IDENTITY ANONYMIZATION WITH CONTROLLED MASKING AND FORMAT PRESERVING ENCRYPTION

Organization Name

microsoft technology licensing, llc

Inventor(s)

Guillermo Paul Proano of Kirkland WA (US)

IDENTITY ANONYMIZATION WITH CONTROLLED MASKING AND FORMAT PRESERVING ENCRYPTION - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240129316 titled 'IDENTITY ANONYMIZATION WITH CONTROLLED MASKING AND FORMAT PRESERVING ENCRYPTION

Simplified Explanation

The patent application describes a system for anonymizing user identifiers using controlled masking and encryption, specifically focusing on UUIDs.

• The system converts UUIDs into unique versions for different partner systems by removing and replacing masked portions and selectively encrypting non-masked portions.
• New masked portions are added to the new versions to identify different partners and rules to be applied by each partner.
• Partner systems receiving the new versions use the masked portions to control decrypting and processing of the UUIDs.

Potential Applications

This technology could be applied in industries where user data needs to be shared with multiple partners while maintaining anonymity, such as healthcare, finance, and marketing.

Problems Solved

This system solves the problem of securely sharing user identifiers with multiple partners without compromising the privacy and security of the users' data.

Benefits

The system provides a secure and efficient way to anonymize user identifiers, allowing for seamless data sharing between different systems and partners.

Potential Commercial Applications

• Secure Data Sharing System for Healthcare Partners
• Anonymized User Tracking for Marketing Agencies

Possible Prior Art

There may be existing systems or methods for anonymizing user identifiers, but the specific approach of converting UUIDs into unique versions for different partners through controlled masking and encryption may be novel.

What are the potential cybersecurity risks associated with this system?

There could be potential risks if the encryption methods used are not secure, leading to the exposure of sensitive user data to unauthorized parties.

How does this system ensure compliance with data privacy regulations such as GDPR?

The system ensures compliance by anonymizing user identifiers in a way that prevents the identification of individual users, thus protecting their privacy rights under regulations like GDPR.

Original Abstract Submitted

systems are methods are used for facilitating identify anonymization by using controlled masking and encryption of user identifiers, such as uuids. a system that manages a uuid converts the uuid into a set of one or more different unique versions of the uuid for one or more corresponding different partner system(s) by removing and replacing masked portions of the uuid and by selectively encrypting the non-masked portions of the uuid. new masked portions added to the new version(s) of the uuid identify different corresponding partner(s) and/or rules to be applied by the different partner(s) when handling the different unique version(s) of the uuid(s). partner systems that receive the new versions of the uuid identify and utilize the new masked portions to deterministically control decrypting and/or other processing of the new version of the uuid.