Sensitive data aliasing
First Claim
Patent Images
1. A computer-implemented method for protecting sensitive data elements by using access control and associating aliases to the sensitive data elements, comprising:
- encrypting, by a computer processor, sensitive data elements to produce encrypted sensitive data elements;
generating, by the computer processor and for the sensitive data elements, aliases that are independent from the sensitive data elements;
generating, by the computer processor, an association between the aliases and the sensitive data elements;
storing the aliases and the encrypted sensitive data elements in one or more storage devices;
displaying an interface that includes selection options for requesting access to the one or more storage devices and for verifying an identity of users that are requesting the access to the one or more storage devices;
determining, by the computer processor, that a first user is in a standard set of users, the first user requesting the access to the one or more storage devices through the interface;
returning, by the computer processor and in response to determining that the first user is in the standard set of users, the aliases in place of the sensitive data elements to the first user via the interface;
receiving, from a second user, an alias of the aliases in place of the sensitive data elements;
determining, by the computer processor, that the second user is in an authorized set of users, where the authorized set of users does include at least some users in the standard set of users; and
returning a sensitive data element associated with the received alias, by the computer processor and based upon a generated association between the returned sensitive data element and the received alias, to the second user via the interface.
7 Assignments
0 Petitions
Accused Products
Abstract
Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.
27 Citations
18 Claims
-
1. A computer-implemented method for protecting sensitive data elements by using access control and associating aliases to the sensitive data elements, comprising:
-
encrypting, by a computer processor, sensitive data elements to produce encrypted sensitive data elements; generating, by the computer processor and for the sensitive data elements, aliases that are independent from the sensitive data elements; generating, by the computer processor, an association between the aliases and the sensitive data elements; storing the aliases and the encrypted sensitive data elements in one or more storage devices; displaying an interface that includes selection options for requesting access to the one or more storage devices and for verifying an identity of users that are requesting the access to the one or more storage devices; determining, by the computer processor, that a first user is in a standard set of users, the first user requesting the access to the one or more storage devices through the interface; returning, by the computer processor and in response to determining that the first user is in the standard set of users, the aliases in place of the sensitive data elements to the first user via the interface; receiving, from a second user, an alias of the aliases in place of the sensitive data elements; determining, by the computer processor, that the second user is in an authorized set of users, where the authorized set of users does include at least some users in the standard set of users; and returning a sensitive data element associated with the received alias, by the computer processor and based upon a generated association between the returned sensitive data element and the received alias, to the second user via the interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus for handling sensitive data elements, the apparatus comprising:
-
a storage device configured to store and provide access to sensitive data elements that are encrypted using a first encryption method; at least one computer processor configured to; encrypt, by the computer processor, sensitive data elements to produce the encrypted sensitive data elements; generate, by the computer processor and for the sensitive data elements, aliases that are independent from the sensitive data elements; generate, by the computer processor, an association between the aliases and the sensitive data elements; store the aliases and the encrypted sensitive data elements in one or more storage devices; display an interface that includes selection options requesting access to the one or more storage devices and for verifying an identity of users that are requesting the access to the one or more storage devices; determine, by the computer processor, that a first user is in a standard set of users, the first user requesting the access to the one or more storage devices through the interface; return, by the computer processor and in response to determining that the first user is in the standard set of users, the aliases in place of the sensitive data elements to the first user via the interface; receive, from a second user, an alias of the aliases in place of the sensitive data elements; determine, by the computer processor, that the second user is in an authorized set of users, where the authorized set of users includes at least some users in the standard set of users; and return a sensitive data element associated with the received alias, by the computer processor and based upon a generated association between the returned sensitive data element and the received alias, to the second user via the interface. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification