| CPC G06F 21/6245 (2013.01) [G06F 21/602 (2013.01); H04L 9/3073 (2013.01)] | 14 Claims |
|
1. A computer-implemented method for managing data by a data storage provider at a data storage center according to one or more territory-specific privacy protection rules, said data related to a data subject and comprising private data and external data, said private data including personally identifiable information comprising one or more private attributes, the data subject is an identifiable natural person, the privacy protection rule depending on a nationality or residence of the data subject and/or a geographical location of a data source device in which at least part of said external data is generated or stored and/or a nationality or residence of the data storage provider or geographical location of the data storage center and/or a nationality or residence of an identifiable data processing entity with which said external data may be shared, said data subject having a unique, fixed, private identifier, said method comprising:
encrypting said private attributes under a secret key, the secret key is a private key of a private and public key pair according to a public-key cryptography algorithm, to form a private data record, identifiable by said private identifier, related to said data subject;
generating one or more protected data sets from the private data record, each protected data set corresponding to a scoped data domain, the scoped data domain is defined by a typology of the managed data and a geographical scope related to where the external data was generated or will be generated, each protected data set having a unique protected identifier derived from the private identifier and identifiable by a corresponding protected key derived from the secret key pair, the protected key is a private key of a private and public key pair according to a public-key cryptography algorithm, said generating of one or more protected data sets comprising, for each scoped data domain:
grouping a set of protected attributes into a protected data structure associated with the corresponding protected data set, said protected attributes comprising tokenized versions of the private attributes used to form the corresponding private data record; and
encrypting the protected attributes under the protected key;
the method further comprising, depending on one or more predetermined combinations of protected attributes present in the external data to be managed:
generating one restricted identifier per combination, each restricted identifier is based on:
the protected identifier of the scoped data domain to which the managed external data from the data source device belongs; and/or
one or more protected attribute identifiers of one or more protected attributes in the protected data structure in the scoped data domain to which the managed external data from the data source device belongs;
each restricted identifier is uniquely identifiable by a corresponding restricted key derived from the protected key pair of the protected identifier of the scoped data domain to which the managed external data from the data source device belongs, the restricted key is a private key of a private and public key pair according to a public-key cryptography algorithm; and
ingesting the external data from the data source device and replacing the protected attributes by their corresponding restricted identifiers, said ingested data thus shareable with the data processing entity according to the privacy protection rules.
|