Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

System and Method for Securely Deleting Subsets of Records in a Multi-Tenant Regulated Big Data Cloud Environment

IP.com Disclosure Number: IPCOM000248920D
Publication Date: 2017-Jan-22
Document File: 2 page(s) / 76K

Publishing Venue

The IP.com Prior Art Database

Abstract

Allowing people to "opt out" of having their private data being stored in a computer system is becoming more prevalent and in some cases is mandated by law. In a environment where the phyisical storage of data is not always predictable, and the deletion of files can result in the marking of physical sectors as "free space", "erased" data can be recovered by other processes running on the system. This article discusses a method to securely erase sub-sets of data in these types of environments, including cloud based systems,

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

1

System and Method for Securely Deleting Subsets of Records in a Multi-Tenant Regulated Big Data Cloud Environment

Disclosed is a method and system for securely deleting subsets of data in a multi-tenant regulated big data cloud environment. The method and system deletes the subsets of data to an unrecoverable state, in a flexible but optimized way.

The method and system provides conformance of the data on input to a storage system so that key elements related to a person’s identifiers are locatable in raw data.

The method and system uses identifiers to uniquely identify a person using an enterprise master person index (EMPI). The identifier is used to locate records for individuals who have opted out of the storage system. The identifier is appended to the raw data records in a manner that the raw data is not compromised or changed, so that raw data is recoverable, to the point that no individuals have opted out. The data is then encrypted using a unique tenant or organization key and stored in the storage file system. Figure 1 illustrates the process to load data into the environment in accordance with the method and system.

Figure 1

Accordingly, when one or more requests for person deletion from the storage system is received, the identifiers for the opting out individuals are run through the EMPI to identify the keys that are used to identify records for deletion. The data is then decrypted in memory and the records are filtered using one or more of the languages or too...