Cryptographic Pseudonym Mapping Method, Computer System, Computer Program And Computer-Readable Medium
Abstract
The invention is a cryptographic pseudonym mapping method for an anonymous data sharing system, the method being adapted for generating a pseudonymized database (DB) from data relating to entities and originating from data sources (DS i ), wherein the data are identified at the data sources (DS i ) by entity identifiers (D) of the respective entities, and wherein the data are identified in the pseudonymized database KM (DB) by pseudonyms (P) assigned to the respective entity identifiers (D) applying a one-to-one mapping. According to the invention, more than one, a number k of mappers (M j ) are applied, and the respective pseudonyms (P) are generated by sequentially performing, in a permutation of the mappers (M j ), a number k of mappings utilizing mapping cryptographic keys (h ij ) of the mappers (M j ) belonging to the particular data source (DS i ) on each encrypted entity identifier (C i0 ) encrypted by the data source (DS i ). The invention is further a computer system realizing the invention, as well as a computer program and a computer-readable medium.
Claims
exact text as granted — not AI-modified1 . A cryptographic pseudonym mapping method for an anonymous data sharing system, the method being adapted for generating a pseudonymised database (DB) from data relating to entities and originating from data sources (DS i ), wherein the data are identified at the data sources (DS i ) by entity identifiers (D) of the respective entities, and wherein the data are identified in the pseudonymised database (DB) by pseudonyms (P),
characterised in that the pseudonyms (P) are assigned to the respective entity identifiers (D) applying a one-to-one mapping, irrespective of the originating data source, by
applying more than one, a number k of mappers (M j ),
selecting for each data source (DS i ) elements (d ij , a ij ) in a number equal to the number of mappers (M j ) from a predetermined algebraic structure constituting a multiplicative or an additive cyclic group, of which elements (d ij , a ij ) one element (d ij , a ij ) is sent, while being kept secret and kept assigned to the data source (DS i ), to each mapper (M j ), calculating from the plurality of elements (d ij , a ij ) an inverse cryptographic key of said plurality, and transforming, each entity identifier (D) to be mapped, into a respective encrypted entity identifier (C i0 ) by using the inverse cryptographic key as an own secret cryptographic key (e i ) of the data source (DS i ),
generating for each mapper (M j ) its mapping cryptographic key (h ij ) corresponding to the data source (DS i ) by using the element (d ij , a ij ) that was sent to the mapper (M j ) and an element (b j ) selected randomly from the algebraic structure and kept secret by the mapper (M j ) and
generating respective pseudonyms (P) by sequentially performing, in a permutation of the mappers (M j ) a number k of mappings utilizing the mapping cryptographic keys (h ij ) of the mappers (M j ) belonging to the particular data source (DS i ) on each encrypted entity identifier (C i0 ) encrypted by the data source (DS i ).
2 . The method according to claim 1 , characterised by applying an algebraic structure constituting a multiplicative cyclic group, wherein values are represented by residue classes modulo N, for which algebraic structure constants N=p·q and φ(N)=(p−1)·(q−1) are predetermined, where p and q are randomly selected prime numbers, and φ(N) is the value of the Euler function obtained for N,
for generating the own cryptographic key (e i ) of each data source (DS i ), randomly selected factors that are relatively primes to the modulus φ(N) are generated as elements (d ij ) in a number corresponding to the number of the mappers (M j ) the multiplicative inverse for φ(N) taken as a modulus of the modulo product (d ij ) of the randomly selected factors is obtained in a manner known per se, and said multiplicative inverse value is chosen as the own cryptographic key (e i ) of the data source (DS i ), for which value the formula e i d ij ≡1 mod φ(N) holds true,
the elements (d ij ) are sent encrypted to the mappers (M j ) the mappers (M j ) are applied for decrypting their respective own elements (d ij ), and the mapping cryptographic key (h ij ) of each mapper (M j ) corresponding to the data source (DS i ) is generated applying the formula h ij =d ij b j mod φ(N), where the randomly selected secret element (b j ) is relatively prime to φ(N),
the encrypted entity identifier(C i0 )is computed by the data source (DS i ) utilizing the formula C i0 =D ei mod N,
and the sequential mappings of the mappers (M j ) are performed, from (s=0) to (s=k−1) applying the formula C i,s+1 (j) =C i,s hij mod N, where P=C ik ,
3 . The method according to claim 2 , characterised in that the randomly selected prime numbers p and q can be represented utilizing half the number of bits of a chosen key size.
4 . The method according to claim 2 , characterised in that the encrypted entity identifier (C i0 ) is shared with the mappers (M j ) by writing it into a database that operates according to a protocol verified by third parties and provides decentralized authenticity.
5 . The method according to claim 4 , characterised in that a blockchain database is applied as the database providing decentralized authenticity.
6 . The method according to claim 2 , characterised in that the constants N and φ(N) of the algebraic structure are generated by a key manager (KM), of which φ(N) is kept secret, and the own cryptographic key (e i ) of the data source (DS i ) and the elements (d ij ) corresponding thereto are generated by the key manager (KM) and are sent encrypted to the data source (DS i ) and to the mappers (M j ), wherein a prime number is chosen as randomly selected secret element (b j ).
7 . The method according to claim 1 , characterised by applying an algebraic structure constituting an additive cyclic group, wherein values are represented by points of elliptic curves defined over a number field of residue classes modulo p, where ρ is a prime number, for which algebraic structure the following constants are predetermined: parameters A, B of the formula y 2 =x 3 +Ax+B mod p defining the points of an elliptic curve defined over the residue classes of the prime number p, and a point G of the curve that has an order q that is greater than the number of entity identifiers (D),
for generating the own cryptographic key (e i ) of each data source (DS i ), elements (a ij ) are selected from the residue classes mod q as elements (d ij ) corresponding in number to the number of the mappers (M j ), and the sum (a i ) of the elements is chosen as the own cryptographic key (e i ) of the data source (DS i ), for which the formula e i =a i =Σ j=1 k a ij ,
the elements (a ij ) are sent encrypted to the mappers (M j ), the mappers (M j ) are applied for decrypting their respective own elements (d ij ), and the mapping cryptographic key (h ij ) of each mapper (M j ) corresponding to the data source (DS i ) is generated applying the formula h ij =a ij +b j , where the randomly selected secret element (b j ) is a value of the residue classes mod q and is different from zero and one,
the encrypted entity identifier (C i0 ) is computed by the data source (DS i ) utilizing the formula C i0 , =⊕a i G, where operator ⊕ is the sum of the points of the elliptic curve, and
the sequential mappings of the mappers (M j ) are performed, from (s=0) to (s=k−1) applying the formula C i,s+1 (j) =C i,s ⊖h ij G where A⊖B=A⊖(−B) and P=C ik .
8 . The method according to claim 7 , characterised in that the encrypted entity identifier (C i0 ) is shared with the mappers (M j ) by writing it into a database that operates according to a protocol verified by third parties and provides decentralized authenticity.
9 . The method according to claim 8 , characterised in that a blockchain database is applied as the database providing decentralized authenticity.
10 . The method according to claim 7 , characterised in that the constants of the algebraic structure are generated by a key manager (KM), and the own cryptographic key (e i ) of the data source (DS i ) and the elements (a ij ) corresponding thereto are generated by the key manager (KM) and are sent encrypted to the data source (DS i ) and to the mappers (M j ).
11 . The method according to claim 1 , characterised in that the mappers (M j ) constitute a decentralized network.
12 . A computer system for cryptographic pseudonymisation, the system comprising:
data sources (DS i ) comprising data relating to entities, the data being identified at the data sources (DS i ) by entity identifiers (D) of the entities, and a pseudonymised database (DB), in which the data are identified by pseudonyms (P),
characterised in that
the pseudonyms (P) are assigned to the respective entity identifiers (D) applying a one-to-one mapping, irrespective of the originating data source, and
the system further comprises
more than one, a number k of mappers (M j ),
a module adapted for selecting for each data source (DS i ) elements (d ij , a ij ) in a number of equal to the number of mappers (M j ) from a predetermined algebraic structure constituting a multiplicative or an additive cyclic group,
a module adapted for sending to each mapper (M j ) one of the elements (d ij , a ij ), the sending module being configured to send the element (d ij , a ij ) by keeping it secret and keeping it assigned to the data source (DS i ),
a module adapted for calculating from the plurality of elements (d ij , a ij ) an inverse cryptographic key of said plurality,
a module for transforming each entity identifier (D) to be mapped into a respective encrypted entity identifier (C i0 ) utilizing the inverse cryptographic key as the own secret cryptographic key (e i ) of the data source (DS i ),
a module adapted for generating, for each mapper (M j ), a mapping cryptographic key (h ij ) thereof corresponding to the data source (DS i ) utilizing the element (d ij , a ij ) that was sent to the mapper (M j ) and an element (b j ) selected randomly from the algebraic structure and kept secret by the mapper (M j ), and
a module adapted for generating a respective pseudonym (P) for each encrypted entity identifier (C i0 ) encrypted by the data source (DS i ) by sequentially performing, in a permutation of the mappers (M j ), a number k of mappings utilizing the mapping cryptographic keys (h ij ) of the mappers (M j ) corresponding to the particular data source (DS i ).
13 . The computer system according to claim 12 , characterised in that it comprises modules adapted for performing a cryptographic pseudonym mapping method for an anonymous data sharing system, the method being adapted for generating a pseudonymised database (DB) from data relating to entities and originating from data sources (DS i ), wherein the data are identified at the data sources (DS i ) by entity identifiers (D) of the respective entities, and wherein the data are identified in the pseudonymised database (DB) by pseudonyms (P),
characterised in that
the pseudonyms (P) are assigned to the respective entity identifiers (D) applying a one-to-one mapping, irrespective of the originating data source, by
applying more than one, a number k of mappers (M i ),
selecting for each data source (DS i ) elements (d ij , a ij ) in a number equal to the number of mappers (M j ) from a predetermined algebraic structure constituting a multiplicative or an additive cyclic group, of which elements (d ij a ij ) one element (d ij a ij ) is sent, while being kept secret and kept assigned to the data source (DS i ), to each mapper (M j ), calculating from the plurality of elements (d ij , a ij ) an inverse cryptographic key of said plurality, and transforming, each entity identifier (D) to be mapped, into a respective encrypted entity identifier C i0 b using the inverse cryptographic key as an own secret cryptographic key (e i ) of the data source (DS i ),
generating for each mapper (M j ) its mapping cryptographic key (h ij ) corresponding to the data source (DS i ) by using the element (d ij , a ij ) that was sent to the mapper (M j ) and an element (b j ) selected randomly from the algebraic structure and kept secret by the mapper (M j ), and
generating respective pseudonyms (P) by sequentially performing, in a permutation of the mappers (M j ), a number k of mappings utilizing the mapping cryptographic keys (h ij ) of the mappers M j belonging to the particular data source (DS i ) on each encrypted entity identifier (C i0 ) encrypted by the data source (DS i ).
14 . The computer system according to claim 13 , characterised in that, for sharing the encrypted entity identifier (C i0 ) with the mappers (M j ), it comprises a database that operates according to a protocol verified by third parties and provides decentralized authenticity.
15 . The computer system according to claim 14 , characterised in that a blockchain database is applied as the database providing decentralized authenticity.
16 . The computer system according to claim 12 , characterised in that it comprises a key manager (KM) adapted for generating the constants of the algebraic structure and the own cryptographic key (e i ) of the data source (DS i ) and the elements (d ij , a ij ) corresponding thereto.
17 . A computer program comprising instructions which, when the program is executed by a computer, cause the computer to carry out the steps of the method according to claim 1 .
18 . A computer-readable medium adapted for storing the computer program according to claim 17 .Join the waitlist — get patent alerts
Track US2022255743A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.