| CPC H04L 9/32 (2013.01) [G06F 21/6245 (2013.01); H04L 9/088 (2013.01)] | 20 Claims |
|
1. A method comprising:
in a host system for exchanging data over a network, maintaining a host dataset, each record in the host dataset comprising a host-assigned identifier mapped to respective personally identifiable (PII) elements;
producing double-encrypted PII elements by double-encrypting the respective PII elements from records of the host dataset and from records of a partner dataset, using a host encryption key and a first partner encryption key, each record in the partner dataset comprising a partner-assigned identifier mapped to respective PII elements;
encrypting partner-assigned identifiers using a second partner encryption key;
tagging elements from the double-encrypted PII elements derived from the partner dataset encrypted using the host encryption key and the first partner encryption key with respective associated encrypted partner-assigned identifiers encrypted using the second partner encryption key, wherein the double-encrypted PII elements derived from the host dataset are tagged with respective associated partner-generated anonymous identifiers;
based on the associated encrypted partner-assigned identifiers and the associated partner-generated anonymous identifiers, establishing respective anonymous joint identifiers for each of the double-encrypted PII elements;
using the respective anonymous joint identifiers to calculate an intersection size of the host dataset and the partner dataset;
providing a mapping between the anonymous joint identifiers and the encrypted partner-assigned identifiers to a partner system;
discarding the double-encrypted PII elements prior to receiving a mapping of the anonymous joint identifiers to respective encrypted host-assigned identifiers from the partner system; and
receiving, from the partner system, the mapping of the anonymous joint identifiers to respective encrypted host-assigned identifiers from the partner system.
|