System and method for dis-identifying sensitive information and associated records

US 7,681,042 B2
Filed: 06/17/2004
Issued: 03/16/2010
Est. Priority Date: 06/17/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A system for protecting the relationship between personal identifiable information and one or more associated records, the system comprising:

a processor,a system manager module operably residing on the processor, the manager module operable to receive a hidden link and an encrypted hidden link from an encryption module, to insert the personal identifiable information and the associated records into separate databases in a storage module, and to retrieve the personal identifiable information and the associated records from the separate databases, wherein the personal identifiable information and the associated records are stored with one or more hidden links or encrypted hidden links so that there is no direct link between the personal identifiable information and the associated records,and further wherein the personal identifiable information includes a sensitive information portion and a non-sensitive information portion and wherein the system manager module is operable to separate the personal identifiable information into a sensitive information portion and a non-sensitive information portion, to insert the sensitive information and the non-sensitive information portions into separate databases, and to retrieve the sensitive information and the non-sensitive information portions from their separate databases,and further wherein an entry in the sensitive information database includes a first hidden link, the first hidden link associated with a first encryption key, and each entry in the associated records database and the non-sensitive information database related to the entry in the sensitive information database include the first hidden link encrypted according to the first encryption key, and wherein the non-sensitive information database further includes a second hidden link, the second hidden link associated with a second encryption key, and the first hidden link encrypted according to the second encryption key.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-based system (10) and method for dis-identifying personal identifiable information (152, 162) and associated records (172) is disclosed. The system includes a system manager (20) module, an encryption and key management module (30), and a storage module (40). The system manager module (20) stores related sensitive information portions (152) of the personal identifiable information (152, 162), non-sensitive information portions (162) of the personal identifiable information, and associated records (172) in separate databases (100, 110, 120 or 150, 160, 170) in storage module (40) with each database record including one or more hidden links generated by the encryption and key management module (30) that can be used to determine the related records or information in one of the other databases. The hidden links are encrypted so that the relationships between the database records are hidden. The methods provide for storing sensitive and non-sensitive personal identifiable information and associated records as database records, and for storing the hidden links associated with these database records. The present invention also includes methods for retrieving sensitive personal identifiable information for a given associated record and for retrieving the associated record(s) for a given sensitive personal identifiable information.

Citations

22 Claims

1. A system for protecting the relationship between personal identifiable information and one or more associated records, the system comprising:
- a processor,a system manager module operably residing on the processor, the manager module operable to receive a hidden link and an encrypted hidden link from an encryption module, to insert the personal identifiable information and the associated records into separate databases in a storage module, and to retrieve the personal identifiable information and the associated records from the separate databases, wherein the personal identifiable information and the associated records are stored with one or more hidden links or encrypted hidden links so that there is no direct link between the personal identifiable information and the associated records,and further wherein the personal identifiable information includes a sensitive information portion and a non-sensitive information portion and wherein the system manager module is operable to separate the personal identifiable information into a sensitive information portion and a non-sensitive information portion, to insert the sensitive information and the non-sensitive information portions into separate databases, and to retrieve the sensitive information and the non-sensitive information portions from their separate databases,and further wherein an entry in the sensitive information database includes a first hidden link, the first hidden link associated with a first encryption key, and each entry in the associated records database and the non-sensitive information database related to the entry in the sensitive information database include the first hidden link encrypted according to the first encryption key, and wherein the non-sensitive information database further includes a second hidden link, the second hidden link associated with a second encryption key, and the first hidden link encrypted according to the second encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1 further including an encryption and key management module operable to generate a hidden link and to encrypt and decrypt data.
  - 3. The system of claim 2 wherein the encryption and key management module further includes a key database and wherein the encryption and key management module stores encrypted encryption keys and associated key identifiers in the key database.
  - 4. The system of claim 2 further including a key database that is physically separate from the encryption module, the key database operable to store encrypted encryption keys and associated key identifiers.
  - 5. The system of claim 1 further including a storage module, the storage module including databases for the personal identifiable information and associated records.
  - 6. The system of claim 1 further including a storage module, the storage module including a sensitive information database, a non-sensitive information database, and an associated records database.
  - 7. The system of claim 6 wherein each database in the storage module is physically separated from the remaining databases.
  - 8. The system of claim 6 wherein each database in the storage module resides on a separate database server.
  - 9. The system of claim 1 further including at least one client terminal in communication with the system manager module.
  - 10. The system of claim 1 wherein the personal identifiable information and the associated records are stored in clear text.
  - 11. The system of claim 1 wherein the personal identifiable information and the associated records are encrypted before they are stored.

12. A method in a computer system for storing personal identifiable information and associated records so that there is no direct link between the personal identifiable information and the associated records, the personal identifiable information including sensitive information and non-sensitive information, the computer system including a sensitive information database, a non-sensitive information database, and an associated records database, the method comprising:
- separating the personal identifiable information into sensitive information and non-sensitive information;
  
  obtaining a first hidden link, the first hidden link associated with a first encryption key;
  
  inserting the sensitive information and the first hidden link into the sensitive information database;
  
  receiving the first hidden link encrypted using the first encryption key;
  
  inserting the associated records and the first hidden link encrypted using the first encryption key into the associated records database;
  
  obtaining a second hidden link associated with a second encryption key;
  
  receiving the first hidden link encrypted using the second encryption key;
  
  inserting the non-sensitive information, the first hidden link encrypted according to the first encryption key, the second hidden link, and the first hidden link encrypted according to the second encryption key into the non-sensitive information database.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12 wherein the hidden links are generated by an encryption and key management module.
  - 14. The method of claim 12 further including receiving a request to store personal identifiable information and associated records, the request containing the information that comprises the personal identifiable information and associated records.
  - 15. The method of claim 14 wherein the request is received from a client terminal.
  - 16. The method of claim 12 further including sending the personal identifiable information and associated records for encryption with the first encryption key and wherein the encrypted personal identifiable information and associated records are inserted into the databases.

17. A computer readable medium containing computer executable instructions for performing a method, the method comprisingseparating the personal identifiable information into sensitive information and non-sensitive information;
- receiving a first hidden link, the first hidden link associated with a first encryption key;
  
  inserting the sensitive information and the first hidden link into the sensitive information database;
  
  receiving the first hidden link encrypted using the first encryption key;
  
  inserting the associated records and the first hidden link encrypted using the first encryption key into the associated records database;
  
  receiving a second hidden link, the second hidden link associated with a second encryption key;
  
  receiving the first hidden link encrypted using the second encryption key;
  
  inserting the non-sensitive information, the first hidden link encrypted according to the first encryption key, the second hidden link, and the first hidden link encrypted according to the second encryption key into the non-sensitive information database.

18. A method in a computer system for retrieving the sensitive information portion of a personal identifiable information related to certain associated records, the sensitive information stored in a sensitive information database along with a first hidden link, the first hidden link associated with a first encryption key, and the associated records stored in an associated records database along with the first hidden link encrypted using the first encryption key so that there is no direct link between the sensitive personal identifiable information and the associated records, the personal identifiable information further including a non-sensitive information portion stored in a non-sensitive information database along with the first hidden link encrypted using the first encryption key, a second hidden link associated with a second encryption key, and the first hidden link encrypted using the second encryption key, the method comprising:
- retrieving the first hidden link encrypted with the first encryption key stored with the associated record;
  
  using the first hidden link encrypted with the first encryption key stored with the associated record to find the record in the non-sensitive database related to the associated record;
  
  retrieving the second hidden link and the first hidden link encrypted with the second encryption key stored with the non-sensitive database record from the non-sensitive database record;
  
  submitting the first hidden link encrypted with the second encryption key for decryption thereby receiving the first hidden link; and
  
  using the first hidden link to retrieve the sensitive portion of the personal identifiable information from the sensitive information database.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18 wherein retrieving the first hidden link encrypted with the first encryption key stored with the associated record comprises forming a search request that includes information in the associated record;
    - transmitting the search request to the associated record database; and
      
      receiving the first hidden link encrypted with the first encryption key stored with the associated record from the associated record database.
  - 20. The method of claim 18 wherein using the first hidden link encrypted with the first encryption key stored with the associated record to find the record in the non-sensitive database related to the associated record comprises forming a search request that includes the first hidden link encrypted with the first encryption key stored with the associated record and transmitting the search request to the non-sensitive information database.
  - 21. The method of claim 18 wherein retrieving the sensitive portion of the personal identifiable information from the sensitive information database comprises forming a search request that includes the hidden link associated with the record for the sensitive portion of the personal identifiable information in the sensitive information database;
    - transmitting the search request to the sensitive information database; and
      
      receiving the sensitive portion of the personal identifiable information from the sensitive information database.

22. A computer readable medium containing computer executable instructions for performing a method, the method comprising:
- retrieving the first hidden link encrypted with the first encryption key stored with the associated record;
  
  using the first hidden link encrypted with the first encryption key stored with the associated record to find the record in the non-sensitive database related to the associated record;
  
  retrieving the second hidden link and the first hidden link encrypted with the second encryption key stored with the non-sensitive database record from the non-sensitive database record;
  
  submitting the first hidden link encrypted with the second encryption key for decryption thereby receiving the first hidden link; and
  
  using the first hidden link to retrieve the sensitive portion of the personal identifiable information from the sensitive information database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Abdallah Farrukh, Central Valley Administrators
Original Assignee
Eruces, Inc.
Inventors
Khulusi, Bassam, Vasic, Ognjen
Primary Examiner(s)
Kim; Jung
Assistant Examiner(s)
Lemma; Samson B

Application Number

US10/871,179
Publication Number

US 20050283620A1
Time in Patent Office

2,098 Days
Field of Search

713/185, 380/277
US Class Current

713/185
CPC Class Codes

G06F 21/6254   by anonymising data, e.g. d...

G16H 10/60   for patient-specific data, ...

H04L 63/0421   Anonymous communication, i....

H04L 63/0428   wherein the data content is...

H04L 63/104   Grouping of entities

H04L 9/083   involving central third par...

System and method for dis-identifying sensitive information and associated records

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for dis-identifying sensitive information and associated records

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links