasons for using data (e.g., user consent) to data handling. For example, by tying user consent to data handling at a technical level, the system may automatically comply with data regulations and efficiently update to handle changing data regulations and/or regulations across different jurisdictions.
“For example, the system may support a system of record (SOR) for data processing permits. The SOR for data processing permits may manage legitimizing reasons for data use (e.g., user consent information) by generating data processing permits that indicate the legitimizing reason (e.g., a user’s consent). If a user consents to the system using the user’s personal data for one or more data processing activities, the system may automatically create a permit indicating this consent. The permit may be user-specific and data processing activity-specific. Additionally, the permit may be associated with a permit key (e.g., a key encrypting key or key chain). For example, the permit key may include a pointer to the permit, and the permit may include a key identifier (ID) for the permit key. In some cases, the system may support creating, updating, and revoking data processing permits (e.g., based on user inputs to a consent management user interface (UI)). In some such cases, the permit key’s pointer may update to point to a latest relevant permit (e.g., based on a new or updated data processing permit stored in the system).
“To tie these permits to data, the system may implement one or more cryptographic techniques. For example, when the system receives data for a user, the system may search for any applicable data processing permits indicating that the system can store the received data (e.g., based on the relevant user’s consent or another legitimizing reason for storing the data). If the system can store the data (i.e., the system identified a relevant permit), the system may generate a nonce, such as a cryptographic nonce or data encrypting key, to encrypt the user’s data and obtain an encrypted data object. The system may additionally encrypt the nonce using the permit keys for any relevant permits. The system may store the encrypted data object with the encrypted nonces and key IDs of the relevant permit keys (e.g., one or more permit keys pointing to the relevant data processing permits), for example, in an encrypted datum bundle. If the system receives a data processing request requesting to use the user’s data, the system may check the corresponding permits. If any of the permits (e.g., the currently active permits) indicate that the user has consented for the system to use the data for the requested data process, the system may use the permit key for the consenting permit (e.g., the permit key pointing to the consenting permit, the permit key pointed to by the consenting permit, etc.) to decrypt the corresponding nonce (e.g., an encrypted cryptographic nonce stored with the encrypted data in the encrypted datum bundle). The system may use this cryptographic nonce to decrypt the data such that the data is accessible for the system (or an external system) to perform the requested data processing activity. In this way, if the system receives a data processing request that is not consented to by the relevant user, the system may fail to identify a corresponding data processing permit and may correspondingly fail to decrypt the data. This may technically ensure that personal data for a user stored in the data management system is used for the data processing activities consented to by the user and is not used for other (non-consented to) activities.
“Aspects of the disclosure are initially described in the context of systems supporting data processing permits with keys. Additional aspects of the disclosure are described with reference to systems for data management, encryption, differential privacy, and permit creation. Aspects of the disclosure are further illustrated by and described with reference to process flows, apparatus diagrams, system diagrams, and flowcharts that relate to data processing permits systems with keys.”
The claims supplied by the inventors are:
“1. A method for managing data privacy for a system, comprising: receiving, from a user device, an indication of consent to support a data processing activity for a set of data associated with a user operating the user device; generating a plurality of data processing permits, wherein a data processing permit of the plurality of data processing permits is generated for the user based at least in part on the indication of consent, the data processing permit indicating permission to perform the data processing activity on the set of data; storing the plurality of data processing permits, each data processing permit of the plurality of data processing permits indicating respective permission to perform a respective data processing activity on a respective set of data; receiving a request to perform the data processing activity on a data object; checking the plurality of data processing permits for permission to perform the data processing activity on the data object based on the request; determining, based on the checking, that the data processing permit of the plurality of data processing permits supports the request based at least in part on the data processing permit indicating the permission to perform the data processing activity on the set of data and based at least in part on the set of data comprising the data object; identifying, based on the determining that the data processing permit supports the request, a permit key comprising a pointer pointing to the data processing permit that supports the request, wherein the permit key permits access to a plaintext version of the data object; decrypting an encrypted version of a cryptographic key using the permit key to obtain the cryptographic key; and decrypting a ciphertext version of the data object using the cryptographic key to obtain the plaintext version of the data object.
“2. The method of claim 1, further comprising: receiving user input from the user, wherein the user input grants additional permission to a specific organization to perform the data processing activity on the set of data; and modifying the data processing permit to indicate the additional permission for the specific organization to perform the data processing activity on the set of data based at least in part on the user input.
“3. The method of claim 2, wherein the set of data comprises information related to the user comprising personal identifiable information (PII) for the user.
“4. The method of claim 1, further comprising: receiving user input from the user, wherein the user input grants additional permission to a specific organization to perform an additional data processing activity on an additional set of data comprising information related to the user; and generating an additional data processing permit of the plurality of data processing permits indicating the additional permission for the specific organization to perform the additional data processing activity on the additional set of data based at least in part on the user input.
“5. The method of claim 4, wherein: the additional data processing permit supports requests from the specific organization to access the additional set of data to perform the additional data processing activity; and the additional data processing permit fails to support first requests from an organization different from the specific organization, second requests to access data different from the additional set of data, third requests to perform data processing activities different from the additional data processing activity, or any combination thereof.
“6. The method of claim 1, further comprising: receiving user input from the user, wherein the user input revokes the permission to perform the data processing activity on the set of data; and deleting the permit key comprising the pointer pointing to the data processing permit indicating the permission to perform the data processing activity on the set of data based at least in part on the user input.
“7. The method of claim 6, further comprising: deleting the data processing permit indicating the permission to perform the data processing activity on the set of data based at least in part on the user input, wherein the deleting the data processing permit comprises the deleting the permit key.
“8. The method of claim 1, further comprising: receiving an additional request to perform an additional data processing activity on the data object; additionally checking the plurality of data processing permits for additional permission to perform the additional data processing activity on the data object based on the additional request; determining, based on the additional checking, that no data processing permit of the plurality of data processing permits supports the additional request; and transmitting, in response to the additional request, an indication that the additional request is not supported by the plurality of data processing permits based on the determining that no data processing permit supports the additional request.
“9. The method of claim 1, wherein the request is received from a second user device, and the method further comprises: performing the data processing activity on the plaintext version of the data object in response to the request and based at least in part on the decrypting the ciphertext version of the data object; and transmitting, to the second user device, a result of the performing the data processing activity on the plaintext version of the data object in response to the request.
“10. The method of claim 1, wherein the request is received from a second user device, and the method further comprises: transmitting, to the second user device, the plaintext version of the data object in response to the request and based at least in part on the decrypting the ciphertext version of the data object, wherein the plaintext version of the data object is transmitted with an indication of an approved use for the plaintext version of the data object corresponding to the data processing activity.
“11. The method of claim 1, further comprising: receiving a delete request for the set of data comprising the data object; deleting the permit key comprising the pointer pointing to the data processing permit indicating the permission to perform the data processing activity on the set of data in response to the delete request; and maintaining the ciphertext version of the data object in the system after the deleting the permit key based at least in part on the deleting the permit key.
“12. The method of claim 11, further comprising: identifying one or more data processing permits indicating additional permission to perform additional respective data processing activities on the set of data; and deleting one or more permit keys comprising respective pointers to the identified one or more data processing permits in response to the delete request, wherein the deleting the one or more permit keys comprises the deleting the permit key.
“13. The method of claim 11, wherein the plaintext version of the data object is inaccessible from the ciphertext version of the data object based at least in part on the deleting the permit key.
“14. The method of claim 1, further comprising: retrieving, from a database, the permit key, the encrypted version of the cryptographic key, and the ciphertext version of the data object based at least in part on the receiving the request and the determining that the data processing permit supports the request, wherein the decrypting the encrypted version of the cryptographic key using the permit key and the decrypting the ciphertext version of the data object using the cryptographic key are based at least in part on the retrieving.
“15. The method of claim 1, wherein the set of data comprises data objects associated with the user, data objects of a specific data object type, data objects corresponding to a specific set of timestamps, or any combination thereof.
“16. The method of claim 1, further comprising: migrating the pointer of the permit key to point to a second data processing permit based at least in part on an update to the data processing permit, the permission, a data regulation, a privacy right, or any combination thereof.”
There are additional claims. Please visit full patent to read further.
For additional information on this patent, see: Alexander, Samuel. Data processing permits system with keys.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Studies from Iowa State University Provide New Data on Crop Insurance (Individual- and County-level Factors Associated With Farmers’ Use of 4r Plus Nutrient Management Practices): Agriculture – Crop Insurance
Harford Mutual donates over $425,000 to charities [The Aegis, Bel Air, Md.]
Advisor News
- Fewer report having retirement savings than a year ago
- Paul Brahim becomes 2025 FPA president
- How can people tell if you are sincere?
- Ex-employees sue Verizon over pension transfer deal with Prudential, RGA
- Gary Brecka, Cardones file dueling lawsuits in battle of social media stars
More Advisor NewsAnnuity News
- Ibexis Life & Annuity Insurance Company® Launches WealthDefender™ Fixed Index Annuity Series
- AmeriLife To Acquire Crump Life Insurance Services
- Sapiens wins XCelent award for Customer Base and Support for UnderwritingPro for Life & Annuities
- SB 263 expected to bring chaos to Calif. insurance, annuity sales come Jan. 1
- Lincoln Financial hires industry veteran Tom Morelli as Vice President, Investment Distribution
More Annuity NewsHealth/Employee Benefits News
- Harvard Medical School Reports Findings in Managed Care (Access to Pediatric Bed Capacity According to Social Determinants of Health: All Beds Are Not Created Equal): Managed Care
- Findings from Harvard School of Dental Medicine Reveals New Findings on Managed Care (Is Insurance Payor Associated With Hospital Admission of Emergency Department Adult Patients With Odontogenic Infections?): Managed Care
- Data from National Center for HIV Broaden Understanding of HIV/AIDS (Uptake of HIV Preexposure Prophylaxis Among Medicare Beneficiaries – United States, 2014-2021): Immune System Diseases and Conditions – HIV/AIDS
- Humana Earns Equality 100 Award in Human Rights Campaign Foundation’s 2025 Corporate Equality Index
- New York Life Wealth Watch 2025 Outlook: Americans’ financial confidence holds despite continued debt and inflation challenges
More Health/Employee Benefits NewsLife Insurance News
- UnitedHealth ordered to pay $165M for deceiving costumers
- New York Life Wealth Watch 2025 Outlook: Americans’ financial confidence holds despite continued debt and inflation challenges
- AI’s evolving role in life insurance underwriting
- Globe Life fends off shareholder lawsuits alleging the company misled investors
- Court orders UnitedHealth companies to pay millions to Mass. consumers
More Life Insurance News