WO2022146377A1 - A system for encrypting and tracking personal data - Google Patents
A system for encrypting and tracking personal data Download PDFInfo
- Publication number
- WO2022146377A1 WO2022146377A1 PCT/TR2021/051537 TR2021051537W WO2022146377A1 WO 2022146377 A1 WO2022146377 A1 WO 2022146377A1 TR 2021051537 W TR2021051537 W TR 2021051537W WO 2022146377 A1 WO2022146377 A1 WO 2022146377A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- encrypted
- database
- server
- personal
- Prior art date
Links
- 238000000034 method Methods 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- WVCHIGAIXREVNS-UHFFFAOYSA-N 2-hydroxy-1,4-naphthoquinone Chemical compound C1=CC=C2C(O)=CC(=O)C(=O)C2=C1 WVCHIGAIXREVNS-UHFFFAOYSA-N 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Definitions
- the present invention relates to a system for storing personal data that are included in package programs in the form of enterprise resource planning, as encrypted; determining fields that should be encrypted in accordance with an identified rule library; and storing these field values upon being encrypted in control of a robot.
- the Chinese patent document no. CN111104691 A discloses a system and method for processing sensitive data.
- the said invention identifies the sensitive data over a business database; extracts the sensitive data from a database; encrypts the sensitive data by using a random key corresponding to a service party identifier and returns the ciphertext to the service party; when a decryption request containing the ciphertext is received from the business, extracts a random key corresponding to the service party identifier in the current life cycle; decrypts the ciphertext; stores it in a behavior database associatively in order to track the data related to sensitive data; and returns the sensitive data to the business party.
- An objective of the present invention is to realize a system which enables enterprises to store personal data by encryption, to record accesses, to maximize their data security and to be safe from cyber attack.
- Figure l is a schematic view of the inventive system.
- the inventive system (1) for storing personal data that are included in package programs in the form of enterprise resource planning, as encrypted; determining fields that should be encrypted in accordance with an identified rule library; and storing these field values upon being encrypted in control of a robot comprises: at least one personal information database (2) which is configured to store the personal data to be put into process; at least one rule database (3) which is configured to store the rules used for transaction of anonymizing the original data; at least one encrypted database (4) which is configured to store the encrypted data; at least one data selection server (5) which is configured to put the personal data, that are stored in the personal information database (2), into process; at least one anonymization server (6) which is configured to ensure that the data, that is determined by the data selection server (5), is anonymized within the scope of ruled stored in the rule database (3); at least one encryption server (7) which is configured to encrypt the original data and then save it to the encrypted database (4); at least one access tracking server (8) which is configured to determine and report the access requests of users for encrypted data by accessing the encrypted database (4).
- the personal information database (2) included in the inventive system (1) is configured to store related personal data of a company.
- the personal information database (2) is configured to save the data, that are included in a class of legally sensitive data, in tables and fields together with an information stating that these are sensitive data.
- the rule database (3) included in the inventive system (1) is configured to store the parameters and rule set used for anonymizing transaction.
- the encrypted database (4) included in the inventive system (1) is configured to store the encrypted data.
- the data selection server (5) included in the inventive system (1) is configured to select the fields and data to be anonymized and encrypted from the personal information database (2), by using a predetermined algorithm.
- the anonymization server (6) included in the inventive system (1) is configured to execute the anonymization process in accordance with the data set stored in the rule database (3), upon receiving the data determined by the data selection server (5).
- the anonymization server (6) is configured to anonymize each personal data in different ways, in accordance with the algorithm stored in the rule database (3).
- the encryption server (7) included in the inventive system (1) is configured to encrypt field values of personal information in original versions of anonymized data and to transmit these values to the encrypted database (4), by using a predetermined encryption algorithm.
- the access tracking server (8) included in the inventive system (1) is configured to detect and report the access requests of users -who has and/or has no authority to access the encrypted database (4)- initiated on the encrypted database (4).
- the personal information that should be encrypted are received by the data selection server (5) over the personal information database (2) at first.
- the anonymization server (6) anonymizes the data, that are selected by the data selection server (5) previously, in accordance with the rule set and parameters stored in the rule database (3) and the original version of the anonymized data is configured to be encrypted with its own algorithm by the encryption server (7).
- the encrypted data are recorded in the encrypted database (4).
- the cases where a user creates a demand for accessing the encrypted database (4) are detected and reported by the access tracking server (8).
- data that should be encrypted are classified; specific fields wherein encrypted data will be stored are created; users who have a successful authorization check are allowed for access to encrypted data; a history is kept for users who access the encrypted data; an encryption transaction can be carried out for software that have no database encryption capability; and it is enabled to avoid cost and performance losses that may be caused by encryption of all database in software with encryption capability.
Abstract
The present invention relates to a system (1) for storing personal data that are included in package programs in the form of enterprise resource planning, as encrypted; determining fields that should be encrypted in accordance with an identified rule library; and storing these field values upon being encrypted in control of a robot.
Description
A SYSTEM FOR ENCRYPTING AND TRACKING PERSONAL DATA
Technical Field
The present invention relates to a system for storing personal data that are included in package programs in the form of enterprise resource planning, as encrypted; determining fields that should be encrypted in accordance with an identified rule library; and storing these field values upon being encrypted in control of a robot.
Background of the Invention
Today, data encryption is one of the areas wherein database producers and independent security software generate solution. Database producers can also develop technologies for storing all database as encrypted in order to meet security requirements and eliminate negative effects of data losses. However, these technologies are presented to users with an additional cost. Besides cost, performance is another significant issue. Data reading and data writing from an encrypted database occur much more slowly compared to standard transactions. Due to the fact that this performance loss prevents meeting the satisfaction of many software users, particularly enterprise solution providers do not support these security features. For example, it is not possible to use database as encrypted in SAP S4/HANA Enterprise Resource Planning solution. In sectors wherein security of data is very critical, solutions with an encrypted database support are preferred despite the drawbacks and transactions are carries out accordingly. Particularly, defence industry companies can be cited as an example. Due to the fact that confidentiality of their business is high-level, these companies perform their work in environments wherein specific security measures are taken. Encrypted databases are usually available in such environments. It is aimed to ensure that data cannot be decrypted even if a data leakage occurs as a result of a potential cyber attack. Today,
data security has become critical both commercially and legally. Particularly, the obligation to keep sensitive personal data in a database as encrypted has also obligated private companies to take measures. Keeping record of accesses to encrypted data is another issue. Companies need to be able to record accesses to sensitive personal data in particular. However, companies cannot keep a detailed history in this respect because existing software do not provide this opportunity.
Considering the studies included in the state of the art, it is understood that there is need for a system which enables to encrypt data by means of an application in software that cannot perform encryption at the database level, and to ensure that the data can be viewed by only authorized persons.
The Chinese patent document no. CN111104691 A, an application in the state of the art, discloses a system and method for processing sensitive data. The said invention identifies the sensitive data over a business database; extracts the sensitive data from a database; encrypts the sensitive data by using a random key corresponding to a service party identifier and returns the ciphertext to the service party; when a decryption request containing the ciphertext is received from the business, extracts a random key corresponding to the service party identifier in the current life cycle; decrypts the ciphertext; stores it in a behavior database associatively in order to track the data related to sensitive data; and returns the sensitive data to the business party.
Summary of the Invention
An objective of the present invention is to realize a system which enables enterprises to store personal data by encryption, to record accesses, to maximize their data security and to be safe from cyber attack.
Detailed Description of the Invention
“A System for Encrypting and Tracking Personal Data” realized to fulfil the objective of the present invention is shown in the figure attached, in which:
Figure l is a schematic view of the inventive system.
The components illustrated in the figure are individually numbered, where the numbers refer to the following:
1. System
2. Personal information database
3. Rule database
4. Encrypted database
5. Data selection server
6. Anonymization server
7. Encryption server
8. Access tracking server
The inventive system (1) for storing personal data that are included in package programs in the form of enterprise resource planning, as encrypted; determining fields that should be encrypted in accordance with an identified rule library; and storing these field values upon being encrypted in control of a robot comprises: at least one personal information database (2) which is configured to store the personal data to be put into process; at least one rule database (3) which is configured to store the rules used for transaction of anonymizing the original data; at least one encrypted database (4) which is configured to store the encrypted data; at least one data selection server (5) which is configured to put the personal data, that are stored in the personal information database (2), into process;
at least one anonymization server (6) which is configured to ensure that the data, that is determined by the data selection server (5), is anonymized within the scope of ruled stored in the rule database (3); at least one encryption server (7) which is configured to encrypt the original data and then save it to the encrypted database (4); at least one access tracking server (8) which is configured to determine and report the access requests of users for encrypted data by accessing the encrypted database (4).
The personal information database (2) included in the inventive system (1) is configured to store related personal data of a company. The personal information database (2) is configured to save the data, that are included in a class of legally sensitive data, in tables and fields together with an information stating that these are sensitive data.
The rule database (3) included in the inventive system (1) is configured to store the parameters and rule set used for anonymizing transaction.
The encrypted database (4) included in the inventive system (1) is configured to store the encrypted data.
The data selection server (5) included in the inventive system (1) is configured to select the fields and data to be anonymized and encrypted from the personal information database (2), by using a predetermined algorithm.
The anonymization server (6) included in the inventive system (1) is configured to execute the anonymization process in accordance with the data set stored in the rule database (3), upon receiving the data determined by the data selection server (5). The anonymization server (6) is configured to anonymize each personal data in different ways, in accordance with the algorithm stored in the rule database (3).
The encryption server (7) included in the inventive system (1) is configured to encrypt field values of personal information in original versions of anonymized data and to transmit these values to the encrypted database (4), by using a predetermined encryption algorithm.
The access tracking server (8) included in the inventive system (1) is configured to detect and report the access requests of users -who has and/or has no authority to access the encrypted database (4)- initiated on the encrypted database (4).
In the inventive system (1), the personal information that should be encrypted are received by the data selection server (5) over the personal information database (2) at first. The anonymization server (6) anonymizes the data, that are selected by the data selection server (5) previously, in accordance with the rule set and parameters stored in the rule database (3) and the original version of the anonymized data is configured to be encrypted with its own algorithm by the encryption server (7). The encrypted data are recorded in the encrypted database (4). The cases where a user creates a demand for accessing the encrypted database (4) are detected and reported by the access tracking server (8).
With the invention, data that should be encrypted are classified; specific fields wherein encrypted data will be stored are created; users who have a successful authorization check are allowed for access to encrypted data; a history is kept for users who access the encrypted data; an encryption transaction can be carried out for software that have no database encryption capability; and it is enabled to avoid cost and performance losses that may be caused by encryption of all database in software with encryption capability.
Within these basic concepts; it is possible to develop various embodiments of the inventive system (1); the invention cannot be limited to examples disclosed herein and it is essentially according to claims.
Claims
CLAIMS A system (1) for storing personal data that are included in package programs in the form of enterprise resource planning, as encrypted; determining fields that should be encrypted in accordance with an identified rule library; and storing these field values upon being encrypted in control of a robot; comprising: at least one personal information database (2) which is configured to store the personal data to be put into process; at least one rule database (3) which is configured to store the rules used for transaction of anonymizing the original data; at least one encrypted database (4) which is configured to store the encrypted data; and characterized by at least one data selection server (5) which is configured to put the personal data, that are stored in the personal information database (2), into process; at least one anonymization server (6) which is configured to ensure that the data, that is determined by the data selection server (5), is anonymized within the scope of ruled stored in the rule database (3); at least one encryption server (7) which is configured to encrypt the original data and then save it to the encrypted database (4); at least one access tracking server (8) which is configured to determine and report the access requests of users for encrypted data by accessing the encrypted database (4). A system (1) according to Claim 1; characterized by the personal information database (2) which is configured to store the related personal data of a company.
6
A system (1) according to Claim 1 or 2; characterized by the personal information database (2) which is configured to save the data, that are included in a class of legally sensitive data, in tables and fields together with an information stating that these are sensitive data. A system (1) according to any of the preceding claims; characterized by the rule database (3) which is configured to store the parameters and rule set used for anonymizing transaction. A system (1) according to any of the preceding claims; characterized by the encrypted database (4) which is configured to store the encrypted data. A system (1) according to any of the preceding claims; characterized by the data selection server (5) which is configured to select the fields and data to be anonymized and encrypted from the personal information database (2), by using a predetermined algorithm. A system (1) according to any of the preceding claims; characterized by the anonymization server (6) which is configured to execute the anonymization process in accordance with the data set stored in the rule database (3), upon receiving the data determined by the data selection server (5). A system (1) according to any of the preceding claims; characterized by the anonymization server (6) which is configured to anonymize each personal data in different ways, in accordance with the algorithm stored in the rule database (3). A system (1) according to any of the preceding claims; characterized by the encryption server (7) which is configured to encrypt field values of personal information in original versions of anonymized data and to
7
transmit these values to the encrypted database (4), by using a predetermined encryption algorithm. A system (1) according to any of the preceding claims; characterized by the access tracking server (8) which is configured to detect and report the access requests of users -who has and/or has no authority to access the encrypted database (4)- initiated on the encrypted database (4).
8
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TR2020/22531A TR202022531A2 (en) | 2020-12-30 | 2020-12-30 | A SYSTEM THAT PROVIDES ENCRYPTION AND TRACKING OF PERSONAL DATA |
| TR2020/22531 | 2020-12-30 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2022146377A1 true WO2022146377A1 (en) | 2022-07-07 |
Family
ID=76503113
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/TR2021/051537 WO2022146377A1 (en) | 2020-12-30 | 2021-12-27 | A system for encrypting and tracking personal data |
Country Status (2)
| Country | Link |
|---|---|
| TR (1) | TR202022531A2 (en) |
| WO (1) | WO2022146377A1 (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001054342A1 (en) * | 2000-01-18 | 2001-07-26 | Yodlee.Com. Inc. | Method and apparatus for secure storage of personal data in web-based applications using symmetric encryption and distributed key components |
| US20120036356A1 (en) * | 2008-09-19 | 2012-02-09 | Herve Barbat | Method for Accessing Nominative Data Such As a Customised Medical File From a Local Generation Agent |
| US20170116433A1 (en) * | 2013-03-12 | 2017-04-27 | Commvault Systems, Inc. | File backup with selective encryption |
-
2020
- 2020-12-30 TR TR2020/22531A patent/TR202022531A2/en unknown
-
2021
- 2021-12-27 WO PCT/TR2021/051537 patent/WO2022146377A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001054342A1 (en) * | 2000-01-18 | 2001-07-26 | Yodlee.Com. Inc. | Method and apparatus for secure storage of personal data in web-based applications using symmetric encryption and distributed key components |
| US20120036356A1 (en) * | 2008-09-19 | 2012-02-09 | Herve Barbat | Method for Accessing Nominative Data Such As a Customised Medical File From a Local Generation Agent |
| US20170116433A1 (en) * | 2013-03-12 | 2017-04-27 | Commvault Systems, Inc. | File backup with selective encryption |
Also Published As
| Publication number | Publication date |
|---|---|
| TR202022531A2 (en) | 2021-04-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10614244B1 (en) | Sensitive data aliasing | |
| EP3298532B1 (en) | Encryption and decryption system and method | |
| US10666647B2 (en) | Access to data stored in a cloud | |
| CN100407174C (en) | Data protection program and data protection method | |
| KR101371608B1 (en) | Database Management System and Encrypting Method thereof | |
| Sedayao et al. | Enhancing cloud security using data anonymization | |
| US20150026462A1 (en) | Method and system for access-controlled decryption in big data stores | |
| CN110889130B (en) | Database-based fine-grained data encryption method, system and device | |
| US20110314088A1 (en) | System and method for controlling and monitoring access to data processing applications | |
| CN107368749A (en) | Document handling method, device, equipment and computer-readable storage medium | |
| WO2022146377A1 (en) | A system for encrypting and tracking personal data | |
| CA3188334A1 (en) | A database server system | |
| CN114253660A (en) | System and method for authorizing a user data processor to access a container of user data | |
| Amamou et al. | Towards a Better Security in Public Cloud Computing | |
| Jaya Mabel Rani et al. | Data Leakage Prevention and Detection Techniques Using Internet Protocol Address | |
| Zeb | Security of Relational Database Management System: Threats and Security Techniques | |
| Dhyani | E-Health data risks & protection for public cloud: An elderly healthcare usecase for Swedish municipality | |
| Beley et al. | A Management of Keys of Data Sheet in Data Warehouse | |
| Ulf Mattsson | Ulf Mattsson, CTO Protegrity: Database Security for Cloud and Outsourced Environments–Global Security Mag Online | |
| CN114840820A (en) | Electronic document password-fixing and protecting method | |
| KR20100003380A (en) | How to query encrypted database information | |
| Browning | Security Features in the Teradata Database | |
| Jayapandian et al. | ORPHANAGE HOME MANAGEMENT SYSTEM USING CLOUD WITH DATA ANONYMIZATION | |
| NZ618683B2 (en) | Access control to data stored in a cloud | |
| AYSHWARYA | PARTIAL ENCRYPTION AND PARTIAL INFERENCE CONTROL BASED DISCLOSURE IN EFFECTIVE COST CLOUD |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21916055 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 21916055 Country of ref document: EP Kind code of ref document: A1 |