Electrical computers and digital processing systems: support – System access control based on user identification by...
Reexamination Certificate
1998-05-14
2002-03-19
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
System access control based on user identification by...
C713S161000, C713S168000
Reexamination Certificate
active
06360324
ABSTRACT:
BACKGROUND TO THE INVENTION
This invention relates to secure databases.
Many countries have legislation for controlling the way in which personal data may be stored and used on computer systems. For example, the Dutch Personal Data Registration Act (“Wet Persoonsregistraties”) demands (among other things) that the database must be secured against hackers who have succeeded in getting unauthorised access to the database despite all security applied to it. However, it has been found that conventional database systems do not satisfy this requirement. For example, in conventional hospital information systems, if a hacker gains access to a medical history record, the hacker can obtain the patient's key from this record and use this key to access any other records containing information about the same patient, such as the patient's name and address.
The object of the present invention is to provide a way of overcoming this problem.
SUMMARY OF THE INVENTION
According to the invention a computer system comprises:
(a) a server having a database including at least one personal information table and at least one further table containing information relating to persons whose details are stored in the personal information table; and
(b) a plurality of clients, for accessing said database;
(c) said tables in said database having keys that are unrelated to each other, whereby it is impossible to determine solely from information in the server which record in said further table corresponds to which record in said personal information table; and
(d) each client including an encryption process for converting a personal identifier value, which identifies a record relating to a particular person in said personal information table, into a pseudo-identifier value, which identifies a record relating to the same person in said further table.
It can be seen that, even if a hacker obtains access to the database, the hacker will not be able to relate information in the different tables. In a hospital information system for example, if a hacker obtains access to a medical history record, the hacker cannot relate this record to a particular patient.
REFERENCES:
patent: 5163097 (1992-11-01), Pegg
patent: 5191611 (1993-03-01), Lang
patent: 5606610 (1997-02-01), Johansson
patent: 5924094 (1999-07-01), Sutter
patent: 5956400 (1999-09-01), Chaum et al.
patent: 5987440 (1999-11-01), Oneil et al.
patent: 6029160 (2000-02-01), Cabrera et al.
patent: WO 95/15628 (1995-06-01), None
Ahad, “HP OpenODB: An Object-Oriented Database Management System for Commercial Applications”, Hewlett-Packard Journal, vol. 44, No. 3, Jun. 1993, pp. 20-30.
International Computers Limited
Lee Mann Smith McWilliams Sweeney & Ohlson
Peeso Thomas R.
LandOfFree
Secure database system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure database system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure database system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2876384