Customer vehicle data security method
First Claim
1. A method of operating a database stored on one or more database servers, wherein each of the one or more database servers are located at a remote facility and includes an electronic processor and non-volatile, computer-readable memory containing at least part of the database, wherein the database comprises:
- an identifier mapping table that contains mapping data entries wherein each mapping data entry associates a unique identifier with an affiliated identifier;
a plaintext table that contains non-sensitive data entries; and
an encryption table that contains sensitive data entries;
wherein the remote facility includes at least one computer that is capable of carrying out the method steps, wherein each computer includes an electronic processor, wherein each computer is configured to decrypt the identifier mapping table using a first encryption key, and wherein the method comprises the steps of;
(a) receiving a data message, wherein the data message contains a unique identifier;
(b) providing an affiliated identifier to be associated with the unique identifier;
(c) encrypting sensitive data using a second encryption key, wherein the sensitive data includes data from the data message or data pertaining to or derived from the data message;
(d) storing non-sensitive data and the affiliated identifier in the plaintext table and storing the encrypted sensitive data and the affiliated identifier in the encrypted table, wherein the non-sensitive data includes data from the data message or data pertaining to or derived from the data message;
(e) storing a new mapping data entry in the identifier mapping table, wherein the new mapping data entry contains the unique identifier and the affiliated identifier;
(f) encrypting the identifier mapping table using the first encryption key; and
(g) writing the encrypted identifier mapping table to the non-volatile, computer-readable medium.
1 Assignment
0 Petitions
Accused Products
Abstract
A database system and method for managing and storing sensitive and non-sensitive vehicle data. Received vehicle data messages are processed to separate out sensitive and non-sensitive data. The data is stored in a database having: an encrypted table, a plain-text table, and an identification mapping table. The encrypted table contains the sensitive data entries in an encrypted format. The plain-text table contains the non-sensitive data entries in a plaintext form. The identification mapping table contains a plurality of mapping data entries, wherein each mapping data entry associates a unique identifier to an affiliated identifier that is used to recall data from the encrypted table and the plain-text table.
-
Citations
16 Claims
-
1. A method of operating a database stored on one or more database servers, wherein each of the one or more database servers are located at a remote facility and includes an electronic processor and non-volatile, computer-readable memory containing at least part of the database, wherein the database comprises:
-
an identifier mapping table that contains mapping data entries wherein each mapping data entry associates a unique identifier with an affiliated identifier; a plaintext table that contains non-sensitive data entries; and an encryption table that contains sensitive data entries; wherein the remote facility includes at least one computer that is capable of carrying out the method steps, wherein each computer includes an electronic processor, wherein each computer is configured to decrypt the identifier mapping table using a first encryption key, and wherein the method comprises the steps of; (a) receiving a data message, wherein the data message contains a unique identifier; (b) providing an affiliated identifier to be associated with the unique identifier; (c) encrypting sensitive data using a second encryption key, wherein the sensitive data includes data from the data message or data pertaining to or derived from the data message; (d) storing non-sensitive data and the affiliated identifier in the plaintext table and storing the encrypted sensitive data and the affiliated identifier in the encrypted table, wherein the non-sensitive data includes data from the data message or data pertaining to or derived from the data message; (e) storing a new mapping data entry in the identifier mapping table, wherein the new mapping data entry contains the unique identifier and the affiliated identifier; (f) encrypting the identifier mapping table using the first encryption key; and (g) writing the encrypted identifier mapping table to the non-volatile, computer-readable medium. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A database system, comprising:
-
a database stored on a computer-readable medium that is included as a part of one or more database servers, comprising; an encrypted table, wherein the encrypted table contains a plurality of sensitive data entries, wherein each sensitive data entry contains sensitive information and is in an encrypted format; a plain-text table, wherein the plain-text table contains a plurality of non-sensitive data entries, wherein each non-sensitive data entry is in a plaintext form; and an identification mapping table, wherein the identification mapping table contains a plurality of mapping data entries, wherein each mapping data entry associates a unique identifier to an affiliated identifier that is used to recall data from the encrypted table and the plain-text table; a computer, wherein the computer comprises a processor, memory, and a computer-readable medium; and an application that is stored on the computer, wherein the application manages input and output operations performed by the computer for the database in response to receiving data; wherein the application, when executed by the processor, causes the computer to; receive a data message, wherein the data message contains a unique identifier; provide an affiliated identifier to be associated with the unique identifier; encrypt sensitive data using a second encryption key, wherein the sensitive data includes data from the data message or data pertaining to or derived from the data message; store the encrypted sensitive data and the affiliated identifier in the encrypted table; store non-sensitive data and the affiliated identifier in the plaintext table, wherein the non-sensitive data includes data from the data message or data pertaining to or derived from the data message; store a new mapping data entry in the identifier mapping table, wherein the new mapping data entry contains the unique identifier and the affiliated identifier; encrypt the identifier mapping table using the first encryption key; and write the encrypted identifier mapping table to the non-volatile, computer-readable medium.
-
-
14. A method of operating a database stored on one or more non-volatile, computer-readable memory devices that are accessible by one or more computers, wherein each of the one or more computers includes an electronic processor and computer-readable memory, wherein the one or more computers are configured to carry out the method, wherein the database comprises:
- an identifier mapping table that contains mapping data entries wherein each mapping data entry associates a unique identifier with an affiliated identifier;
a plaintext table that contains non-sensitive data entries; and
an encryption table that contains sensitive data entries; and
wherein the method comprises the steps of;(a) decrypting the identifier mapping table using a first cryptographic key; (b) receiving a plurality of data messages via a land network and a cellular carrier system from a vehicle, wherein the data message contains a unique identifier that uniquely identifies the vehicle, and wherein the data messages contain sensitive data and non-sensitive data; (c) for each of the received data messages, obtaining an affiliated identifier to be associated with the unique identifier, wherein the affiliated identifier is unique to each of the plurality of data messages received; (d) encrypting the sensitive data using a second cryptographic key, wherein the sensitive data includes data from the data message or data pertaining to or derived from the data message; (e) storing the encrypted sensitive data and the affiliated identifier in the encrypted table; (f) storing the non-sensitive data and the affiliated identifier in the plaintext table, wherein the non-sensitive data includes data from the data message or data pertaining to or derived from the data message; (g) storing a new mapping data entry in the identifier mapping table, wherein the new mapping data entry contains the unique identifier and the affiliated identifier; and (h) encrypting the identifier mapping table using the first cryptographic key. - View Dependent Claims (15, 16)
- an identifier mapping table that contains mapping data entries wherein each mapping data entry associates a unique identifier with an affiliated identifier;
Specification