Sensitive data aliasing

US 7,870,614 B1
Filed: 03/10/2006
Issued: 01/11/2011
Est. Priority Date: 01/27/2006
Status: Active Grant

First Claim

Patent Images

1. A computerized method of encrypting data sets containing sensitive data elements and generating aliases to represent the sensitive data elements, the method including the steps of:

storing verification data for maintenance of a relationship between the sensitive data elements and aliases for the sensitive data elements;

encrypting the sensitive data elements using a first encryption method that generates binary string representations of the sensitive data elements;

formatting the binary representations of the sensitive data elements according to a text format that would correspond to at least one prospective alias for the sensitive data elements;

comparing the formatted sensitive data elements to stored sensitive data elements to determine if ones of the sensitive data elements have existing aliases;

generating, in response to the determination, aliases independent from the sensitive data elements;

generating an association between the generated aliases and the sensitive data elements;

restricting access to the sensitive data elements to a set of authorized users;

providing the aliases in place of the sensitive data elements in response to access request to the sensitive data elements by a set of standard users, where at least some of the standard users are not included in the set of authorized users; and

retrieving the stored verification data for validating, in response to a request for decryption, the relationship between the sensitive data elements and the aliases.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.

Citations

32 Claims

1. A computerized method of encrypting data sets containing sensitive data elements and generating aliases to represent the sensitive data elements, the method including the steps of:
- storing verification data for maintenance of a relationship between the sensitive data elements and aliases for the sensitive data elements;
  
  encrypting the sensitive data elements using a first encryption method that generates binary string representations of the sensitive data elements;
  
  formatting the binary representations of the sensitive data elements according to a text format that would correspond to at least one prospective alias for the sensitive data elements;
  
  comparing the formatted sensitive data elements to stored sensitive data elements to determine if ones of the sensitive data elements have existing aliases;
  
  generating, in response to the determination, aliases independent from the sensitive data elements;
  
  generating an association between the generated aliases and the sensitive data elements;
  
  restricting access to the sensitive data elements to a set of authorized users;
  
  providing the aliases in place of the sensitive data elements in response to access request to the sensitive data elements by a set of standard users, where at least some of the standard users are not included in the set of authorized users; and
  
  retrieving the stored verification data for validating, in response to a request for decryption, the relationship between the sensitive data elements and the aliases.
- View Dependent Claims (2, 3, 4, 6, 7, 8, 9)
- - 2. The computerized method of claim 1 further including the step of decrypting the sensitive data elements for use by the set of authorized users.
  - 3. The computerized method of claim 1 further including the steps of:
    - identifying an alias corresponding to a sensitive data element selected by an authorized user; and
      
      providing the identified alias to said authorized user.
  - 4. The computerized method of claim 1 further including the steps of:
    - identifying a sensitive data element corresponding to an alias selected by an authorized user; and
      
      providing the identified sensitive data element to said authorized user.
  - 6. The computerized method of claim 1 wherein the aliases are generated randomly and each alias is uniquely identifiable.
  - 7. The computerized method of claim 1 including the step of appending a portion of a sensitive data element to an alias associated with said sensitive data element.
  - 8. The computerized method of claim 4 including the step of creating a log of activities by the authorized users and the standard users.
  - 9. The computerized method of claim 1 wherein, the sensitive data elements are stored in a first database and the aliases are stored in a second database.

5. A computerized method of encrypting data sets containing sensitive data elements and generating aliases to represent the sensitive data elements, the method including the steps of:
- encrypting the sensitive data elements using a first encryption method that generates binary string representations of the sensitive data elements;
  
  formatting the binary representations of the sensitive data elements according to a text format;
  
  comparing the formatted sensitive data elements to stored sensitive data elements to determine if ones of the sensitive data elements have existing aliases;
  
  generating, in response to the determination, aliases independent from the sensitive data elements;
  
  generating an association between the generated aliases and the sensitive data elements;
  
  restricting access to the sensitive data elements to a set of authorized users;
  
  providing the aliases in place of the sensitive data elements in response to access request to the sensitive data elements by a set of standard users, where at least some of the standard users are not included in the set of authorized users;
  
  decrypting the sensitive data elements and subsequently encrypting the sensitive data elements using a second encryption method;
  
  maintaining the association between the aliases and the sensitive data elements; and
  
  formatting the sensitive data elements to represent displayable characters.

10. A computerized method of managing a database receiving encrypted data sets containing sensitive data elements and generating aliases to represent the sensitive data elements, the method including the steps of:
- determining if the sensitive data elements are encrypted;
  
  decrypting the sensitive data elements in response to a determination that the sensitive data is encrypted;
  
  encrypting the sensitive data elements using a first encryption method resulting in encrypted sensitive data;
  
  generating aliases independent from the sensitive data elements;
  
  generating an association between the aliases and the sensitive data elements;
  
  storing verification data for maintenance of a relationship between the sensitive data elements and the aliases for the sensitive data elements;
  
  restricting access to the sensitive data elements to a set of authorized users;
  
  retrieving the stored verification data for validating, in response to a request for decryption, the relationship between the sensitive data elements and the aliases; and
  
  providing the aliases in place of the sensitive data elements in response to access requests to the sensitive data elements by a set of standard users, where at least some of the standard users are not included in the set of authorized users.
- View Dependent Claims (11, 12, 13, 15, 16, 17, 18, 19, 20)
- - 11. The computerized method of claim 10 further including the step of decrypting the sensitive data elements for use by an authorized user.
  - 12. The computerized method of claim 10 further including the steps of:
    - identifying an alias corresponding to a sensitive data element selected by authorized users; and
      
      providing the identified alias to the authorized user.
  - 13. The computerized method of claim 12 further including the steps of:
    - identifying a sensitive data element corresponding to an alias selected by an authorized user; and
      
      providing the identified sensitive data element to the authorized user.
  - 15. The computerized method of claim 10 where the aliases are generated randomly and each alias is uniquely identifiable.
  - 16. The computerized method of claim 10 including the step of appending a portion of a sensitive data element to an alias associated with said sensitive data element.
  - 17. The computerized method of claim 13 including the step of creating a log of access attempts by the authorized users and the standard users.
  - 18. The computerized method of claim 10 including the steps of:
    - formatting the encrypted sensitive data elements using uuencode or base64 algorithms; and
      
      storing the formatted encrypted sensitive data elements in the database.
  - 19. The computerized method of claim 10, including the steps of:
    - transferring encrypted access information to an application that is used accessing the database;
      
      decrypting the encrypted access information;
      
      using the decrypted access information to configure access restrictions to the database; and
      
      wherein the decrypted access information is hidden from users of the application.
  - 20. The computerized method of claim 10, wherein a first processor is used to perform the encrypting and decrypting and a second processor is used when using the aliases in place of the sensitive data elements.

14. A computerized method of encrypting data sets containing sensitive data elements and generating aliases to represent the sensitive data elements, the method including the steps of:
- encrypting the sensitive data elements using a first encryption method that generates binary string representations of the sensitive data elements;
  
  formatting the binary representations of the sensitive data elements according to a text format;
  
  comparing the formatted sensitive data elements to stored sensitive data elements to determine if ones of the sensitive data elements have existing aliases;
  
  generating, in response to the determination, aliases independent from the sensitive data elements;
  
  generating an association between the generated aliases and the sensitive data elements;
  
  restricting access to the sensitive data elements to a set of authorized users;
  
  providing the aliases in place of the sensitive data elements in response to access request to the sensitive data elements by a set of standard users, where at least some of the standard users are not included in the set of authorized users;
  
  decrypting the encrypted sensitive data elements and subsequently encrypting the sensitive data elements using a second encryption method;
  
  maintaining the association between the aliases and the sensitive data elements; and
  
  formatting the encrypted sensitive data elements to represent displayable characters.

21. A database processing arrangement for using data sets associated with sensitive data elements, the arrangement comprising:
- a database for storing the data sets and wherein the data sets include sensitive data elements;
  
  an encryption arrangement for encrypting the sensitive data elements using a first encryption scheme and wherein binary representations of the sensitive data elements are formatted according to a text format that would correspond to at least one prospective alias for the sensitive data elements;
  
  an alias generator for generating aliases and associating the aliases to the sensitive data elements, and for storing verification data for maintenance of a relationship between the sensitive data elements and aliases for the sensitive data elements, wherein the verification data is stored for subsequent retrieval, in response to a request for decryption, for validating the relationship between the sensitive data elements and the aliases; and
  
  an interface for access to the database wherein the interface is configured to respond to an access request for the same sensitive data element by providing the sensitive data element, in response to the access request originating from an authorized application, and providing a associated alias, in response to the access request origination from a standard application.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 22. The database processing arrangement of claim 21, further including a formatting arrangement for formatting the encrypted forms of the sensitive data elements to represent displayable characters.
  - 23. The database processing arrangement of claim 21, wherein the interface is further for providing secure access to the encrypted forms of the sensitive data elements.
  - 24. The database processing arrangement of claim 21, wherein the datasets contain information related to the sensitive data elements and the aliases.
  - 25. The database processing arrangement of claim 21, wherein the alias generator is further for randomly generating the aliases.
  - 26. The database processing arrangement of claim 21, wherein the encryption arrangement is further for performing a re-encryption function that:
    - decrypts the encrypted forms of a sensitive data elements;
      
      subsequently encrypts sensitive data elements using a second encryption scheme; and
      
      maintains the association between aliases and the sensitive data elements.
  - 27. The database processing arrangement of claim 26, wherein the encryption arrangement is further for performing the re-encryption function on all of the sensitive data elements in response to input from the interface.
  - 28. The database processing arrangement of claim 27, wherein the encryption arrangement is further for using a first key to perform the first encryption scheme and a second key to perform the second encryption scheme.
  - 29. The database processing arrangement of claim 27, wherein:
    - the encryption arrangement is further for using a first key to perform the first encryption scheme;
      
      a second key to perform the second encryption scheme; and
      
      wherein both the first and second keys are input through the interface.
  - 30. The database processing arrangement of claim 21, wherein the datasets contain personal identification data.
  - 31. The database processing arrangement of claim 21, wherein the interface is further for:
    - restricting access to the sensitive data elements to a set of authorized users; and
      
      providing the aliases in place of the sensitive data elements for a set of standard users, wherein at least some of the standard users are not included in the set of authorized users.
  - 32. The database processing arrangement of claim 21, further including a second database for storing the aliases.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Appriss Retail Information LLC
Original Assignee
Aspect Loss Prevention, LLC (Verisk Analytics Incorporated)
Inventors
Duhaime, Brad J., Duhaime, David A.
Primary Examiner(s)
Arani; Taghi T
Assistant Examiner(s)
Jeudy; Josnel

Application Number

US11/372,750
Time in Patent Office

1,768 Days
Field of Search

369/99, 369/101, 369/100, 365/158, 365/129, 365/151, 365/170, 345/173, 345/156, 726/4, 726/5, 726/6, 726/17, 726/18, 726/19, 726 23- 30, 707/9, 707/10, 709/204, 709/206, 709247-249, 709/203
US Class Current

726/28
CPC Class Codes

G06F 16/122   using management policies b...

G06F 21/32   using biometric data, e.g. ...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

G06F 2221/2101   Auditing as a secondary aspect

G06Q 20/356   Aspects of software for car...

G06Q 20/383   Anonymous user system

H04L 9/0625   with splitting of the data ...

H04L 9/0631   Substitution permutation ne...

H04L 9/0643   Hash functions, e.g. MD5, S...

Sensitive data aliasing

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Sensitive data aliasing

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links