Cybersecurity and more specifically the protection of personal and computing device identifying information has become an individual and nation concern. Data and hardware breaches continue to rise. Identity theft, ransomware, medical device intrusion, cyber-carjacking, energy grid cyberattacks, financial services and banking hacks and theft of medical and health information raise significant concern among individuals, private sector enterprises and government.
Accenture projects cyberattacks will cost the U.S. health system $305 billion over five years. The nascent Internet of Things (IoT), with tremendous potential to benefit society with the collection and analysis of big data, raises significant privacy concerns due to a lack security relative to personal and computing device identifying information contained in, received and transferred by, including but not limited to, wearables, medical devices, connected vehicles and smart home technology.
U.S. trading partners such as the European Union (EU) have expressed deep concern about the lack of robust of U.S. privacy protections related to EU citizens' private identifying data residing on servers and data warehouses in the U.S. The European Court of Justice recently invalidated the Safe Harbor provisions by which U.S. companies are able to move EU citizens' private and identifying information to the U.S. While a new data protection scheme between the U.S. and the EU is being worked out, U.S. companies face uncertain legal risk by continuing to process and move EU citizens' private identifying data to the U.S.
Current approaches to protecting identifying information include software and hardware encryption, including the use of public and private keys; trusted certificate technology; and tokenization. Use of these technologies, when used to harden data security, are effective but the tradeoff is the sub-optimal use and flexibility of the underlying data. Solutions to this problem of balance are often tipped in favor of greater flexibility in data use resulting in less protection for personal or computing device identifying information.
The present invention improves prior art by never exposing personal or computing device identifying information, while such information is in transit from one computing device to another. The present invention de-identifies information prior to transmission and re-identifies information at the destination, safely behind a computing device system of firewalls. The present invention provides a level of protection against dictionary attacks as the unique privacy identifiers are never stored in any database, file or lookup table. The present invention enhances the connective promise of the IoT. Finally, the present invention provides an additional layer of security by complementing prior art such as encryption and tokenization.