Method and system for providing a secure multi-user portable database

US 20070006322A1
Filed: 07/01/2005
Published: 01/04/2007
Est. Priority Date: 07/01/2005
Status: Active Grant

First Claim

Patent Images

1. A method of providing, managing, and accessing a multi-user portable secure database comprising:

providing a database with a secure portion and a non-secure portion;

storing security components for encrypting and decrypting data files in the secure portion;

storing encrypted data files in the non-secure portion; and

controlling access to the encrypted data files, wherein said controlling access step further comprises;

assigning an access control matrix to each encrypted data file according to a hierarchical structure, wherein the access control matrix defines access rights of each user to each encrypted data file, the access control matrix assigning a level of access to each type of access;

associating a user requesting access with one of the security components comprising a key for allowing the requested access; and

allowing the requested access to one or more of the encrypted data files in accordance with the access control matrix.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing, managing, and accessing a multi-user secure portable database using secure memory cards is provided. The database has a secure portion for storing security keys and a non-secure portion for encrypted data files. Access to the encrypted data files is controlled by assigning access rights through an access control matrix to each encrypted data file according to a hierarchical structure of users. A user requesting access is identified in the hierarchy, associated with a key for allowing the requested access, and the requested access allowed to a file in accordance with the rights allocated through the access control matrix. A patient can selectively grant access to encrypted medical records on his card to a physician. Authentication of the owner/patient is preferably required. Other records required by emergency medical personnel are readable from the same card without requiring permission from the patient.

Citations

45 Claims

1. A method of providing, managing, and accessing a multi-user portable secure database comprising:
- providing a database with a secure portion and a non-secure portion;
  
  storing security components for encrypting and decrypting data files in the secure portion;
  
  storing encrypted data files in the non-secure portion; and
  
  controlling access to the encrypted data files, wherein said controlling access step further comprises;
  
  assigning an access control matrix to each encrypted data file according to a hierarchical structure, wherein the access control matrix defines access rights of each user to each encrypted data file, the access control matrix assigning a level of access to each type of access;
  
  associating a user requesting access with one of the security components comprising a key for allowing the requested access; and
  
  allowing the requested access to one or more of the encrypted data files in accordance with the access control matrix.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 2. The method of claim 1, further comprising:
    - issuing each user a certificate that identifies the issued user in the hierarchical structure; and
      
      additionally storing a private key associated with the certificate in the secure portion, wherein said allowing the requested access includes identifying the certificate with the user requesting access.
  - 3. The method of claim 1, wherein the secure portion and the non-secure portion reside on at least one secure memory card or on at least one secure token comprising a processor.
  - 4. The method of claim 1, the method further comprising accessing the secure portable database, said accessing comprising authenticating the user requesting access, said authenticating comprising providing authenticating data to identify the user requesting access.
  - 5. The method of claim 4, wherein the authenticating data comprises at least one of biometric data and keypad input.
  - 6. The method of claim 5, wherein the biometric data comprises a fingerprint.
  - 7. The method of claim 5, wherein the keypad input comprises one of a personal identification number and a password.
  - 8. The method of claim 4, wherein said authenticating further comprises comparing the authenticating data to a known identifier of the user requesting access, wherein the known identifier is stored in the secure portion.
  - 9. The method of claim 4, wherein the stored security components include a private key and a certificate of the user requesting access, wherein the certificate comprises a public key of the user and identifies the user in the hierarchical structure, and wherein said accessing further comprises:
    - retrieving the private key and the certificate of the user requesting access from the secure portion in response to said authenticating.
  - 10. The method of claim 4, said authenticating further comprising:
    - providing challenge data in response to said retrieving;
      
      providing response data by digitally signing the challenge data with the private key;
      
      retrieving the public key from the certificate; and
      
      using the public key to validate the response data.
  - 11. The method of claim 10, said authenticating further comprising validating an expiration date of the certificate, wherein the expiration date is stored in the certificate, said validating comprising comparing the expiration date to a trusted time stamp.
  - 12. The method of claim 9, wherein a type of access requested is selected from a group comprising Create, Read, Update and Delete, and further wherein the level of access assigned to each type of access is selected from a group comprising Restricted, Allowed, Grant and Supergrant.
  - 13. The method of claim 12, wherein the type of access requested is the Create type of access, the user requesting access writing a new file to the portable secure database, said writing comprising:
    - retrieving the certificate in response to said authenticating;
      
      automatically embedding the hierarchical structure obtained from the certificate in the new file;
      
      automatically generating and embedding the access control matrix;
      
      automatically encrypting the new file according to the access control matrix; and
      
      storing the encrypted new file in the non-secure portion.
  - 14. The method of claim 13, said writing further comprising digitally signing the encrypted new file.
  - 15. The method of claim 13, wherein the hierarchical structure comprises levels identifying each user, groups to which each user belongs, and a world that includes all groups in the portable secure database, and wherein said automatically encrypting comprises:
    - identifying every user and group to which the level of access for at least one type of access to the new file is not Restricted according to the access control matrix;
      
      retrieving a public key for every identified users and groups; and
      
      encrypting the new file with the public keys for the identified users and groups.
  - 16. The method of claim 13, said writing further comprising:
    - providing a log comprising a hash of each encrypted data file to verify integrity of the portable secure database;
      
      creating a hash of the encrypted new file;
      
      updating the log in response to said writing the encrypted new file; and
      
      digitally signing the log with a card administrator key.
  - 17. The method of claim 13, said writing further comprising:
    - time stamping the encrypted new file.
  - 18. The method of claim 13, the method further comprising exporting the encrypted data files to at least one of a local or remote backup storage space.
  - 19. The method of claim 12, wherein the requested type of access is the Read type of access, the user requesting access to read one of the encrypted data files, said reading comprising:
    - retrieving the one of the encrypted data files from the non-secure portion, the one of the encrypted data files being encrypted with the public key of the user requesting access;
      
      retrieving the private key from the secure portion upon authentication;
      
      decrypting the one of the encrypted data files with the private key in accordance with the level of access provided in the access control matrix.
  - 20. The method of claim 19, wherein the one of the encrypted data files is digitally signed, the method further comprising:
    - accessing a digital signature attached to the one of the encrypted data files;
      
      obtaining a certificate of a user owning the digital signature, the certificate comprising the owner'"'"'s public key; and
      
      validating the digital signature using the owner'"'"'s public key.
  - 21. The method of claim 1, further comprising:
    - providing a counter associated with one of the encrypted data files; and
      
      stepping the counter in response to the one of the encrypted data files being successfully updated.
  - 22. The method of claim 1, wherein the portable secure database is a medical database comprising a plurality of personalized data cards, wherein a type of access requested is selected from a group comprising Create, Read, Update and Delete, further wherein the level of access assigned to each type of access is selected from a group comprising Restricted, Allowed, Grant and Supergrant, and wherein the method further comprises:
    - initializing each data card with identifying records, wherein said initializing is performed by a card administrator; and
      
      issuing a certificate and a private key associated with an owner of each of the plurality of data cards on the owner'"'"'s card.
  - 23. The method of claim 22, wherein one of the encrypted files is a pharmaceutical prescription with a number of refills, the method further comprising providing a counter associated with the number of refills;
    - and decrementing the counter in response to a pharmacist filling the pharmaceutical prescription.
  - 24. The method of claim 22, wherein the hierarchical structure comprises levels identifying each user, groups to which each user belongs, and a world that includes all groups in the portable secure database, wherein the groups include an emergency medical team group, a hospital group, a physician group, a patient group, and a health insurance company group, and wherein at least one of the users is a patient in the patient group, one of the plurality of data cards being a patient card owned by the patient, the patient card comprising the patient'"'"'s encrypted personal medical records;
    - the method further comprising;
      
      allowing access to any user included in the world of users of the medical database to read encrypted data files comprising identifying data from the patient card, said allowing comprising assigning the Allowed level of access to the Read type of access to the world level in the access control matrix assigned to the identifying encrypted data files.
  - 25. The method of claim 24, wherein the identifying data comprises at least one of a name, a card identification number, a date of birth, an address, a social security number, a photograph, a religious preference, an image of a driver'"'"'s license, organ donor information, and special medical conditions.
  - 26. The method of claim 25, wherein the user requesting access is a member of the emergency medical team group, the method further comprising allowing access to the emergency medical team user to read encrypted data files comprising emergency records and to write new encrypted emergency records comprising an access matrix including the Allowed level of access to the Read type of access to the emergency medical team group and to the hospital group.
  - 27. The method of claim 26, wherein the emergency records comprise at least one of blood type, allergies, epilepsy, diabetes, heart conditions, metal plates, pace makers, and other special medical conditions, and wherein the new emergency records comprise vital signs, blood pressure, and other medical data collected during emergency treatment.
  - 28. The method of claim 24, the method further comprising the patient assigning to one of the encrypted personal medical records a level of access selected from Allowed, Grant, or Supergrant to a Read type of access to one of the physicians in the physician group.
  - 29. The method of claim 28, the patient assigning further comprising:
    - authenticating the patient; and
      
      authenticating the one of the physician with the patient card present, wherein the one of the physicians acquires the selected level of access in response to said authenticating acts.
  - 30. The method of claim 24, wherein a type of access requested is the Create type of access, further wherein the user requesting the Create type of access is one of the physicians, the one of the physicians requesting access to write a medical record to the patient card, said writing comprising:
    - authenticating the one of the physician;
      
      embedding the hierarchical structure;
      
      embedding the access control matrix;
      
      providing a randomly generated key;
      
      encrypting the medical record with the randomly generated key;
      
      encrypting each certificate corresponding to each group to which a level of access other than Restricted has been assigned according to the access control matrix with the randomly generated key;
      
      attaching the encrypted certificates to the encrypted medical record; and
      
      storing the encrypted medical record to the non-secure portion of the patient card.
  - 31. The method of claim 30, said writing further comprising:
    - encrypting the randomly generated key with the patient public key; and
      
      storing the encrypted randomly generated key on the non-secure portion of the portable database.
  - 32. The method of claim 31, wherein a type of access requested is the Read type of access to the encrypted medical record on the patient card, said reading comprising:
    - authenticating the user requesting read access;
      
      authenticating the patient;
      
      retrieving the patient private key and the encrypted randomly generated key in response to said authenticating;
      
      decrypting the encrypted randomly generated key automatically with the patient private key;
      
      decrypting the medical record with the randomly generated key; and
      
      allowing access to the user requesting read access in accordance with the access control matrix.
  - 33. The method of claim 30, wherein said writing further comprises storing the randomly generated key on the secure portion of the patient data card, further wherein a type of access requested is the Read type of access to the encrypted medical record on the patient card, said reading comprising:
    - authenticating the patient;
      
      authenticating a user requesting read access;
      
      retrieving the patient private key and the randomly generated key in response to said authenticating;
      
      decrypting the medical record with the randomly generated key; and
      
      allowing access to the user requesting read access in accordance with the access control matrix.
  - 34. The method of claim 30, said writing further comprising:
    - providing a Card Administrator public key; and
      
      additionally encrypting the randomly generated key and the attached certificates with the Card Administrator public key.
  - 35. The method of claim 34, wherein a type of access requested is the Read type of access to the encrypted medical record on the patient card, said reading comprising:
    - providing a Card Administrator private key; and
      
      decrypting the randomly generated key and the attached certificates with the Card Administrator private key.

36. A multi-user system for storing, updating, and accessing secure data records using a portable database comprising a secure portion and a non-secure portion, said system comprising:
- a data structuring module, configured to embed a hierarchical structure for each user into each secure data record in the portable database, wherein the hierarchical structure identifies each user and allows for assigning access rights to each secure data record; and
  
  an access control module, configured to embed a security element into each secure data record and to cooperate with a security management module for managing a plurality of security elements associated with a plurality of users and with said data structuring module, wherein said access control module is configured to assign the access rights for each user to each secure data record and to allow a user access to a secure data record in accordance with the assigned access rights, and wherein the non-secure portion of the portable database comprises the secure data records and the secure portion comprises at least one of the plurality of security elements.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 37. The system of claim 36, further comprising a management module comprising:
    - a user authentication module to identify and authenticate a user requesting access; and
      
      a key management module configured to manage and store the plurality of security elements for embedding into the secure data records in cooperation with said access control module.
  - 38. The system of claim 37, wherein the user authentication module is configured to accept at least one of biometric data and keyboard input.
  - 39. The system of claim 36, wherein the plurality of security elements include encryption keys and certificates associated with the plurality of users.
  - 40. The system of claim 36, wherein the hierarchical structure includes levels identifying each user, groups to which each user belongs, and a world that includes all groups in the portable database.
  - 41. The system of claim 40, wherein the access rights comprise a level of access assignable to each type of access for each user according to the hierarchical structure.
  - 42. The system of claim 41, wherein the assignable levels of access include Restricted, Allowed, Grant and Supergrant.
  - 43. The system of claim 42, wherein the types of access include Create, Read, Update, And Delete.
  - 44. The system of claim 43, wherein the secure data records comprise patient medical records and wherein the portable database comprises a plurality of data cards, wherein the groups include an emergency medical team group, a hospital group, a physician group, a patient group, and a health insurance company group, and wherein at least one of the users is a patient in the patient group, at least one of the plurality of data cards being a patient card owned by a patient from the patient group, the patient card comprising the patient'"'"'s encrypted personal medical records.
  - 45. The system of claim 36, wherein the secure data files comprise at least one of textual data, digital images, digital audio data, and digital video data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Privamed Incorporated
Original Assignee
Privamed Incorporated
Inventors
Namdar, Farshad, Schaeffer, Mark, Karimzadeh, Mansour, Dilmanian, F.

Granted Patent

US 7,661,146 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2153   Using hardware token as a s...

G06Q 40/08   Insurance

G16H 10/65   stored on portable record c...

H04L 2209/88   Medical equipments

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

H04L 9/3297   involving time stamps, e.g....

Method and system for providing a secure multi-user portable database

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing a secure multi-user portable database

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links