Data security system for a database

US 20020174352A1
Filed: 04/24/2001
Published: 11/21/2002
Est. Priority Date: 06/20/1996
Status: Abandoned Application

First Claim

Patent Images

1. A method for processing of data that is to be protected, comprising the measure of storing the data as encrypted data element values (DV) in records (P) in a first database (O-DB), each data element value being linked to a corresponding data element type (DT), characterised by the steps of storing in a second database (IAM-DB) a data element protection catalogue (DC), which for each individual data element type (DT) contains one or more protection attributes stating processing rules for data element values (DV), which in the first database (O-DB) are linked to the individual data element type (DT), for each user-initiated measure aiming at processing of a given data element value (DV) in the first database (O-DB), initially producing a compelling calling to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element type, and compellingly controlling the user'"'"'s processing of the given data element value in conformity with the collected protection attribute/attributes.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and an apparatus for processing data provides protection for the data. The data is stored as encrypted data element values (DV) in records (P) in a first database (O-DB), each data element value being linked to a corresponding data element type (DT). In a second database (IAM-DB), a data element protection catalogue (DC) is stored, which for each individual data element type (DT) contains one or more protection attributes stating processing rules for data element values (DV), which in the first database (O-DB) are linked to the individual data element type (DT). In each user-initiated measure which aims at processing a given data element value (DV) in the first database (O-DB), a calling is initially sent to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element types. The user'"'"'s processing of the given data element value is controlled in conformity with the collected protection attribute/attributes.

60 Citations

View as Search Results

8 Claims

1. A method for processing of data that is to be protected, comprising the measure of storing the data as encrypted data element values (DV) in records (P) in a first database (O-DB), each data element value being linked to a corresponding data element type (DT), characterised by the steps of storing in a second database (IAM-DB) a data element protection catalogue (DC), which for each individual data element type (DT) contains one or more protection attributes stating processing rules for data element values (DV), which in the first database (O-DB) are linked to the individual data element type (DT), for each user-initiated measure aiming at processing of a given data element value (DV) in the first database (O-DB), initially producing a compelling calling to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element type, and compellingly controlling the user'"'"'s processing of the given data element value in conformity with the collected protection attribute/attributes.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as claimed in claim 1, further comprising the measure of storing the protection attribute/attributes of the data element protection catalogue (DC) in encrypted form in the second database (IAM-DB) and, when collecting protection attribute/attributes from the data element protection catalogue (DC) effecting decryption thereof.
  - 3. A method as claimed in any one of the preceding claims, wherein each record (P) in the first database (O-DB) has a record identifier, and wherein the method further comprises the measure of storing the record identifier in encrypted form (SID) in the first database (O-DB).
  - 4. A method as claimed in any one of the preceding claims, wherein the encryption of data in the first database (O-DB) and/or the encryption of data in the second database (IAM-DB) is carried out in accordance with the PTY principle with floating storage identity.
  - 5. A method as claimed in any one of the preceding claims, wherein the protection attribute/attributes of the data element types comprise attributes stating rules for encryption of the corresponding data element values in the first database (O-DB).
  - 6. A method as claimed in any one of the preceding claims, wherein the protection attribute/attributes of the data element types comprise attributes stating rules for which program/programs or program versions is/are allowed to be used for managing the corresponding data element values in the first database (O-DB).
  - 7. A method as claimed in any one of the preceding claims, wherein the protection attribute/attributes of the data element values comprise attributes stating rules for logging the corresponding data element values in the first database (O-DB).

8. An apparatus for processing data that is to be protected, comprising a first database (O-DB) for storing said data as encrypted data element values (DV) in records (P), each data element value being linked to a corresponding data element type (DT), characterised by a second database (IAM-DB) for storing a data element protection catalogue (DC), which for each individual data element type (DT) contains one or more protection attributes stating processing rules for data element values (DV), which in the first database (O-DB) are linked to the individual data element type (DT), means which are adapted, in each user-initiated measure aiming at processing a given data element value (DV) in the first database (O-DB), to initially produce a compelling calling to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element types, and means which are adapted to compellingly control the user'"'"'s processing of the given data element value in conformity with the collected protection attribute/attributes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Anonymity Protection In Sweden AB
Inventors
Dahl, Ulf

Application Number

US09/840,188
Publication Number

US 20020174352A1
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

H04L 9/088   Usage controlling of secret...

H04L 9/0894   Escrow, recovery or storing...

Y10S 707/99939   Privileged access

Data security system for a database

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

60 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Data security system for a database

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links