Secure database system

US 6,360,324 B2
Filed: 05/14/1998
Issued: 03/19/2002
Est. Priority Date: 06/14/1997
Status: Expired due to Term

First Claim

Patent Images

1. A computer system comprising:

(a) a server computer including a database;

(b) a plurality of client computers;

(c) a network connecting said client computers to said server computer;

(d) said database including at least one personal information table holding personal records containing information relating to a plurality of persons, each person being identified in said personal information table by a unique personal identifier value;

(e) said database also including a plurality of further tables, each of said further tables holding records containing further information relating to said persons, and each of said further tables having an encryption parameter associated therewith, said encryption parameter being different for each of said further tables;

(f) each of said client computers including encryption means for encrypting a personal identifier value using the encryption parameter of a selected one of said further tables, to generate an encrypted identifier value and means for sending the encrypted identifier value over said network to said server computer; and

(g) said server computer including access means for using said encrypted identifier value to access a record in the selected one of said further tables.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure database system comprises a server having a database including at least one personal information table and at least one further table containing information relating to the persons whose details are stored in the personal information table. The keys of the tables in the database are unrelated, so that it is impossible to determine solely from information in the server which record in the further table corresponds to which record in the personal information table. Thus, even if a hacker obtains access to the database, the hacker will not be able to relate information in the different tables. Each legitimate client uses an encryption process to convert a personal identifier value, which identifies the record relating to a particular person in the personal information table, into a pseudo-identifier value, which identifies a record relating to the same person in the further table.

49 Citations

View as Search Results

10 Claims

1. A computer system comprising:
- (a) a server computer including a database;
  
  (b) a plurality of client computers;
  
  (c) a network connecting said client computers to said server computer;
  
  (d) said database including at least one personal information table holding personal records containing information relating to a plurality of persons, each person being identified in said personal information table by a unique personal identifier value;
  
  (e) said database also including a plurality of further tables, each of said further tables holding records containing further information relating to said persons, and each of said further tables having an encryption parameter associated therewith, said encryption parameter being different for each of said further tables;
  
  (f) each of said client computers including encryption means for encrypting a personal identifier value using the encryption parameter of a selected one of said further tables, to generate an encrypted identifier value and means for sending the encrypted identifier value over said network to said server computer; and
  
  (g) said server computer including access means for using said encrypted identifier value to access a record in the selected one of said further tables.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A computer system according to claim 1 wherein each of said further tables includes a column for storing pseudo-identifier values, and wherein said access means comprises means for searching the selected one of said further tables to find a record whose pseudo-identifier value matches said encrypted identifier value.
  - 3. A computer system according to claim 1 wherein said encryption means uses a master encryption key, in combination with said encryption parameter, to encrypt said personal identifier value.
  - 4. A computer system according to claim 1 wherein the database includes at least one free text table containing free text information, and wherein each of said client computers includes means for encrypting text before writing it into said free text table and for decrypting text when read from said free text table.
  - 5. A computer system according to claim 1 including means for encrypting information while in transit between said client computers and said server computer.

6. A method of securely storing data in a database, the method comprising:
- (a) storing a database in a server computer;
  
  (b) said database including at least one personal information table holding personal records containing information relating to a plurality of persons, each person being identified in said personal information table by a unique personal identifier value;
  
  (c) said database also including a plurality of further tables, each of said further tables holding records containing further information relating to said persons, and each of said further tables having an encryption parameter associated therewith, said encryption parameter being different for each of said further tables;
  
  (d) in a client computer, encrypting a personal identifier value using the encryption parameter of a selected one of said further tables, to generate an encrypted identifier value, and sending the encrypted identifier value over a network to the server computer; and
  
  (e) in said server computer, using said encrypted identifier value to access a record in the selected one of said further tables.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A method according to claim 6 wherein each of said further tables includes a column for storing pseudo-identifier values, the method including searching the selected one of said further tables to find a record whose pseudo-identifier value matches said encrypted identifier value.
  - 8. A method according to claim 6 wherein the step of encrypting a personal identifier value comprises using a master encryption key, in combination with said encryption parameter.
  - 9. A method according to claim 6 including storing in said database at least one free text table containing free text information, encrypting text before writing it into said free text table and decrypting text when read from said free text table.
  - 10. A method according to claim 6 including encrypting information while in transit between said client computer and said server computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Computers Limited (Fujitsu Limited)
Original Assignee
International Computers Limited (Fujitsu Limited)
Inventors
Van Blarkom, Gilles Willem
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/079,117
Publication Number

US 20010054142A1
Time in Patent Office

1,405 Days
Field of Search

707/514, 707/515, 707/9, 707/509, 705/3, 713/161, 713/168, 713/182
US Class Current

713/182
CPC Class Codes

G06F 21/6254 by anonymising data, e.g. d...

G06F 2211/007 Encryption, En-/decode, En-...

Secure database system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

49 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Secure database system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links