US2023058013A1PendingUtilityA1

Providing access to encrypted insights using anonymous insight records

62
Assignee: FORTIFID INCPriority: Aug 18, 2021Filed: Nov 1, 2022Published: Feb 23, 2023
Est. expiryAug 18, 2041(~15.1 yrs left)· nominal 20-yr term from priority
H04L 63/0428H04L 67/1097H04L 67/06H04L 9/50H04L 9/3247G16H 10/60G16H 40/67G06F 7/588H04L 2209/56H04L 9/3297
62
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Techniques are described for algorithmic confidential computing on personal data and to an insights provider providing access to personal data using limited-use anonymous insights records stored on a blockchain. To enable service providers and other queriers to obtain such insights information in a secure manner, an insights provider creates an anonymous insights record that is recorded on a blockchain responsive a request from a subject indicating that the subject desires to share one or more items of insights information. An anonymous insights record contains a single-use (or limited number of use) random number that is used by the insights provider to index the data in a shards index database for the relevant shards of the insights data file. These multiple segments can then be stored across multiple separate repositories using a decentralized file storage service.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A computer-implemented method performed by an insights provider system, the method comprising:
 obtaining insight data related to a subject, wherein the insight data is derived from data obtained from one or more data providers external to the insights provider system;   storing, using a decentralized storage service, a plurality of shards of a data file containing the insight data, wherein the data file includes a subject random number associated with the subject;   storing, on a blockchain, an anonymous insights record including the subject random number;   identifying, on the blockchain, a record indicating that insight data related to a subject is pending processing by the insights provider system, wherein the record identifies the subject random number;   responsive to determining that a number of times the subject random number has been used is not more than a maximum permitted number of times the subject random number can be used:
 obtaining, based on the subject random number, the plurality of shards of the data file that includes the insight data; and 
 providing, based on a reconstructed copy of data file from the plurality of shards of the data file, the insight data to a client computing device. 
   
     
     
         2 . The computer-implemented method of  claim 1 , wherein the data file further includes an indication of a time at which access to the insight data expires, and wherein the insights data provider system blocks access to the insight data after the time at which access to the insight data expires. 
     
     
         3 . The computer-implemented method of  claim 1 , wherein the data file is encrypted, and wherein the method further comprises using a secure enclave service to decrypt the data file and provide the insight data to a requesting client device. 
     
     
         4 . The computer-implemented method of  claim 1 , wherein the subject random number is a first subject random number, and wherein the subject is further associated with a second subject random number associated with the data file that includes the insight data related to the subject. 
     
     
         5 . The computer-implemented method of  claim 1 , further comprising receiving a message from a client that identifies the record indicating that the insight data related to the subject is pending processing, and wherein the record is created responsive to a client computing device invoking a smart contract on the blockchain identifying the subject random number. 
     
     
         6 . The computer-implemented method of  claim 1 , further comprising generating, by the insights provider system, the data file using a secure enclave to compute the insight data related to the subject, wherein the secure enclave is an isolated compute environment integrated with the insights provider system via a secure communication channel. 
     
     
         7 . The computer-implemented method of  claim 1 , wherein the data file includes data indicating a plurality of separate insights related to the subject. 
     
     
         8 . The computer-implemented method of  claim 1 , wherein the data file further includes at least one of: an identifier of the data file, or a digital signature of the insights provider system, and wherein the anonymous insights record further includes at least one of: a hash of the data file, an identifier of an endpoint of a secure enclave service associated with the insights provider system, an expiration time of the anonymous insights record, or a digital signature of the insights provider system. 
     
     
         9 . The computer-implemented method of  claim 1 , wherein a storage location of each of the plurality of shards of the data file is stored in a shards index database managed by the insights provider system, and wherein the storage location of each of the plurality of shards of the data file is indexed in the shards index database by the subject random number. 
     
     
         10 . The computer-implemented method of  claim 1 , wherein the insight data includes at least one of: financial services information related to the subject, healthcare information related to the subject, or demographic information related to the subject. 
     
     
         11 . A system comprising:
 an insights provider system implemented by a first one or more electronic devices comprising a processor, the insights provider system including instructions that upon execution cause the insights provider system to:
 obtain insight data related to a subject, wherein the insight data is derived from data obtained from one or more data providers external to the insights provider system; 
 store, using a decentralized storage service, a plurality of shards of a data file containing the insight data, wherein the data file includes a subject random number associated with the subject; 
 store, on a blockchain, an anonymous insights record including the subject random number; 
 identify, on the blockchain, a record indicating that insight data related to a subject is pending processing by the insights provider system, wherein the record identifies the subject random number; 
 responsive to determining that a number of times the subject random number has been used is not more than a maximum permitted number of times the subject random number can be used:
 obtain, based on the subject random number, the plurality of shards of the data file that includes the insight data; and 
 provide, based on a reconstructed copy of data file from the plurality of shards of the data file, the insight data to a client computing device; and 
 
   a client computing device implemented by a second one or more electronic devices comprising a processor, the client computing device including instructions that upon execution cause the client computing device to:
 generate a request for insight data related to the subject by invoking a smart contract on the blockchain, wherein the smart contract is associated with a record on the blockchain including the subject random number. 
   
     
     
         12 . The system of  claim 11 , wherein the data file further includes an indication of a time at which access to the insight data expires, and wherein the insights data provider system blocks access to the insight data after the time at which access to the insight data expires. 
     
     
         13 . The system of  claim 11 , wherein the data file is encrypted, and wherein the instructions upon execution further cause the insights provider system to use a secure enclave service to decrypt the data file and provide the insight data to a requesting client device. 
     
     
         14 . The system of  claim 11 , wherein the subject random number is a first subject random number, and wherein the subject is further associated with a second subject random number associated with the data file that includes the insight data related to the subject. 
     
     
         15 . The system of  claim 11 , wherein the instructions upon execution further cause the insights provider system to receive a message from a client that identifies the record indicating that the insight data related to the subject is pending processing, and wherein the record is created responsive to a client computing device invoking a smart contract on the blockchain identifying the subject random number. 
     
     
         16 . The system of  claim 11 , wherein the instructions upon execution further cause the insights provider system to generate, by the insights provider system, the data file using a secure enclave to compute the insight data related to the subject, wherein the secure enclave is an isolated compute environment integrated with the insights provider system via a secure communication channel. 
     
     
         17 . The system of  claim 11 , wherein the data file includes data indicating a plurality of separate insights related to the subject. 
     
     
         18 . The system of  claim 11 , wherein the data file further includes at least one of: an identifier of the data file, or a digital signature of the insights provider system, and wherein the anonymous insights record further includes at least one of: a hash of the data file, an identifier of an endpoint of a secure enclave service associated with the insights provider system, an expiration time of the anonymous insights record, or a digital signature of the insights provider system. 
     
     
         19 . The system of  claim 11 , wherein a storage location of each of the plurality of shards of the data file is stored in a shards index database managed by the insights provider system, and wherein the storage location of each of the plurality of shards of the data file is indexed in the shards index database by the subject random number. 
     
     
         20 . The system of  claim 11 , wherein the insight data includes at least one of: financial services information related to the subject, healthcare information related to the subject, or demographic information related to the subject.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.