Secure data management techniques
First Claim
1. A method of providing to an individual selected personal data relating to an entity, the method comprising:
- encrypting a plurality of fields of personal data relating to the entity, each data field being encrypted with a unique cryptographic key;
storing each of the encrypted data fields in a data record at a central location accessible to the entity and the individual; and
supplying to the individual a specific cryptographic decryption key associated with a respective one of the unique cryptographic keys which relates to a selected field of the entity'"'"'s personal data, such that the individual is only able to decrypt the selected field of the entity'"'"'s personal data by accessing the stored data record.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of providing to an individual (28) selected personal data (136) relating to an entity (26) is described. The method comprises: encrypting a plurality of fields (132) of personal data, each data field being encrypted with a unique cryptographic key; storing each of the encrypted data fields (134) in a data record (130) at a central location such as a data storage service provided by an Internet Service Provider; and supplying a specific cryptographic decryption key associated with a respective one of the unique cryptographic keys which relates to a selected field (132) of the entity'"'"'s personal data to the individual, such that the individual is only able to decrypt the selected field of the entity'"'"'s personal data by accessing the stored data record (130).
-
Citations
32 Claims
-
1. A method of providing to an individual selected personal data relating to an entity, the method comprising:
-
encrypting a plurality of fields of personal data relating to the entity, each data field being encrypted with a unique cryptographic key;
storing each of the encrypted data fields in a data record at a central location accessible to the entity and the individual; and
supplying to the individual a specific cryptographic decryption key associated with a respective one of the unique cryptographic keys which relates to a selected field of the entity'"'"'s personal data, such that the individual is only able to decrypt the selected field of the entity'"'"'s personal data by accessing the stored data record. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method of securely storing data in, and retrieving data from, a data store, the method comprising:
-
encrypting a data record which comprises a plurality of data fields, each data field being encrypted using different key information;
storing the encrypted data record in the data store;
receiving a request for at least one of the data fields;
obtaining the key information for the requested at least one data field; and
sending the obtained key information and the requested encrypted data field(s) to a recipient so that the at least one data field of the data record may be decrypted.
-
-
25. A system for providing to an individual selected personal data relating to an entity, the system comprising:
-
an encrypting module for encrypting a plurality of fields of personal data, each encrypted field being encrypted with a unique cryptographic key;
a data store provided at a central location accessible to the entity and the individual for storing each of the encrypted data fields in a data record; and
a communications module for supplying a specific cryptographic decryption key associated with a respective one of the unique cryptographic keys which relates to a selected field of the entity'"'"'s personal data to the individual such that, when the stored data record is accessed by the individual, the individual is only able to decrypt the selected field. - View Dependent Claims (26)
-
-
27. A system for providing to an individual selected personal data relating to an entity, the system being provided at a central location accessible to the entity and the individual and comprising:
-
a communications module for receiving a plurality of encrypted fields of personal data, each encrypted field being encrypted with a unique cryptographic key; and
a data store for storing each of the encrypted data fields in a data record;
wherein the communications module is arranged, in response to a request from the individual for specific encrypted personal data, to retrieve the required data field and transmit the same to the individual for decryption using the field specific cryptographic key that has previously been sent to the individual.
-
-
28. A method of providing to an individual selected personal data relating to an entity, the method comprising:
-
generating a plurality of unique cryptographic keys for encrypting a plurality of fields of personal data relating to an entity, by use of a session number unique to the personal data field being encrypted, and a master key of the entity;
encrypting each personal data field using one of the plurality of unique cryptographic keys;
storing each encrypted data field in a data record at a central location accessible to the entity and the individual; and
supplying to the individual a specific cryptographic decryption key associated with a respective one of the unique cryptographic keys which relate to a selected field of the entity'"'"'s personal data, such that the individual is only able to decrypt the selected field of the entity'"'"'s personal data by accessing the stored data record. - View Dependent Claims (30)
-
-
29. A method of providing to an individual selected personal data relating to an entity, the method comprising:
-
generating a plurality of unique cryptographic keys for encrypting a plurality of fields of personal data relating to the entity by using a hash function to hash together a master key of the entity and a session number unique to the personal data field being encrypted;
encrypting each personal data field using one of the plurality of unique cryptographic keys;
storing at a central location accessible to the entity and the individual each session number used for generation of each unique cryptographic key, and each encrypted data field in a data record;
receiving a request at the central location for selected personal data relating to the entity;
retrieving the stored session number for the specific data field to be supplied to the individual from the plurality of session numbers stored at the central location;
recreating the unique cryptographic key for the specific data field to be supplied to the individual using the hash function to hash together the master key of the entity and the retrieved session number;
supplying to the individual the recreated cryptographic key which relates to the selected field of the entity'"'"'s personal data, for use as the decryption key, such that the individual is only able to decrypt the selected field of the entity'"'"'s encrypted personal data by accessing the stored data record.
-
-
31. A method of providing to an individual selected personal data relating to an entity, the method comprising:
-
generating a plurality of unique cryptographic keys for encrypting a plurality of fields of personal data relating to the entity by using a pseudo-random number generation function using a master key and a session number unique to the specific data field being encrypted as input seeds into the pseudo-random number generation function;
encrypting each personal data field using one of the plurality of unique cryptographic keys;
storing at a central location accessible to the entity and the individual each session number used for generation of each unique cryptographic key, and each encrypted data field in a data record;
receiving a request at the central location for selected personal data relating to the entity;
retrieving the stored session number for the specific data field to be supplied to the individual from the plurality of session numbers stored at the central location;
recreating the unique cryptographic key for the specific data field to be supplied to the individual by using the master key and the retrieved session number as input seeds into the pseudo-random number generation function;
supplying to the individual the recreated cryptographic key which relates to the selected field of the entity'"'"'s personal data, for use as the decryption key, such that the individual is only able to decrypt the selected field of the entity'"'"'s encrypted personal data by accessing the stored data record.
-
-
32. A method of providing to an individual selected personal data relating to an entity, the method comprising:
-
generating a plurality of unique cryptographic keys for encrypting a plurality of fields of personal data relating to the entity by the use of a random number/pseudo-random number generation function;
encrypting each personal data field using one of the plurality of unique cryptographic keys;
encrypting each unique cryptographic key using a master key of the entity;
storing at a central location accessible to the entity and the individual each of the encrypted unique cryptographic keys, and the encrypted data fields in a data record;
receiving a request at the central location for selected personal data relating to the entity;
retrieving the encrypted cryptographic key for the specific data field to be supplied to the individual, from the plurality of cryptographic keys stored at the central location;
decrypting the cryptographic key using the master key;
sending the cryptographic key to the individual for use as a decryption key for decrypting a selected field of the entity'"'"'s personal data, such that the individual is only able to decrypt the selected field of the entity'"'"'s personal data by accessing the stored data record.
-
Specification