Data access and anonymity management

摘要

Techniques described herein provide data access and data anonymity management within various implementations of content distribution networks. In some embodiments, a data anonymity management system may include multiple different data stores configured to store identity data, user data, and/or linking data, as well as a data anonymity server configured to support data anonymity features such as active user data anonymity, one-way linking and permanently breakable links between user identity data and associated user data. In some embodiments, storage systems and techniques may be used for storing identity data, user data, and link data in multiple different data stores, with different data storage requirements and different processes and policies for data availability, data backup, online disaster recovery, offline storage archiving, and the like. Additionally, cryptographic hash functions may be used to implement one-way encryption between identity data and user data.

主权项

1. A data anonymity management system comprising:
a first data store, configured to store:
a plurality of user data records associated with a content management system; andan associated hash value for each of the plurality of user data records; a second data store, configured to store:
a plurality of user identifiers; andan associated key value for each of the plurality of user identifiers, wherein neither the first data store nor the second data store is configured to store private user information associated with any of the plurality of user identifiers, and wherein the first data store is configured not to store any of the plurality of user identifiers stored in the second data store, and wherein the second data store is configured not to store any of the plurality of hash values stored in the first data store; and a data anonymity server comprising:
a processing unit comprising one or more processors; andmemory coupled with and readable by the processing unit and storing therein a set of instructions which, when executed by the processing unit, causes the data anonymity server to:
receive a request to access user data associated with a first user of the content management system, wherein at least a portion of the user data associated with the first user is stored in the first data store;generate a first hash value, by executing a cryptographic hash function, using a first key value associated with the first user and stored in the second data store as an input to the cryptographic hash function;use the first hash value to perform the requested access of the user data associated with the first user within the first data store;receive a request to disassociate the first user from one or more user data records stored in the first data store and associated with the first user; andin response to the request to disassociate, delete the first key value associated with the first user and used as input to the cryptographic hash function, from the second data store.