System and method for dis-identifying sensitive information and associated records
First Claim
1. A system for protecting the relationship between personal identifiable information and one or more associated records, the system comprising:
- a processor,a system manager module operably residing on the processor, the manager module operable to receive a hidden link and an encrypted hidden link from an encryption module, to insert the personal identifiable information and the associated records into separate databases in a storage module, and to retrieve the personal identifiable information and the associated records from the separate databases, wherein the personal identifiable information and the associated records are stored with one or more hidden links or encrypted hidden links so that there is no direct link between the personal identifiable information and the associated records,and further wherein the personal identifiable information includes a sensitive information portion and a non-sensitive information portion and wherein the system manager module is operable to separate the personal identifiable information into a sensitive information portion and a non-sensitive information portion, to insert the sensitive information and the non-sensitive information portions into separate databases, and to retrieve the sensitive information and the non-sensitive information portions from their separate databases,and further wherein an entry in the sensitive information database includes a first hidden link, the first hidden link associated with a first encryption key, and each entry in the associated records database and the non-sensitive information database related to the entry in the sensitive information database include the first hidden link encrypted according to the first encryption key, and wherein the non-sensitive information database further includes a second hidden link, the second hidden link associated with a second encryption key, and the first hidden link encrypted according to the second encryption key.
4 Assignments
0 Petitions
Accused Products
Abstract
A computer-based system (10) and method for dis-identifying personal identifiable information (152, 162) and associated records (172) is disclosed. The system includes a system manager (20) module, an encryption and key management module (30), and a storage module (40). The system manager module (20) stores related sensitive information portions (152) of the personal identifiable information (152, 162), non-sensitive information portions (162) of the personal identifiable information, and associated records (172) in separate databases (100, 110, 120 or 150, 160, 170) in storage module (40) with each database record including one or more hidden links generated by the encryption and key management module (30) that can be used to determine the related records or information in one of the other databases. The hidden links are encrypted so that the relationships between the database records are hidden. The methods provide for storing sensitive and non-sensitive personal identifiable information and associated records as database records, and for storing the hidden links associated with these database records. The present invention also includes methods for retrieving sensitive personal identifiable information for a given associated record and for retrieving the associated record(s) for a given sensitive personal identifiable information.
-
Citations
22 Claims
-
1. A system for protecting the relationship between personal identifiable information and one or more associated records, the system comprising:
-
a processor, a system manager module operably residing on the processor, the manager module operable to receive a hidden link and an encrypted hidden link from an encryption module, to insert the personal identifiable information and the associated records into separate databases in a storage module, and to retrieve the personal identifiable information and the associated records from the separate databases, wherein the personal identifiable information and the associated records are stored with one or more hidden links or encrypted hidden links so that there is no direct link between the personal identifiable information and the associated records, and further wherein the personal identifiable information includes a sensitive information portion and a non-sensitive information portion and wherein the system manager module is operable to separate the personal identifiable information into a sensitive information portion and a non-sensitive information portion, to insert the sensitive information and the non-sensitive information portions into separate databases, and to retrieve the sensitive information and the non-sensitive information portions from their separate databases, and further wherein an entry in the sensitive information database includes a first hidden link, the first hidden link associated with a first encryption key, and each entry in the associated records database and the non-sensitive information database related to the entry in the sensitive information database include the first hidden link encrypted according to the first encryption key, and wherein the non-sensitive information database further includes a second hidden link, the second hidden link associated with a second encryption key, and the first hidden link encrypted according to the second encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method in a computer system for storing personal identifiable information and associated records so that there is no direct link between the personal identifiable information and the associated records, the personal identifiable information including sensitive information and non-sensitive information, the computer system including a sensitive information database, a non-sensitive information database, and an associated records database, the method comprising:
-
separating the personal identifiable information into sensitive information and non-sensitive information; obtaining a first hidden link, the first hidden link associated with a first encryption key; inserting the sensitive information and the first hidden link into the sensitive information database; receiving the first hidden link encrypted using the first encryption key; inserting the associated records and the first hidden link encrypted using the first encryption key into the associated records database; obtaining a second hidden link associated with a second encryption key; receiving the first hidden link encrypted using the second encryption key; inserting the non-sensitive information, the first hidden link encrypted according to the first encryption key, the second hidden link, and the first hidden link encrypted according to the second encryption key into the non-sensitive information database. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A computer readable medium containing computer executable instructions for performing a method, the method comprising
separating the personal identifiable information into sensitive information and non-sensitive information; -
receiving a first hidden link, the first hidden link associated with a first encryption key; inserting the sensitive information and the first hidden link into the sensitive information database; receiving the first hidden link encrypted using the first encryption key; inserting the associated records and the first hidden link encrypted using the first encryption key into the associated records database; receiving a second hidden link, the second hidden link associated with a second encryption key; receiving the first hidden link encrypted using the second encryption key; inserting the non-sensitive information, the first hidden link encrypted according to the first encryption key, the second hidden link, and the first hidden link encrypted according to the second encryption key into the non-sensitive information database.
-
-
18. A method in a computer system for retrieving the sensitive information portion of a personal identifiable information related to certain associated records, the sensitive information stored in a sensitive information database along with a first hidden link, the first hidden link associated with a first encryption key, and the associated records stored in an associated records database along with the first hidden link encrypted using the first encryption key so that there is no direct link between the sensitive personal identifiable information and the associated records, the personal identifiable information further including a non-sensitive information portion stored in a non-sensitive information database along with the first hidden link encrypted using the first encryption key, a second hidden link associated with a second encryption key, and the first hidden link encrypted using the second encryption key, the method comprising:
-
retrieving the first hidden link encrypted with the first encryption key stored with the associated record; using the first hidden link encrypted with the first encryption key stored with the associated record to find the record in the non-sensitive database related to the associated record; retrieving the second hidden link and the first hidden link encrypted with the second encryption key stored with the non-sensitive database record from the non-sensitive database record; submitting the first hidden link encrypted with the second encryption key for decryption thereby receiving the first hidden link; and using the first hidden link to retrieve the sensitive portion of the personal identifiable information from the sensitive information database. - View Dependent Claims (19, 20, 21)
-
-
22. A computer readable medium containing computer executable instructions for performing a method, the method comprising:
-
retrieving the first hidden link encrypted with the first encryption key stored with the associated record; using the first hidden link encrypted with the first encryption key stored with the associated record to find the record in the non-sensitive database related to the associated record; retrieving the second hidden link and the first hidden link encrypted with the second encryption key stored with the non-sensitive database record from the non-sensitive database record; submitting the first hidden link encrypted with the second encryption key for decryption thereby receiving the first hidden link; and using the first hidden link to retrieve the sensitive portion of the personal identifiable information from the sensitive information database.
-
Specification