Sensitive data aliasing
First Claim
Patent Images
1. A computerized method of encrypting data sets containing sensitive data elements and generating aliases to represent the sensitive data elements, the method including the steps of:
- storing verification data for maintenance of a relationship between the sensitive data elements and aliases for the sensitive data elements;
encrypting the sensitive data elements using a first encryption method that generates binary string representations of the sensitive data elements;
formatting the binary representations of the sensitive data elements according to a text format that would correspond to at least one prospective alias for the sensitive data elements;
comparing the formatted sensitive data elements to stored sensitive data elements to determine if ones of the sensitive data elements have existing aliases;
generating, in response to the determination, aliases independent from the sensitive data elements;
generating an association between the generated aliases and the sensitive data elements;
restricting access to the sensitive data elements to a set of authorized users;
providing the aliases in place of the sensitive data elements in response to access request to the sensitive data elements by a set of standard users, where at least some of the standard users are not included in the set of authorized users; and
retrieving the stored verification data for validating, in response to a request for decryption, the relationship between the sensitive data elements and the aliases.
6 Assignments
0 Petitions
Accused Products
Abstract
Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.
-
Citations
32 Claims
-
1. A computerized method of encrypting data sets containing sensitive data elements and generating aliases to represent the sensitive data elements, the method including the steps of:
-
storing verification data for maintenance of a relationship between the sensitive data elements and aliases for the sensitive data elements; encrypting the sensitive data elements using a first encryption method that generates binary string representations of the sensitive data elements; formatting the binary representations of the sensitive data elements according to a text format that would correspond to at least one prospective alias for the sensitive data elements; comparing the formatted sensitive data elements to stored sensitive data elements to determine if ones of the sensitive data elements have existing aliases; generating, in response to the determination, aliases independent from the sensitive data elements; generating an association between the generated aliases and the sensitive data elements; restricting access to the sensitive data elements to a set of authorized users; providing the aliases in place of the sensitive data elements in response to access request to the sensitive data elements by a set of standard users, where at least some of the standard users are not included in the set of authorized users; and retrieving the stored verification data for validating, in response to a request for decryption, the relationship between the sensitive data elements and the aliases. - View Dependent Claims (2, 3, 4, 6, 7, 8, 9)
-
-
5. A computerized method of encrypting data sets containing sensitive data elements and generating aliases to represent the sensitive data elements, the method including the steps of:
-
encrypting the sensitive data elements using a first encryption method that generates binary string representations of the sensitive data elements; formatting the binary representations of the sensitive data elements according to a text format; comparing the formatted sensitive data elements to stored sensitive data elements to determine if ones of the sensitive data elements have existing aliases; generating, in response to the determination, aliases independent from the sensitive data elements; generating an association between the generated aliases and the sensitive data elements; restricting access to the sensitive data elements to a set of authorized users; providing the aliases in place of the sensitive data elements in response to access request to the sensitive data elements by a set of standard users, where at least some of the standard users are not included in the set of authorized users; decrypting the sensitive data elements and subsequently encrypting the sensitive data elements using a second encryption method; maintaining the association between the aliases and the sensitive data elements; and formatting the sensitive data elements to represent displayable characters.
-
-
10. A computerized method of managing a database receiving encrypted data sets containing sensitive data elements and generating aliases to represent the sensitive data elements, the method including the steps of:
-
determining if the sensitive data elements are encrypted; decrypting the sensitive data elements in response to a determination that the sensitive data is encrypted; encrypting the sensitive data elements using a first encryption method resulting in encrypted sensitive data; generating aliases independent from the sensitive data elements; generating an association between the aliases and the sensitive data elements; storing verification data for maintenance of a relationship between the sensitive data elements and the aliases for the sensitive data elements; restricting access to the sensitive data elements to a set of authorized users; retrieving the stored verification data for validating, in response to a request for decryption, the relationship between the sensitive data elements and the aliases; and providing the aliases in place of the sensitive data elements in response to access requests to the sensitive data elements by a set of standard users, where at least some of the standard users are not included in the set of authorized users. - View Dependent Claims (11, 12, 13, 15, 16, 17, 18, 19, 20)
-
-
14. A computerized method of encrypting data sets containing sensitive data elements and generating aliases to represent the sensitive data elements, the method including the steps of:
-
encrypting the sensitive data elements using a first encryption method that generates binary string representations of the sensitive data elements; formatting the binary representations of the sensitive data elements according to a text format; comparing the formatted sensitive data elements to stored sensitive data elements to determine if ones of the sensitive data elements have existing aliases; generating, in response to the determination, aliases independent from the sensitive data elements; generating an association between the generated aliases and the sensitive data elements; restricting access to the sensitive data elements to a set of authorized users; providing the aliases in place of the sensitive data elements in response to access request to the sensitive data elements by a set of standard users, where at least some of the standard users are not included in the set of authorized users; decrypting the encrypted sensitive data elements and subsequently encrypting the sensitive data elements using a second encryption method; maintaining the association between the aliases and the sensitive data elements; and formatting the encrypted sensitive data elements to represent displayable characters.
-
-
21. A database processing arrangement for using data sets associated with sensitive data elements, the arrangement comprising:
-
a database for storing the data sets and wherein the data sets include sensitive data elements; an encryption arrangement for encrypting the sensitive data elements using a first encryption scheme and wherein binary representations of the sensitive data elements are formatted according to a text format that would correspond to at least one prospective alias for the sensitive data elements; an alias generator for generating aliases and associating the aliases to the sensitive data elements, and for storing verification data for maintenance of a relationship between the sensitive data elements and aliases for the sensitive data elements, wherein the verification data is stored for subsequent retrieval, in response to a request for decryption, for validating the relationship between the sensitive data elements and the aliases; and an interface for access to the database wherein the interface is configured to respond to an access request for the same sensitive data element by providing the sensitive data element, in response to the access request originating from an authorized application, and providing a associated alias, in response to the access request origination from a standard application. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification