Description:FIELD OF INVENTION
[0001] Embodiments of the present disclosure relate to data management and security systems and more particularly relates to a method and a system for controlling access to user information using a privacy preserving decentralized container, which is focused on the secure storage, access, and transport of personal data while preserving user privacy.
BACKGROUND
[0002] Generally, users frequently share information that is considered sensitive, confidential, or otherwise deserving of protection from unauthorized individuals. Traditional methods of managing data access, such as public-key cryptography and user-based access controls, come with their own set of advantages and disadvantages. Nevertheless, the conventional approaches are not equipped to handle security threats that arise when someone gains unauthorized access to data or when an authorized user engages in malicious activities. For instance, a member of an organization might decide to disclose the organization's password-protected trade secrets, or a hacker may illicitly obtain access to encrypted data. In an increasingly data-driven world, the need for secure and privacy-conscious data management solutions has become paramount.
[0003] Conventionally, a computer system provides aspects of managing access to data using a secure container based on an image file. This container holds encrypted user-specific data. Access requests to this container are authenticated by verifying user credentials. Once authenticated, access to the data is allowed. The system controls access by decrypting and enabling access to a portion of the data initially, with further portions being decrypted and made accessible based on user behaviour. Further, the conventional method provides method for managing digital information stored in a data container on computing devices. An apparatus operates using two sets of instructions: one to receive a signal indicating an attempt to access a data container with protected data, and the other to examine security data associated with the apparatus stored in the storage. Access to the protected data is determined based on this examination of security data.
[0004] Furthermore, the conventional system and method provides aspects of providing secure data containers with controlled access to stored files. The process involves receiving a request to create a container, which is a file system with defined access rules and permitted users. Duration parameters are set, specifying a time during which the container can be accessed. A unique fingerprint of the container is generated for future comparison. The system monitors the container to ensure it complies with the access rules, time limits, and fingerprint. If the container does not meet these criteria, consequences are applied. Furthermore, the conventional method provides a method for accessing protected data within a smart data container. The process involves receiving a request to access this protected data. It then compares the device identifier of the requesting device to the device identifier of the device that originally created the smart data container. Access to the protected data is granted to the requesting device if its identifier matches the one associated with the creation of the container.
[0005] However, in conventional systems and methods, the private and personally identifiable information of users is concentrated within directories and databases owned by an organization. Users have limited control over their personal data stored in these centralized repositories, lacking the ability to easily manage or delete their data. This situation raises concerns regarding both privacy and data ownership. Further, in the conventional systems and methods, the sharing of user information, even when consent management is in place, often relies on consents recorded within web portals as one-time activities. Inadequate provisions exist to manage data access through consent management and establish checks at the data provider level, exacerbating privacy concerns. In additional in the conventional systems and methods, the features such as Personally Identifiable Information (PII) identification and masking, user anonymization, privacy-preserving data collection and usage, and field-level encryption are typically offered at the schema or database level. There is a pressing need to empower users to define attributes for data masking and specify how data should be anonymized when shared with various aggregators and applications.
[0006] Therefore, there is a need for an improved method and a system for controlling access to user information using a privacy preserving decentralized container, to address at least the aforementioned limitations of the prior art.
SUMMARY
[0007] This summary is provided to introduce a selection of concepts, in a simple manner, which is further described in the detailed description of the disclosure. This summary is neither intended to identify key or essential inventive concepts of the subject matter nor to determine the scope of the disclosure.
[0008] An aspect of the present disclosure provides a system for controlling access to user information using a privacy preserving decentralized container. The system receives a request for accessing user data from an external application. The request includes at least one of a purpose of use of the user information, attributes of the user information, and an application identifier (ID). Further, the system determines a user associated with the user information based on received request. Furthermore, the system authenticates the determined user based on pre-stored personal information of the user. Additionally, the system obtains a user consent from the user for accessing the user information upon successful authentication. The user consent includes a masking strategy for the attributes of the user information. Further, the system determines one or more attributes for performing masking based on the masking strategy comprised in the user token. Furthermore, the system masks the determined one or more attributes with one or more authorization tokens. Additionally, the system provides access to the user data from the external application based on the one or more authorization tokens.
[0009] An aspect of the present disclosure provides a method for controlling access to user information using a privacy preserving decentralized container. The method includes receiving a request for accessing user data from an external application. The request comprises at least one of a purpose of use of the user information, attributes of the user information, and an application identifier (ID). Further, the method includes determining a user associated with the user information based on received request. Furthermore, the method includes authenticating the determined user based on pre-stored personal information of the user. Additionally, the method includes obtaining a user consent from the user for accessing the user information upon successful authentication. The user consent includes a masking strategy for the attributes of the user information. Further, the method includes determining one or more attributes for performing masking based on the masking strategy comprised in the user token. Additionally, the method includes masking the determined one or more attributes with one or more authorization tokens. Further, the method includes providing access to the user data from the external application based on the one or more authorization tokens.
[0010] To further clarify the advantages and features of the present disclosure, a more particular description of the disclosure will follow by reference to specific embodiments thereof, which are illustrated in the appended figures. It is to be appreciated that these figures depict only typical embodiments of the disclosure and are therefore not to be considered limiting in scope. The disclosure will be described and explained with additional specificity and detail with the appended figures.
BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS
[0011] The disclosure will be described and explained with additional specificity and detail with the accompanying figures in which:
[0012] FIG. 1 illustrates an exemplary block diagram representation of a network architecture implementing a system for controlling access to user information using a privacy preserving decentralized container, in accordance with an embodiment of the present disclosure;
[0013] FIG. 2 illustrates an exemplary block diagram representation of a proposed system as shown in FIG 1, capable of controlling access to user information using a privacy preserving decentralized container, in accordance with an embodiment of the present disclosure;
[0014] FIG. 3 illustrates an exemplary flow diagram representation of consent flow method in user data container, in accordance with the embodiments in the present disclosure; and
[0015] FIG. 4 is a flow diagram representation of a method of controlling access to user information using a privacy preserving decentralized container, in accordance with an embodiment of the present disclosure.
[0016] Further, those skilled in the art will appreciate those elements in the figures are illustrated for simplicity and may not have necessarily been drawn to scale. Furthermore, in terms of the construction of the device, one or more components of the device may have been represented in the figures by conventional symbols, and the figures may show only those specific details that are pertinent to understanding the embodiments of the present disclosure so as not to obscure the figures with details that will be readily apparent to those skilled in the art having the benefit of the description herein.
DETAILED DESCRIPTION
[0017] For the purpose of promoting an understanding of the principles of the disclosure, reference will now be made to the embodiment illustrated in the figures and specific language will be used to describe them. It will nevertheless be understood that no limitation of the scope of the disclosure is thereby intended. Such alterations and further modifications in the illustrated online platform, and such further applications of the principles of the disclosure as would normally occur to those skilled in the art are to be construed as being within the scope of the present disclosure.
[0018] The terms "comprise(s)", "comprising", or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a process or method that comprises a list of steps does not include only those steps but may include other steps not expressly listed or inherent to such a process or method. Similarly, one or more devices or subsystems or elements, structures, or components preceded by "comprises... a" does not, without more constraints, preclude the existence of other devices, subsystems, elements, structures, components, additional devices, additional subsystems, additional elements, additional structures, or additional components. Appearances of the phrase "in an embodiment", "in another embodiment" and similar language throughout this specification may, but not necessarily do, all refer to the same embodiment.
[0019] Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by those skilled in the art to which this disclosure belongs. The system, methods, and examples provided herein are only illustrative and not intended to be limiting.
[0020] In the following specification and the claims, reference will be made to a number of terms, which shall be defined to have the following meanings. The singular forms “a,” “an,” and “the” include plural references unless the context clearly dictates otherwise.
[0021] A computer system (standalone, client or server computer system) configured by an application may constitute a “module” that is configured and operated to perform certain operations. In one embodiment, the “module” may be implemented mechanically or electronically, so a module may comprise dedicated circuitry or logic that is permanently configured (within a special-purpose processor) to perform certain operations. In another embodiment, a “module” may also comprise programmable logic or circuitry (as encompassed within a general-purpose processor or other programmable processor) that is temporarily configured by software to perform certain operations.
[0022] Accordingly, the term “module” should be understood to encompass a tangible entity, be that an entity that is physically constructed permanently configured (hardwired), or temporarily configured (programmed) to operate in a certain manner and/or to perform certain operations described herein.
[0023] Embodiments of the present disclosure provide a system and a method for controlling access to user information using a privacy preserving decentralized container. The system enables data management and privacy protection by decentralizing user data. Users can choose where their data is stored, be it on a user-controlled server or an organization-hosted server. This decentralized approach not only grants users unprecedented control over their personal information but also mitigates the risks associated with centralized databases. Users can easily modify, delete, or restrict access to specific attributes, reinforcing their authority over their own data. The present disclosure enables efficient consent management by leveraging the OpenID connect protocol, it streamlines consent processes, making data sharing more user-centric and straightforward. Users can configure consent scopes and claims, aligning them with their attributes, ensuring that data sharing aligns with their individual preferences. The system's component manager acts as both an OpenID Connect provider and an identity provider, simplifying authentication and consent, resulting in smoother authorization flows. This meticulous approach to consent empowers users to grant access for specific data usage purposes, enhancing privacy assurance and control over data dissemination.
[0024] Additionally, the present disclosure excels in safeguarding data privacy through pseudo-anonymization techniques. These methods allow for the masking of personal information in fetched data while retaining the ability to link data back to the user container. This delicate balance between privacy preservation and data utility ensures that sensitive details remain concealed while still facilitating valuable data analysis and processing. Furthermore, the present disclosure offers unique features that set it apart. Users have ownership of the component housing their data, fostering a sense of data ownership and control. The database itself is presented as a utility, making it a versatile and easily accessible resource. Privacy features and consent management are seamlessly integrated into the database, reducing the complexity of data management. Moreover, the inclusion of built-in PKI components enhances security and data protection by default.
[0025] Referring now to the drawings, and more particularly to FIGs. 1 through FIG. 4, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments and these embodiments are described in the context of the following exemplary system and/or method.
[0026] FIG. 1 illustrates an exemplary block diagram representation of a network architecture 100 implementing a system 102 for controlling access to user information using a privacy preserving decentralized container, in accordance with an embodiment of the present disclosure. According to FIG. 1, the network architecture 100 may include the system 102, a database 104, and a user device(s) 106. The system 102 may be communicatively coupled to the database 104, and the user device(s) 106 via a communication network 108. The communication network 108 may be a wired communication network and/or a wireless communication network. Further, the database 104 may include, but is not limited to, user data, sensitive data, original data, reporting data format, attribute access level, frequency of data fetch, and purpose of data usage, private key, user information, attributes of the user information, and an application identifier (ID), masking strategy, user token, authorization tokens, pre-stored rules, identifiable information, public information, private information, pseudo-anonymized private information, any other data, and combinations thereof. Further, the database 104 may be any kind of database such as, but are not limited to, relational databases, dynamic databases, monetized databases, scalable databases, cloud databases, distributed databases, any other databases, and a combination thereof.
[0027] Further, the user device 106 may be associated with, but not limited to, a user, a content creator, a content consumer, an end user, a developer, an individual, an administrator, a vendor, a technician, an entity, a facility, and the like. The user device 106 may be used to provide input and/or receive output to/from the system 102, and/or to the database 104, respectively. The user device 106 may present to the user one or more user interfaces for the user to interact with the system 102 and/or the database 104 for access controlling needs. The user device 106 may be at least one of, an electrical, an electronic, an electromechanical, and a computing device. The user device 106 may include but is not limited to, a mobile device, a smartphone, a Personal Digital Assistant (PDA), a tablet computer, a phablet computer, a wearable computing device, a Virtual Reality / Augmented Reality (VR/AR) device, a metaverse based device, a laptop, a desktop, a server, an interactive display device, and the like. The entities and the facility may include, but are not limited to, an educational institution, a coaching centre, a training centre, a hospital, a healthcare facility, an exercise facility, a laboratory facility, an e-commerce company, a merchant organization, an airline company, a hotel booking company, a company, an outlet, a manufacturing unit, an enterprise, an organization, a secured facility, a warehouse facility, a supply chain facility, any other facility and the like.
[0028] Further, the system 102 may be implemented by way of a single device or a combination of multiple devices that may be operatively connected or networked together. The system 102 may be implemented in hardware or a suitable combination of hardware and software. The system 102 includes one or more hardware processor(s) 110, and a memory 112. The memory 112 may include a plurality of modules 114. The system 102 may be a hardware device including the hardware processor 110 executing machine-readable program instructions for controlling access to user information using a privacy preserving decentralized container. Execution of the machine-readable program instructions by the hardware processor 110 may enable the proposed system 102 to control access to user information using a privacy preserving decentralized container. The “hardware” may comprise a combination of discrete components, an integrated circuit, an application-specific integrated circuit, a field-programmable gate array, a digital signal processor, or other suitable hardware. The “software” may comprise one or more objects, agents, threads, lines of code, subroutines, separate software applications, two or more lines of code, or other suitable software structures operating in one or more software applications or on one or more processors.
[0029] The hardware processor 110 may include, for example, microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuits, and/or any devices that manipulate data or signals based on operational instructions. Among other capabilities, hardware processor 110 may fetch and execute computer-readable instructions in the memory 112 operationally coupled with the system 102 for performing tasks such as data processing, input/output processing, and/or any other functions. Any reference to a task in the present disclosure may refer to an operation being or that may be performed on data.
[0030] Though few components and subsystems are disclosed in FIG. 1, there may be additional components and subsystems which is not shown, such as, but not limited to, assets, machinery, instruments, routers, network devices, facility equipment, emergency management devices, testing devices, image capturing devices, Augmented Reality (AR) devices, Virtual Reality (VR) devices, Metaverse based devices, speakers, sensors, any other devices, and combination thereof. The person skilled in the art should not be limiting the components/subsystems shown in FIG. 1. Although FIG. 1 illustrates the system 102, and the user device 106 connected to the database 104, one skilled in the art can envision that the system 102, and the user device 106 can be connected to several user devices located at different locations and several databases via the communication network 108.
[0031] Those of ordinary skilled in the art will appreciate that the hardware depicted in FIG. 1 may vary for particular implementations. For example, other peripheral devices such as an optical disk drive and the like, local area network (LAN), wide area network (WAN), wireless (e.g., wireless-fidelity (Wi-Fi)) adapter, graphics adapter, disk controller, input/output (I/O) adapter also may be used in addition or place of the hardware depicted. The depicted example is provided for explanation only and is not meant to imply architectural limitations concerning the present disclosure.
[0032] Those skilled in the art will recognize that, for simplicity and clarity, the full structure and operation of all data processing systems suitable for use with the present disclosure are not being depicted or described herein. Instead, only so much of the system 102 as is unique to the present disclosure or necessary for an understanding of the present disclosure is depicted and described. The remainder of the construction and operation of the system 102 may conform to any of the various current implementations and practices that were known in the art.
[0033] In an embodiment, the system 102 may receive a request for accessing user data from an external application (not shown in FIG. 1). The request includes, but is not limited to, a purpose of use of the user information, attributes of the user information, and an application identifier (ID). the user data is encrypted using a private key, and the like.
[0034] In an embodiment, the system 102 may determine a user associated with the user information based on received request. In an embodiment, the system 102 may authenticate the determined user based on pre-stored personal information of the user. Further, the system 102 may obtain a user consent from the user for accessing the user information upon successful authentication. The user consent includes a masking strategy for the attributes of the user information. In an embodiment, the masking strategy includes, but is not limited to, a level of access, attributes shareable to the application, purpose, and duration of consent for the application to access the user data.
[0035] In an embodiment, the system 102 may determine one or more attributes for performing masking based on the masking strategy comprised in the user token. In an embodiment, the system 102 may mask the determined one or more attributes with one or more authorization tokens. In an embodiment, the system 102 may provide access to the user data from the external application based on the one or more authorization tokens.
[0036] FIG. 2 illustrates an exemplary block diagram representation of a proposed system 102 as shown in FIG 1, capable of controlling access to user information using a privacy preserving decentralized container, in accordance with an embodiment of the present disclosure. The system 102 comprises the one or more hardware processors 110, the memory 112, and a storage unit 204. The one or more hardware processors 110, the memory 112, and the storage unit 204 are communicatively coupled through a system bus 202 or any similar mechanism. The memory 112 comprises a plurality of modules 114 in the form of programmable instructions executable by the one or more hardware processors 110.
[0037] Further, the plurality of modules 114 includes a request receiving module 206, a user determining module 208, a user authenticating management module 210, a user consent obtaining module 212, an attribute determining module 214, an attribute masking module 216, and an access providing module 218.
[0038] The one or more hardware processors 110, as used herein, means any type of computational circuit, such as, but not limited to, a microprocessor unit, microcontroller, complex instruction set computing microprocessor unit, reduced instruction set computing microprocessor unit, very long instruction word microprocessor unit, explicitly parallel instruction computing microprocessor unit, graphics processing unit, digital signal processing unit, or any other type of processing circuit. The one or more hardware processors 110 may also include embedded controllers, such as generic or programmable logic devices or arrays, application-specific integrated circuits, single-chip computers, and the like.
[0039] The memory 112 may be a non-transitory volatile memory and a non-volatile memory. The memory 112 may be coupled to communicate with the one or more hardware processors 110, such as being a computer-readable storage medium. The one or more hardware processors 110 may execute machine-readable instructions and/or source code stored in the memory 112. A variety of machine-readable instructions may be stored in and accessed from the memory 112. The memory 112 may include any suitable elements for storing data and machine-readable instructions, such as read-only memory, random access memory, erasable programmable read-only memory, electrically erasable programmable read-only memory, a hard drive, a removable media drive for handling compact disks, digital video disks, diskettes, magnetic tape cartridges, memory cards, and the like. In the present embodiment, the memory 112 includes the plurality of modules 112 stored in the form of machine-readable instructions on any of the above-mentioned storage media and may be in communication with and executed by the one or more hardware processors 110.
[0040] The storage unit 204 may be a cloud storage or a database such as those shown in FIG. 1. The storage unit 204 may store, but is not limited to, user data, sensitive data, original data, reporting data format, attribute access level, frequency of data fetch, and purpose of data usage, private key, user information, attributes of the user information, and an application identifier (ID), masking strategy, user token, authorization tokens, pre-stored rules, identifiable information, public information, private information, pseudo-anonymized private information, any other data, and combinations thereof. The storage unit 204 may be any kind of database such as but are not limited to, relational databases, dynamic databases, monetized databases, scalable databases, cloud databases, distributed databases, any other databases, and a combination thereof.
[0041] In an embodiment, the request receiving module 206 may receive a request for accessing user data from an external application (not shown in FIG. 2). The request includes, but is not limited to, a purpose of use of the user information, attributes of the user information, and an application identifier (ID). the user data is encrypted using a private key, and the like.
[0042] In an embodiment, the user determining module 208 may determine a user associated with the user information based on received request. In an embodiment, the user authenticating management module 210 may authenticate the determined user based on pre-stored personal information of the user. Further, the user consent obtaining module 212 may obtain a user consent from the user for accessing the user information upon successful authentication. The user consent includes a masking strategy for the attributes of the user information. In an embodiment, the masking strategy includes, but is not limited to, a level of access, attributes shareable to the application, purpose, and duration of consent for the application to access the user data.
[0043] In an embodiment, the attribute determining module 214 may determine one or more attributes for performing masking based on the masking strategy comprised in the user token. In an embodiment, the attribute masking module 216 may mask the determined one or more attributes with one or more authorization tokens. In an embodiment, the access providing module 218 may provide access to the user data from the external application based on the one or more authorization tokens.
[0044] In an embodiment, for obtaining a user consent from the user for accessing the user information upon successful authentication, the user consent obtaining module 212 further configured to validate the purpose of use of the user information, attributes of the user information, and application identifier (ID) based on pre-stored rules. Further, the user consent obtaining module 212 may determine the masking strategy for the attributes of the user information based on results of validation.
[0045] In an embodiment, for determining the masking strategy for the attributes of the user information based on results of validation, the one or more hardware processors 110 is further configured to determine attributes of the user for attribute-based access level for personally identifiable information, public information, private information and pseudo-anonymized private information.
[0046] In an embodiment, for determining the masking strategy for the attributes of the user information based on results of validation, the one or more hardware processors 110 is further configured to determine the attributes which are to be tokenized. The attributes are tokenized by replacing sensitive data with unique tokens and wherein the tokens are used as references to the original data.
[0047] In an embodiment, for determining the masking strategy for the attributes of the user information based on results of validation, the one or more hardware processors 110 is further configured to determine the attributes which are to be encrypted. Further, the one or more hardware processors 110 may define additional scripts to be replaced with the actual values of the attributes.
[0048] In an embodiment, the one or more hardware processors 110 is further configured to provide user data in one or more formats, along with a plurality of aggregation and reporting data format.
[0049] In an embodiment, for providing access to the user data from the external application based on the one or more authorization tokens, the access providing module 218 is further configured to provide to the user data from the external application based on access at least one of attribute access level, frequency of data fetch, and purpose of data usage.
[0050] In an embodiment, for providing access to the user data from the external application based on the one or more authorization tokens, the access providing module 218 is further configured to provide revocable access to the application based on the masking strategy.
[0051] FIG. 3 illustrates an exemplary flow diagram representation of consent flow method 300 in user data container, in accordance with the embodiments in the present disclosure. For example, the system 102 may be a data container system designed to cater to the needs of individuals and organizations responsible for managing databases. The container provides a secure environment for the storage and transportation of personal data while prioritizing user privacy through consent-driven protocols. The system 102 may be engineered with a "privacy by design" approach, guaranteeing automatic protection and confidentiality of user information. It achieves this by offering reliable and revocable access to user data via a variety of endpoints and protocols, ensuring user consent is continually validated. The features of the user container include fine-grained control over privacy attributes, secure data encryption, and a comprehensive consent management system.
[0052] The data container system includes various components and functionalities, each contributing to its overall effectiveness. These components include user data storage, pre-defined functions, utility functions for user container, consent manager, and the like. The user data storage in which the system stores user information, including multiple attributes, on disk. This data is encrypted using a private key generated for the container owner. Data stored in the container is not directly exposed to external applications, ensuring robust data protection. Further, in the pre-defined functions, the container offers default functions for accessing user data in various formats, as well as for data aggregation and reporting.
[0053] Further, in the utility functions for user container, the utility functions are exposed to both users and applications seeking access to user data. These functions enable the generation of public and private keys for applications and users. Consent functions are provided to define the scope, purpose, and duration of data access consent for applications. In the consent manager, the consent manager serves as an authentication and authorization layer for applications requesting user data access. It utilizes the OpenID protocol with custom scopes and claims to define how and why user data will be made available to applications. In the drivers to access container, the drivers include APIs that allow various applications to access user data by invoking the consent manager.
[0054] The system 102 may perform consent management. The system 102 enables consent management based on various criteria, including attribute access level, frequency of data fetch, and purpose of data usage. Consent may be granted for Personally Identifiable Information (PII), public information, private information, and pseudo-anonymized private information. Consent options encompass, based on frequency of data fetch, one-time fetch, periodic updates, and event-based notifications. Data usage purposes include profile creation, anonymous aggregation of user profile information (e.g., average household income calculations), and continuous user behaviour profiling and attribution.
[0055] User Data Decentralization: The user data container offers a versatile solution to the challenge of decentralizing user data. It is designed as a containerized application, capable of deployment across diverse environments, ranging from user-controlled servers to organization-hosted servers. The approach ensures that user information in database 104, remains distributed, avoiding centralized databases and inaccessible database connections.
[0056] When a recipient application (such as web application 302) requests access to specific user data, the protocol negotiation takes place between the application and the user container. The user container, acting through its designated endpoints, facilitates access only after stringent verification of user authentication and consent for the requested data retrieval. This meticulous process empowers users to maintain absolute control over their data. Users 308 retain the ability to modify, delete, or limit access to specific attributes, granting them a newfound level of data sovereignty.
[0057] Consent management via user data container: the user data container adopts the OpenID Connect protocol to effectively manage consent using a consent manager 304. This sophisticated system allows data owners to configure consent scopes and claims, aligning them with user attributes using the utility functions provided by the user data container. When an application wishes to retrieve user data, it initiates an authorization grant flow with the user 308. This dynamic process not only ensures that user consent is obtained but also permits users to have granular control over which attributes are shared with the requesting application. This approach empowers users 308 to determine precisely how their data is utilized, reinforcing data privacy and consent as fundamental principles in data management.
[0058] These strategic solutions presented by the user data container system address the pressing challenges associated with data decentralization and consent manager 304, ushering in a new era of user-centric data control and security.
[0059] Managing data within the user container: within the user container, the component manager plays a pivotal role, serving as both the OpenID connect provider and the identity provider. Its dual functionality allows for the seamless authentication of users and the acquisition of their consent in alignment with the application's stated purpose. Subsequently, the obtained authorization code and tokens empower the application to access user information, strictly adhering to the user's consent.
[0060] Pseudo-anonymization of user attributes: to bolster data privacy, the user data container employs techniques that obscure personal information within fetched data, while retaining the ability to correlate the data with the originating user container without disclosing the actual Personally Identifiable Information (PII). These techniques include:
[0061] Tokenization: users can specify attributes for tokenization through the predefined functions within the user data container. Tokenization involves substituting sensitive data with unique tokens or identifiers. These tokens serve as references to the original data but do not divulge any personally identifiable information. This approach facilitates data analysis and processing while safeguarding user data privacy.
[0062] Data Encryption: users have the option to designate attributes for encryption during transmission to recipient applications. By encrypting data both at rest and in transit, unauthorized entities are thwarted from accessing or deciphering sensitive information. The application retains the capability to decrypt user attribute data or share it with secondary systems for processing without exposing plaintext attributes.
[0063] Anonymization techniques: users also have the flexibility to define custom scripts that replace actual attribute values with substituted values. These substitutions maintain the essential characteristics requested by the application while concealing specific details. For instance, instead of disclosing the actual age, users may opt to share the result of a comparison function for age, thereby preserving privacy. These advanced data management techniques within the user data container empower users with heightened control over their data, allowing them to balance data sharing for utility with stringent privacy safeguards.
[0064] In an embodiment, the access request is provided to the web application 302. Further, the web application 302 requests for content-based token to the consent manager 304. The consent manager 304 requests user authentication and consent from the user 308. based on the provided user authentication and consent by the user 308, the consent manager 304 may respond with token to the web application 302. Furthermore, the web application 302 request for user information from the token to utility functions 306. The utility functions 306 respond with user information to the web application 302. The user information is stored in the database 104.
[0065] FIG. 4 is a flow diagram representation of a method 400 of controlling access to user information using a privacy preserving decentralized container, in accordance with an embodiment of the present disclosure.
[0066] At block 402, the method 400 may include receiving, by the processor 110 associated with the system 102, a request for accessing user data from an external application. The request includes, but is not limited to, a purpose of use of the user information, attributes of the user information, an application identifier (ID), and the like.
[0067] At block 404, the method 400 may include determining, by the processor 110, a user associated with the user information based on received request.
[0068] At block 406, the method 400 may include authenticating, by the processor 110, the determined user based on pre-stored personal information of the user.
[0069] At block 408, the method 400 may include obtaining, by the processor 110, a user consent from the user for accessing the user information upon successful authentication. The user consent includes but is not limited to a masking strategy for the attributes of the user information., and the like.
[0070] At block 410, the method 400 may include determining, by the processor 110, one or more attributes for performing masking based on the masking strategy comprised in the user token.
[0071] At block 412, the method 400 may include masking, by the processor 110, the determined one or more attributes with one or more authorization tokens.
[0072] At block 414, the method 400 may include providing, by the processor 110, access to the user data from the external application based on the one or more authorization tokens.
[0073] The method 400 may be implemented in any suitable hardware, software, firmware, or combination thereof. The order in which the method 400 is described is not intended to be construed as a limitation, and any number of the described method blocks may be combined or otherwise performed in any order to implement the method 400 or an alternate method. Additionally, individual blocks may be deleted from the method 400 without departing from the spirit and scope of the present disclosure described herein. Furthermore, the method 400 may be implemented in any suitable hardware, software, firmware, or a combination thereof, that exists in the related art or that is later developed. The method 400 describes, without limitation, the implementation of the computing system 102. A person of skill in the art will understand that method 400 may be modified appropriately for implementation in various manners without departing from the scope and spirit of the disclosure.
[0074] Embodiments of the present disclosure provide a system and a method for controlling access to user information using a privacy preserving decentralized container. The system enables data management and privacy protection by decentralizing user data. Users can choose where their data is stored, be it on a user-controlled server or an organization-hosted server. This decentralized approach not only grants users unprecedented control over their personal information but also mitigates the risks associated with centralized databases. Users can easily modify, delete, or restrict access to specific attributes, reinforcing their authority over their own data. The present disclosure enables efficient consent management by leveraging the OpenID connect protocol, it streamlines consent processes, making data sharing more user-centric and straightforward. Users can configure consent scopes and claims, aligning them with their attributes, ensuring that data sharing aligns with their individual preferences. The system's component manager acts as both an OpenID Connect provider and an identity provider, simplifying authentication and consent, resulting in smoother authorization flows. This meticulous approach to consent empowers users to grant access for specific data usage purposes, enhancing privacy assurance and control over data dissemination.
[0075] Additionally, the present disclosure excels in safeguarding data privacy through pseudo-anonymization techniques. These methods allow for the masking of personal information in fetched data while retaining the ability to link data back to the user container. This delicate balance between privacy preservation and data utility ensures that sensitive details remain concealed while still facilitating valuable data analysis and processing. Furthermore, the present disclosure offers unique features that set it apart. Users have ownership of the component housing their data, fostering a sense of data ownership and control. The database itself is presented as a utility, making it a versatile and easily accessible resource. Privacy features and consent management are seamlessly integrated into the database, reducing the complexity of data management. Moreover, the inclusion of built-in PKI components enhances security and data protection by default.
[0076] For the sake of brevity, the construction, and operational features of the system 102 which are explained in detail above are not explained in detail herein. Particularly, computing machines such as but not limited to internal/external server clusters, quantum computers, desktops, laptops, smartphones, tablets, and wearables which may be used to execute the system 102 or may include the structure of the hardware platform (not shown). As illustrated, the hardware platform may include additional components not shown, and some of the components described may be removed and/or modified. For example, a computer system with multiple GPUs may be located on external-cloud platforms including Amazon Web Services®, internal corporate cloud computing clusters, or organizational computing resources.
[0077] The hardware platform may be a computer system such as the system 102 that may be used with the embodiments described herein. The computer system may represent a computational platform that includes components that may be in a server or another computer system. The computer system may execute, by the processor (e.g., single, or multiple processors) or other hardware processing circuits, the methods, functions, and other processes described herein. These methods, functions, and other processes may be embodied as machine-readable instructions stored on a computer-readable medium, which may be non-transitory, such as hardware storage devices (e.g., RAM (random access memory), ROM (read-only memory), EPROM (erasable, programmable ROM), EEPROM (electrically erasable, programmable ROM), hard drives, and flash memory). The computer system may include the processor that executes software instructions or code stored on a non-transitory computer-readable storage medium to perform methods of the present disclosure. The software code includes, for example, instructions to gather data and analyse the data.
[0078] The instructions on the computer-readable storage medium are read and stored the instructions in storage or random-access memory (RAM). The storage may provide a space for keeping static data where at least some instructions could be stored for later execution. The stored instructions may be further compiled to generate other representations of the instructions and dynamically stored in the RAM such as RAM. The processor may read instructions from the RAM and perform actions as instructed.
[0079] The computer system may further include the output device to provide at least some of the results of the execution as output including, but not limited to, visual information to users, such as external agents. The output device may include a display on computing devices and virtual reality glasses. For example, the display may be a mobile phone screen or a laptop screen. GUIs and/or text may be presented as an output on the display screen. The computer system may further include an input device to provide a user or another device with mechanisms for entering data and/or otherwise interacting with the computer system. The input device may include, for example, a keyboard, a keypad, a mouse, or a touchscreen. Each of these output devices and input devices may be joined by one or more additional peripherals. For example, the output device may be used to display the results such as bot responses by the executable chatbot.
[0080] A network communicator may be provided to connect the computer system to a network and in turn to other devices connected to the network including other clients, servers, data stores, and interfaces, for example. A network communicator may include, for example, a network adapter such as a LAN adapter or a wireless adapter. The computer system may include a data sources interface to access the data source. The data source may be an information resource. As an example, a database of exceptions and rules may be provided as the data source. Moreover, knowledge repositories and curated data may be other examples of the data source.
[0081] The written description describes the subject matter herein to enable any person skilled in the art to make and use the embodiments. The scope of the subject matter embodiments is defined by the claims and may include other modifications that occur to those skilled in the art. Such other modifications are intended to be within the scope of the claims if they have similar elements that do not differ from the literal language of the claims or if they include equivalent elements with insubstantial differences from the literal language of the claims.
[0082] The embodiments herein can comprise hardware and software elements. The embodiments that are implemented in software include but are not limited to, firmware, resident software, microcode, etc. The functions performed by various modules described herein may be implemented in other modules or combinations of other modules. For the purposes of this description, a computer-usable or computer-readable medium can be any apparatus that can comprise, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
[0083] A description of an embodiment with several components in communication with each other does not imply that all such components are required. On the contrary, a variety of optional components are described to illustrate the wide variety of possible embodiments of the invention. When a single device or article is described herein, it will be apparent that more than one device/article (whether or not they cooperate) may be used in place of a single device/article. Similarly, where more than one device or article is described herein (whether or not they cooperate), it will be apparent that a single device/article may be used in place of the more than one device or article, or a different number of devices/articles may be used instead of the shown number of devices or programs. The functionality and/or the features of a device may be alternatively embodied by one or more other devices which are not explicitly described as having such functionality/features. Thus, other embodiments of the invention need not include the device itself.
[0084] The illustrated steps are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments. Also, the words "comprising," "having," "containing," and "including," and other similar forms are intended to be equivalent in meaning and be open-ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items or meant to be limited to only the listed item or items. It must also be noted that as used herein and in the appended claims, the singular forms “a,” “an,” and “the” include plural references unless the context clearly dictates otherwise.
[0085] Finally, the language used in the specification has been principally selected for readability and instructional purposes, and it may not have been selected to delineate or circumscribe the inventive subject matter. It is therefore intended that the scope of the invention be limited not by this detailed description, but rather by any claims that issue on an application based here on. Accordingly, the embodiments of the present invention are intended to be illustrative, but not limited, of the scope of the invention, which is outlined in the following claims.
, Claims:CLAIMS

We claim:
1. A system (102) for controlling access to user information using a privacy preserving decentralized container, the system (102) comprising:
one or more hardware processors (110);
a memory (112) coupled to the one or more hardware processors (110), wherein the memory (112) comprises a processor-executable instructions, which on execution, causes the one or more hardware processors (110) to:
receive a request for accessing user data from an external application, wherein the request comprises at least one of a purpose of use of the user information, attributes of the user information, and an application identifier (ID);
determine a user associated with the user information based on received request;
authenticate the determined user based on pre-stored personal information of the user;
obtain a user consent from the user for accessing the user information upon successful authentication, wherein the user consent comprises a masking strategy for the attributes of the user information;
determine one or more attributes for performing masking based on the masking strategy comprised in the user token;
mask the determined one or more attributes with one or more authorization tokens; and
provide access to the user data from the external application based on the one or more authorization tokens.
2. The system (102) as claimed in claim 1, wherein, for obtaining a user consent from the user for accessing the user information upon successful authentication, the one or more hardware processors (110) is further configured to:
validate the purpose of use of the user information, attributes of the user information, and application identifier (ID) based on pre-stored rules; and
determine the masking strategy for the attributes of the user information based on results of validation.
3. The system (102) as claimed in claim 2, wherein, for determining the masking strategy for the attributes of the user information based on results of validation, the one or more hardware processors (110) is further configured to:
determine attributes of the user for attribute-based access level for personally identifiable information, public information, private information and pseudo-anonymized private information.
4. The system (102) as claimed in claim 2, wherein, for determining the masking strategy for the attributes of the user information based on results of validation, the one or more hardware processors (110) is further configured to:
determine the attributes which are to be tokenized, wherein the attributes are tokenized by replacing sensitive data with unique tokens and wherein the tokens are used as references to the original data.
5. The method as claimed in claim 2, wherein, for determining the masking strategy for the attributes of the user information based on results of validation, the one or more hardware processors (110) is further configured to:
determine the attributes which are to be encrypted; and
define additional scripts to be replaced with the actual values of the attributes.
6. The system (102) as claimed in claim 1, the one or more hardware processors (110) is further configured to:
provide user data in one or more formats, along with a plurality of aggregation and reporting data format.
7. The system (102) as claimed in claim 1, wherein, for providing access to the user data from the external application based on the one or more authorization tokens, the one or more hardware processors (110) is further configured to:
provide to the user data from the external application based on access at least one of attribute access level, frequency of data fetch, and purpose of data usage.
8. The system (102) as claimed in clam 1, wherein, for providing access to the user data from the external application based on the one or more authorization tokens, the one or more hardware processors (110) is further configured to:
provide revocable access to the application based on the masking strategy.
9. The system (102) as claimed in claim 1, wherein the masking strategy comprises a level of access, attributes shareable to the application, purpose, and duration of consent for the application to access the user data.
10. The system (102) as claimed in claim 1, wherein the user data is encrypted using a private key.
11. A method for controlling access to user information using a privacy preserving decentralized container, the method comprising:
receiving, by one or more hardware processors (110), a request for accessing user data from an external application, wherein the request comprises at least one of a purpose of use of the user information, attributes of the user information, and an application identifier (ID);
determining, by the one or more hardware processors (110), a user associated with the user information based on received request;
authenticating, by the one or more hardware processors (110), the determined user based on pre-stored personal information of the user;
obtaining, by the one or more hardware processors (110), a user consent from the user for accessing the user information upon successful authentication, wherein the user consent comprises a masking strategy for the attributes of the user information;
determining, by the one or more hardware processors (110), one or more attributes for performing masking based on the masking strategy comprised in the user token;
masking, by the one or more hardware processors (110), the determined one or more attributes with one or more authorization tokens; and
providing, by the one or more hardware processors (110), access to the user data from the external application based on the one or more authorization tokens.
12. The method as claimed in claim 11, wherein, obtaining a user consent from the user for accessing the user information upon successful authentication, further comprises:
validating, by the one or more hardware processors (110), the purpose of use of the user information, attributes of the user information, and application identifier (ID) based on pre-stored rules; and
determining, by the one or more hardware processors (110), the masking strategy for the attributes of the user information based on results of validation.
13. The method as claimed in claim 12, wherein determining the masking strategy for the attributes of the user information based on results of validation, further comprises:
determining, by the one or more hardware processors (110), attributes of the user for attribute-based access level for personally identifiable information, public information, private information and pseudo-anonymized private information.
14. The method as claimed in claim 12, wherein determining the masking strategy for the attributes of the user information based on results of validation, further comprises:
determining, by the one or more hardware processors (110), the attributes which are to be tokenized, wherein the attributes are tokenized by replacing sensitive data with unique tokens and wherein the tokens are used as references to the original data.
15. The method as claimed in claim 12, wherein determining the masking strategy for the attributes of the user information based on results of validation, further comprises:
determining, by the one or more hardware processors (110), the attributes which are to be encrypted; and
defining, by the one or more hardware processors (110), additional scripts to be replaced with the actual values of the attributes.
16. The method as claimed in claim 11, further comprising:
providing, by the one or more hardware processors (110), user data in one or more formats, along with a plurality of aggregation and reporting data format.
17. The method as claimed in claim 11, wherein providing access to the user data from the external application based on the one or more authorization tokens, further comprises:
providing, by the one or more hardware processors (110), to the user data from the external application based on access at least one of attribute access level, frequency of data fetch, and purpose of data usage.
18. The method as claimed in clam 11, wherein providing access to the user data from the external application based on the one or more authorization tokens, further comprises:
providing, by the one or more hardware processors (110), revocable access to the application based on the masking strategy.
19. The method as claimed in claim 11, wherein the masking strategy comprises a level of access, attributes shareable to the application, purpose, and duration of consent for the application to access the user data.
20. The method as claimed in claim 11, wherein the user data is encrypted using a private key.

Dated this 12th day of October, 2023

Signature:

VIDYA BHASKAR SINGH NANDIYAL
Patent Agent No. 2912
Agent for the Applicant