Secure data management techniques

US 20040010699A1
Filed: 02/06/2003
Published: 01/15/2004
Est. Priority Date: 02/07/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method of providing to an individual selected personal data relating to an entity, the method comprising:

encrypting a plurality of fields of personal data relating to the entity, each data field being encrypted with a unique cryptographic key;

storing each of the encrypted data fields in a data record at a central location accessible to the entity and the individual; and

supplying to the individual a specific cryptographic decryption key associated with a respective one of the unique cryptographic keys which relates to a selected field of the entity'"'"'s personal data, such that the individual is only able to decrypt the selected field of the entity'"'"'s personal data by accessing the stored data record.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of providing to an individual (28) selected personal data (136) relating to an entity (26) is described. The method comprises: encrypting a plurality of fields (132) of personal data, each data field being encrypted with a unique cryptographic key; storing each of the encrypted data fields (134) in a data record (130) at a central location such as a data storage service provided by an Internet Service Provider; and supplying a specific cryptographic decryption key associated with a respective one of the unique cryptographic keys which relates to a selected field (132) of the entity'"'"'s personal data to the individual, such that the individual is only able to decrypt the selected field of the entity'"'"'s personal data by accessing the stored data record (130).

Citations

32 Claims

1. A method of providing to an individual selected personal data relating to an entity, the method comprising:
- encrypting a plurality of fields of personal data relating to the entity, each data field being encrypted with a unique cryptographic key;
  
  storing each of the encrypted data fields in a data record at a central location accessible to the entity and the individual; and
  
  supplying to the individual a specific cryptographic decryption key associated with a respective one of the unique cryptographic keys which relates to a selected field of the entity'"'"'s personal data, such that the individual is only able to decrypt the selected field of the entity'"'"'s personal data by accessing the stored data record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. A method according to claim 1, wherein the encrypting step comprises generating the unique cryptographic key for a specific data field by use of a session number unique to the specific data field being encrypted and a master key of the entity, and using the generated unique cryptographic key to encrypt the specific data field.
  - 3. A method according to claim 1, wherein the generating step comprises determining if the entity has a master key and assigning a master key to the entity if it does not have one.
  - 4. A method according to claim 2, wherein the generating step comprises using a hash function to hash together the master key and the session number to generate the unique cryptographic key.
  - 5. A method according to claim 2, wherein the generating step comprises using a pseudo-random number generation function to generate the unique cryptographic key using the master key and the session number as input seeds into the pseudo-random number generation function.
  - 6. A method according to claim 1, wherein the encrypting step comprises generating the unique cryptographic key for a specific data field using a random-number/pseudo-random number generation function to generate the unique cryptographic key.
  - 7. A method according to claim 2, wherein the storing step comprises storing the session number used for generation of the unique cryptographic key at the central location.
  - 8. A method according to claim 2, wherein the supplying step comprises regenerating the unique cryptographic key for the specific data field to be supplied to the individual.
  - 9. A method according to claim 8, wherein the regeneration step comprises retrieving the stored session number for the specific data field, recreating the unique cryptographic key by use of the retrieved session number and the master key of the entity.
  - 10. A method according to claim 9, wherein the recreating step comprises using a hash function to hash together the master key and the session number to generate the unique cryptographic key.
  - 11. A method according to claim 9, wherein the recreating comprises using a pseudo-random number generation function to generate the unique cryptographic key using the master key and the session number as input seeds into the pseudo-random number generation function.
  - 12. A method according to claim 1, further comprising encrypting the unique cryptographic key using a master key of the entity.
  - 13. A method according to claim 12, wherein the storing step comprises storing the encrypted cryptographic key at the central location.
  - 14. A method according to claim 13, wherein the supplying step comprises retrieving the encrypted cryptographic key for the specific data field to be supplied to the individual, from a plurality of cryptographic keys stored at the central location, decrypting the cryptographic key using the master key before sending the cryptographic key to the individual.
  - 15. A method according to claim 1, wherein the storing step comprises storing the encrypted data fields in a data record on a wide area network server computer.
  - 16. A method according to claim 1, wherein the storing step comprises storing a unique index identifier with each encrypted data field in a data record at the central location such that a specific data field can be accessed by its index identifier.
  - 17. A method according to claim 16, wherein the supplying step comprises supplying the index identifier corresponding to the selected data field, such that the individual can readily identify the required stored personal data at the central location.
  - 18. A method according to claim 17, further comprising receiving from the individual a request to the central location for personal data relating to the entity.
  - 19. A method according to claim 18, wherein the request receiving step comprises receiving the index identifier, and the method further comprises retrieving and sending the encrypted data field corresponding to the identifier to the individual.
  - 20. A method according to claim 1, further comprising the individual receiving the encrypted data field and decrypting the same using the unique cryptographic key associated with the specific data field.
  - 21. A method according to claim 1, further comprising associating a unique record identifier with each entity'"'"'s data record stored at the central location, and providing a security challenge to the entity for editing access to its stored data record.
  - 22. A method according to claim 1, wherein the supplying step is carried out in response to the entity receiving a request from the individual for specific personal data of the entity.
  - 23. A method according to claim 1, wherein the encrypting and storing steps are carried out at spaced apart locations, and the method further comprises transmitting the encrypted personal data to the central location.

24. A method of securely storing data in, and retrieving data from, a data store, the method comprising:
- encrypting a data record which comprises a plurality of data fields, each data field being encrypted using different key information;
  
  storing the encrypted data record in the data store;
  
  receiving a request for at least one of the data fields;
  
  obtaining the key information for the requested at least one data field; and
  
  sending the obtained key information and the requested encrypted data field(s) to a recipient so that the at least one data field of the data record may be decrypted.

25. A system for providing to an individual selected personal data relating to an entity, the system comprising:
- an encrypting module for encrypting a plurality of fields of personal data, each encrypted field being encrypted with a unique cryptographic key;
  
  a data store provided at a central location accessible to the entity and the individual for storing each of the encrypted data fields in a data record; and
  
  a communications module for supplying a specific cryptographic decryption key associated with a respective one of the unique cryptographic keys which relates to a selected field of the entity'"'"'s personal data to the individual such that, when the stored data record is accessed by the individual, the individual is only able to decrypt the selected field.
- View Dependent Claims (26)
- - 26. A system according to claim 25, wherein the encrypting module and the communications module are provided at the entity'"'"'s location, and the central location is remote from the entity'"'"'s location.

27. A system for providing to an individual selected personal data relating to an entity, the system being provided at a central location accessible to the entity and the individual and comprising:
- a communications module for receiving a plurality of encrypted fields of personal data, each encrypted field being encrypted with a unique cryptographic key; and
  
  a data store for storing each of the encrypted data fields in a data record;
  
  wherein the communications module is arranged, in response to a request from the individual for specific encrypted personal data, to retrieve the required data field and transmit the same to the individual for decryption using the field specific cryptographic key that has previously been sent to the individual.

28. A method of providing to an individual selected personal data relating to an entity, the method comprising:
- generating a plurality of unique cryptographic keys for encrypting a plurality of fields of personal data relating to an entity, by use of a session number unique to the personal data field being encrypted, and a master key of the entity;
  
  encrypting each personal data field using one of the plurality of unique cryptographic keys;
  
  storing each encrypted data field in a data record at a central location accessible to the entity and the individual; and
  
  supplying to the individual a specific cryptographic decryption key associated with a respective one of the unique cryptographic keys which relate to a selected field of the entity'"'"'s personal data, such that the individual is only able to decrypt the selected field of the entity'"'"'s personal data by accessing the stored data record.
- View Dependent Claims (30)
- - 30. A method according to claim 28, wherein the generating step comprises using a pseudo-random number generation function to generate the unique cryptographic key using the master key and the session number as input seeds into the pseudo-random number generation function.

29. A method of providing to an individual selected personal data relating to an entity, the method comprising:
- generating a plurality of unique cryptographic keys for encrypting a plurality of fields of personal data relating to the entity by using a hash function to hash together a master key of the entity and a session number unique to the personal data field being encrypted;
  
  encrypting each personal data field using one of the plurality of unique cryptographic keys;
  
  storing at a central location accessible to the entity and the individual each session number used for generation of each unique cryptographic key, and each encrypted data field in a data record;
  
  receiving a request at the central location for selected personal data relating to the entity;
  
  retrieving the stored session number for the specific data field to be supplied to the individual from the plurality of session numbers stored at the central location;
  
  recreating the unique cryptographic key for the specific data field to be supplied to the individual using the hash function to hash together the master key of the entity and the retrieved session number;
  
  supplying to the individual the recreated cryptographic key which relates to the selected field of the entity'"'"'s personal data, for use as the decryption key, such that the individual is only able to decrypt the selected field of the entity'"'"'s encrypted personal data by accessing the stored data record.

31. A method of providing to an individual selected personal data relating to an entity, the method comprising:
- generating a plurality of unique cryptographic keys for encrypting a plurality of fields of personal data relating to the entity by using a pseudo-random number generation function using a master key and a session number unique to the specific data field being encrypted as input seeds into the pseudo-random number generation function;
  
  encrypting each personal data field using one of the plurality of unique cryptographic keys;
  
  storing at a central location accessible to the entity and the individual each session number used for generation of each unique cryptographic key, and each encrypted data field in a data record;
  
  receiving a request at the central location for selected personal data relating to the entity;
  
  retrieving the stored session number for the specific data field to be supplied to the individual from the plurality of session numbers stored at the central location;
  
  recreating the unique cryptographic key for the specific data field to be supplied to the individual by using the master key and the retrieved session number as input seeds into the pseudo-random number generation function;
  
  supplying to the individual the recreated cryptographic key which relates to the selected field of the entity'"'"'s personal data, for use as the decryption key, such that the individual is only able to decrypt the selected field of the entity'"'"'s encrypted personal data by accessing the stored data record.

32. A method of providing to an individual selected personal data relating to an entity, the method comprising:
- generating a plurality of unique cryptographic keys for encrypting a plurality of fields of personal data relating to the entity by the use of a random number/pseudo-random number generation function;
  
  encrypting each personal data field using one of the plurality of unique cryptographic keys;
  
  encrypting each unique cryptographic key using a master key of the entity;
  
  storing at a central location accessible to the entity and the individual each of the encrypted unique cryptographic keys, and the encrypted data fields in a data record;
  
  receiving a request at the central location for selected personal data relating to the entity;
  
  retrieving the encrypted cryptographic key for the specific data field to be supplied to the individual, from the plurality of cryptographic keys stored at the central location;
  
  decrypting the cryptographic key using the master key;
  
  sending the cryptographic key to the individual for use as a decryption key for decrypting a selected field of the entity'"'"'s personal data, such that the individual is only able to decrypt the selected field of the entity'"'"'s personal data by accessing the stored data record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Shao, Zhimin, Mao, Wenbo

Application Number

US10/360,826
Publication Number

US 20040010699A1
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

H04L 63/0428   wherein the data content is...

H04L 63/104   Grouping of entities

Secure data management techniques

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data management techniques

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links