Sensitive data aliasing

US 9,460,298 B1
Filed: 09/02/2015
Issued: 10/04/2016
Est. Priority Date: 01/27/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for protecting sensitive data elements by using access control and associating aliases to the sensitive data elements, comprising:

encrypting, by a computer processor, sensitive data elements to produce encrypted sensitive data elements;

generating, by the computer processor and for the sensitive data elements, aliases that are independent from the sensitive data elements;

generating, by the computer processor, an association between the aliases and the sensitive data elements;

storing the aliases and the encrypted sensitive data elements in one or more storage devices;

displaying an interface that includes selection options for requesting access to the one or more storage devices and for verifying an identity of users that are requesting the access to the one or more storage devices;

determining, by the computer processor, that a first user is in a standard set of users, the first user requesting the access to the one or more storage devices through the interface;

returning, by the computer processor and in response to determining that the first user is in the standard set of users, the aliases in place of the sensitive data elements to the first user via the interface;

receiving, from a second user, an alias of the aliases in place of the sensitive data elements;

determining, by the computer processor, that the second user is in an authorized set of users, where the authorized set of users does include at least some users in the standard set of users; and

returning a sensitive data element associated with the received alias, by the computer processor and based upon a generated association between the returned sensitive data element and the received alias, to the second user via the interface.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Database management and security is implemented in a variety of embodiments. In one such embodiment, data sets containing sensitive data elements are analyzed using aliases representing sensitive data elements. In another embodiment, the sensitive data elements are stored in an encrypted form for use from a secure access, while the alias is available for standard access.

27 Citations

View as Search Results

18 Claims

1. A computer-implemented method for protecting sensitive data elements by using access control and associating aliases to the sensitive data elements, comprising:
- encrypting, by a computer processor, sensitive data elements to produce encrypted sensitive data elements;
  
  generating, by the computer processor and for the sensitive data elements, aliases that are independent from the sensitive data elements;
  
  generating, by the computer processor, an association between the aliases and the sensitive data elements;
  
  storing the aliases and the encrypted sensitive data elements in one or more storage devices;
  
  displaying an interface that includes selection options for requesting access to the one or more storage devices and for verifying an identity of users that are requesting the access to the one or more storage devices;
  
  determining, by the computer processor, that a first user is in a standard set of users, the first user requesting the access to the one or more storage devices through the interface;
  
  returning, by the computer processor and in response to determining that the first user is in the standard set of users, the aliases in place of the sensitive data elements to the first user via the interface;
  
  receiving, from a second user, an alias of the aliases in place of the sensitive data elements;
  
  determining, by the computer processor, that the second user is in an authorized set of users, where the authorized set of users does include at least some users in the standard set of users; and
  
  returning a sensitive data element associated with the received alias, by the computer processor and based upon a generated association between the returned sensitive data element and the received alias, to the second user via the interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising using biometric information as part of the determining, by the computer processor, that the second user is in the authorized set of users.
  - 3. The method of claim 1, wherein the returning, by the computer processor and in response to determining that the first user is in the standard set of users, the aliases includes returning the aliases to a standard application running on a different computer.
  - 4. The method of claim 1, wherein the sensitive data elements are credit card numbers and the method further comprises:
    - identifying a credit card number corresponding to an alias selected by an authorized user; and
      
      providing the identified credit card number to said authorized user through a circuit interface.
  - 5. The method of claim 4, further including:
    - decrypting the encrypted sensitive data elements using a first cryptographic algorithm and subsequently encrypting the sensitive data elements using a second cryptographic algorithm that is different from the first cryptographic algorithm; and
      
      maintaining the association between the aliases and the sensitive data elements as encrypted using the second cryptographic algorithm.
  - 6. The method of claim 4, further including creating a log of activities by the authorized users and the standard users.
  - 7. The method of claim 1, further including formatting the encrypted sensitive data elements to represent displayable characters.
  - 8. The method of claim 1, further including appending a portion of a particular sensitive data element to an alias associated with the particular sensitive data element.
  - 9. The method of claim 1, wherein the sensitive data elements are stored in a first database and the aliases are stored in a second database.

10. An apparatus for handling sensitive data elements, the apparatus comprising:
- a storage device configured to store and provide access to sensitive data elements that are encrypted using a first encryption method;
  
  at least one computer processor configured to;
  
  encrypt, by the computer processor, sensitive data elements to produce the encrypted sensitive data elements;
  
  generate, by the computer processor and for the sensitive data elements, aliases that are independent from the sensitive data elements;
  
  generate, by the computer processor, an association between the aliases and the sensitive data elements;
  
  store the aliases and the encrypted sensitive data elements in one or more storage devices;
  
  display an interface that includes selection options requesting access to the one or more storage devices and for verifying an identity of users that are requesting the access to the one or more storage devices;
  
  determine, by the computer processor, that a first user is in a standard set of users, the first user requesting the access to the one or more storage devices through the interface;
  
  return, by the computer processor and in response to determining that the first user is in the standard set of users, the aliases in place of the sensitive data elements to the first user via the interface;
  
  receive, from a second user, an alias of the aliases in place of the sensitive data elements;
  
  determine, by the computer processor, that the second user is in an authorized set of users, where the authorized set of users includes at least some users in the standard set of users; and
  
  return a sensitive data element associated with the received alias, by the computer processor and based upon a generated association between the returned sensitive data element and the received alias, to the second user via the interface.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus of claim 10, wherein the at least one computer processor is further configured to use biometric information as part of the determining, by the computer processor, that the second user is in the authorized set of users.
  - 12. The apparatus of claim 10, wherein the at least one computer processor is further configured to return the aliases to a standard application running on a different computer.
  - 13. The apparatus of claim 10, wherein the at least one computer processor is further configured to:
    - identify a credit card number corresponding to an alias selected by an authorized user; and
      
      provide the identified credit card number to said authorized user through a circuit interface.
  - 14. The apparatus of claim 10, wherein the sensitive data elements are credit card numbers and the computer processor is further configured to:
    - decrypt the encrypted sensitive data elements using a first cryptographic algorithm and subsequently encrypt the sensitive data elements using a second cryptographic algorithm that is different from the first cryptographic algorithm; and
      
      maintain the association between the aliases and the sensitive data elements as encrypted using the second cryptographic algorithm.
  - 15. The apparatus of claim 14, wherein the computer processor is further configured to format the encrypted sensitive data elements to represent displayable characters.
  - 16. The apparatus of claim 14, wherein the computer processor is further configured to append a portion of a particular sensitive data element to an alias associated with the particular sensitive data element.
  - 17. The apparatus claim 13, wherein the computer processor is further configured to create a log of activities by the authorized users and the standard users.
  - 18. The apparatus of claim 10, wherein the sensitive data elements are stored in a first database and the aliases are stored in a second database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Appriss Retail Information LLC
Original Assignee
Verisk Crime Analytics, Inc.
Inventors
Duhaime, David A., Duhaime, Brad J.
Primary Examiner(s)
Jeudy, Josnel

Application Number

US14/843,081
Time in Patent Office

398 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/122   using management policies b...

G06F 21/32   using biometric data, e.g. ...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

G06F 2221/2101   Auditing as a secondary aspect

G06Q 20/356   Aspects of software for car...

G06Q 20/383   Anonymous user system

H04L 9/0625   with splitting of the data ...

H04L 9/0631   Substitution permutation ne...

H04L 9/0643   Hash functions, e.g. MD5, S...

Sensitive data aliasing

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

27 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Sensitive data aliasing

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others