DATABASE SYSTEM FOR PROTECTING AND SECURING STORED DATA USING A PRIVACY SWITCH
First Claim
Patent Images
1. A method of storing user data records in a database to protect stored data from data breaches, each of the user data records including a plurality of user attributes, comprising:
- designating at least one of the plurality of user attributes in each of the user data records as a private attribute;
replacing the private attribute in each of the user data records in the database with a designated identifier that uniquely identifies the private attribute while obfuscating the private attribute; and
sending the private attributes over a communication network to user communication devices respectively associated with each of the user data records that include the private attributes such that the user communication devices are caused to store the private attributes they respectively receive and generate credentials representing the private attributes that are authenticated upon being verified by a verifying entity without disclosing the private attributes.
5 Assignments
0 Petitions
Accused Products
Abstract
Applications of the privacy switch technology are shown for handling data breaches in database systems, thereby providing fundamental improvements to the security and utility of database technology.
52 Citations
42 Claims
-
1. A method of storing user data records in a database to protect stored data from data breaches, each of the user data records including a plurality of user attributes, comprising:
-
designating at least one of the plurality of user attributes in each of the user data records as a private attribute; replacing the private attribute in each of the user data records in the database with a designated identifier that uniquely identifies the private attribute while obfuscating the private attribute; and sending the private attributes over a communication network to user communication devices respectively associated with each of the user data records that include the private attributes such that the user communication devices are caused to store the private attributes they respectively receive and generate credentials representing the private attributes that are authenticated upon being verified by a verifying entity without disclosing the private attributes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of maintaining user privacy when storing a user data record associated with a user in a database, comprising:
-
receiving by a user communication device associated with the user over a communications network at least one of a plurality of user attributes in the user data record that is designated as a private attribute, the private attribute being replaced in the user data record by a designated identifier that uniquely identifies the private attribute while obfuscating the private attribute; storing the private attribute in a memory associated with the user communication device; generating, with the user communication device, a credential representing the private attribute that is authenticated upon being verified by a verifying entity without disclosing the private attribute, the verifying entity being configured to receive and respond to a request for verification of the designated identifier from a second entity having authorized access to the database, the verifying entity being further configured to send the private attribute to the second entity only if the credential is verified; and sending the credential and the designated identifier to the verifying entity in response to a request from the verifying entity. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for providing user data to a third party while maintaining user privacy, comprising:
-
establishing a session in a computing environment to execute a first executable computer code in a virtual machine, the first executable computer code being associated with a database provider; causing a second executable computer code to be inserted into the session, the second executable computer code being associated with a verifying entity; receiving a request from a third party from outside of the session to obtain user data for a user having a user data record maintained by the database provider, the request identifying the user by a designated identifier stored in the user data record, the designated identifier replacing at least one private attribute of the user data record, the at least one private attribute including one or more key attributes of the user data record, the user data record including an encrypted data object in which said at least one private attribute is encrypted; responsive to the request, causing a third executable code to be inserted into the session, the third executable code being associated with a user communication device associated with the user; further responsive to the request, causing the third executable code to send a credential to the second executable code within the session, the credential being associated with said at least one private attribute of the user data record; upon verification of the credential by the second executable code, receiving in the session, from the third executable code, said at least one private attribute and the designated identifier; and in response to receipt in the session of said at least one private attribute and the designated identifier, accessing the user data record stored in the database and verifying said at least one private attribute using the encrypted data object and, if verified, sending the user data record to the third party outside of the session without including said at least one private attribute. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
-
-
32. A method executed by a user communication device for protecting stored data from data breaches, comprising:
-
receiving by a user communication device associated with a user over a communications network at least one of a plurality of user attributes in a user data record that is designated as a private attribute, the private attribute being replaced in the user data record by a designated identifier that uniquely identifies the private attribute while obfuscating the private attribute; storing the private attribute in a memory associated with the user communication device; generating a credential using biometric data of the user and a user defined dataset; associated the credential and the user defined dataset with the private attribute; receiving a request to present the credential and the user defined dataset; responsive to a request to send the stored private attribute in the memory, the request only being issued if the credential is verified, causing the private attribute to be sent to an entity that has authorized access to the user data record. - View Dependent Claims (33, 34, 35, 36, 37, 38)
-
-
39. A method of maintaining user privacy when storing a user data record associated with a user in a database, comprising:
-
receiving by a verifying entity over a communications network at least one of a plurality of user attributes in the user data record that is designated as a private attribute, the private attribute being replaced in the user data record by a designated identifier that uniquely identifies the private attribute while obfuscating the private attribute; requesting, by the verifying entity, a secure key from a user communication device associated with the user; receiving by the verifying entity the secure key from the user communication device, the secure key being one component of a digital string that is used as input to a hash function that generates a hashed output, the digital string and the hashed output being generated by the user communication device, the digital string having at least two components; receiving by the verifying entity a credential from the user communication device, the credential representing the private attribute that is authenticated upon being verified by the verifying entity without disclosing the private attribute; verifying, by the verifying entity, the credential; if the credential is verified, sending, by the verifying entity, the private attribute an external storage device. - View Dependent Claims (40)
-
-
41. A method of maintaining user privacy when storing a user data record associated with a user in a database, comprising:
-
sending, by a user communication device associated with the user over a communication network, a designated identifier to a server that maintains the database, the designated identifier being used to replace at least one of a plurality of user attributes in the user data record that is designated as a private attribute, the designated identifier uniquely identifying the private attribute while obfuscating the private attribute; generating, with the user communication device, a credential representing the private attribute that is authenticated upon being verified by a verifying entity without disclosing the private attribute, the verifying entity being configured to receive the private attribute from the server that maintains the server; sending the credential to the verifying entity in response to a request from the verifying entity; generating, with the user communication device, first and second digital strings; generating, with the user communication device, a hashed output using the first and second digital strings as input to a hash function; sending the one of the first and second digital strings and the hashed output to an external storage device that is to store the private attribute; and sending the other of the first and second digital strings to the verifying entity to thereby cause the verifying entity to send the private attribute to the external storage device if the credential is verified.
-
-
42. A method for providing user data to a third party while maintaining user privacy, comprising:
-
establishing a session in a computing environment to execute a first executable computer code in a virtual machine, the first executable computer code being associated with a database provider; causing a second executable computer code to be inserted into the session, the second executable computer code being associated with a verifying entity; receiving in the session a request from a third party outside the session to obtain user data for a user having a user data record maintained by the database provider in a database, the request identifying the user by a designated identifier stored in the user data record, the designated identifier replacing at least one private attribute of the user data record, the at least one private attribute including one or more key attributes of the user data record; responsive to the request, causing the second executable code to authenticate the user within the session; further responsive to the request, causing the first executable computer code to request the private attribute from the second executable code within the session so that in response thereto a secure key is sent over a communication network by the second executable computer code to an external storage device that stores the private attribute, the secure key being configured so that the external storage device is able to verify that a user communication device associated with the user has authorized the verifying entity to access the private attribute; receiving the private attribute from the second executable computer code within the session, the second executable computer code having received the private attribute from the external storage device over the communication network only if the secure key is verified by the external storage device; and in response to receipt in the session of said at least one private attribute, accessing the user data record stored in the database and sending the user data record to the third party without including said at least one private attribute.
-
Specification