System and method to anonymize data transmitted to a destination computing device

摘要

A method and system for anonymizing data to be transmitted to a destination computing device is disclosed. Anonymization strategy for data anonymization is provided. Data to be transmitted is received from a user computer. Selective anonymization of the data is performed, based on the anonymization strategy, using an anonymization module. The data is anonymized using the anonymization module, to derive an anonymized data, using a data encryption key. The anonymized data is transmitted to the destination computer over a network. In some embodiments, the data encryption key is encrypted and decrypted prior to anonymization.

主权项

1. A method for anonymizing data to be transmitted to a destination computing device, comprising:
providing a data encryption key; encrypting the data encryption key with a key encryption key to derive an encrypted data encryption key; encrypting the key encryption key using a KEK key to generate an encrypted key encryption key; hashing the KEK key with a hash function to generate a hash of the KEK key; storing the hash of the KEK key and encrypted key encryption key in a data store; receiving data to be stored in a destination computing device, from a user computer, the data including a plurality of characters; receiving a custodian password; generating a hash of the custodian password using the hash function; comparing the generated hash of the custodian password with the stored hash of the KEK key and when there is a match between the generated hash of the custodian password with the stored hash of the KEK key, decrypting the encrypted key encryption key using the custodian password to derive the key encryption key; decrypting the encrypted data encryption key using the derived key encryption key to derive the data encryption key; anonymizing the data to be stored using an anonymization module executed on a computing device to derive an anonymized data, based on a stored anonymization strategy, using the derived data encryption key; and transmitting anonymized data to the destination computing device over a network, for storage in the destination computing device.