Data Privacy Solutions
Anonymization and De-Identification
Tricryption® anonymization secures sensitive submitted ID Data through the power of cryptography, deriving an encrypted alias/pseudonym appropriate for mining and other database correlation without privacy exposure risks.
Built upon the Tricryption database encryption capability, anonymization provides secure replacement of sensitive identifiable data with anonymous but unique alias/pseudonym labels. Tricryption data anonymization provides capabilities to transform restricted data into sharable data by removing sensitive identity associations, such as
Personally Identifiable Information (PII), replacing them with non-associative but uniquely identifiable aliases. Tricryption derives the replaced data record naming alias from a fully protected cryptographic process with complete key management for the ultimate in privacy protection.
Tricryption Anonymization solutions:
Provide full cryptographic solution: No ad-hoc manual tables needed
Integrate with existing security infrastructures (Authorization, etc.)
Enable data owner access control over re-identification of data
Implement full NSA Suite B level cryptographic protections
Apply extensive centralized logging for audit report or monitoring
Defeat attempts to crack alias association (Dictionary attacks, etc.)
Relational database: Combines sensitive and/or personal identifiable information with non-attributable data. The non-attributable data needs to be shared, but the identity must be protected. The data however, still needs to be precisely and uniquely specified. Good candidates for anonymization include databases with shared data to ‘pooled’ repositories, protected source data, medical and clinical research data, financial data, etc.
Isolate and separate sensitive and/or private data: In order to protect sensitive fields within a data record, the sensitive information must be identified and separated from public information. Sensitive data may be data, metadata, schema, or relational information. Examples of sensitive data include names, SSNs, addresses, telephone numbers, and financial account numbers.
Encrypt the sensitive data, store that data securely, create key pointer, and provide an alias or pseudonym to identify the data: This is the core of the Tricryption automated anonymization process. The sensitive data is encrypted and stored with a series of related encrypted key pointers or ‘t-Tags’. These t-Tags form both the secure accessibility pathway to the key for sensitive data decryption, as well as the actual alias value that replaces the sensitive data in the original data set.
Merge the data alias with the database to replace the separated sensitive data: In order to anonymize yet retain the ability to uniquely identify the data, the removed data and any associated relationships must be replaced. This replacement by a cryptographically generated data string ensures persistent anonyminity and re-association access to only those designated and authorized by the data owner.
Share the data without threat of sensitive or privacy compromise: With the data now anonymized within the database, it can be shared with others directly or via ‘pooled’ data repositories. Best of all, the data may be shared on two levels: one, the data can remain anonymous; or two, the data and the sensitive information may later be re-associated with originator authorization.
Re-associate the secured sensitive data: Tricryption allows secure re-association of the sensitive data with its disclosable record or portion of the database. Use of a multi-step cryptographic ‘alias-to-sensitive-information’ association process guarantees only those on the access control list will have the ability to re-associate sensitive identifying information. Internal (trusted insiders, database administrators, etc.) and external compromise threats (alias association table loss, dictionary attacks, etc.) are prevented with Tricryption Anonymization.
For more information about our Anonymization and De-Identification solutions, contact us at info@pi-soft.tech