Researchers Submit Patent Application, “Personal Data Anonymization System (PDAS) with Customized Token”, for Approval (USPTO 20240119174): Biotronik SE & Co. Kg
2024 APR 30 (NewsRx) -- By a
The patent’s assignee is
News editors obtained the following quote from the background information supplied by the inventors: “There are an increasing number of external cloud providers and service providers who are interested in large amounts of personal data (e.g., health data), can manage it, can migrate heterogeneous data, as well as want to process this data, e.g., using machine learning, to provide improved diagnostic support for physicians, for example. Such cloud service providers include general public clouds (for example, from Google or
“The aforementioned problems are solved in the state of the art, e.g., by
“
“the encryption of stored data, or
“the use of closed systems for storing sensitive personal data.
“
“However, such known solutions-due to the need for trustworthy handling of sensitive personal data-cannot take advantage of big non-trusted data services, such as cloud storage and public big data systems.
“The present invention is therefore based on an object to provide a device or personal data anonymization system (PDAS) that is improved with respect to the aforementioned problem. In particular, a PDAS is to be provided for the secure delivery of unaltered and sufficiently anonymized personal data, preferably health data (cf. also HIPAA compliance) for the corresponding external cloud service providers. In particular, only data authorized by the to individual or patient should be able to be sent to external service providers. For example, to a “low risk” health cloud different or less anonymized personal data should be able to be sent than to a public “high risk” health cloud e.g., from Google.
“In particular, only the device according to the present invention (PDAS) should be able to perform the assignment of the person to all its data elements and also to release only subsets of this data, after the person has released them, to appropriate external entities. Furthermore, the integrity of each stored data element shall be secured.
“The present disclosure is directed toward overcoming one or more of the above-mentioned problems, though not necessarily limited to embodiments that do.”
As a supplement to the background information on this patent application, NewsRx correspondents also obtained the inventors’ summary information for this patent application: “At least the object set forth above is solved by a device having the features of claim 1. Advantageous embodiments of this aspect of the present invention as well as further aspects of the present invention are described below.
“According to claim 1 a device for protecting sensitive personal data held in a public storage is provided, comprising a trusted tokenization system having at least one trusted interface to an instance that may provide, process, possess, and/or retrieve sensitive personal data.
“The device further provides at least one interface to a public storage not containing sensitive personal data, wherein the tokenization system is configured to replace a sensitive personal reference of the data in the public storage with a non-sensitive data element and to store an association between the sensitive personal reference and the non-sensitive data element in a secure environment, wherein the non-sensitive data element is generated in a user-specific manner such that the non-sensitive data element can be processed in an existing infrastructure of a user without adaptation of said infrastructure.
“The device according to the present invention is also referred to herein as a personal data anonymization system.
“In other words, the present invention relates to a device that allows sensitive personal data to be managed in public storage systems without allowing unauthorized personal data association by replacing the sensitive personal reference of the data in the public storage systems with a non-sensitive customized data element (token) and establishing the association between sensitive personal reference and non-sensitive data element in a secured and authorized environment.
“The present invention therefore advantageously allows sensitive personal data to be stored openly (i.e., unencrypted) in a non-trusted storage without a reference to the individual person being possible, but this reference can be re-established in a trusted environment, so that the persons providing the individual data can benefit from the results of the data analysis by the above-mentioned systems.
“According to an aspect of the present invention, the personal data is health data and/or patient data.
“According to a further aspect of the present invention, the device further comprises a preferably configurable, rights system for data access.
“According to a further aspect of the present invention, the tokenization system is configured to manage distributed data elements of the user and/or assign distributed data elements to the user.
“According to a further aspect of the present invention, the tokenization system is configured to generate non-sensitive data elements, in particular tokens, for different use cases.
“According to a further aspect of the present invention, the device is configured to encrypt and/or sign the sensitive personal data.
“According to a further aspect of the present invention, the device is configured to prevent falsification of data.
“According to a further aspect of the present invention, the device is configured to prevent incorrect assignment of data.
“According to a further aspect of the present invention, the device is configured to include the user, in particular a patient, as a central data release instance.
“According to a further aspect of the present invention, the device is configured to allow the user, anonymized by a non-sensitive data element, to authorize a release of data, in particular patient medical data, to a cloud service provider.
“According to a further aspect of the present invention, the device is configured to perform a two-factor authentication to confirm the data release, said two-factor authentication comprising at least one of a fingerprint, a face ID, an implanted ID readable via smartphone nearfield communication and an authorization server interface.
“According to a further aspect of the present invention, the device is configured to allow the user to authorize predetermined uses of the data, in particular feeding the data to a machine learning system and/or not storing it in clinical trial databases.
“According to a further aspect of the present invention, the device further comprises or is connected to a database in the secure environment, wherein if data is queried from the database, requested data elements are provided with a cryptographic checksum for which a certificate is issued externally together with the query result.
“According to a further aspect of the present invention, the device is configured to, with each assignment, send sensitive personal data to a cloud server, the non-sensitive data element, an associated data element ID and a security code, wherein the security code is valid for a predetermined period of time and is encrypted with a token key.
“The technical solution of the present invention is based on the concept of so-called tokenization: This means that sensitive person-identifying information, i.e., the person ID (e.g., surname+first name+date of birth+place of residence), is replaced by reference values, so-called tokens. A token can be used without restriction by external systems and applications, while the personal reference to this token is stored in a secure data vault. Thus, the external cloud service providers do not need to store sensitive personal-identifying data to evaluate personal health data. Tokenization, when applied to data security, can thus be understood as a process of replacing a sensitive data element with a non-sensitive equivalent called a token that has no extrinsic or exploitable meaning or value. The token is a reference (i.e., an identifier) that is mapped back to the sensitive data through a tokenization system. In mapping original data to a token, methods are used to make it impossible to reverse the token in the absence of the tokenization system.
“The device or personal data anonymization system according to the present invention allows a person (anonymized by a token) at a time to authorize the release of certain data from the PDAS, e.g., to a cloud service provider. The PDAS should have access to all external storage on which the “tokenized” personal data is stored. It should also be able to securely cache the data elements to be issued and securely perform the assignment of the token to a person ID. This allows the PDAS to issue the requested patient data, matching the requested token, to the cloud service provider. In the process, the person communicates with the cloud service provider only anonymously, i.e., in the form of a unique token. Only the PDAS can resolve the token to the person. Nevertheless, the cloud service providers receive personal data (i.e., data of an anonymous person), which they can use for machine learning applications, for example.
“For example, the person can authorize via a smartphone app only the release of certain anonymized data elements for a specific external cloud service provider. (The values of the data elements reside in a further external storage (e.g., private clinic cloud) but not on the person’s smartphone.) Here, there may be a second factor to confirm the release of this data, e.g., a fingerprint, face ID, implanted ID that can be read via smartphone NFC or an authorization server interface (such as Google Authenticator).
“Further, the individual can authorize certain uses of this data (e.g., feeding it into a machine learning system, but not storing it in databases for clinical trials) and exclude others.
“Further, the individual has the right to delete his or her token-to-person reference from the PDAS at any time.
“In addition to the PDAS, there may be a database that contains all personal data and stores it securely (e.g., encrypted and/or signed). This means that the data is thus stored confidentially, with integrity, and available. If data is queried from this database (e.g., due to a cloud service provider request to the PDAS), then this query result, i.e., the requested data elements, can be automatically provided with a cryptographic checksum (signature), for which a certificate (for signature verification) is given together with the query result and the data can thus be checked for integrity (unalteredness) at any time.
“In principle, if not explicitly released by the person, only anonymized data is preferably given to external systems by the PDAS. These are preferably at least HIPAA-compliant and/or DSGVO-compliant anonymizations (e.g., names, sexuality, religion, or party affiliations should never be given to a token to the outside world). In addition to the HIPAA and DSGVO rules for anonymization of externally requested data sets, further rules can be implemented, e.g., a rare disease combined with a rare blood type of a person may also not be given externally without restrictions or only after a second consent by the person. It is conceivable to implement further anonymization rules.
“Since the person has requested the release of certain data only at a certain point in time and has authorized it, e.g., via smartphone and a second factor, it should preferably not be possible to make said data available to the cloud service providers chosen at that time even, e.g., years later by means of a replay attack. For this purpose, each transaction is preferably additionally authorized by a unique dynamic security code.”
There is additional summary information. Please visit full patent to read further.”
The claims supplied by the inventors are:
“1. Device for protecting sensitive personal data held in a public storage, comprising: a trusted tokenization system having at least one trusted interface to an instance that may provide, process, possess, and/or retrieve sensitive personal data; and at least one interface to a public storage not containing sensitive personal data, wherein the tokenization system is configured to replace a sensitive personal reference of the data in the public storage with a non-sensitive data element, and to store an association between the sensitive personal reference and the non-sensitive data element in a secure environment, wherein the non-sensitive data element generated in a user-specific manner such that the non-sensitive data element be processed in an existing infrastructure of a user without adaptation of said infrastructure.
“2. Device of claim 1, wherein the personal data is health data and/or patient data.
“3. Device of claim 1, further comprising a, preferably configurable, rights system for data access.
“4. Device of, claim 1, wherein the tokenization system is configured to manage distributed data elements of the user and/or assign distributed data elements to the user.
“5. Device of claim 1, wherein the tokenization system is configured to generate the non-sensitive data elements, in particular tokens, for different use cases.
“6. Device of claim 1, wherein the device is configured to encrypt and/or sign the sensitive personal data.
“7. Device of claim 1, wherein the device is configured to prevent falsification of data.
“8. Device of claim 1, wherein the device is configured to prevent incorrect assignment of data.
“9. Device of, claim 1, wherein the device is configured to include the user, in particular a patient (P), as a central data release instance.
“10. Device of claim 1, wherein the device is configured to allow the user, anonymized by a non-sensitive data element to authorize a release of data, in particular patient medical data, to a cloud service provider.
“11. Device of claim 10, wherein the device is configured to perform a two-factor authentication to confirm the data release, said two-factor authentication comprising at least one of a fingerprint, a face ID, an implanted ID readable via smartphone nearfield communication and an authorization server interface.
“12. Device of claim 1, wherein the device is configured to allow the user to authorize predetermined uses of the data, in particular feeding the data to a machine learning system and/or not storing it in clinical trial databases.
“13. Device of, claim 1, wherein the device further comprises or is connected to a database in the secure environment, wherein if data is queried from the database, requested data elements are provided with a cryptographic checksum for which a certificate is issued externally together with the query result.
“14. Device of claim 1, wherein the device is configured to, with each assignment, send sensitive personal data to a cloud server, the non-sensitive data element, an associated data element ID and a security code, wherein the security code is valid for a predetermined period of time and is encrypted with a token key.
“15. Computer implemented method for protecting sensitive personal data held in a public storage comprising the steps of: Providing processing, possessing, and/or retrieving sensitive personal data by means of a trusted tokenization system having at least one trusted interface to an instance; Providing least one interface to a public storage k not containing sensitive personal data, Replacing sensitive personal reference of the data in the public storage with a non-sensitive data element i by means of the tokenization system; and Storing an association between the sensitive personal reference and the non-sensitive data element in a secure environment, wherein the non-sensitive data element generated in a user-specific manner such that the non-sensitive data element be processed in an existing infrastructure of a user without adaptation of said infrastructure.”
For additional information on this patent application, see: DOERR, Thomas; WIST, Dominic. Personal Data Anonymization System (PDAS) with Customized Token.
(Our reports deliver fact-based news of research and discoveries from around the world.)
SiriusPoint Reports Sixth Consecutive Quarter of Underwriting Profits and Strong Net Income at $90.8m
NMI Holdings: Q1 Earnings Snapshot
Advisor News
- Metlife study finds less than half of US workforce holistically healthy
- Invigorating client relationships with AI coaching
- SEC: Get-rich-quick influencer Tai Lopez was running a Ponzi scam
- Companies take greater interest in employee financial wellness
- Tax refund won’t do what fed says it will
More Advisor NewsAnnuity News
- The structural rise of structured products
- How next-gen pricing tech can help insurers offer better annuity products
- Continental General Acquires Block of Life Insurance, Annuity and Health Policies from State Guaranty Associations
- Lincoln reports strong life/annuity sales, executes with ‘discipline and focus’
- LIMRA launches the Lifetime Income Initiative
More Annuity NewsHealth/Employee Benefits News
- Insurer ends coverage of Medicare Advantage Plan
- NM House approves fund to pay for expired federal health care tax credits
- Lawmakers advance Reynolds’ proposal for submitting state-based health insurance waiver
- Students at HPHS celebrate 'No One Eats Alone Day'
- Bloomfield-based health care giant Cigna plans to lay off 2,000 employees worldwide
More Health/Employee Benefits NewsLife Insurance News