Sensitive data aliasing

US 8,544,110 B2
Filed: 05/15/2012
Issued: 09/24/2013
Est. Priority Date: 01/27/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A computerized method of encrypting data sets containing data elements and generating aliases to represent the data elements, the method including the steps of:

by operating at least one computer,encrypting the data elements using a first encryption method;

generating aliases independent from the data elements;

generating an association between the aliases and the data elements;

restricting access to the data elements to a set of authorized users; and

by providing a circuit interface communicatively coupled to the at least one using the aliases in place of the data elements for a set of standard users, where at least some of the standard users are not included in the set of authorized users;

computer, permitting qualified access to the aliases and the data elements; and

maintaining data, accessible by a data-processing circuit, of data elements corresponding to one or more aliases as indicated by request information from the data-processing circuit.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.

18 Citations

View as Search Results

32 Claims

1. A computerized method of encrypting data sets containing data elements and generating aliases to represent the data elements, the method including the steps of:
- by operating at least one computer,encrypting the data elements using a first encryption method;
  
  generating aliases independent from the data elements;
  
  generating an association between the aliases and the data elements;
  
  restricting access to the data elements to a set of authorized users; and
  
  by providing a circuit interface communicatively coupled to the at least one using the aliases in place of the data elements for a set of standard users, where at least some of the standard users are not included in the set of authorized users;
  
  computer, permitting qualified access to the aliases and the data elements; and
  
  maintaining data, accessible by a data-processing circuit, of data elements corresponding to one or more aliases as indicated by request information from the data-processing circuit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computerized method of claim 1 further including the step of allowing access, via the data-processing circuit, to aliases based on whether the request information indicates an access request by an authorized user.
  - 3. The computerized method of claim 1 further including the steps of:
    - identifying an alias corresponding to a data element selected by an authorized user; and
      
      providing the identified alias to said authorized user through the circuit interface.
  - 4. The computerized method of claim 1 further including the steps of:
    - identifying a data element corresponding to an alias selected by an authorized user; and
      
      providing the identified data element to said authorized user through the circuit interface.
  - 5. The computerized method of claim 1 further including the step of:
    - decrypting the data elements and subsequently encrypting the data elements using a second encryption method; and
      
      maintaining the association between the aliases and the data elements.
  - 6. The computerized method of claim 1 further including formatting the data elements to represent displayable characters.
  - 7. The computerized method of claim 1 including the step of appending a portion of a data element to an alias associated with said data element.
  - 8. The computerized method of claim 4 including the step of creating a log of activities by the authorized users and the standard users.
  - 9. The computerized method of claim 1 wherein the data elements are stored in a first database and the aliases are stored in a second database.

10. A computerized method of managing a database receiving encrypted data sets containing data elements and generating aliases to represent the data elements, the method including the steps of:
- by operating at least one computer,determining if the data elements are encrypted;
  
  decrypting the data elements in response to a determination that the data is encrypted;
  
  encrypting the data elements using a first encryption method resulting in encrypted data;
  
  generating aliases independent from the data elements;
  
  generating an association between the aliases and the data elements;
  
  restricting access to the data elements to a set of authorized users; and
  
  using the aliases in place of the data elements for a set of standard users, where at least some of the standard users are not included in the set of authorized users; and
  
  by providing a circuit interface communicatively coupled to the at least one computer, permitting qualified access to the aliases and the data elements.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The computerized method of claim 10 further including the step of decrypting the data elements for use by an authorized user.
  - 12. The computerized method of claim 10 further including the steps of:
    - identifying an alias corresponding to a data element selected by authorized users; and
      
      providing the identified alias to the authorized user through the circuit interface.
  - 13. The computerized method of claim 12 further including the steps of:
    - identifying a data element corresponding to an alias selected by an authorized user; and
      
      providing the identified data element to the authorized user through the circuit interface.
  - 14. The computerized method of claim 10 further including the steps of:
    - decrypting the encrypted data elements and subsequently encrypting the data elements using a second encryption method;
      
      maintaining the association between the aliases and the data elements; and
      
      formatting the encrypted data elements to represent displayable characters.
  - 15. The computerized method of claim 14 where the aliases are generated randomly and each alias is uniquely identifiable.
  - 16. The computerized method of claim 10 including the step of appending a portion of a data element to an alias associated with said data element.
  - 17. The computerized method of claim 13 including the step of creating a log of access attempts by the authorized users and the standard users.
  - 18. The computerized method of claim 10 including the steps of:
    - formatting the encrypted data elements using uuencode or base64 algorithms; and
      
      storing the formatted encrypted data elements in the database.
  - 19. The computerized method of claim 10, including the steps of:
    - transferring encrypted access information to an application that is used for accessing the database;
      
      decrypting the encrypted access information;
      
      using the decrypted access information to configure access restrictions to the database; and
      
      wherein the decrypted access information is hidden from users of the application.
  - 20. The computerized method of claim 10, wherein a first processor is used to perform the encrypting and decrypting, and a second processor is used when using the aliases in place of the data elements.

21. A database processing system for using data sets associated with data elements, the system comprising:
- a database for storing the data sets and wherein the data sets include data elements that are accessible to a set of authorized users;
  
  an encryption arrangement, having at least one computer circuit, for encrypting the data elements using a first encryption scheme;
  
  an alias generator, implemented in the computer circuit, for generating aliases and associating the aliases to the data elements; and
  
  an interface circuit for accessing the database, and for using the aliases in place of the data elements for a set of standard users, where at least some of the standard users are not included in the set of authorized users, and wherein the interface circuit is communicatively coupled to at least one computer, and permits qualified access to the aliases and the data elements.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 22. The database processing system of claim 21, further including a formatting arrangement for formatting the encrypted forms of the data elements to represent displayable characters.
  - 23. The database processing system of claim 21, wherein the interface circuit provides secure access to the encrypted forms of the sensitive data elements.
  - 24. The database processing system of claim 21, wherein the data sets contain information related to the data elements and the aliases.
  - 25. The database processing system of claim 21, wherein the alias generator randomly generates the aliases.
  - 26. The database processing system of claim 21, wherein the encryption arrangement is configured and arranged to perform a re-encryption function that:
    - decrypts the encrypted forms of data elements;
      
      subsequently encrypts the data elements using a second encryption scheme; and
      
      maintains the association between the aliases and the data elements.
  - 27. The database processing system of claim 26, wherein the encryption arrangement performs the re-encryption function on all of the data elements in response to input from the interface circuit.
  - 28. The database processing system of claim 27, wherein the encryption arrangement uses a first key to perform the first encryption scheme and a second key to perform the second encryption scheme.
  - 29. The database processing system of claim 27, wherein:
    - the encryption arrangement uses a first key to perform the first encryption scheme;
      
      the encryption arrangement uses a second key to perform the second encryption scheme; and
      
      both the first and second keys are input through the interface circuit.
  - 30. The database processing system of claim 21, wherein the data sets contain personal identification data.
  - 31. The database processing system of claim 21, wherein the interface circuit:
    - restricts access to the data elements to a set of authorized users; and
      
      provides the aliases in place of the data elements for a set of standard users, wherein at least some of the standard users are not included in the set of authorized users.
  - 32. The database processing system of claim 21, further including a second database for storing the aliases separately for the data elements.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Appriss Retail Information LLC
Original Assignee
Verisk Crime Analytics, Inc.
Inventors
Duhaime, David A., Duhaime, Brad J.
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Jeudy, Josnel

Application Number

US13/472,279
Publication Number

US 20120233471A1
Time in Patent Office

497 Days
Field of Search

726 26- 30, 713189-194
US Class Current

726/28
CPC Class Codes

G06F 16/122   using management policies b...

G06F 21/32   using biometric data, e.g. ...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

G06F 2221/2101   Auditing as a secondary aspect

G06Q 20/356   Aspects of software for car...

G06Q 20/383   Anonymous user system

H04L 9/0625   with splitting of the data ...

H04L 9/0631   Substitution permutation ne...

H04L 9/0643   Hash functions, e.g. MD5, S...

Sensitive data aliasing

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Sensitive data aliasing

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links