PH12015000069A1 - System, method and computer program product for securely managing sensitive information - Google Patents

System, method and computer program product for securely managing sensitive information Download PDF

Info

Publication number
PH12015000069A1
PH12015000069A1 PH12015000069A PH12015000069A PH12015000069A1 PH 12015000069 A1 PH12015000069 A1 PH 12015000069A1 PH 12015000069 A PH12015000069 A PH 12015000069A PH 12015000069 A PH12015000069 A PH 12015000069A PH 12015000069 A1 PH12015000069 A1 PH 12015000069A1
Authority
PH
Philippines
Prior art keywords
unique identifier
database
database tables
server apparatus
instance
Prior art date
Application number
PH12015000069A
Inventor
Kenneth Morgan Nieto
May Montero
Prince Murphy Nieto
Original Assignee
Prince Murphy Nieto
May Montero
Kenneth Morgan Nieto
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Prince Murphy Nieto, May Montero, Kenneth Morgan Nieto filed Critical Prince Murphy Nieto
Priority to PH12015000069A priority Critical patent/PH12015000069A1/en
Publication of PH12015000069A1 publication Critical patent/PH12015000069A1/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

In accordance with one or more preferred embodiment of the present invention, system, method, and computer program product are disclosed for securely managing sensitive information and are made suitable for use in implementing an electronic game of chance platform in a network environment. Each of the system and method is defined to include a client apparatus and a server apparatus in communication with one another over a communication network. An instance of a database is provided by the server apparatus to the client apparatus, wherein records stored in the database and a first hash value representing the instance of the database form part of the basis for the generation of a second hash value. The first hash value is replaced or substituted by the second hash value. By means of which, sensitive information associated with the records in the database are hidden and difficult to trace.

Description

.
SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT
FOR SECURELY MANAGING SENSITIVE INFORMATION - :
Technical Field | 2
The present invention generally relates to systems and methgds for secure sensitive information management. More particularly; th ’ present invention relates to such a system and method, and as well as to computer program product, suitable for use in implementing an electronic game of chance platform in a network environment. ‘Background of the Invention
Electronic type of games of chance is continuously emerging in various industries today. In retail industries for example, sales receipts are generally
Co. printed at the point of sale (POS) terminals, and predetermined quantities of lottery tickets are printed at the customer service stations or redemption booths based on the total purchase amount indicated in the sales receipts. The determination of how much lottery tickets must be printed and issued to a customer for each checkout can be carried out in a manual or automatic . fashion. In both cases, however, lottery tickets remain in paper form and have to be manually inserted into their designated drop boxes. In manually drawing one or more winners for each promotional event utilizing such lottery tickets in paper form, cases of fraud or unfair drawing practices are likely high.
People involved in this kind of fraud are usually motivated by the fact : that raffle participants are unlikely to verify if their lottery tickets are indeed included in their respective raffle drums from which the winning lottery tickets : are usually drawn. Moreover, participants have no way of knowing whether draws have actually taken place and who the winners are for the promotional events in which they participated unless they come to the hosts of the same events and inquire.
In an attempt to address the aforementioned problems associated with manual draws utilizing lottery tickets in paper form, Raffler <www.raffler.me> provides an online raffle platform wherein participants are given access to . interfaces for joining events using electronic tickets or entries, viewing live draws from anywhere using a laptop, tablet or mobile phones, and determining one or more winners of each draw in near real-time. The computer system implementing the Raffler's platform is arranged to notify the winners of each draw right after it has been held, and appears to be well suitable for use in o raffle events hosted, for example, by supermarkets and grocery stores.
The platform of Raffler is also enabled to display a listing of all raffle events. By means of which, prospective participants are able to view the details of each raffle event such as the event's host, mechanics or criteria, and prizes at stake, among others. Most notably, Raffler provides electronic methods for joining any raffle event such as sending email with proof of purchase, sending details through short message service (SMS) and entering digital code in an online interface. Although Raffler arguably provides mechanisms for participants to view their raffle entries and even view live draws of their raffle entries in near real-time by visiting an online platform, it appears that no mechanism is disclosed by Raffler for assuring that lottery operations which include, for example, drawing of winners are impartially carried out on the back-end of the Raffler's server system.
On 22 July 2003, U.S. Patent No. 6,595,855 was published to NEC
Corporation wherein Sako Kazue discloses a server for an electronic lottery system, wherein the server comprises a programmable machine programmed to perform operations comprising: (i) generating a random number x; (ii) determining a encrypting function H and a result function R; (iii) encrypting the random number x using the encrypting function H to generate an encrypted random number H(x); (iv) publishing the encrypting function H, the result : function R and the encrypted random number H(x); (v) receiving from
Co 3 terminals (i) of the lottery system respective random numbers ri; (vi) calculating a lottery result R(x, 1) using the result function R, the random number x, and the random numbers ri; and (vii) publishing the lottery result
R(x, r) the random number x, and the random numbers ri.
Sako Kauze, in the same U.S. Patent No. 6,595,855, also discloses that the server receives the random numbers yj, verifies each random number yj using a signature of the corresponding terminal, verifies the value of each random number yj using the corresponding encrypted random number H(yj) : and the encrypting function H, normalizes the random numbers ri and yj, and calculates a lottery result R(x, r, y) using the random number x generated by
Co .. the server and the random numbers ri and yj generated by the terminals, and that the server then publishes the lottery result R(x, r, y), each random number ri and yj provided by the terminals, and the random number x generated by the server.
Perpetrators nowadays are well knowledgeable of hacking online platforms and databases, and cases of hacking will remain a possibility for any electronic game of chance platform. In this regard, a problem with the prior system as disclosed by Sako Kauze in his U.S. Patent No. 6,595,855 is that no security measure is disclosed for preventing unauthorized disclosure of sensitive information. These sensitive information are usually associated with electronic raffle entries such as the participant's personal information. These personal information may include the participant's name information, address information, age information, contact information, and the like.
An outstanding problem is associated with the prior art systems by
Raffler and Sako Kazue, and that is the visibility of sensitive information to : i. successful hackers which in tum may lead not only to unauthorized alteration of one or more contents of the database containing the sensitive information but also to capturing of personal information of the raffle event's participants which are vulnerable to further abuse.
Thus, there remains an outstanding need to implement an electronic game of chance platform utilizing a system and method, and as well as a computer program product, for securely managing sensitive information associated with electronic raffle entries, wherein the sensitive information are hidden and are difficult to trace.
Summary of the Invention
The invention mainly provides for a system for securely managing sensitive information, wherein a client apparatus and a server apparatus are in communication with one another over a communication network, and wherein the server apparatus is configured to host an electronic game of chance platform and make the same accessible from the client apparatus through the communication network.
The server apparatus comprises a processing component and a memory component having stored thereon computer-executable instructions which, when executed by the processing component from the memory component, are arranged to perform operations comprising: (i) providing an instance of a database in response to a request to access the database hosted by the server apparatus from the client apparatus, wherein the instance represents an electronic transaction in the electronic game of chance platform, and oo wherein the database has a set of database tables; : (ii) generating in the database tables a first unique identifier representing the instance of the database;
(iii) creating in the database tables one or more records based on input data from the client apparatus, wherein the input data represent information associated with the electronic transaction; 5 (iv) selecting one or more strings of characters of any one or more of the records created in the database tables; and (v) generating in the database tables a second unique identifier based on the first unique identifier and on the selected strings of characters of any one or more of the records, wherein the second unique identifier uniquely identifies the instance representing the electronic transaction in the electronic game of chance platform.
The provision of generating in the database tables the second unique identifier, which uniquely identifies the instance representing the electronic transaction in the game of chance platform and which is based on the first unique identifier and on the selected strings of characters of any one or more of the records, guarantees that the information associated with the electronic transaction forming part of the records are hidden.
Unauthorized access to the database cannot be prevented espedially in ..20 cases where perpetrators are highly skilled in hacking into server apparatuses in the field of information technology and computing science or where server apparatuses are affected by malicious programs which are designed to tamper records stored in database tables and behave in a way that certain malicious functions are carried out such as stealing of personal, confidential, or generally sensitive information.
If any of such malicious cases come into action through the communication network, or through any other channels for that matter, risk of : data fraud and theft of information is high. Infected records, which may include sensitive information such as information representing purchase amount, | information representing personal information of a client operating the client apparatus, information representing time of purchase, and information representing date of purchase, thus compromise the security of such sensitive information which are commonly gathered with regard to electronic raffle : - entries in the course of implementing electronic games of chance. Infected records due to such data fraud and theft of information also compromise the overall integrity of the electronic games of chance. : Preferably, each of the first unique identifier and the second unique identifier corresponds to a value returned by a cryptographic hash function,
N where the returned value is a 128-bit (16-byte) hash value that can be derived from any message digest algorithm included in a series of message digest algorithms. MD4 and MD5 are two examples of the cryptographic hash function known in the art to produce 128-bit (16-byte) hash value.
Preferably, the server apparatus is the part of the system which hosts the electronic game of chance platform and makes the same electronic game of chance platform accessible from the client apparatus over the communication network. The accessibility of the electronic game of chance platform from the client apparatus can be made possible through, for example, a web browsing application installed and operable using a computing device or a mobile application installed and operable using a mobile device.
The invention also provides for a method for managing the sensitive information which comprises:
(i) providing, by a server apparatus, an instance of a database in
N response to a request to access the database from a client : apparatus, wherein the instance represents an electronic transaction, and wherein the database has a set of database tables; (ii) generating, by the server apparatus, in the database tables a first ) oo unique identifier representing the instance of the database; (iti) creating, by the server apparatus, in the database tables one or more records based on input data from the client apparatus, wherein the input data represent information associated with the
Bh | electronic transaction; (iv) selecting, by the server apparatus, one or more strings of characters of any one or more of the records created in the database tables; and (v) generating, by the server apparatus, in the database tables a second unique identifier based on the first unique identifier and on the selected strings of characters of any one or more of the records.
Preferably, the method of the invention further comprises deleting, by 20. the server apparatus, in the database tables the first unique identifier upon generation of the second unique identifier, wherein the step of deleting in the database tables the first unique identifier upon generation of the second ; unique identifier causes the first unique identifier to be replaced or substituted by the second unique identifier.
The invention also provides for a computer program product for securely managing sensitive information in implementing an electronic game of chance
. platform, wherein the computer program product comprises at least one non- transitory computer-readable storage medium having computer-readable program codes encoded therein. These computer-readable program codes are arranged to: oo 5 a {) provide an instance of a database in response to a request to access the database from a client apparatus, wherein the instance represents an electronic transaction in the electronic game of chance platform, and wherein the database has a set of database tables; (ii) generate in the database tables a first unique identifier representing the instance of the database; (iii) create in the database tables one or more records based on input data from the dient apparatus, wherein the input data represent information associated with the electronic transaction; (iv) selecting one or more strings of characters of any one or more of the records created in the database tables; and (v) generate in the database tables a second unique identifier based on the first unique identifier and on the selected strings of characters of any one or more of the records.
Where encryption techniques for securely managing sensitive : information are arguably one of the most efficient and reliable means for ensuring integrity of delivery of the raffle transaction data through a communication channel, preventing unwanted and undesirable disclosure of personal, confidential, or generally sensitive information is not guaranteed by these encryption techniques alone.
B oo. . 9 ’
Thus, the invention provides for the above described system and method for managing sensitive information, wherein the well known encryption techniques are utilized in an unobvious multi-step process with the end in view of making such sensitive information hidden and difficult to trace.
For a better understanding of the invention and to show how the same may be performed, preferred embodiments thereof will now be described, by way of non-limiting examples only, with reference to the accompanying drawings.
Brief Description of the Drawings
Figure 1 is a block diagram showing a system for securely managing sensitive information in implementing an electronic game of chance platform in accordance with one or more preferred embodiments of the invention.
Figure 2 is a flowchart showing a preferred general workflow in a database system suitable for use in the system of Figure 1.
Figure 3 is a flowchart showing a method for securely managing sensitive information in accordance with one or more embodiments of the invention.
Figures 4 and 4A are two continued segments of a data flow diagram showing a computing operation suitable for use in the system of Figure 1 and ~ 20 method of Figure 3.
Figure 5 is a table showing an exemplary dataset that can be produced : by the data flow diagram of Figures 4 and 4A.
0
Figure 6 is an expanded schematic diagram showing a set of application modules of an exemplary electronic game of chance platform suitable for use in . the system of Figure 1. : oo Figure 7 is a block diagram showing an exemplary computing system which can be used as a server apparatus suitable for use in the system of
Figure 1.
Figure 8 is a block diagram showing a computer program product for - securely managing sensitive information: in accordance with one or embodiments of the invention.
Detailed Description of the Preferred Embodiments oo Referring to Figure 1, there is illustrated a block diagram showing a system for securely managing sensitive information in implementing an electronic game of chance platform in accordance with one or more preferred embodiments of the present invention. The system is generally designated by reference numeral 100 throughout the description of the present invention and - comprises a dient apparatus 120 and a server apparatus 140 that are in communication with one another over a communication network 160.
The client apparatus 120 preferably includes at least an input component 122, an output component 124, a display component 126, a user interface component 128 which receives input data provided by a human user, and a network interface 130 component which communicates with the user - interface component 128 to transmit an input data from the client apparatus 120 to the server apparatus 140 over the communication network 160. The ; output component 124 and the display component 126 are shown separately in the drawings for the purpose of illustration. It should be understood that the output component 124 and the display component 126 may refer to the same ~~ component, and the function of which is to produce output data.
It should also be understood that other components may be included in the dient apparatus 120, and that the aforementioned input, output, display, - user interface and network interface components 122, 124, 126, 128, and 130, respectively, are merely illustrated in the drawings for the purpose of describing the system 100 for managing sensitive information of the present invention. :
CL The server apparatus 140 preferably includes at least a processing component (or processor as shown in the drawings) 142, a memory component 144, a storage component 146, an input component 148, an output component 150, a user interface component 152, a network interface 154, and a database system 156 which communicates with processing component 142. - Through the network interface 154, data originating from the database system 156 may be transmitted from the server apparatus 140 to the client apparatus : 120 over the communication network 160.
It should be understood that other components may be included in the server apparatus 140, and that the aforementioned processing, memory, storage, input, output, user interface and network interface components 142, 144, 146, 148, 150, 152 and 154, respectively, and as well the database system 156, are merely illustrated in the drawings for the purpose of describing the system 100 for managing sensitive information of the present invention.
The memory component 144 may include one or more memory devices : “that are in communication with one another in the server apparatus 140. More particularly, the memory component 144 may indude one or more of a volatile random access memory (RAM), a non-volatile read-only memory (ROM), a flash memory, and a ferroelectric RAM (F-RAM), all of which are not illustrated in the
B drawings as they are well known in the art to which the system 100 for managing sensitive information of the present invention belongs. The memory component 144 is where the computer-executable instructions are stored.
These computer-executable instructions may be fetched by the processing ‘component 142 from the memory component 144 at any time the processing component 142 requires to execute them in order to perform one or more predefined tasks. .. 5 . The storage component 146 may form part of the memory component 144 but may also be a separate component. As a separate component, the storage component 146 may include hard disks, optical disks, and the like. The storage component 146 is where electronic data can be permanently or temporarily stored depending on the arrangement of the computer-executable instructions executed by the processing component 142.
The communication network 160 includes control units (not illustrated in the drawings for they are well known in the art) which are in communication with the network interface 130 of the client apparatus 120 and as well as with the network interface 154 of the server apparatus 140. These control units may be connected with communication lines for receiving and transmitting, in accordance with suitable protocols, signals carrying the input and output data from the input and output components 122, 124 of the client apparatus 120, respectively, and as well as from the input and output components 148, 150 of the server apparatus 140, respectively. : 20 - Preferably, the communication network 160 is an Internet Protocol (IP) type. It should be understood, however, that other types of network may be utilized in the process of communication between the dient apparatus 120 and the server apparatus 140. For example, the communication network 150 may alternatively be a wide area network (WAN), a metropolitan area network 25. (MAN), a wireless local area network (WLAN), or a local area network (LAN).
The server apparatus 140 is the part of the system 100 which hosts an electronic game of chance platform 158 and makes the same electronic game oo ~ | 13 of chance platform 158 accessible from the client apparatus 120 over the communication network 160. The accessibility of the electronic game of chance platform 158 from the client apparatus 120 can be made possible through, for example, a web browsing application installed in and can be operated using any suitable computing device.
The memory component 144 of the server apparatus 140, once again, stores the computer-executable instructions which are arranged to be executed by the processing component 142. These computer-executable instructions may include, for example, routines, data structures, functions, groups of functions, data objects, programs, and program modules, each of which can either be localized on the server apparatus 140 or distributed across a predetermined number of similar apparatuses in any suitable network environment.
N It is also possible that some portions of the computer-executable instructions are localized while other portions of the same are distributed across several computing devices as long as these computing devices are connected to the communication network 160 or any suitable network environment such as those that are enumerated above, namely, the IP network, the wide area network (WAN), the metropolitan area network (MAN), | the wireless local area network (WLAN), and the local area network (LAN).
The computer-executable instructions, when executed by the processing component 142 from the memory component 144, are configured to perform i. at least five operations which are essential to the purpose and function of the : system 100 for securely managing sensitive information in implementing the electronic game of chance platform 158 of the present invention. These operations that will now be described in the ensuing disclosure of the preferred embodiments of the system 100 of the present invention should be understood :
as non-limiting in scope as it can easily be realized by a person skilled in the art that further operations may be suitably added to them.
The first operation that can be performed by the computer-executable + instructions, when executed by processing component 142 from the memory component 144 and in accordance with the embodiments of the present invention, is providing an instance 156a of a database 156c¢ included in the database system 156 in response to a request to access the database 156c¢ from the client apparatus 120. The request to access the database 156c may - be initiated by a human user operating the client apparatus 120 through the communication network 160. The illustrated instance 156a of the database 156c¢ represents an electronic transaction in the electronic game of chance platform 158 while a set of database tables 156e is included in the database 156¢ of the database system 156.
The database instance 156a may refer to the moment at which the server apparatus 140 provides the client apparatus 120 with the permission to access the data stored in one or more databases 156c¢ included in the database system 156. One or more of the database tables 156e included in the set of - database tables 156e may include, for example, tables, relationships, procedures, functions, views, indexes, constraints, and the like.
In the context of the system 100 for securely managing sensitive information in implementing the electronic game of chance platform 158 of the present invention, the term "database instance” is used to refer to "database : schema" but it may also be used to refer to data organization at the time of accessing one or more databases 156¢ included in the database system 156 by the dient apparatus 120 over the communication network 160. In essence, the request to access the database 156¢ from the client apparatus 120 and the : permission granted by the server apparatus 140 in relation to the same request to access the database 156c¢ trigger the creation of "instance" 156a of the database schema defining a given organization of data.
An example of an organization of data that can be called out in one given instance 156a of the database 156c¢ is in the form of database table 156e. In accordance with one or more preferred embodiments of the present invention, the database table 156e can be defined as client (or customer) information or purchase information. For each data table in one instance 156a of the database 156c, field and field attributes may be included. In one or more embodiments of the present invention, client unique identifier defines the table field which can be called out in one given instance 156a of the database 156c. a. i. . The second operation that can be performed by the computer- executable instructions, when executed by processing component 142 from the memory component 144 and in accordance with the embodiments of the present invention, is generating in the database tables 156e a first unique identifier representing the instance 156a of the database 156¢ included in the : database system 156. This operation is particularly shown in drawings through the functional block 144a included in the memory component 144. It is preferable that the first unique identifier corresponds to a value returned by a cryptographic hash function.
A 128-bit (16-byte) hash value is an example of such a value that can be returned by the cryptographic hash function and derived from least one . . message digest (MD) algorithm included in a series of message digest algorithms. MD4 and MD5 are two examples of such a message digest algorithm that can be used as a cryptographic hash function in the system 100 for securely managing sensitive information in implementing the electronic game of chance platform 158 of the present invention.
Like what is well known in the art, a cryptographic hash function is ‘performed using an encryption protocol and is characterized as a two-way ; operation wherein encrypted data can be decrypted using appropriate keys. It should be understood that, apart from such a cryptographic hash function, the value or the bit string that corresponds to the first unique identifier may be a oo i. product of a hashing process. Unlike the cryptographic hash function, hashing process is characterized as a one-way operation by which a string is randomly rearranged so that a unique message digest is created. Given this one-way operation, and provided that properly designed algorithms are in place, reversing the hashing process with the end in view of revealing the original string is generally not possible.
The third operation that can be performed by the computer-executable instructions, when executed by processing component 142 from the memory component 144 and in accordance with the embodiments of the present invention, is creating in the database tables 156e one or more records based : on the input data from the dient apparatus 120, wherein the input data represent information associated with the electronic transaction in the electronic game of chance platform 158.
The information represented by the input data from which the database records are based may include one or more of any of the following: (i) : - information representing purchase amount; (ii) information representing personal information of a client operating the client apparatus; (iii) information representing time of purchase; and (iv) information representing date of purchase. In the context of the present invention, the term "purchase" refers ; to the act of acquiring goods at a point of sale terminal in a retail store. How . the system 100 of the present invention can suitably be used with regard to a retail store environment shall be a subject of the ensuing description of the present invention.
An exemplary search query language (SQL) statement that can be used : in creating new records in the table is "INSERT INTO" statement, and the syntax for which requires the name of the table (e.g., client information, purchase information, etc.) and values (e.g., client A, client B, client C, 11162014, 11200 etc.). "Client A," "client B," and "client C" are exemplary records that can be stored in the client information table while "11162014" and "11200" are exemplary records that can be stored in the purchase information - table.
The "1162014" record, in one instance, corresponds to purchase date information. The "11200" record, in another instance, corresponds to purchase : - amount information. It should be understood that the names of the database tables 156e can be customized according to preference and that the records to be inserted or created in the same database tables 156e can be of any type, and the fundamental examples of which are integer, floating point and character, to name but a few.
While the illustrated system 100 of the present invention is carried out such that the operation of creating in the database tables one or more records based on input data from the client apparatus comes after the operation of generating in the database tables the first unique identifier representing the 20° instance of the database comes, it should be realized that these two operations may come in any order. In that case, the operation of creating the records may be arranged to come prior to the operation of generating the first unique identifier representing the instance of the database. - | The fourth operation that can be performed by the computer-executable instructions, when executed by processing component 142 from the memory : component 144 and in accordance with the embodiments of the present ; invention, is selecting one or more strings of characters of any one or more of the records created in the database tables 156e. The strings of characters may originate from complex constructs which may comprise, for example, words, phrases, sequence of numbers, and other symbols. It should be understood that language should not be a constraint in this process of selecting the strings of characters of any one or more of the records created in the database tables 5. .156e. These records, in the example given above, include the "1162014"which corresponds to the purchase date information and the "11200" which corresponds to the purchase amount information.
The fifth operation that can be performed by the computer-executable : instructions, when executed by processing component 142 from the memory component 144 and in accordance with the embodiments of the present invention, is generating in the database tables 156e a second unique identifier based on the first unique identifier and on the selected strings of characters of any one or more of the records, wherein the second unique identifier uniquely - identifies the database instance 156a representing the electronic transaction in the electronic game of chance platform 158. This operation is particularly shown in drawings through the functional block 144c included in the memory component 144. ~The provision of generating in the database tables 156e the second unique identifier, which uniquely identifies the instance 156a representing the electronic transaction in the electronic game of chance platform 158, based on the first unigue identifier and on the selected strings of characters of any one or more of the records (examples of which are the aforementioned "1162014" and "11200" records) guarantees that the information associated with the electronic transaction forming part of the records are hidden.
Unauthorized access to the database 156c cannot be prevented especially in cases where perpetrators are highly skilled in hacking into server : apparatuses (such as the illustrated server apparatus 140) in the field of information technology and computing science or where such server apparatuses are affected by malicious programs which are designed to tamper records stored in database tables 156e and behave in a way that certain : - malicious functions are carried out such as stealing of personal, confidential, or generally sensitive information. If any of such malicious cases come into action through the communication network 160, or through any other channels for that matter, risk of data fraud and theft of such sensitive information is high.
Infected records, which may include sensitive information such as information representing purchase amount, information representing personal information of a client operating the client apparatus, information representing time of purchase, and information representing date of purchase, therefore compromise the security of such sensitive information which are commonly
Co a. gathered with regard to electronic raffle entries in the course of implementing electronic games of chance. Infected records due to such data fraud and theft of information also compromise the overall integrity of the electronic games of chance.
To ensure that the hacker will have no means to trace or track down the sensitive information by reversing the process, it is preferable that the computer-executable instructions stored in the memory component 144 are arranged to be executed by the processing component 142 to perform further operation of automatically deleting in the database tables 156e the first unique identifier upon generation of the second unique identifier. This operation of deleting in the database tables 156e the first unique identifier upon generation . of the second unique identifier causes the first unique identifier to be substituted by the second unique identifier. This operation is particularly shown in the drawings through the functional block 144e included in the memory component 144. : Since the first unique identifier is directly associated with the instance 156a of the database 156c¢ in which sensitive information may become available, deleting the first unique identifier will also delete the availability of - -the same sensitive information accompanying the instance 156a of the database 156c¢. This thereby guarantees that all the sensitive information that are associated with the first unique identifier will be rendered unreadable to a hacker who has gained an unauthorized and malicious access to the database : 156¢ included in the database system 156. -
While one or more embodiments of the present invention provide that : the generation of the first unique identifier is facilitated online wherein the client apparatus 120 is in communication with the server apparatus 140 over the communication network 160 in real-time or near real-time, it should be realized that the same process of generating the first unique identifier can alternatively be carried out offline. In the latter case, the first unique identifier is generated in the client apparatus 120 that is not connected with the communication network 160. In order to ensure that data generated in the client apparatus 120 are consistent with those in the server apparatus 140, the system 100 can be arranged such that the client apparatus 120 is synchronized with the server apparatus 140 once they begin communicating again over the communication network 160.
Referring to Figure 2, there is illustrated a flowchart showing a preferred general workflow in the database system suitable for use in the system of
Figure 1. The workflow, which will now be disclosed in conjunction with the components of the system of Figure 1, starts at block 200 wherein the server apparatus 140 as fully disclosed in Figure 1 receives request to access a database schema of the database 156c¢ included in the database system 156 from the client apparatus 120 as fully described in Figure 1. oo Accessing the database 156¢ from the client apparatus 120 over the : communication network 160 may be configured such that the server apparatus
140 hosting the database 156¢ does not provide yet the instance 156a of the same database 156c.
Next to the previous block 200 is block 202 wherein the server apparatus 140 prompts the user of the dient apparatus 120 to enter an authorization code. If such authorization code transmitted from the dient apparatus 120 to the server apparatus 140 over the communication network 160 is valid as determined in decision block 204, the workflow proceeds to block 206 wherein the server apparatus 140 provides the instance 156a of the schema of the database 156c¢.
Otherwise, failure to enter a valid authorization code causes the workflow to be automatically terminated. In other words, the request to access the database 156c¢ received by the server apparatus 140 is denied if an invalid code is transmitted from the client apparatus 120 to the server apparatus 140.
A predetermined number of attempts to enter the required authorization code "15 may be provided by the server apparatus 140. Beyond the predetermined maximum number of permissible unsuccessful attempts, access to the database 156c may be configured to be restricted either permanently or temporarily within a certain period. oo Once the instance 156a of the database 156¢ has been provided by the server apparatus 140, the workflow advances to providing the client apparatus 120 with a dataset by the server apparatus 140, as shown in block 208, and then to generating by the server apparatus 140 a data view on the client apparatus 120 over the communication network 160 based on the dataset, as - shown in block 210.
At block 212, the server apparatus 140 receives a query input data from the dient apparatus 120. In response to receipt of the query input data by the server apparatus 140 from the client apparatus 140, the server apparatus 140 searches the database 156¢ and generates a query output data, as shown in block 214. The workflow concludes at block 216 wherein the server apparatus 140 transmits to and displays on the display component 126 of the client apparatus 120 over the communication network 160 a resulting database table 156e containing the query output data.
Referring to Figure 3, there is illustrated a flowchart showing a method for securely managing sensitive information in accordance with one or more embodiments of the present invention. The illustrated method comprises: (i) providing, by the server apparatus, an instance of a database hosted by the server apparatus in response to a request to access the database from a client apparatus, wherein the instance : represents an electronic transaction, and wherein the database has a set of database tables, as shown in block 300; (ii) generating, by the server apparatus, in the database tables a first unique identifier representing the instance of the database, as shown in block 302; (iii) creating, by the server apparatus, in the database tables one or more records based on input data from the client apparatus, wherein the input data represent information that are associated with the electronic transaction, as shown in block 304; (iv) selecting, by the server apparatus, one or more strings of characters of any one or more of the records created in the database tables, as shown in block 306; and (v) generating, by the server apparatus, in the database tables a second unique identifier based on the first unique identifier and on
. the selected strings of characters of any one or more of the ‘ records, as shown in block 308. - | While the illustrated method of the present invention is carried out such that the step of creating in the database tables one or more records based on input data from the client apparatus (as shown in block 304) comes after the step of generating in the database tables the first unique identifier representing the instance of the database comes (as shown in block 302), it should be "realized that these two steps may come in any order. In that case, the step of creating the records may be arranged to come prior to the step of generating the first unique identifier representing the instance of the database.
In one embodiment of the method for securely managing sensitive - information, the method may include deleting, by the server apparatus, in the database tables the first unique identifier upon generation of the second : unique identifier, wherein the deletion in the database tables of the first unique identifier upon generation of the second unique identifier causes the first unique identifier to be replaced or substituted by the second unique identifier.
In another embodiment of the method for securely managing sensitive information, the method may include protecting the second unique identifier from unauthorized alteration in database tables, and defining relationships of the database tables with one another.
Referring to Figures 4 and 4A, there are illustrated two continued © ‘segments of a data flow diagram showing a computing operation suitable for use in the system of Figure 1 and method of Figure 3. More particularly, the computing operation shown in the data flow diagram of Figures 4 and 4A is designed to be performed by the server apparatus of the system fully described
BN in Figure 1.
The continuation point from Figure 4 to Figure 4A is marked by the . encircled letter "A." Encircled numerals 1 to 10 are included in the data flow diagram of Figures 4 and 4A, and each of these numerals corresponds to an exemplary dataset which will now be fully described in conjunction with Figure 5 illustrating a table showing the exemplary dataset that can be produced by the data flow diagram of Figures 4 and 4A.
In Figure 4 alone, the flow starts at block 400 wherein the server apparatus receives request to access the database it serves. Accessing this database can be done by following a uniform resource link (URL) which leads to the location where the electronic game of chance platform remotely resides.
Such a URL can be followed using any suitable internet-enabled computing device such as a laptop computer. Alternatively, the database can be accessed by installing in any mobile device a mobile-based application for the electronic game of chance platform.
At block 402 which is subsequent to the previous block 400, the server apparatus grants access to the database provided that all conditions for access are satisfied. Granting of this access can be made in accordance with the general workflow in the illustrated database system of Figure 2. For example, authentication and validation steps can be provided in between of block 400 and 402. It should be appreciated that the access protocols involved in such a database system can be based on multi-user database systems wherein data consistency and concurrency control are ensured, even where a significant number of users are attempting to access the database included in the database system and inputting data into the same database at the same time.
At block 404 which is subsequent to the previous block 402, the server ‘apparatus receives raffle transaction data from a remote computing device over any suitable communication network. The raffle transaction data may include, for example, data representing the name of the participant of the raffle event and purchase date. The computing device, in this scenario, is preferably located in a customer service booth of a supermarket or a retail store. Once a purchase transaction has been completed by a customer at the point of sale terminal of the retail store, he or she will be issued of a sales receipt (also known as official receipt in some areas) for the completed purchase transaction.
Like what is well known in the art, the point of sale system of the retail store could be configured to automatically calculate the number of raffle tickets due to the customer who completed the purchase transaction at the point of sale terminal based on predetermined criteria. For example, the criteria on generating the number of raffle tickets can be based on the total purchase amount involved in the purchase transaction completed by the customer or on the purchase amount for each participating brand of products purchased by the customer. The point of sale system could also be configured to print the number of raffle tickets on the sales receipt to be issued to the customer : - together with the details of the raffle events with which the raffle tickets are associated.
The customer, upon receiving the sales receipt that corresponds to his or her complete purchase transaction, may proceed to the retail store's 20. customer service department or ticket redemption booth to daim the raffle tickets due to him or her. Unlike the conventional method used by most retail stores in issuing raffle tickets wherein raffle tickets are made in paper format and customers are required to manually fill out the blanks in the raffle tickets with their personal information, preferred embodiments of the system and method of the present invention do not require customers to write down any information on a paper. ;
Instead, the preferred embodiments of the system and method of the present invention make use of electronic raffle tickets, wherein the personal information of the customers such as their name, address and contact information may be entered into the electronic game of chance platform in relation to the raffle event hosted by the retail store using input devices (e.g., : keyboard and mouse) associated with any suitable computing devices such as personal computers of desktop or laptop type. Smartphones can also be used to enter such information into the electronic game of chance platform. The illustrated raffle transaction data could include, by way of example, "11200" which represents the amount of purchase and "11162014" which represents the date of purchase made by the visiting customer of the retail store.
Other means for entering the personal information of the customer into the electronic game of chance platform in relation to the same raffle event may include, by way of example, scanning of Quick Response (QR) codes, swiping : of magnetic tapes attached to cards (e.g., loyalty cards) issued to the customer, and logging on to the electronic of game of chance platform using log on credentials of the customer who has a preconfigured electronic account maintained in the same electronic game of chance platform.
At decision block 406, the server apparatus determines whether it
So i. successfully receives the raffle transaction data which may contain the personal information of the customer, details of the raffle event, and the details of the merchant hosting the raffle event, among others. If the raffle transaction data are not received by the server apparatus, the flow moves back to the previous block 404. On the other hand, if the same raffle transaction data are successfully received by the server apparatus as determined in the decision block 406, then the flow advances to block 408 in which error check computation is configured to be performed by the server apparatus.
The error check computation can be carried out by any suitable means which are known in the art as long as these means are able to produce a required or desired number of hash bits. For example, a cyclic redundancy :
check (CRC) can be provided in the system and method of the present invention. CRC is an error detecting set of codes used to identify unintentional changes to raw data. CRC is known to produce a 32-bit hash value. In the - same way, MD4 or MD5, each of which being a message digest algorithm, likewise provides error-checking functionality. Each of MD4 and MD5 is known to produce a 128-bit hash value. Upon detection of said unintentional changes which may result in data corruption, the server apparatus may initiate corrective actions against the corrupted data.
For the purpose of describing the preferred embodiments of the system and method of the present invention, the ensuing disclosure of the present invention will make use of the 128-bit hash value produced by the MDS algorithm. In the exemplary dataset of Figure 5, the 128-bit hash value is showed as "ae9dc582a56fa57be2f38194af28678f."
At this point of the flow wherein the server apparatus performs the above described error check computation, integrity of delivery of the raffle transaction data through a communication channel is assured. What is not assured at this point, however, is the protection of the raffle transaction data against deliberate alteration and unintentional manipulation by one or more persons whose common goal is to maliciously configure the winners, sabotage the raffle event or, worst, steal the personal, confidential, or sensitive information of the participating customers. This means that the information associated with the electronic raffle tickets and stored in the database system of the server apparatus are not at all protected against one or more forms of malicious tampering which can be initiated, for example, by a skilled hacker.
At block 410, a first 128-bit hash value is generated as a result of the error check computation carried out in the previous block 408. This 128-bit
B hash value serves as the first unique identifier which is fully described in Figure 1. Since any of the aforementioned MD4 and MD5 is preferably used in the previous step of error-checking, it follows that the generated hash value is in _ the form of 128-bit.
It should be understood and realized that other error detecting codes are possible to be used in the system and method of the present invention. In that case, a hash value of a different number of bits may generated in the oo - block 410. This means that performing a different error check computation will yield a hash value of a distinct number of bit such as a 24-bit hash value or a 64-bit hash value.
At block 412, the server apparatus selects one string of characters of, for example, the purchase amount data. The selection of this string of characters of the purchase amount data is preferably carried out in a random manner. Moreover, the order of preference on which raffle transaction data to use as a basis for selecting the string of characters can also be carried out in a random manner. That is to say, in the given example, any of the purchase amount data and the purchase date data can be prioritized by the server apparatus. In the exemplary data set of Figure 5, the selected string of characters of the purchase amount (in whatever currency) of "11200" is "12."
Since the selection of this string of characters is preferred to be carried out randomly, any of "11,"20," and "00" strings can be randomly selected by way of example. : At block 414 which is subsequent to the previous block 412, the server apparatus maps the first 128-bit hash value generated in the previous block ; 410 to a 2-digit code using the selected string of characters of the purchase amount data in the previous block 412. This mapping of the 128-bit hash value : is carried out in the operation of selecting the one or more strings of characters - of any one or more of the records created in the database tables as fully described in Figure 1. In this particular operation, the record is represented by the purchase amount data, and the selected string of characters of this purchase amount data, i.e., the characters "1" and "2" as shown in the illustrated exemplary dataset of Figure 5, is held as an nth value of a sequence associated with the first unique identifier represented by the first 128-bit hash value.
Since the string "12" of the characters of the purchase amount data is selected as shown in the exemplary dataset of Figure 5, the same will be held as the 12th value of the sequence associated with the first 128-bit hash value representing the first unique identifier. In the given exemplary dataset of
Figure 5, the 12th value of the first 128-bit hash value of "ae9dc582a56fa57be2f38194af28678f" is the unitary and indivisible character "f" (ae9dc582a56[fla57be2f38194af28678f) starting from left. The character "f" is enclosed in a pair of square brackets for illustration purposes.
At block 416 of Figure 4, the server apparatus selects one string of characters of the purchase date data. Similar to the selection of the string of characters of the purchase amount data, this selection of the string of : characters of the purchase date data is preferably carried out in a random manner. In the exemplary data set of Figure 5, the selected string of characters of the purchase date data (in a month-day-year date format) of "11162014" is "16." Since the selection of this string of characters is preferred to be carried out randomly, any of "11,"62," and "01" strings can be randomly selected by way of example.
At block 418 of Figure 4A which is a continuation of Figure 4, the server apparatus maps the first 128-bit hash value generated in the previous block : : - 410 to a 2-digit code using the selected second string of characters of the ; purchase date data in the previous block 416. As with the mapping illustrated in the previous block 414, the mapping of the 128-bit hash value in the block : 418 is likewise carried out based on the operation of selecting one or more strings of characters of any one or more of the records created in the database tables as fully described in Figure 1. In this particular operation, the record is represented by the purchase date data, and the selected string of characters of : this purchase date data, i.e., the characters "1" and "6" as shown in the illustrated exemplary dataset of Figure 5, is held as the nth value of the sequence associated with the first unique identifier represented by the first " '128-bit hash value.
Since the string "16" of the characters of the purchase date data is selected as shown in the exemplary dataset of Figure 5, the same will be held as the 16th value of the sequence associated with the first 128-bit hash value representing the first unique identifier. In the given exemplary dataset of
Figure 5, the 16th value of the first 128-bit hash value of "ae9dc582a56fa57he2f38194af28678f" is the unitary and indivisible character "b" (ae9dc582a56fa57[ble2f38194af2 8678f) starting from left. The character "b" is enclosed in a pair of square brackets for illustration purposes.
At block 420 which is subsequent to the previous block 418, the server apparatus combines the two mapped 2-digit codes into one string of characters. In the illustrated exemplary dataset of Figure 5, the character "f" oo B mapped from the first 128-bit hash value based on the selected string of characters of the purchase amount data and the character "b" mapped from the same 128-bit hash value based on the selected string of characters of the : purchase date data are combined into a single string of characters. The resulting characters are then characterized by "fb." In relation to the above disclosed system of Figure 1, the combined strings "f" and "b" are represented by two distinct nth values of the sequence associated with the first unique identifier represented by the first 128-bit hash value.
At block 422, the server apparatus performs a further error check computation which can also be based on the MD5 type of message digest algorithm. The error checking at this point is based on the single string of
. oo 31 characters "fb" which is generated based on the mapped portions or digits of the first 128-bit hash value as illustrated in great detail in the previous blocks 414 and 418.
At block 424, the server apparatus generates a second 128-bit hash value based on the single string of characters "fb." In the illustrated exemplary dataset of Figure 5, the second 128-bit hash value generated based on the single string of characters "fb" is "35ce1d4eb0f666cd136987d34f64aedc.” In relation to the disclosed system of Figure 1, the second 128-bit hash value of "35ce1d4eb0f666cd136987d34f64aedc” corresponds to the value returned by the cryptographic hash function that is based from the combined two distinct nth values of the sequence associated with the first unique identifier represented by the first 128-bit hash value.
At block 426 which concludes the illustrated flow of Figures 4 and 4A, the server apparatus deletes the first 128-bit hash value, wherein the deleted first 128-bit hash value is replaced or substituted by the second 129-bit hash value. In the illustrated exemplary dataset of Figure 5, the first 128-bit hash value of "ae9dc582a56fa57be2f38194af28678f" is deleted and is automatically replaced or substituted by the second 128-bit hash value of "35ce1d4eb0f666cd136987d34f64aedc.” :
Through the illustrated flow of Figures 4 and 4A in conjunction with the exemplary dataset of Figure 5, each information associated with an electronic raffle entry included in the electronic game of chance platform of the system of : -. the present invention can no longer be traced back by a hacker. It would take a significant amount of time and a huge number of possible combinations has to be dealt with by the hacker before he or she can figure out the hidden information.
As what is illustrated in the exemplary dataset of Figure 5, even if the hacker is able to reverse engineer the process and, with more particularity, tosuccessfully determine the characters associated the second 128-bit hash value of "35celd4eb0f666cd136987d34f64aedc," the resulting string of characters "fb" would be meaningless. Unless each possible combination of characters and reversal of hashing process is carried out by the hacker, the visibility of the oo - string of characters "fb" to the hacker will never bring him or her to the original raffle transaction data which include the illustrated purchase amount and purchase date data.
It should be understood that the above described purchase amount and purchase date data (which may not be regarded as sensitive information at all) may alternatively be represented by an information selected from a group consisting of: (i) information representing purchase amount; (ii) information representing personal information of a client operating the client apparatus; (iii) information representing time of purchase; and (iv) information representing date of purchase. Personal information such as address and contact numbers are considered as sensitive information, and many people prefer non-disclosure of such information without their permissions.
Where the famous one-way or two-way encryption techniques for securely managing sensitive information are arguably one of the most efficient and reliable means for ensuring integrity of delivery of the raffle transaction : Ce data through a communication channel, preventing unwanted and undesirable disclosure of personal, confidential or generally sensitive information is not guaranteed by these encryption techniques by themselves. Thus, the present invention generally provides for system and method for managing sensitive information, wherein the well known encryption techniques are utilized in an ~~ unobvious multi-step process with the technical effect of making such sensitive information hidden and difficult to trace.
Co | Particularly, the flow of Figures 4 and 4A illustrated in conjunction with the exemplary dataset of Figure 5 corresponds to the act of replacing original field in the database containing the raffle transaction data with reference or pointer to the actual data field of the same data. This enables a database administrator, for example, to store a reference pointer anywhere within the database system associated with the server apparatus of the system for managing sensitive information of the present invention.
Referring to Figure 6, there is illustrated an expanded schematic : diagram showing a set of application modules of the exemplary electronic game of chance platform 158 suitable for use in the system of Figure 1.
Specifically, the core application modules 600 are shown in a high level block ~ diagram to illustrate the functional and/or operational aspects of the electronic game of chance platform 158. The core application modules 600 of the electronic game of chance platform 158 preferably includes a user registration module 602, a user authentication module 604, a game of chance inventory .. module 606, a unique identifier generator module 608, a draw manager module 610, a geographical information module 612, a notification module 614, and a print module 616. : The electronic game of chance platform 158 also has a user interface 618 that can be used by a user to receive and transmit input/output (I/O) data. ~The user interface 618 may contain text boxes 618a, icons 618c, dropdown list 618e, and check boxes 618g, among others. The text boxes 618a, the icons 618c, the dropdown list 618e, and the check boxes 618g can be specifically used by a user for selecting or entering data which in turn will be processed by ; oo ..25 the electronic game of chance platform 158.
In one embodiment, the electronic game of chance platform 158 provides a game of chance that is of a lottery type. In this description of the system and method for securely managing sensitive information of the present invention, reference is particularly made to a lottery type of game of chance wherein winners are randomly drawn from a pool of electronic raffle entries.
The user registration module 602 may include program codes for creating and maintaining user accounts and arranged to support the user + interface 618 with the text boxes 618a, the icons 618c, the dropdown list 618e, and the check boxes 618g. Particularly, the program codes of the user registration module 602 may be configured such that a user is enabled to create a user name and password which he or she can use to access the electronic game of chance platform through a web-based or a mobile- application installed in any internet-enabled computing devices such as personal computers and smartphones.
The user authentication module 604 is the part of the core application modules 600 of the electronic game of chance platform 158 that is responsible . for performing authentication functions and generating authentication information to be transmitted to and from the electronic game of chance platform 158. The user authentication module 604 may include, for example, program codes for determining whether or not the user name and password of a particular user or customer is valid when information associated with them a are received by the electronic game of chance platform 158 through the user interface 618.
The game of chance inventory module 606 may include program codes which are preferably configured to record a listing of available games of chances that can be selected by the user accessing the user interface 618 of the electronic game of chance platform 158. Specifically, the listing of games of chances provides the users with a variety of raffle events hosted, for example, j by one or more merchants into which he or she can participate. The program codes of the game of chance inventory module 606 may also be arranged to log the activity in the electronic game of chance platform 158 and generate
- 3s report errors for each failed electronic transaction in the same electronic game of chance platform 158, if any.
Pre-registration of raffle events may be facilitated in the electronic game of chance platform through the game of chance inventory module 606, wherein information associated with merchants hosting one or more raffle events and as well as the mechanics of the raffle events may be managed through the : electronic game of chance platform. The pre-registration process using the game of chance inventory module 606 enables merchants hosting one or more raffle events to include or enlist their events in the electronic game of chance platform 158 and take advantage of the features of the same.
The unique identifier generator module 608 may include program codes oo which are preferably arranged to generate a random identifier associated with an instance of a database communicatively coupled with the electronic game of chance platform 158. The random identifier may include characters that are within the predetermined numerical set.
The draw manager module 610 may include program codes which are preferably arranged to mainly draw winners of raffle events managed by the game of chance inventory module 606. The drawing of winners by the draw manager module 610 may be initiated in accordance with one or more rules associated with each raffle event. The draw manager module 610 may also be configured to maintain draw related information such as schedule of each draw associated with each raffle event and the selection of participants, in electronic format, that are qualified for each draw.
The information on rules associated with each raffle event and as well as the schedule of each draw may be automatically or manually configured using the draw manager module 610. In one embodiment, the program codes . included in the draw manager module 610 may also be arranged to generate electronic raffle tickets or electronic raffle entries. The generation of such raffle tickets or entries may be initiated by a merchant using the merchant's ‘computing device connected to the communication network and hosting a raffle event that is pre-registered with the electronic game of chance platform.
Alternatively, the electronic raffle tickets or entries may be initiated by a customer.- | The geographical information module 612 may include program codes which are preferably arranged to detect Intemet Protocol (IP) addresses of computing devices which are connected to a communication network and in communication with a server hosting the electronic game of chance platform 158. The program codes of the geographical information module 612 are further arranged to convert the detected IP addresses into geographical location information of said computing devices with which the IP addresses are respectively associated. The server returns to the electronic game of chance platform 158 the converted geographical location information of the computing devices matching the IP addresses.
Through the aforementioned geographical information service provided by the geographical information module 612, users of the electronic game of chance platform may receive an alert that, for example, a nearby merchant is operating a computing device that is in communication with the electronic game of chance platform which in turn means that a raffle event is likely, at : - that moment, being offered by the merchant. This enables the users to participate in raffle events that are near their locations or more specifically the locations of the mobile devices they are carrying in their bags, pockets, or vehicles.
The notification module 614 may include program codes which arepreferably arranged to communicate with one or more of other modules included in the core modules 600 in order for it to render its intended notification functions. In one embodiment, the notification module 614 is in communication with the geographical information module 612 such that it : : transmits to remote computing devices over one or more communication networks notifications concerning information on nearby merchants hosting raffle events that are pre-registered in the electronic game of chance platform 158.
The notification may be in the form of either pop up message, email message, or short message service (SMS) message. Users of computing devices installed with a mobile-based application for the electronic game of chance platform may alternatively be notified through the mobile-based application's interface.
In another embodiment, the notification module 614 is arranged such that it communicates with the draw manager module 610. Through this communication service between the notification module 614 and the draw manager module 610, users of remote computing devices may be notified of - schedules of draws and as well as the winners for each scheduled draw. This communication service permits the users to be notified of forthcoming draws so that they will be able to visit the game of chance platform using their computing devices connected to the communication network.
The print module 616 may include programs codes which are preferably arranged to control the actual printing of the electronic raffle tickets or electronic raffle entries associated with one or more raffle events that are pre- registered in the electronic game of chance platform. In one embodiment, : communication links between the print module 616 and the unique identifier generator module 608 may be provided such that a unique identifier assigned : to each electronic raffle ticket or electronic raffle entry can be fetched by the print module 616 from the unique identifier generator module 608. The print :
module 616 may initiate printing of the raffle tickets or entries having their respective assigned unique identifiers upon request.
It should be understood and appreciated that the illustrated core modules 600 in the accompanying drawings of the system for managing sensitive information of the present invention may or may not correspond to discrete blocks of program codes, depending on how they are suitably arranged. In this regard, it can be realized that the functions described for each module can be performed in the electronic game of chance platform 158 by executing various code portions which are stored on one or more non- "10 transitory computer-readable media and at predetermined time intervals.
It should also be appreciated that the execution of the program codes from the non-transitory computer-readable media can be done on appropriate computing hardware and number of computing hardware, and that the core modules 300 are merely segregated based on their intended functions for the sake of illustrating how they are relevant to the implementation of one or more preferred embodiments of the system for securely managing sensitive information of the present invention. oo = The illustrated modules can be fewer or greater in number, as it is well known in the art that program codes representing various functions of different modules can be combined or segregated in any suitable but efficient manner insofar as program execution is concerned.
Referring now to Figure 7, there is illustrated a block diagram showing an exemplary computing system which can be used as the server apparatus 140 suitable for use in the system of Figure 1. As it is illustrated in Figure 1, the server apparatus 140 preferably includes the processing component 142, the memory component 144, the storage component 146, the input component 148, the output component 150, and the network interface component 154. In this figure, the components 142, 144, 146, 148, 150, and 154 are illustrated together with other components that are necessary for the server apparatus 140 to carry out its intended function of making the electronic game of chance : - platform 158 configurable and accessible from client apparatuses over any suitable communication network.
The exemplary computing system, which can be used as a server apparatus for use in herein disclosed system for securely managing sensitive information of the present invention, mainly includes a local host bus 700 and a "local input/output (I/O) bus 702. A local bus controller 704 provides a bridge between the local host bus 700 and the local I/O bus 702. The local bus controller 704 generates the command to control the sequencing of the computer-executable instructions as fully described in Figure 1. The illustrated oo N computing system of the server apparatus 140 includes the processing component 142 and the memory controller 706 which are in communication with one another through the local host bus 700.
The memory component 144 which may comprise one or more memory devices is connected with the memory controller 706 and is where software, applications, or computer programs for providing the electronic game of chance platform 158 reside. The processing component 142 executes the computer- executable instructions or the computer programs for providing the electronic game of chance platform 158 from the memory component 144 through the memory controller 706 and the local host bus 700.
The computer programs for providing the electronic game of chance platform 158 may be manipulated by a human user through the components that are connected with the local 1/0 bus 702 that is communication with the local host bus 700 through the local bus controller 704. These components include the input component 148, the storage component 146, and the output : - component 150. Any changes made in the computer programs are recorded on
40 Co the memory component 144 and are reflected on a display screen of a remote computing device through the network (or communication) interface : component 154 connected with the local I/O bus 702.
Referring now to Figure 8, there is illustrated a block diagram showing a computer program product 800 for securely managing sensitive information in accordance with one or more embodiments of the present invention. The
Co computer program product 800 comprises a non-transitory computer-readable storage medium 802 on which computer-readable program codes 804 are : encoded. The computer-readable program codes 804 are arranged to: (i) provide an instance of a database in response to a request to access the database from a client apparatus, wherein the instance represents an electronic transaction, and wherein the database has a set of database tables, as shown in block 804-3; (ii) generate in the database tables a first unique identifier representing the instance of the database, as shown in block 804- (iii) create in the database tables one or more records based on input data from the client apparatus, wherein the input data represent information associated with the electronic transaction, as shown in block 804-¢; (iv) selecting one or more strings of characters of any one or more of the records created in the database tables, as shown in block 805-g; and
Co (v) generate in the database tables a second unique identifier based on the first unique identifier and on the selected strings of
. : characters of any one or more of the records, as shown in block 804-1.
While the illustrated program codes of the computer program product 800 of the present invention are arranged such that the function of creating in the database tables one or more records based on input data from the client apparatus comes after the function of generating in the database tables the first unique identifier representing the instance of the database comes, it should be realized that these two functions may come in any order. In that case, the function of creating the records may be arranged to come prior to the function of generating the first unique identifier representing the instance of the database.
The computer-readable program codes 804 of the illustrated computer program product 800 may be further arranged to delete in the database tables the first unique identifier upon generation of the second unique identifier, wherein the deletion in the database tables of the first unique identifier upon o generation of the second unique identifier causes the first unique identifier to be replaced or substituted by the second unique identifier.

Claims (17)

: 2 CLAIMS
1. A system for securely managing sensitive information in implementing an electronic game of chance platform, the system comprising atjeast, 12 poh one client apparatus and at least one server apparatus in communication with the client apparatus over a communication network, the server apparatus hosting the electronic game of chance platform aedessibij from the client apparatus over the communication network, the seper apparatus comprising at least one processing component and at least one memory component having stored thereon computer-executable : -10 - instructions arranged to be executed by the processing component to perform operations comprising: providing an instance of a database hosted by the server apparatus : in response to a request to access the database from the client apparatus, the instance representing an electronic transaction in | the electronic game of chance platform, the database having a set of database tables; generating in the database tables a first unique identifier Co - representing the instance of the database; creating in the database tables one or more records based on input data from the client apparatus, the input data representing information associated with the electronic transaction; selecting one or more strings of characters of any one or more of the records created in the database tables; and generating in the database tables a second unique identifier based at least on the first unique identifier and on the selected strings of characters of the any one or more of the records, :
wherein the second unique identifier uniquely identifies the instance representing the electronic transaction in the electronic game of chance platform.
2. The system according to claim 1, wherein the computer-executabie instructions are arranged to be executed by the processing component to perform further operation of deleting in the database tables the first unique identifier upon generation of the second unique identifier. .
3. The system according to claim 2, wherein the operation of deleting in the database tables the first unique identifier upon generation of the second unique identifier causes the first unique identifier to be substituted by the second unique identifier.
4. The system according to daim 1, wherein at least one of the first unique identifier and the second unique identifier corresponds to a value returned by a cryptographic hash function.
5. The system according to claim 4, wherein the cryptographic hash function returns a 128-bit (16-byte) hash value.
6. The system according to claim 5, wherein the 128-bit (16-byte) hash value is derived from at least one message digest algorithm included in a series of message digest algorithms.
7. The system according to daim 1, wherein at least one of the first unique Co identifier and the second unique identifier corresponds to a value returned by a hashing process.
8. The system according to claim 1, wherein at least one of the selected strings of characters in the operation of selecting the one or more "25 strings of characters of the any one or more of the records created in the database tables is held as an nth value of a sequence associated with the first unique identifier.
9. The system according to daims 8, wherein two distinct nth values of the sequence associated with the first unique identifiers are combined.
10. The system according to claims 4 and 9, wherein the value returned by : - the cryptographic hash function is based from the combined two distinct nth values of the sequence associated with the first unique identifier.
11. The system according to claim 1, wherein the records include one or more of any of the following: information representing purchase amount; information representing personal information of a client operating the client apparatus; information representing time of purchase; and information representing date of purchase.
12. A method for securely managing sensitive information, the method comprising: providing, by a server apparatus, an instance of a database hosted by the server apparatus in response to a request to access the database from a client apparatus, the instance representing an electronic transaction, the database having a set of database tables; generating, by the server apparatus, in the database tables a first unique identifier representing the instance of the database; creating, by the server apparatus, in the database tables one or more records based on input data from the client apparatus, the input data representing information associated with the electronic transaction;
: Cc : selecting, by the server apparatus, one or more strings of characters of any one or more of the records created in the database tables; and generating, by the server apparatus, in the database tables a second unique identifier based at least on the first unique identifier and on the selected strings of characters of the any one or more of the records.
13. The method according to claim 12, further comprising deleting, by the server apparatus, in the database tables the first unique identifier upon generation of the second unique identifier.
"14. The method according to claim 13, wherein the step of deleting in the database tables the first unique identifier upon generation of the second unique identifier causes the first unique identifier to be substituted by the second unique identifier.
15. A computer program product for processing a transaction in a database hosted by a server apparatus, the computer program product comprising a non-transitory computer-readable storage medium having computer- : readable program code encoded therein, the computer-readable program code being arranged to: provide an instance of a database in response to a request to access the database from a dient apparatus, the instance representing an electronic transaction, the database having a set of
Co .. database tables; : generate in the database tables a first unique identifier : representing the instance of the database; :
. : 46 create in the database tables one or more records based on input data from the client apparatus, the input data representing information associated with the electronic transaction; selecting one or more strings of characters of any one of the records created in the database tables; and generate in the database tables a second unique identifier based at least on the first unique identifier and on the selected strings of characters of the any one or more of the records.
16. The computer program product according to claim 15, wherein the computer-readable program codes are further arranged to delete in the database tables the first unique identifier upon generation of the second unique identifier. -
17. The computer program product according to claim 15, wherein the deletion in the database tables of the first unique identifier upon generation of the second unique identifier causes the first unique identifier to be substituted by the second unique identifier.
PH12015000069A 2015-03-12 2015-03-12 System, method and computer program product for securely managing sensitive information PH12015000069A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PH12015000069A PH12015000069A1 (en) 2015-03-12 2015-03-12 System, method and computer program product for securely managing sensitive information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PH12015000069A PH12015000069A1 (en) 2015-03-12 2015-03-12 System, method and computer program product for securely managing sensitive information

Publications (1)

Publication Number Publication Date
PH12015000069A1 true PH12015000069A1 (en) 2016-09-19

Family

ID=57907284

Family Applications (1)

Application Number Title Priority Date Filing Date
PH12015000069A PH12015000069A1 (en) 2015-03-12 2015-03-12 System, method and computer program product for securely managing sensitive information

Country Status (1)

Country Link
PH (1) PH12015000069A1 (en)

Similar Documents

Publication Publication Date Title
JP6978014B2 (en) System and method to decrypt as a service
US20210050994A1 (en) Registry blockchain architecture
EP3720045B1 (en) Blockchain-based data verification method and apparatus
US11599848B2 (en) System and method for remote management of sale transaction data
US10958436B2 (en) Methods contract generator and validation server for access control of contract data in a distributed system with distributed consensus
TWI526037B (en) Method and system for abstrcted and randomized one-time use passwords for transactional authentication
KR102180508B1 (en) Secure transmission of sensitive data
CN107169344B (en) Method for blocking unauthorized application and apparatus using the same
US20140074578A1 (en) Method and system for activating and validating coupons
US20180060867A1 (en) Secure Electronic Payment Transaction Processing with Integrated Data Tokenization
JP2005301978A (en) Name sorting control method
WO2014138877A1 (en) System and method for distributing, monitoring and controlling information based on user specified classes
US11144664B2 (en) Risk management support device
PH12015000069A1 (en) System, method and computer program product for securely managing sensitive information
JP6025118B2 (en) Electronic coupon usage method and electronic coupon usage system
US11604770B2 (en) Methods and systems for secure product tracking data storage and verification
JP7388017B2 (en) Processing method, mobile terminal and program
JP2018530284A (en) Electronic system and method for managing digital content related to artwork
JP2006209676A (en) Security system and security method
CN114329603A (en) Data security protection method, device, equipment and storage medium
JP2024144151A (en) Information processing device, information processing method, and program
NZ702130B2 (en) Method and System for Abstracted and Randomized One-Time Use Passwords for Transactional Authentication