Methods and systems for enabling secure storage of sensitive data
US7412603B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 5, 2003 |
| Grant date | Aug 12, 2008 |
| Priority date | — |
| Expiry date | Dec 13, 2025 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/56
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Systems and methods are disclosed for storing sensitive data in a database, such as an application database or a dedicated application security database or store. In accordance with one aspect of the invention, user passwords are not directly stored in a database; but instead, when a password is entered, a one-way hash of the password phrase is produced for storage and/or comparison purposes. In accordance with another aspect, individual authorized application users are each aligned with their own version of an application-wide security key such that it becomes unnecessary to directly store the key in its original form. The security key is used to process sensitive data. In accordance with another aspect, a user's version of the application-wide security reflects an encryption-based relationship to the user's password. Various embodiments also support flexible access to particular collections of sensitive data based on user account and/or user role information.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.