Method and system for providing a secure multi-user portable database
First Claim
1. A method of providing, managing, and accessing a multi-user portable secure database comprising:
- providing a first portable database stored on a portable storage device with a secure portion and a non-secure portion;
storing security components for encrypting and decrypting data files in the secure portion of the first portable database;
storing encrypted data files in the non-secure portion of the first portable database; and
controlling access to the encrypted data files using a first computer process being executed by a processing device, wherein said controlling access further comprises;
assigning an access control matrix to each encrypted data file in the first portable database according to a hierarchical structure, wherein the access control matrix defines access rights of each user to each encrypted data file, the access control matrix assigning a level of access to each type of access;
associating a user requesting access with one of the security components comprising a key for allowing the requested access to the first portable database in response to authentication of a second portable database against the first portable database by the first computer process, the second portable database comprising a secure portion; and
allowing the requested access to one or more of the encrypted data files in the first portable database based on the authentication performed by the first computer process and in accordance with the access control matrix in the first portable database.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for providing, managing, and accessing a multi-user secure portable database using secure memory cards is provided. The database has a secure portion for storing security keys and a non-secure portion for encrypted data files. Access to the encrypted data files is controlled by assigning access rights through an access control matrix to each encrypted data file according to a hierarchical structure of users. A user requesting access is identified in the hierarchy, associated with a key for allowing the requested access, and the requested access allowed to a file in accordance with the rights allocated through the access control matrix. A patient can selectively grant access to encrypted medical records on his card to a physician. Authentication of the owner/patient is preferably required. Other records required by emergency medical personnel are readable from the same card without requiring permission from the patient.
-
Citations
50 Claims
-
1. A method of providing, managing, and accessing a multi-user portable secure database comprising:
-
providing a first portable database stored on a portable storage device with a secure portion and a non-secure portion; storing security components for encrypting and decrypting data files in the secure portion of the first portable database; storing encrypted data files in the non-secure portion of the first portable database; and controlling access to the encrypted data files using a first computer process being executed by a processing device, wherein said controlling access further comprises; assigning an access control matrix to each encrypted data file in the first portable database according to a hierarchical structure, wherein the access control matrix defines access rights of each user to each encrypted data file, the access control matrix assigning a level of access to each type of access; associating a user requesting access with one of the security components comprising a key for allowing the requested access to the first portable database in response to authentication of a second portable database against the first portable database by the first computer process, the second portable database comprising a secure portion; and allowing the requested access to one or more of the encrypted data files in the first portable database based on the authentication performed by the first computer process and in accordance with the access control matrix in the first portable database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A multi-user system for storing, updating, and accessing secure data records, said system comprising:
-
a first portable database device comprising; a secure portion and a non-secure portion; a data structuring module configured to embed a hierarchical structure for each user into each secure data record in the first portable database device, wherein the hierarchical structure identifies each user and allows for assigning access rights to each secure data record; and an access control module configured to embed a security element into each secure data record and to cooperate with a security management module for managing a plurality of security elements associated with a plurality of users and with said data structuring module, wherein said access control module is configured to assign the access rights for each user to each secure data record and to allow a user access to a secure data record in accordance with the assigned access rights, and wherein the non-secure portion of the first portable database comprises the secure data records and the secure portion comprises at least one of the plurality of security elements; and a second portable database device comprising a secure portion and configured to hold authentication information, wherein the second portable database device is authenticated against the first portable database device using the authentication information before the user is permitted to access the first portable database device. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45, 46, 47)
-
-
48. A multi-user system adapted to store, update, and access secure data records using, said system comprising:
a portable database device, said portable database device comprising; a secure portion and a non-secure portion; a first data path adapted to provide access to the security element in the secure portion and a second data path adapted to provide access to the secure data record in the non-secure portion; a data structuring module, configured to embed a hierarchical structure for a user into a secure data record in the portable database device, wherein the hierarchical structure identifies the user and allows for assigning access rights to the secure data record; and an access control module, configured to embed a security element into the secure data record and to cooperate with a security management module for managing a security element associated with a user and said data structuring module, wherein said access control module is configured to assign the access rights for the user to the secure data record and to allow a user access to the secure data record in accordance with the assigned access rights, and wherein the non-secure portion of the portable database device comprises the secure data records and the secure portion comprises at least one of the plurality of security elements.
-
49. A method of providing, managing, and accessing a multi-user portable secure database comprising:
-
providing a portable database stored on a portable storage device with a secure portion and a non-secure portion; storing security components adapted to encrypt and decrypt data files in the secure portion of the portable database; storing encrypted data files in the non-secure portion of the portable database; storing, in the portable database, an audit log associated with at least one of the encrypted data files in the portable database, the audit log providing information concerning modifications to the at least one of the encryption data files; hashing the audit log using a first computer process being executable by a processing device; and controlling access to the encrypted data files using a second computer process being executable by the processing device, wherein said controlling access step further comprises; assigning an access control matrix to each encrypted data file in the portable database according to a hierarchical structure, wherein the access control matrix defines access rights of each user to each encrypted data file, the access control matrix assigning a level of access to each type of access; associating a user requesting access with one of the security components comprising a key for allowing the requested access to the portable database; and allowing the requested access to one or more of the encrypted data files in the portable database using the second computer process in accordance with the access control matrix in the portable database. - View Dependent Claims (50)
-
Specification