Browse Prior Art Database

Enabling redaction reversal through encryption of sensitive information

IP.com Disclosure Number: IPCOM000237495D
Publication Date: 2014-Jun-19
Document File: 2 page(s) / 73K

Publishing Venue

The IP.com Prior Art Database

Abstract

Unstructured documents may contain sensitive business information Existing data redaction toolkits (such as ZoRRo or Infosphere Guardium) can detect and permanently redact such information However, no mechanism is available for edition of such documents (for the purpose of versioning) since this redaction process can not be undone to reproduce the redacted tokens The proposed method facilitates versioning based on encryption of the sensitive information within a document.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 2

Enabling redaction reversal through encryption of sensitive information

Proposed here is a new method to facilitate versioning of documents in an enterprise setting. Information about business entities is sensitive and needs to be protected. The task is daunting, particularly for unstructured text. Existing data redaction toolkits (such as Infosphere Guardium) can detect and permanently redact such information.

This is typically achieved using keyword redaction or obfuscation (masking). However, no robust mechanism is available for edition of such documents (for the purpose of versioning) since this redaction process can not be undone to reproduce the redacted tokens. Symmetric key encryption, on the other hand, provides the same level of security, and is easily reversible when performed on the server side.

Figure 1 shows an example implementation that redacts the information permanently:

Figure 1: Current state-of-the-art implementation permanently
redacting documents

The proposed method is based on encryption of the sensitive information within a document to facilitate versioning. The approach works as follows:

Once the sensitive keywords are identified, instead of masking/redacting these

1.


2.


3.


4.

keywords, they are encrypted using a strong symmetric key algorithm (e.g., AES)

The redaction of the document is performed by replacing the sensitive keywords

with the respective encrypted values
The user can then edit this document and submit the modified document to the

version controller


Upon receipt, the version controller detects the encrypted keywords and

decrypts t...