Browse Prior Art Database

Method and System for management of "Sealed" or "Locked" records for protection of Privacy and Identity.

IP.com Disclosure Number: IPCOM000125604D
Original Publication Date: 2005-Jun-09
Included in the Prior Art Database: 2005-Jun-09
Document File: 7 page(s) / 175K

Publishing Venue

IBM

Abstract

A reliable means to secure and protect electronic data, especially for protection of privacy, for prevention of identity theft and for protection of intellectual properties and to implement a system for managing the ?sealed record? and ?locked record? is introduced. A ?sealed record? requires that not only the information content but also the very existence of such information itself be completely hidden, while a ?locked record? requires that the information content be completely hidden although the existence of such information can be known to a small group of selected people in the authorized organizational entities.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 19% of the total text.

Page 1 of 7

Method and System for management of "Sealed" or "Locked" records for protection of Privacy and Identity.

The present invention allows users to keep their electronic records in a "locked' state - the content of electronic records is hidden from others including system/data administrators - or in a "sealed" state - not only the content of electronic records but also the existence of the electronic records is hidden from others including system/data administrators.

The present invention completely hides the content of electronic records from others, including system/data administrators, by storing the electronic records encrypted with the owner's public key and again with the custodian's private key so that only the owner of the electronic records can decrypt them in collaboration with the custodian. The present invention completely hides the existence of such electronic records, as well as its content, from others, including system/data administrators, by storing the meta-data (i.e. the information about the electronic record) encrypted with the owner's public key so that only the owner of the electronic records may know about and get the information about the existence of the electronic records.

A digital signature is used to ensure integrity of an electronic record, i.e. to prevent unauthorized alteration of the content of an electronic record. It is also used for non- repudiation for an electronic transactions, i.e. to prevent a denial of an involvement in an electronic contract for a legally binding agreement.

Locked Record

In this model, an Electronic Record Owner (ERO) generates a pair of asymmetric keys and keeps the private key (rkERO) for one's own use and publishes the public key (ukERO) in the Electronic Record Meta-Directory (ERMD).

The Electronic Record Owner (ERO) encrypts the electronic record with one's public key (ukERO) and creates a digital signature (sgERO) for the encrypted electronic record (EER).

The difference of this present invention to the conventional approaches is that the electronic record is encrypted with the owner's public key, as opposed to the owner's private key. This method prevents anyone else, even the system/database administrators of the Custodian of Electronic Records (CER), from decrypting the encrypted message. Note the electronic record has been encrypted with the owner's public key (ukERO) and consequently the document can be decrypted only with the owner's private key (rkERO), which no one but the document owner has.

Another difference of this present invention to the conventional approaches is that the digital signature is generated against the already encrypted electronic record (EER), as opposed to being generated against the original electronic record. The digital signature (sgERO) will be used by the receiver, in this case the Custodian of Electronic Records (CER), to validate the authenticity of the message which is encrypted.

The Electronic Record Owner (ERO) then encrypts again...