1. Field of the Invention
This invention relates to the processing of data packets, composed of personal identifiers and personal data, such that the data may be considered anonymous. A system is described, that without user intervention, automatically maps the personal identifiers of data packets. Hence, the system allows two or more parties to exchange sensitive personal data seamlessly without having to expose the personal identity of the individuals which the data belongs to. The invention uses secret sharing to facilitate distributed key management of the mapping functions.
2. Description of Related Art
With modern days computers, analysis of large quantities of sensitive personal data is a common practice, for instance in epidemiological research and datamining of sales data. It is quite common that such research is carried out in a manner such that the data analyzers themselves are able to identify the individuals to which the personal data belongs. Either this is because the data packets identifiers are left as the personal identifiers themselves or because when the personal identifiers are mapped, the mapping is accessible to the data analyzer.
A typical example is where the mapping is done with a symmetric encryption (as in U.S. Pat. No. 3,962,539 to Ehrsam et al.) and the encryption key is known by the data analyzer. The reason often being the inconvenience imposed by the encryption process, if a special third party keyholder has to attend every data encryption session. Requiring encryption supervision from multiple parties becomes even more involved and the opposite is more common in practice, i.e. that knowledge of a single key is shared among several supervisors in order to ensure the availability of some supervisor in attending the encryption process.