2) United States Patent (10) Patent No: US 8,613,105 B2 haikh (45) Date of Patent: Dec. 17, 2013 'US008613105B2 (64) METHOD AND APPARATUS FORSTORING 6) References Cited CONFIDENTIAL INFORMATION US. PATENT DOCUMENTS (75) Inveator: Mohammed Naser 8. Shaikh, Santa 2OUUDAOES AL* 7/2002 Batchary tal Barbara, CA (US) aouauzisost AL* 102004 Riciad ta DoIa241595 Al* "92010 Felsher 20110066509 AL* 32011 zane ea Tose (*) Notice: Subject to any disclaimer, the term of this een alee Primary Examiner — Edward Zee Coe ees en eres win Se erate 726/26, 27, 28; 705/64, 75; 707/705, th a fin bie ed fle ‘by th i eee US 201100022848 Alan, 27, 2011 8) ‘See application file for complete search history. 21 Claims, 3 Drawing Sheets ry Traction Progeing Stem Wortsten ee ‘ Te Crary conta ewe Dats us bs Tatar Wortstston s' alialae Tacos Da Storage Server a Feral Fie i36 [ Custener Distal Conia TD Gad Esser isis CeroneU.S. Patent Dec. 17, 2013 Sheet 1 of 3 US 8,613,105 B2 FIG. 1 5 ‘Customer Transaction Processing System Workstation 106 us Tess- Customer File ID Confidential ID Card 122 Di ne 128 ‘Administrator Workstation i6 ‘Admninistrator ID Card 126 Network lod / Enerypted Data Storage Server ia Encrypted ‘Transaction File 120 | Digital Certificate ID Card Serer Digital Certificate 124U.S. Patent Dec. 17, 2013 Sheet 2 of 3 US 8,613,105 B2 FIG. 3 300: FIG. 2 \ 200: ‘ cmon [yy Access Website PL q l Conduct Transeo Customer Resatation— PLaoq il CU Information t Gathering L396 Create Digital Certificate — gg 1 Transaction 4 Eneyption — [ggg Create 1D Card [L208 Y I Tess Coin information Gathering [310 ID Card Transmission PLoig t if FileTDCreaion 1D Card Installation nd Isaliation FL il ‘TPS Transmission Block Lig 1 EDSS Storage BlockU.S. Patent Dec. 17, 2013 Sheet 3 of 3 US 8,613,105 B2 FIG. 4 c Adminis Customer Login eee : Lon | Search Revs | Locate File ID “406 EDSS Login Na 08 ¥ Deeryption 410 12US 8,613,105 B2 1 METHOD AND APPARATUS FOR STORING CONFIDENTIAL INFORMATION BACKGROUND 1. Field This disclosure is generally related to information stra, snd more particularly, to techniques for securely soring cone fidental information associated with a tansaetion. 2, Background CConiidential information has been stored on servers pro= tected by firewalls and in databases that include established security features and security techniques. These established Teatures have proven inadequate to prevent unaulhorized socess tothe confidential information. Despite these known techniques, hacking and other forms of gaining unauthorized agcess to confidential information remain a hazard The pre- vious attempts remain inadequate to provide sufficient secu- rity, while efficiently completing the desired transaction and storing infomation related to the transaetion, SUMMARY, Disclosed herein is a new and improved approach for securely storing confidential information associated with a teansaction In accordance with an aspect of the approach, 0 apparatus includes frst server storing a dataset related t0 2 first transaction, the dataset configured to besearchable by an authorized aciministrator, a second seever storing a plurality ‘of encrypted files that inclide confidential information related to a plurality of transactions, including a first ‘encrypted file that includes the confidential information related tothe fist transaction, the fist server further storing sn identifier forthe first encrypted file, where the identifier is ‘configured to include at least one key required to acces the ‘confidential information related to the first transaetion, a link between the data stand the identifiee, and code for iting tn administrator's access to the plurality of encrypt fies, Tn accordance with another aspect of the approach, an apparatus for storing confidential information inclides, mans for storing dataset related tothe frst transaction in & fist location, the dataset configured to be searchable by an ‘suthorized administator, means for storing a plurality of ‘encryple files that include eonfidenil information related ‘o apluality of tansations ina second! location, including 2 first encrypted file that includes confidential information related to the fist transaction, means for storing an identifce Jorthe frst eneryptd ile, where the identifiers configured 10 Include at least one key requited fo access the confidential jnformation relate to the fis transaction, means for linking the dataset to the iemtter, and means for limiting the access to the pluriliy of encrypted flles bythe administrator In accordance with another aspect of the approsch, a method for securely storing confidential information may jnchide storing a daa st related ta firs transaction ina fst server, the data set configured tobe searchable by an autho- rized administrator, sorin a plurality of enerypfed files that ude confidential information related to a plurality of transactions ina second server, including first encrypted fle that includes confidential information related 0 the fist transaction, storing an identifier forthe first eneryptod filo, ‘where the idemfier is configured to include atleast one key reghired to access the confidential information related to the first transaction, linking the data set to the identifier, and limiting the aocess to the plurality of encrypted files by the administrator 0 o 2 In accordance with another aspect of the approach, a com- puter-readable medium embodying @ set of insiretions executable by one or more processors, may include code for soringa dataset related he frst transaction ina fis server, the data set configured to he searchable by an authorized administrator, code for storing plurality of encrypts files that include confidential information related toa plurality of ‘ransaetionsin.a second server, including a first enerypied file that includes confidential information related 0 the first transaction, code for storing an identifier for the first sr isconfigured to include at 88 the confidential information to the ist transaction, code for linking the data set to the identifer, and code for limiting the access to the plurality ‘of encrypted file by the administrator. Other systems, methods, aspects, features, embodiments and advantages ofthe improved approach for securely storing information associated with a tensaetion disclosed herein ill be, or will become, parent o one having ordinary skill in the aet upon examination of th following drawings and etzled description. tis intended that all such additional systems, methods, aspects, features, embodiments and advantages be included within his description, and be within the scope of the accompanying claims. [BRIEF DESCRIPTION OF THE DRAWINGS. It is to be understood that the drawings are solely for purpose of illustration. Furthermore, the components in the figures are not necessarily to seal, emphasis instead being placed upon illustrating the principles of the apparatuses, Anieles of manufacture and methods disclosed herein. Inthe Tigures, like reerence numerals designate coresponding parts throughout the different views, FIG. 1a lock diagram of a system for storing informa- sion associated with a transaction. FIG. 2 is a flowchart illustrating a method of issuing a eeustomie identification (ID) car FIG. 3 isa flowchart illustrating a method of completing transaction and the creation of an encrypted transaction file anda file ID. FIG. 4 is @flowchar illustrating « method of allowing 3 customer andor an administrator access to the enerypied transaction file under limited circumstances andor condi- sions DETAILED DESCRIPTION The following detailed description, which references to and incorporstes the drawings, describes and ilustates one ‘or more specific embodiments. These embodiments, offered not to Fimit but only o exemplify and teach, are shown and ‘scribed in sufficient dal to enable those skilled in the at to practice what is claimed. Thus, for the sake of brevity, the {description may omit certain information known to those of sal in the art Te word “exemplary” is used herein to mean “serving as anexample, instance, oF illustration." Aay embodiment, com: poneat or variant described herein as “exemplary” is not necessarily to be constrved as prefered or advantageous over other embodiments, components or variants. All of the embodiments, components and variants described in this ‘eseription are exemplary embodiments, components and variants provide to enable persons skilled in the arto make And se the invention, and not necessarily ta limitthe scope of legal protection afforded the appended esis.US 8,613,105 B2 3 FIG. 1 shows @ functional block diagram of a secured transaction system 100 for storing confidential information associated with a transaction, System 100 includes a cus ‘omer workstation 102, network 104, transaction process- ing system 106, a secure emul server 108, a customer iden- tification (ID) card server 110,a digital certificate server 112 sn encrypted data storage server 114, and an administrator workstation 16. The hardware associated with the individual ‘components of system 100 generally known tothose having. ‘ondary skill in the art, However, the configuration of the hardware, as illustrate herein, is new tothe at. Fer, ia this description, though methods and processes are illustrated and disclosed with reerence o system 100 componeats, and system 100 components are illustrated and disclosed With reference to methods and processes, the methods and pro- ‘cesses may be practiced independently of particular compo nents, and the components are not limited to any particular method or process Instead, the systems, methods, and pro- ‘cesses ae a stated in the accompanying elsins Securod transaction system 100 may generally be illus: trated and described as including components configured 10 permit three tasks, processes, and/or methods. first process, ‘niGally ilustrated by flowchart 200 of FIG. 2, includes the ‘issuance of a custome identification (ID) eard 118. A second process, initially illustrated by flowehart 300 of FIG. 3, Includes the completion of a ransaotionand thecreaton ofan ‘encrypted transseton file 120 and fle 1D 122. A third process, initially illustrated by flowchart 400 of FIG. 4, Includes allowing a customer and/or an administrator gecess to the encrypted transaction file 120 under limited circum stances andor conditions. “Though initially illstrated and described in regard to the ‘reation of single customer ID card 118, a single encrypted teansoction file 1202 single file ID card 122, the systems and methods are capabie of ereating plurality of such compo- nents associated witha plurality of ransactions by aphurality ‘of customers, and may’ be used by a plurality of adninstae tors. Further, although illustrated and described witha sepa- rate customer workstation 102 andadministrator workstation 116, in'some applications, the customer and the administrator may be the same. For example, in some embodiments, & ‘customer/patient may provide confidential information dur ing a twansaction involving a healtheare provider, Ata Tater time, it may be the customeripatien, the administrator! healthcare provider, and an agent of either, that may wish to ‘access the confidential information stored pursuant to the technology disclosed herein, In addtional embodiments and applications, customers and/or agents may include, but are not limited to, immigration officers, airline staf, customs ‘flcial, and ageat of customers and administrators, that may ‘wish to access te confidential information stored pursuant 0 the technology disclosed hercia, "Among the benefits associated with the systems and meth= ‘ods described herein is that eonfidentil information associ sted with respective transactions may be separately encrypted ‘and stored separate from les-confidental information. The Jess-confidental information may be used to identify a pare ticular transaction, and to identity the file andlor key anor ‘oxi required to gain acess to the confidential information associated witha respective transaction. Further, te systems nd methods illustrated may allow for imitations tobe placed ‘upon the access to encrypted transaction information. For ‘example, an adminis information related toa single transaction a atime, oF Within ‘set period of time. Ths, the exposure of confidential infor- mation to hacking may be minimized, 0 o 4 FIG, 2shows Howehart 200 illustrating amethod ofissuing ‘customer ID card, including an access website block 202, 3 ‘customer registration block 204, a digital ceritieate creation block 206, an ID card ereation block 208, an ID card trans- snission block 210, and un 1D card installation block 212. la access website block 202, a customer may access transac- ‘ion website associated with transaction processing system 106. The transaction website may be configured to accept customer rogistation information, Customer registration formation may include information associated with the cus tomer that may be used to identity the customer andor 10 Tacility antieipated tmnsaetions in which the customer may ‘engage, such as but not limited to the customers ist name, ‘middle name, last nme, business name, email address, home address, email address, credit card information, the credit card codes, bank account information, zip code, or any other information useful in accomplishing anticipated transactions. In customer registration block 204, the customer may pe0- vide the customer registration information through conven- ‘ional means of website computer data enty. The type of cestomer may depend upon the parieular funetion of the transaction processing system 106, For example, in some applications the eustomer may bea purchaser, in other app cations, the customer may be a patient, a physician, a legal professional, financial professional, ee. The eustomerrep- ‘station information may be included andor converted into a custome egiseation information ie dat may be transmitted to digital cenifieate server 112 andor transaction processing system 106, In some embodiments, an aiministrator may be informed, for example through secured email server 18 and ‘administrator Workstation 116, that the customer i attempt fing to aequire customer ID card 118, The administer, and/or algorithms associated with administator workstation 116, ‘may prevent the issuance of customer ID card 118 issuance criteria are not met, such a ifthe identity of the customer ‘eanot be confirmed. ‘In digital coifieae cretion block 206, digital cenitieate server 12 may create digital centificate 124 hased upon the registration information file. Digital certifieate 124 may be designed to be a unique, oF practically unique code. For ‘example, digital certificate server 124 may be configured 10 ‘gencrite public and private keys based upon public key ini structure (PKD base encryption techniques, In IDereation block 208, customer ID cand server 110, for example a Microsoft windaws eardfile personal information ‘anager, may ereate customer ID eard 118, for example as a CRD ile. Customer 1D card 118 may bean encrypted security iil thatstares secure certificates used to authentieatea person ‘or deviee, such as a computer or Web server. Customer ID card 118 may require a password to be opened and may be installed through in a variety of manners, such as but not Jimited to, a right-click and selection. Customer ID eard 118 ‘may include digital cerifieate 124 and the customer registra tion information, andor a subset of information associated ‘with digital cenfcate 124 and the customer registration information, Customer ID card 118 may’ be designed o be a nique, or practically unique, code designed to identify the custome, and/or customer Workstation 102 Ia some embod ‘ments, an administrator may have to approve the issuance of cestomer ID card 118, Tn ID card transmission block 210, customer ID card 118, may be transmitted to customer workstation 102 via an email sorver,forexamplesocured email server 108, and via newwork 104, Suitable formats for sch cards and contests include, bbutare no limited to, "erd” and pfx". In ID card installation block 212, the customer ID eard 118 may be installed oaUS 8,613,105 B2 5 ‘customer workstation 102, forexample an icon configured to cvoperate with the transaction website andor transaction processing system 106. FIG. 3 shows flowchart 300 illustrating a method of com- pling transaction, including a customer login block 302, @ ‘conduct transaction block 304, a confidential information athering block 306, a transaction encryption block 308, 2 Jess-confidental information gathering block 310, a file ID ‘reation block 312, a transaction processing system (TPS) transmission block 314, and an encrypted data storage server (EDSS) storage block 316. In customer login block 302, 2 “customer may log ito transaction processing system 106, for ‘example through the transaction website, using customer ID ‘ard 118, For example, customer may beable to eickon, right, click and select, and/or drag-and-drop, an icon associated ‘with customer ID card 118 that establishes link between, ‘customer workstation 102 and transaction processing system 196, Transation processing system 106may be configured to "uniquely, or practically uniquely, associate customer work- 2 sation 102 with customer ID cad 118, such sin infocaed, as known to those having Sil in the art Tn conduct transaction black 304, the customer conducts 3 teansoetion in @ manner kaowsn i the art that may depend ‘upon the purpose or business of the particular transaction processing system 106, For example, the customer may use anelectroie shopping cart to select items to be purchased. Ln ‘confidential information gathering block 306, the customer andor the transaction processing system 106 may provide ‘confidential infomation that may be associated with the transaction conducted andlor payment for the transaction ‘conducted. Confidential information may include, for ‘example but not limited to, credit eard mumbers, zip codes, street addresses, cant codes, transaction amounts, transaction item identifiers, receipt, registration information, a subset of registration information, vendor ID, tansaetion identifiers, ‘te. Confidential information may be provided using secured socket layer (SSL) eneryption. At the time of the transaction, ‘confidential information may be provided to thicd parties, such as credit ead processors, Intransaction eseryption block 308, the confidential infor- mation of block 306 is encrypted fo create encrypted trans- action ile 120, For example, the confidential information of block 306 may be enerypied using a digital certificate public key associated with digital eertieate 124 To ereate encrypted teansoetion file 120, In less-confidental information gather- ‘ng block 310, more benign infomation in comparison tothe ‘confidential information, may be gathered and/or gleaned from information sources. For example, but not mite to, the ‘customers first name, middle name, last name, business ame, email address, the transaction date, the transaction time, the transaction amount, transaction confinmation aum- ber, ete, may be gathered from customer ID carl 118, the ‘confidential information, andor specie data entries pro- vided by the customer at customer Workstation 102. In file ID creation block 312, the file ID 122 iserested that uniquely. or practically unigoely links othe enrypted trans- action file 120. Filed [D 122 is aso linked, a illustrated by Tink 190, toa less-confidental datafile 128, File 1D 22may be 122:digitalpha numerie string. The less-confidential data file 128 may be a file or data enry that includes the less-conf dental information gathered in block 310 In TPS transmission block 314, file ID 122 and the les ‘confidential data file 128 may’ be transmitted tothe transac tion processing system 106. In EDSS storage block 316, ‘encrypted transsction file 120 is stored in the encrypted dats storage server 114 0 o 6 FIG. 4 shows flowchart 400 ilustrating a method of allow. ing an administrator and/or acces to the etcrypted transac- ‘ion file 120, ineluding an administrator TPC login block 402, ‘search block 404, file ID 122 location block 406, an FDSS login block 408, a decryption block 410, anda secured data transmission black 412 In administrator TPC Jogin block 402, an administrator may log onto the transaction processing system using an ‘administrator ID card 126. Administrator ID card 126 maybe ‘rested ina manner similar to tht illustrated fr the ereation ofthe customer ID card 118, using scministrator registration information, The administrator registration information used to create the administrator ID card 126 may or may not include confidential information associated with the admin- jstator. Access to eneryped transaction file 120 may also be tated by 9 customer after a customer login 302 as prev ‘ously described in regard to flowehart 300, Tn search block 404, the administrator may search for file ID 122 in the transsction processing system 106. For ‘example, the administrator may search a data base of plu- ‘lity of less-confidental information files, inchuding ls ‘cntideatal datafile 128 Ia ile 1D 122 location block 406, the administrator may identify a particular file ID 122 asso- ciated with a particular transaction fom the plurality of fle IDs associated with respective plurality of transactions. For ‘example the aciminstrator may identify a desired fle ID 122, roma plurality of additonal ile ID's (notshown), due to the Tink 130 established between Tess-contidential data file 128 and file ID 122, Tn EDS login block 408, the administrator may fog. into the Encrypted Data Storage Server 114. The administrator may use the Administrator ID card 126 to log into the Encrypted Data Stonage Server 114 In decryption block 410, the administrator may decrypt the encrypted transaction fle 120using ileID 12 ideaifedin block 406, and the associated private ey from digital certificate 124 In secured data trans- ‘mission block 412, the sdministrator may transmit the conf dential information decrypted from the enerypted transaction file, for example, via secured email server 108, ‘Returning to FIG. 1, customer workstation 102 and admin- stator workstation 116 may be general purpose computers. Customer workstation 102:nd administrator workstation 116 say include a combination of software and hardware, for ‘example processors), iapuvourputdevies, memory element (@), and interfaces, to allow general computing activities ‘long with interacting with newark 104, transaction process: ing system 106, and other portions of system 100, ‘Cistomer workstation 102 and administrator workstation 116 may include software and hardware in order to allow ‘cons, for example an icon associated with customer ID card 118, to be displayed on an inpuvoutput device such as a display soreen. Customer workstation 102 and administrator ‘workstation 116 may uso include software andor hardware configured to allow email nterations, including interactions ‘with secured email server 108, "Network 104 may bea numberof networks known to those ‘having ordinary skill n the at, such as, but not limited to, a Jocal area network (LAN), a wide area network (WAN), the Internet, an Intranet, ete, Network 104 allows interaction between various computers and communication systems, suel as, but not limited (0, the components of system 100 shown in FIG, 1 ‘Transiction processing system 106 may be a number of. ‘computer transaction processing systems used in amumber of leks for processing transactions with customers. Transae- tion processing system 106 may inlude a uniform resource locator (URL) configured processor, and may host the trans-US 8,613,105 B2 7 ‘action website Transsetion processing system 106 may bea teansaction processing system such as, but not limited to ‘electronic commerce transaction processing systems, exe ‘ard transaction systems, healtheare transaction processing, systems, including communications between healthcare pro- viders and paticals, financial transaction processing systems, ovemment document isfuanee systems, proprietary data transaction processing systems, ete. The scope of transaction «data included in any particular transaction oF application may jnclude, but is not limited to, identification information, fiaancial information, item selection information, personal health information (PHD, legal information, coastruction ‘contracts. and information, business contracts, passport infor mation, drivers license information, and other proprietary and non-proprietary information. Such transaction data is ‘fen dependent upon the type of application to which the system 100 is adapted to, for example the electronic com merce trinsaction processing systems, cdi ead transaction systems healtheare transaction processing systems, financial ‘eansoction processing systems, proprietary data transaction processing systems, ete ‘Transaction processing system 106 may be configured to ‘reste encrypted! transaction file 120 basedon the confidential ‘information associated with a transaction between transie- tion processing center 106 and customer workstation 102. Secure email server 108 may be 4 numberof email servers known to those having ordinary skill that are configured to ‘encrypt at least a portion of emails prior to transmission, and configured to receive information required for uniquely ‘encrypig emails, The soewred email server 108 may also provide the customer with updates as various events occur that may be associated with a transsetion, for example, as 2 products shipped the secured email server 18 my’ send an ‘email to the customer workstation 102, The receipt of the ‘email my prompt the customer to request that an adminis trator locate and access the encrypted transsetion fle 120, for ‘example, to change, verify, and/or dispute a transaction, Customer ID eard server 110 may be, for example, an infocard serveror a similar server, sch as those configured to ‘operate pursuant to systems such as, but not limited to Wine dows CaniSpace, Digitale, Higgins Identity Selector, etc The customer ID card server 110 is configured to create ‘customer ID card 118 based on digital certificate 124 and the ‘customer registration information. Forexample, the customer ‘Wentification card server 110 may ereate customer ID card 118 from the customer registration information and a public key provided by digital cetfiate server 112 Digital certificate server 112 may be, for example, but not Fimited 10, a Microsol cerifiete server another servers that enerate digital cenifiates for customers, for example, with 128-bit encryption or 256-bit encryption, et. Digital cert ‘cate server 112 is configured to store a plurality of digital ‘erlfcaes associated with a plurality of customers. Digital certificate server 112 may also be configured to provide 3 plurality of public keys associated, respectively, with the Dlurality of digital cerificates. The digital certificate server 112 may provide the public key tothe customer, and retain the private key for use in deeryptng data stored in the encrypted ‘ata server 114. The digital eentifieate may be, for example, 2 128:bit, orbetter, encryption code, as known to those having shill in the art. The private key may also be linked tothe file ID iz. nerypled data storage server 114 may’ be configured 10 store a plurality of encrypted transaction files, such as ‘encrypted transaction fle 120. The plurality of encrypted transaction files may be associated, espectvely, with a pla- rality of encryption keys that are required to access a respec- 0 o 8 tive encrypted transaction fle, Encrypted data storage server 114 muy also be configured to associatea plurality of file IDs, {or example file ID 122, respectively with the plurality of ceneryption keys, suc that the respective file ID is required to access the respective encrypted transaction file, ‘One exemplary method for storing confidential informa- ‘ion associated with fist transaction may’ include storing a data set related to the fist transaction in a first server, lor ‘example, storing less-confidential datafile 128 in tansaction processing system 106, the data set configured tobe search- able by an suthorized administrator, for example, less-conti- dential data fle 128 may be searchable by an siministrator authorized through administrator workstation 116; storing a plurality ofencrypied fle that include confidential informa ‘ion lated to plurality oftansactions in asecond server, for ‘example, storing plurality of encrypted transaction files in cenerypted data storage server 114, including 2 first encrypted file that includes confidential information related wo the frst ‘ransaetion, for example, the plurality of enerypted transae- ‘ion ies may’ include enerypled transaction file 120; storing fan identifier forthe first enerypte file, for example storing ile ID 122, where the identifier is configured to include at least ane key required to access the confidential information related to the frst transaction, for example, configuring the file ID 122 to include the private Key required t0 access the contideatal information related tothe first trnsaetion: ink- ing the data set to the identifier, for example linking less confidential data 128 to file 1D 122 through Fink 130; and limiting the acess to the plraity of encrypted files by the ‘administrator, for example, by limiting the administrator TD ‘ard andior the administrator workstation to accessing one of the plurality of encrypted transaction fle ata time. “The functionality, operations and architecture depicted by the blocks of method 200,300, and 400 may be implemented using modules, segments, and/or portions of software andior Jinware code. The modules, segments, andar portions of cade include one or more exsettable insirations for imple- ‘menting the speified logical fanetion(). In some implemen- tons, the functions noted in the blocks may occur in a diferent ode than that shown in FIG. 2-FIG. 4. Forexample, to blocks shown in succession in FIG. 2-£1G. 4 may be executed concurrently or the blocks may sometimes. be ‘executed in another order, depending upon the functionality involved “Those of skill wil rer appreciate thatthe various il trative functional blocks, modules, circuits, and stops described herein maybe implemented aselectronic hardware ‘computer software, or combinations of both. To eleaely ills: ‘wate this interchangeability of hardware and software, vari ‘ous illustrative components, blocks, modules, circuits, and steps have boon described above generally in terms of their funetionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design constrains imposed on the overall system. Skilled antsans may implement the described functionality in vary- ‘ng way’ for each particular applicston, but such implemen- {ation decisions should not be interpreted as causing a depar- ture from the seope ofthe append claims The various illustrative functional blocks, modules, and circuits disclosed herein may be implemented or performed ‘witha general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) of other program- able logie device, discrete gate or transistor logic, disrote hardware components, or any combination thereof designed to perform the functions described herein. A general purpose processor may be a microprocessor, but inthe alternative, theUS 8,613,105 B2 9 processor may be any conventional processor, controller, rmcrocontoller or state machine. A processor may’also be Jmplemented as a combination af computing devices, e. @ ‘combination of a DSP and a microprocessor, plurality of microprocessors or DSPs, one or more microprocessors ia ‘conjunction witha DSP eore,orany other such configuration, Soltwarelfirmware implementing any of the functions, blocks or processes disclosed herein may’ reside in RAM memory, fash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, & ‘CD-ROM, of any other form ofstoragemedium known inthe ‘a. Anexemplary storage medium is coupled the processor such tht the processor can red information from, and write jnformation to, the storage mediusn. In the alterative, the storage medium may be integral othe processor. The proces- sor and the storage medium may resideinan ASIC. The ASIC ‘may reside ina user terminal. In thealternative the processor ‘and thestorage medium may resides discrete components ‘user teminal If implemented in software, tbe methods, blocks, algo rithms, and funetions described herein may be stored on transmitted over as instruction or code on one of more eo puterreadable media. Computer-eadable medium includes both compute storage medium and communication medi ‘including any medium that facilitates transfer ofa computer program from one place to another. storage medium may be ny available meditim that ean be accessed by s computer. By way of example, and not limitation, such computer-wadable ‘medium can comprise RAM, ROM, FEPROM, CD-ROM or ‘ther optical disk storage, magnetic disk sforage or other ‘magnetic storage devices, oF ay other medium that can be used fo cary of store desired program code in the form of Jnstructions or data structures and thal can be accessed by & ‘computer. Also, any consection is properly termed a com= puter-readable mediom, For example ifthe software is trans- rite from a website, server or ether remote sauree using 8 ‘coaxial cable fer optic cable, twisted par, digital subscriber Tine (DSL), or wireless technologies suchas infrared, rio, and microwave, thea the coaxial cable, fiber optic cable, twisted pai, DSL, or witeless technologies such as inared. radio, and microwave are included in the definition of ‘medium, Disk and dse, as used herein, includes compact dise (CD), laserdisc, optical disc, digital versatile dise (DVD). floppy disk and blu-ray dise where disks usually reproduce ‘data magnetically, while dses reproduce data optically with lasers. Combinations of the above should also he included ‘within the scope of computer-eadable medium. The above description of the disclosed embodiments is provided io enable any person skilled inthe art to make or use that which is defined by the appended claims. The following ‘luins are aot intended tobe limited to the disclosed embod ments, Other embodiments and modifications will readily ‘eccur t those of ontinary skill inthe art in view of these teachings. Therefore the following claims are intended t0 ‘cover all sich embodiments and modifications whea Viewed in conjunction with the above specification and accompany ing drasvings| What i claimed is 1. An apparatus for storing confidenta! information, com- prising: a fist server storing a data set related toa first business transaction ofa user, the data set configured to be search able by an authorized administrator: 1 second server storing # plurality of encrypted files that ‘nclide confidentil information related toa plurality of 0 o transactions the confidential information relate to the fst business transaction of the user the first server farther storing an identifier forthe first ‘encrypted file, where the identifier is configured 10 inchide at least one key required to access the coafiden- tial information related tothe first business transaction of the user thin server to encrypt the plurality of enerypted files using digital certificates ited to rexpective users ‘Tink between the data set and the identi: and ‘ode for limiting the administrators aovess to the plurality ‘of encrypted files, the code for limiting inelnding ing the administrator to accessing one fle at time ‘wherein the first encrypted file is searchable within the second server only with the identifier. 2. The apparatus of claim 1, wherein the dataset includes related to completion time forthe frst trnsaction,S ‘3. Theapparatus of claim 1, wherein the data set includes a “The apparatus of claim 3, wherein the enerypted file is encrypted using a digital certificate associated with the cus- tomer, and not associated with any other customer. '5. The apparatus of claim 1, wherein the plurality of encrypted files are the only record of confidential information related to the fist transtction that remains available to a ‘ransaetion processing system after thecompletion a the fst transaction. 6. An apparatus for storing confidential information, com- rising: ‘means for storing a data sct related to a first business ‘wansaction of a user in a first location, the data set ‘configured to be searchable by an authorized aden trator, means forstoring a plarality of encrypted file that include ‘confidential information related tea plurality of trans- ‘ction ina second location, inclading a first enerypted file that inetudes the confidential information related to the frst business transaction of the wsce ‘means for storing an identifier forthe first encrypted file, ‘where the identifiers configured to include at least one key requited to access the confidential information ‘elated tothe fist business transaction of the user, ‘means for encrypting the plurality of encrypted files ata third location: ‘means fr linking the data se tothe dentifier, and snicans fr limiting the access tothe plurality of encrypted files hy the administestor, the means or limiting. includ ing limiting the administrator to aocessing one file at a ‘wherein the fist encrypted fle is searchable within the means for storing» plurality of enerypied files only with the identifier 7. The apparatus of claim 6, wherwn the dataset includes ata related to a completion time for the frst transaction. ‘8. Theapparatus of claim 6, wherein the data set includes 9. The apparatus ofelaim 8, wherein the eneryped file is encrypted using a digital certificate associated with the cus- ‘ome, and not associated with any other eustomer. 10, The apparaivs of claim 6, wherein the plurality of cenerypted files are the only record of eonfidentil information related to the fist transaction that remains available to 9 transaetion processing system afer the completion a the fist 11. A method for storing confident rss aUS 8,613,105 B2 ul storing a dataset related toa fest business transaction of user ina fist server, the data set configured to be earch- able by an authorized administrator; storing aphrality of eneryped files that include confiden- tial infomation related toa plurality of tansations in a second server, including & first encrypted file that inchades the confidential information related tothe frst. business transaction of the user: storing an identifier for the fist encrypted file, where the identifier is configured 10 include at least one key required to access the confidential information related the frst business transaction ofthe user ‘encrypting the plurality of enerypted fies ina third server; Tinking the dataset to the identifier, and Timing the access othe plurality of encrypted files by the ‘administrator, the limiting inluding imiting dhe adm istator to accessing one file at a ime, wherein the fit encrypted file is searchable within the second serve only withthe identifier. 12. The method of elaim 11, wherein the dataset includes data related toa completion tim for the firs transaction 18. The method of claim 11, wherein the dataset includes 14, The method of claim 13, wherein the enerypted fle is ‘encrypted using digital certificate associated with the cus tomer, and aot astocisted with any other customer, 15. The method of claim 11, wherein the plurality of ‘encrypted ilesare the only record of confidential information related to the fist transaction that remains available to transaction processing system after the completion ofthe fist 16. A computer-eadable medium embodying a set of instructions executable by one or more processors, compris- ing: ' non-ransitory compulersreadable medium comprising code for storing a data set related 10 a frst business transaction ofa user in a ist server, the dataset config- tured tobe searchable by an authorized administrator, the non-ransitory computerreadahle medium comprising code forstoringa plurality ofenerypted files that include ‘confidential information related to plurality of tras- 12 ‘sctions ina second server inching first encrypted file that includes confidential information related t the rst business transaction ofthe user; the non-transitory computer-readable medium comprising code for enerypling the frst enerypied file ata thin! the non-iransitory computer-seadable medium comprising ‘code for storing an identifier forthe fst encrypted file, where the identifier is configured to include at least one key required to access the confidential information related othe first business transaction of the user, the non-irunsitory computer-readable medium comprising ‘code for Finking the dataset to the identifier, and the ‘on-ransitory computerzeadable medium comprising ‘code for limiting the acess tothe plurality of enerypted hy the administrator. the non-transtory code for limiting including Timing the sdministrator to access ing one flea a ine, ‘wherein the first encrypted file is searchable within the second server only with te identifier. 17. The computer-readable medium of claim 16, wherein the dataset includes data related to a completion time forthe int trnsaetion, 18, The computer-readable medium of claim 16, wherein the data set inclndes a customer name 19, The computer-readable medium of claim 18, wherein theenerypted file is enerypted using a digital certificate ass0- ciated with the customer, and not associated with any other 20. The computer-readable medium of claim 16, wherein the plurality of encrypted files are the only record of con dential information elated tothe frst transaction that remains available toa transaction processing system after the consple- tion ofthe frst transaction. 21. The apparatus of claim 1, wherein encryption of the cncrypted file incorporates «public key in such a manner that the private key is required to deeryp ihe encrypted ile