Data security system for a database having multiple encryption levels applicable on a data element value level

DC CAFC

US 6,321,201 B1
Filed: 02/23/1998
Issued: 11/20/2001
Est. Priority Date: 06/20/1996
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for processing of data that is to be protected, comprising:

storing the data as encrypted data element values (DV) in records (P) in a first database (O-DB), the first database (O-DB) having a table structure with rows and columns, each row representing a record (P) and each combination of a row and a column representing a data element value (DV), in the first database (O-DB) each data element value (DV) is linked to a corresponding data element type (DT);

storing in a second database (IAM-DB) a data element protection catalogue (DPC), which contains each individual data element type (DT) and one or more protection attributes stating processing rules for data element values (DV), which in the first database (O-DB) are linked to the individual data element type (DT);

for each user-initiated measure aiming at processing of a given data element value (DV) in the first database (O-DB), initially producing a calling to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element type, and controlling the user'"'"'s processing of the given data element value in conformity with the collected protection attribute/attributes.

View all claims

5 Assignments

Timeline View

Assignment View

Litigations

4 Petitions

Reexamination

Accused Products

Abstract

A method and an apparatus for processing data provides protection for the data. The data is stored as encrypted data element values (DV) in records (P) in a first database (O-DB), each data element value being linked to a corresponding data element type (DT). In a second database (IAM-DB), a data element protection catalogue (DC) is stored, which for each individual data element type (DT) contains one or more protection attributes stating processing rules for data element values (DV), which in the first database (O-DB) are linked to the individual data element type (DT). In each user-initiated measure which aims at processing a given data element value (DV) in the first database (O-DB), a calling is initially sent to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element types. The user'"'"'s processing of the given data element value is controlled in conformity with the collected protection attribute/attributes.

205 Citations

17 Claims

1. A method for processing of data that is to be protected, comprising:
- storing the data as encrypted data element values (DV) in records (P) in a first database (O-DB), the first database (O-DB) having a table structure with rows and columns, each row representing a record (P) and each combination of a row and a column representing a data element value (DV), in the first database (O-DB) each data element value (DV) is linked to a corresponding data element type (DT);
  
  storing in a second database (IAM-DB) a data element protection catalogue (DPC), which contains each individual data element type (DT) and one or more protection attributes stating processing rules for data element values (DV), which in the first database (O-DB) are linked to the individual data element type (DT);
  
  for each user-initiated measure aiming at processing of a given data element value (DV) in the first database (O-DB), initially producing a calling to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element type, and controlling the user'"'"'s processing of the given data element value in conformity with the collected protection attribute/attributes.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as claimed in claim 1, further comprising the measure of storing the protection attribute/attributes of the data element protection catalogue (DC) in encrypted form in the second database (IAM-DB) and, when collecting protection attribute/attributes from the data element protection catalogue (DC) effecting decryption thereof.
  - 3. A method as claimed in claim 1, wherein each record (P) in the first database (O-DB) has a record identifier, and wherein the method further comprises the measure of storing the record identifier in encrypted form (SID) in the first database (O-DB).
  - 4. A method as claimed in claim 1, wherein the encryption of data in the first database (O-DB) and/or the encryption of data in the second database (IAM-DB) is carried out in accordance with a PROTEGRITY principle with floating storage identity.
  - 5. A method as claimed in claim 1, wherein the protection attribute/attributes of the data element types comprise attributes stating rules for encryption of the corresponding data element values in the first database (O-DB).
  - 6. A method as claimed in claim 1, wherein the protection attribute/attributes of the data element types comprise attributes stating rules for which program/programs or program versions is/are allowed to be used for managing the corresponding data element values in the first database (O-DB).
  - 7. A method as claimed in claim 1, wherein the protection attribute/attributes of the data element values comprise attributes stating rules for logging the corresponding data element values in the first database (O-DB).

8. An apparatus for processing data that is to be protected, comprising:
- a first database (O-DB) for storing said data as encrypted data element values (DV) in records (P), said first database (O-DB) having a table structure with rows and columns, each row representing a record (P) and each combination of a row and a column representing a data element value (DV), in said first database (O-DB) each data element value (DV) is linked to a corresponding data element type (DT);
  
  a second database (IAM-DB) for storing a data element protection catalogue (DPC), which contains each individual data element type (DT) and one or more protection attributes stating processing rules for data element values (DV), which in the first database (O-DB) are linked to the individual data element type (DT);
  
  means which are adapted, in each user-initiated measure aiming at processing a given data element value (DV) in the first database (O-DB), to initially produce a calling to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element types, and means which are adapted to control the user'"'"'s processing of the given data element value in conformity with the collected protection attribute/attributes.

9. A method for processing of confidential data comprising the steps of:
- providing a first database (P-DB), a second database (O-DB), and a third database (IAM-DB), the second database (O-DB) having a table structure with rows and columns, each row representing a record (P) and each combination of a row and a column representing a data element value (DV), in the second database (O-DB) each data element value (DV) is linked to a corresponding data element type (DT) of a plurality of different data element types;
  
  entering descriptive information (DI) corresponding to a data element value (DV), with certain portions of the descriptive information being classified as certain data element types (DT) of the plurality of different data element types;
  
  assigning an initial identity (OID) to the descriptive information;
  
  storing a first record in the first database including in the initial identity;
  
  encrypting the initial identity to form a storage identity (SID);
  
  accessing a catalogue (DCP) of encryption protection degrees in the third database, the catalogue including encryption levels for each of the different data types;
  
  encrypting the certain portions of the descriptive information in accordance with their data types; and
  
  storing a second record in the second database including the storage identity and the encrypted descriptive information (DV).
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method according to claim 9, wherein the third database is physically separate from the second database.
  - 11. The method according to claim 9, wherein said step of encrypting the initial identity to form the storage identity includes a non-reversible encryption followed by a reversible encryption.
  - 12. The method according to claim 9, wherein the catalogue of encryption protection degrees in the third database is encrypted.
  - 13. The method according to claim 9, wherein the catalogue of encryption protection degrees includes encryption rules for encrypting the different data types.
  - 14. The method according to claim 9, wherein the catalogue of encryption protection degrees includes rules for which program or programs may manage the different data types.
  - 15. The method according to claim 9, wherein the first record is not encrypted.
  - 16. The method according to claim 15, wherein the first record includes an individual'"'"'s name and address.
  - 17. The method according to claim 16, wherein the different data types represent different types of personal data corresponding to the individual.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Anonymity Protection In Sweden AB
Inventors
Dahl, Ulf
Primary Examiner(s)
Cosimano, Edward R.

Application Number

US09/027,585
Time in Patent Office

1,366 Days
Field of Search

380/4, 380/3, 707/104, 707/1, 707/9, 705/1, 705/50, 705/51, 705/54
US Class Current

705/51
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

H04L 9/088   Usage controlling of secret...

H04L 9/0894   Escrow, recovery or storing...

Y10S 707/99939   Privileged access

Data security system for a database having multiple encryption levels applicable on a data element value level

First Claim

5 Assignments

Litigations

4 Petitions

Reexamination

Accused Products

Abstract

205 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Data security system for a database having multiple encryption levels applicable on a data element value level

First Claim

5 Assignments

Subscription Required

Subscription Required

Litigations

4 Petitions

Subscription Required

Reexamination

Accused Products

Subscription Required

Abstract

205 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links