Data security system for a database having multiple encryption levels applicable on a data element value level
DC CAFCFirst Claim
1. A method for processing of data that is to be protected, comprising:
- storing the data as encrypted data element values (DV) in records (P) in a first database (O-DB), the first database (O-DB) having a table structure with rows and columns, each row representing a record (P) and each combination of a row and a column representing a data element value (DV), in the first database (O-DB) each data element value (DV) is linked to a corresponding data element type (DT);
storing in a second database (IAM-DB) a data element protection catalogue (DPC), which contains each individual data element type (DT) and one or more protection attributes stating processing rules for data element values (DV), which in the first database (O-DB) are linked to the individual data element type (DT);
for each user-initiated measure aiming at processing of a given data element value (DV) in the first database (O-DB), initially producing a calling to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element type, and controlling the user'"'"'s processing of the given data element value in conformity with the collected protection attribute/attributes.
5 Assignments
Litigations
4 Petitions
Reexamination
Accused Products
Abstract
A method and an apparatus for processing data provides protection for the data. The data is stored as encrypted data element values (DV) in records (P) in a first database (O-DB), each data element value being linked to a corresponding data element type (DT). In a second database (IAM-DB), a data element protection catalogue (DC) is stored, which for each individual data element type (DT) contains one or more protection attributes stating processing rules for data element values (DV), which in the first database (O-DB) are linked to the individual data element type (DT). In each user-initiated measure which aims at processing a given data element value (DV) in the first database (O-DB), a calling is initially sent to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element types. The user'"'"'s processing of the given data element value is controlled in conformity with the collected protection attribute/attributes.
205 Citations
17 Claims
-
1. A method for processing of data that is to be protected, comprising:
-
storing the data as encrypted data element values (DV) in records (P) in a first database (O-DB), the first database (O-DB) having a table structure with rows and columns, each row representing a record (P) and each combination of a row and a column representing a data element value (DV), in the first database (O-DB) each data element value (DV) is linked to a corresponding data element type (DT);
storing in a second database (IAM-DB) a data element protection catalogue (DPC), which contains each individual data element type (DT) and one or more protection attributes stating processing rules for data element values (DV), which in the first database (O-DB) are linked to the individual data element type (DT);
for each user-initiated measure aiming at processing of a given data element value (DV) in the first database (O-DB), initially producing a calling to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element type, and controlling the user'"'"'s processing of the given data element value in conformity with the collected protection attribute/attributes. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for processing data that is to be protected, comprising:
-
a first database (O-DB) for storing said data as encrypted data element values (DV) in records (P), said first database (O-DB) having a table structure with rows and columns, each row representing a record (P) and each combination of a row and a column representing a data element value (DV), in said first database (O-DB) each data element value (DV) is linked to a corresponding data element type (DT);
a second database (IAM-DB) for storing a data element protection catalogue (DPC), which contains each individual data element type (DT) and one or more protection attributes stating processing rules for data element values (DV), which in the first database (O-DB) are linked to the individual data element type (DT);
means which are adapted, in each user-initiated measure aiming at processing a given data element value (DV) in the first database (O-DB), to initially produce a calling to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element types, and means which are adapted to control the user'"'"'s processing of the given data element value in conformity with the collected protection attribute/attributes.
-
-
9. A method for processing of confidential data comprising the steps of:
-
providing a first database (P-DB), a second database (O-DB), and a third database (IAM-DB), the second database (O-DB) having a table structure with rows and columns, each row representing a record (P) and each combination of a row and a column representing a data element value (DV), in the second database (O-DB) each data element value (DV) is linked to a corresponding data element type (DT) of a plurality of different data element types;
entering descriptive information (DI) corresponding to a data element value (DV), with certain portions of the descriptive information being classified as certain data element types (DT) of the plurality of different data element types;
assigning an initial identity (OID) to the descriptive information;
storing a first record in the first database including in the initial identity;
encrypting the initial identity to form a storage identity (SID);
accessing a catalogue (DCP) of encryption protection degrees in the third database, the catalogue including encryption levels for each of the different data types;
encrypting the certain portions of the descriptive information in accordance with their data types; and
storing a second record in the second database including the storage identity and the encrypted descriptive information (DV). - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
Specification