2) United States Patent (10) Patent No: US 8,613,105 B2
haikh (45) Date of Patent: Dec. 17, 2013
'US008613105B2
(64) METHOD AND APPARATUS FORSTORING 6) References Cited
CONFIDENTIAL INFORMATION
US. PATENT DOCUMENTS
(75) Inveator: Mohammed Naser 8. Shaikh, Santa 2OUUDAOES AL* 7/2002 Batchary tal
Barbara, CA (US) aouauzisost AL* 102004 Riciad ta
DoIa241595 Al* "92010 Felsher
20110066509 AL* 32011 zane ea Tose
(*) Notice: Subject to any disclaimer, the term of this
een alee Primary Examiner — Edward Zee
Coe ees en eres
win Se erate
726/26, 27, 28; 705/64, 75; 707/705, th a fin bie ed fle ‘by th i eee
US 201100022848 Alan, 27, 2011
8)
‘See application file for complete search history. 21 Claims, 3 Drawing Sheets
ry Traction Progeing Stem
Wortsten ee
‘ Te
Crary conta
ewe Dats
us bs
Tatar
Wortstston
s'
alialae
Tacos Da
Storage Server
a
Feral
Fie
i36
[
Custener Distal Conia
TD Gad Esser
isis CeroneU.S. Patent Dec. 17, 2013 Sheet 1 of 3 US 8,613,105 B2
FIG. 1 5
‘Customer Transaction Processing System
Workstation 106
us Tess-
Customer File ID Confidential
ID Card 122 Di
ne 128
‘Administrator
Workstation
i6
‘Admninistrator
ID Card
126
Network
lod
/
Enerypted Data
Storage Server
ia
Encrypted
‘Transaction
File
120
|
Digital Certificate
ID Card Serer
Digital Certificate
124U.S. Patent Dec. 17, 2013 Sheet 2 of 3 US 8,613,105 B2
FIG. 3
300:
FIG. 2 \
200:
‘ cmon [yy
Access Website PL q
l Conduct Transeo
Customer
Resatation— PLaoq il
CU Information
t Gathering L396
Create Digital
Certificate — gg 1
Transaction
4 Eneyption — [ggg
Create 1D Card
[L208 Y
I Tess Coin
information
Gathering [310
ID Card
Transmission PLoig t
if FileTDCreaion
1D Card Installation
nd Isaliation FL il
‘TPS Transmission
Block Lig
1
EDSS Storage BlockU.S. Patent Dec. 17, 2013 Sheet 3 of 3 US 8,613,105 B2
FIG. 4
c
Adminis
Customer Login eee :
Lon |
Search Revs
|
Locate File ID
“406
EDSS Login Na
08
¥
Deeryption
410
12US 8,613,105 B2
1
METHOD AND APPARATUS FOR STORING
CONFIDENTIAL INFORMATION
BACKGROUND
1. Field
This disclosure is generally related to information stra,
snd more particularly, to techniques for securely soring cone
fidental information associated with a tansaetion.
2, Background
CConiidential information has been stored on servers pro=
tected by firewalls and in databases that include established
security features and security techniques. These established
Teatures have proven inadequate to prevent unaulhorized
socess tothe confidential information. Despite these known
techniques, hacking and other forms of gaining unauthorized
agcess to confidential information remain a hazard The pre-
vious attempts remain inadequate to provide sufficient secu-
rity, while efficiently completing the desired transaction and
storing infomation related to the transaetion,
SUMMARY,
Disclosed herein is a new and improved approach for
securely storing confidential information associated with a
teansaction In accordance with an aspect of the approach, 0
apparatus includes frst server storing a dataset related t0 2
first transaction, the dataset configured to besearchable by an
authorized aciministrator, a second seever storing a plurality
‘of encrypted files that inclide confidential information
related to a plurality of transactions, including a first
‘encrypted file that includes the confidential information
related tothe fist transaction, the fist server further storing
sn identifier forthe first encrypted file, where the identifier is
‘configured to include at least one key required to acces the
‘confidential information related to the first transaetion, a link
between the data stand the identifiee, and code for iting
tn administrator's access to the plurality of encrypt fies,
Tn accordance with another aspect of the approach, an
apparatus for storing confidential information inclides,
mans for storing dataset related tothe frst transaction in &
fist location, the dataset configured to be searchable by an
‘suthorized administator, means for storing a plurality of
‘encryple files that include eonfidenil information related
‘o apluality of tansations ina second! location, including 2
first encrypted file that includes confidential information
related to the fist transaction, means for storing an identifce
Jorthe frst eneryptd ile, where the identifiers configured 10
Include at least one key requited fo access the confidential
jnformation relate to the fis transaction, means for linking
the dataset to the iemtter, and means for limiting the access
to the pluriliy of encrypted flles bythe administrator
In accordance with another aspect of the approsch, a
method for securely storing confidential information may
jnchide storing a daa st related ta firs transaction ina fst
server, the data set configured tobe searchable by an autho-
rized administrator, sorin a plurality of enerypfed files that
ude confidential information related to a plurality of
transactions ina second server, including first encrypted fle
that includes confidential information related 0 the fist
transaction, storing an identifier forthe first eneryptod filo,
‘where the idemfier is configured to include atleast one key
reghired to access the confidential information related to the
first transaction, linking the data set to the identifier, and
limiting the aocess to the plurality of encrypted files by the
administrator
0
o
2
In accordance with another aspect of the approach, a com-
puter-readable medium embodying @ set of insiretions
executable by one or more processors, may include code for
soringa dataset related he frst transaction ina fis server,
the data set configured to he searchable by an authorized
administrator, code for storing plurality of encrypts files
that include confidential information related toa plurality of
‘ransaetionsin.a second server, including a first enerypied file
that includes confidential information related 0 the first
transaction, code for storing an identifier for the first
sr isconfigured to include at
88 the confidential information
to the ist transaction, code for linking the data set to
the identifer, and code for limiting the access to the plurality
‘of encrypted file by the administrator.
Other systems, methods, aspects, features, embodiments
and advantages ofthe improved approach for securely storing
information associated with a tensaetion disclosed herein
ill be, or will become, parent o one having ordinary skill
in the aet upon examination of th following drawings and
etzled description. tis intended that all such additional
systems, methods, aspects, features, embodiments and
advantages be included within his description, and be within
the scope of the accompanying claims.
[BRIEF DESCRIPTION OF THE DRAWINGS.
It is to be understood that the drawings are solely for
purpose of illustration. Furthermore, the components in the
figures are not necessarily to seal, emphasis instead being
placed upon illustrating the principles of the apparatuses,
Anieles of manufacture and methods disclosed herein. Inthe
Tigures, like reerence numerals designate coresponding
parts throughout the different views,
FIG. 1a lock diagram of a system for storing informa-
sion associated with a transaction.
FIG. 2 is a flowchart illustrating a method of issuing a
eeustomie identification (ID) car
FIG. 3 isa flowchart illustrating a method of completing
transaction and the creation of an encrypted transaction file
anda file ID.
FIG. 4 is @flowchar illustrating « method of allowing 3
customer andor an administrator access to the enerypied
transaction file under limited circumstances andor condi-
sions
DETAILED DESCRIPTION
The following detailed description, which references to
and incorporstes the drawings, describes and ilustates one
‘or more specific embodiments. These embodiments, offered
not to Fimit but only o exemplify and teach, are shown and
‘scribed in sufficient dal to enable those skilled in the at
to practice what is claimed. Thus, for the sake of brevity, the
{description may omit certain information known to those of
sal in the art
Te word “exemplary” is used herein to mean “serving as
anexample, instance, oF illustration." Aay embodiment, com:
poneat or variant described herein as “exemplary” is not
necessarily to be constrved as prefered or advantageous over
other embodiments, components or variants. All of the
embodiments, components and variants described in this
‘eseription are exemplary embodiments, components and
variants provide to enable persons skilled in the arto make
And se the invention, and not necessarily ta limitthe scope of
legal protection afforded the appended esis.US 8,613,105 B2
3
FIG. 1 shows @ functional block diagram of a secured
transaction system 100 for storing confidential information
associated with a transaction, System 100 includes a cus
‘omer workstation 102, network 104, transaction process-
ing system 106, a secure emul server 108, a customer iden-
tification (ID) card server 110,a digital certificate server 112
sn encrypted data storage server 114, and an administrator
workstation 16. The hardware associated with the individual
‘components of system 100 generally known tothose having.
‘ondary skill in the art, However, the configuration of the
hardware, as illustrate herein, is new tothe at. Fer, ia
this description, though methods and processes are illustrated
and disclosed with reerence o system 100 componeats, and
system 100 components are illustrated and disclosed With
reference to methods and processes, the methods and pro-
‘cesses may be practiced independently of particular compo
nents, and the components are not limited to any particular
method or process Instead, the systems, methods, and pro-
‘cesses ae a stated in the accompanying elsins
Securod transaction system 100 may generally be illus:
trated and described as including components configured 10
permit three tasks, processes, and/or methods. first process,
‘niGally ilustrated by flowchart 200 of FIG. 2, includes the
‘issuance of a custome identification (ID) eard 118. A second
process, initially illustrated by flowehart 300 of FIG. 3,
Includes the completion of a ransaotionand thecreaton ofan
‘encrypted transseton file 120 and fle 1D 122. A third
process, initially illustrated by flowchart 400 of FIG. 4,
Includes allowing a customer and/or an administrator gecess
to the encrypted transaction file 120 under limited circum
stances andor conditions.
“Though initially illstrated and described in regard to the
‘reation of single customer ID card 118, a single encrypted
teansoction file 1202 single file ID card 122, the systems and
methods are capabie of ereating plurality of such compo-
nents associated witha plurality of ransactions by aphurality
‘of customers, and may’ be used by a plurality of adninstae
tors. Further, although illustrated and described witha sepa-
rate customer workstation 102 andadministrator workstation
116, in'some applications, the customer and the administrator
may be the same. For example, in some embodiments, &
‘customer/patient may provide confidential information dur
ing a twansaction involving a healtheare provider, Ata Tater
time, it may be the customeripatien, the administrator!
healthcare provider, and an agent of either, that may wish to
‘access the confidential information stored pursuant to the
technology disclosed herein, In addtional embodiments and
applications, customers and/or agents may include, but are
not limited to, immigration officers, airline staf, customs
‘flcial, and ageat of customers and administrators, that may
‘wish to access te confidential information stored pursuant 0
the technology disclosed hercia,
"Among the benefits associated with the systems and meth=
‘ods described herein is that eonfidentil information associ
sted with respective transactions may be separately encrypted
‘and stored separate from les-confidental information. The
Jess-confidental information may be used to identify a pare
ticular transaction, and to identity the file andlor key anor
‘oxi required to gain acess to the confidential information
associated witha respective transaction. Further, te systems
nd methods illustrated may allow for imitations tobe placed
‘upon the access to encrypted transaction information. For
‘example, an adminis
information related toa single transaction a atime, oF Within
‘set period of time. Ths, the exposure of confidential infor-
mation to hacking may be minimized,
0
o
4
FIG, 2shows Howehart 200 illustrating amethod ofissuing
‘customer ID card, including an access website block 202, 3
‘customer registration block 204, a digital ceritieate creation
block 206, an ID card ereation block 208, an ID card trans-
snission block 210, and un 1D card installation block 212. la
access website block 202, a customer may access transac-
‘ion website associated with transaction processing system
106. The transaction website may be configured to accept
customer rogistation information, Customer registration
formation may include information associated with the cus
tomer that may be used to identity the customer andor 10
Tacility antieipated tmnsaetions in which the customer may
‘engage, such as but not limited to the customers ist name,
‘middle name, last nme, business name, email address, home
address, email address, credit card information, the credit
card codes, bank account information, zip code, or any other
information useful in accomplishing anticipated transactions.
In customer registration block 204, the customer may pe0-
vide the customer registration information through conven-
‘ional means of website computer data enty. The type of
cestomer may depend upon the parieular funetion of the
transaction processing system 106, For example, in some
applications the eustomer may bea purchaser, in other app
cations, the customer may be a patient, a physician, a legal
professional, financial professional, ee. The eustomerrep-
‘station information may be included andor converted into a
custome egiseation information ie dat may be transmitted
to digital cenifieate server 112 andor transaction processing
system 106, In some embodiments, an aiministrator may be
informed, for example through secured email server 18 and
‘administrator Workstation 116, that the customer i attempt
fing to aequire customer ID card 118, The administer, and/or
algorithms associated with administator workstation 116,
‘may prevent the issuance of customer ID card 118 issuance
criteria are not met, such a ifthe identity of the customer
‘eanot be confirmed.
‘In digital coifieae cretion block 206, digital cenitieate
server 12 may create digital centificate 124 hased upon the
registration information file. Digital certifieate 124 may be
designed to be a unique, oF practically unique code. For
‘example, digital certificate server 124 may be configured 10
‘gencrite public and private keys based upon public key ini
structure (PKD base encryption techniques,
In IDereation block 208, customer ID cand server 110, for
example a Microsoft windaws eardfile personal information
‘anager, may ereate customer ID eard 118, for example as a
CRD ile. Customer 1D card 118 may bean encrypted security
iil thatstares secure certificates used to authentieatea person
‘or deviee, such as a computer or Web server. Customer ID
card 118 may require a password to be opened and may be
installed through in a variety of manners, such as but not
Jimited to, a right-click and selection. Customer ID eard 118
‘may include digital cerifieate 124 and the customer registra
tion information, andor a subset of information associated
‘with digital cenfcate 124 and the customer registration
information, Customer ID card 118 may’ be designed o be a
nique, or practically unique, code designed to identify the
custome, and/or customer Workstation 102 Ia some embod
‘ments, an administrator may have to approve the issuance of
cestomer ID card 118,
Tn ID card transmission block 210, customer ID card 118,
may be transmitted to customer workstation 102 via an email
sorver,forexamplesocured email server 108, and via newwork
104, Suitable formats for sch cards and contests include,
bbutare no limited to, "erd” and pfx". In ID card installation
block 212, the customer ID eard 118 may be installed oaUS 8,613,105 B2
5
‘customer workstation 102, forexample an icon configured
to cvoperate with the transaction website andor transaction
processing system 106.
FIG. 3 shows flowchart 300 illustrating a method of com-
pling transaction, including a customer login block 302, @
‘conduct transaction block 304, a confidential information
athering block 306, a transaction encryption block 308, 2
Jess-confidental information gathering block 310, a file ID
‘reation block 312, a transaction processing system (TPS)
transmission block 314, and an encrypted data storage server
(EDSS) storage block 316. In customer login block 302, 2
“customer may log ito transaction processing system 106, for
‘example through the transaction website, using customer ID
‘ard 118, For example, customer may beable to eickon, right,
click and select, and/or drag-and-drop, an icon associated
‘with customer ID card 118 that establishes link between,
‘customer workstation 102 and transaction processing system
196, Transation processing system 106may be configured to
"uniquely, or practically uniquely, associate customer work- 2
sation 102 with customer ID cad 118, such sin infocaed, as
known to those having Sil in the art
Tn conduct transaction black 304, the customer conducts 3
teansoetion in @ manner kaowsn i the art that may depend
‘upon the purpose or business of the particular transaction
processing system 106, For example, the customer may use
anelectroie shopping cart to select items to be purchased. Ln
‘confidential information gathering block 306, the customer
andor the transaction processing system 106 may provide
‘confidential infomation that may be associated with the
transaction conducted andlor payment for the transaction
‘conducted. Confidential information may include, for
‘example but not limited to, credit eard mumbers, zip codes,
street addresses, cant codes, transaction amounts, transaction
item identifiers, receipt, registration information, a subset of
registration information, vendor ID, tansaetion identifiers,
‘te. Confidential information may be provided using secured
socket layer (SSL) eneryption. At the time of the transaction,
‘confidential information may be provided to thicd parties,
such as credit ead processors,
Intransaction eseryption block 308, the confidential infor-
mation of block 306 is encrypted fo create encrypted trans-
action ile 120, For example, the confidential information of
block 306 may be enerypied using a digital certificate public
key associated with digital eertieate 124 To ereate encrypted
teansoetion file 120, In less-confidental information gather-
‘ng block 310, more benign infomation in comparison tothe
‘confidential information, may be gathered and/or gleaned
from information sources. For example, but not mite to, the
‘customers first name, middle name, last name, business
ame, email address, the transaction date, the transaction
time, the transaction amount, transaction confinmation aum-
ber, ete, may be gathered from customer ID carl 118, the
‘confidential information, andor specie data entries pro-
vided by the customer at customer Workstation 102.
In file ID creation block 312, the file ID 122 iserested that
uniquely. or practically unigoely links othe enrypted trans-
action file 120. Filed [D 122 is aso linked, a illustrated by
Tink 190, toa less-confidental datafile 128, File 1D 22may be
122:digitalpha numerie string. The less-confidential data file
128 may be a file or data enry that includes the less-conf
dental information gathered in block 310
In TPS transmission block 314, file ID 122 and the les
‘confidential data file 128 may’ be transmitted tothe transac
tion processing system 106. In EDSS storage block 316,
‘encrypted transsction file 120 is stored in the encrypted dats
storage server 114
0
o
6
FIG. 4 shows flowchart 400 ilustrating a method of allow.
ing an administrator and/or acces to the etcrypted transac-
‘ion file 120, ineluding an administrator TPC login block 402,
‘search block 404, file ID 122 location block 406, an FDSS
login block 408, a decryption block 410, anda secured data
transmission black 412
In administrator TPC Jogin block 402, an administrator
may log onto the transaction processing system using an
‘administrator ID card 126. Administrator ID card 126 maybe
‘rested ina manner similar to tht illustrated fr the ereation
ofthe customer ID card 118, using scministrator registration
information, The administrator registration information used
to create the administrator ID card 126 may or may not
include confidential information associated with the admin-
jstator. Access to eneryped transaction file 120 may also be
tated by 9 customer after a customer login 302 as prev
‘ously described in regard to flowehart 300,
Tn search block 404, the administrator may search for file
ID 122 in the transsction processing system 106. For
‘example, the administrator may search a data base of plu-
‘lity of less-confidental information files, inchuding ls
‘cntideatal datafile 128 Ia ile 1D 122 location block 406,
the administrator may identify a particular file ID 122 asso-
ciated with a particular transaction fom the plurality of fle
IDs associated with respective plurality of transactions. For
‘example the aciminstrator may identify a desired fle ID 122,
roma plurality of additonal ile ID's (notshown), due to the
Tink 130 established between Tess-contidential data file 128
and file ID 122,
Tn EDS login block 408, the administrator may fog. into
the Encrypted Data Storage Server 114. The administrator
may use the Administrator ID card 126 to log into the
Encrypted Data Stonage Server 114 In decryption block 410,
the administrator may decrypt the encrypted transaction fle
120using ileID 12 ideaifedin block 406, and the associated
private ey from digital certificate 124 In secured data trans-
‘mission block 412, the sdministrator may transmit the conf
dential information decrypted from the enerypted transaction
file, for example, via secured email server 108,
‘Returning to FIG. 1, customer workstation 102 and admin-
stator workstation 116 may be general purpose computers.
Customer workstation 102:nd administrator workstation 116
say include a combination of software and hardware, for
‘example processors), iapuvourputdevies, memory element
(@), and interfaces, to allow general computing activities
‘long with interacting with newark 104, transaction process:
ing system 106, and other portions of system 100,
‘Cistomer workstation 102 and administrator workstation
116 may include software and hardware in order to allow
‘cons, for example an icon associated with customer ID card
118, to be displayed on an inpuvoutput device such as a
display soreen. Customer workstation 102 and administrator
‘workstation 116 may uso include software andor hardware
configured to allow email nterations, including interactions
‘with secured email server 108,
"Network 104 may bea numberof networks known to those
‘having ordinary skill n the at, such as, but not limited to, a
Jocal area network (LAN), a wide area network (WAN), the
Internet, an Intranet, ete, Network 104 allows interaction
between various computers and communication systems,
suel as, but not limited (0, the components of system 100
shown in FIG, 1
‘Transiction processing system 106 may be a number of.
‘computer transaction processing systems used in amumber of
leks for processing transactions with customers. Transae-
tion processing system 106 may inlude a uniform resource
locator (URL) configured processor, and may host the trans-US 8,613,105 B2
7
‘action website Transsetion processing system 106 may bea
teansaction processing system such as, but not limited to
‘electronic commerce transaction processing systems, exe
‘ard transaction systems, healtheare transaction processing,
systems, including communications between healthcare pro-
viders and paticals, financial transaction processing systems,
ovemment document isfuanee systems, proprietary data
transaction processing systems, ete. The scope of transaction
«data included in any particular transaction oF application may
jnclude, but is not limited to, identification information,
fiaancial information, item selection information, personal
health information (PHD, legal information, coastruction
‘contracts. and information, business contracts, passport infor
mation, drivers license information, and other proprietary
and non-proprietary information. Such transaction data is
‘fen dependent upon the type of application to which the
system 100 is adapted to, for example the electronic com
merce trinsaction processing systems, cdi ead transaction
systems healtheare transaction processing systems, financial
‘eansoction processing systems, proprietary data transaction
processing systems, ete
‘Transaction processing system 106 may be configured to
‘reste encrypted! transaction file 120 basedon the confidential
‘information associated with a transaction between transie-
tion processing center 106 and customer workstation 102.
Secure email server 108 may be 4 numberof email servers
known to those having ordinary skill that are configured to
‘encrypt at least a portion of emails prior to transmission, and
configured to receive information required for uniquely
‘encrypig emails, The soewred email server 108 may also
provide the customer with updates as various events occur
that may be associated with a transsetion, for example, as 2
products shipped the secured email server 18 my’ send an
‘email to the customer workstation 102, The receipt of the
‘email my prompt the customer to request that an adminis
trator locate and access the encrypted transsetion fle 120, for
‘example, to change, verify, and/or dispute a transaction,
Customer ID eard server 110 may be, for example, an
infocard serveror a similar server, sch as those configured to
‘operate pursuant to systems such as, but not limited to Wine
dows CaniSpace, Digitale, Higgins Identity Selector, etc
The customer ID card server 110 is configured to create
‘customer ID card 118 based on digital certificate 124 and the
‘customer registration information. Forexample, the customer
‘Wentification card server 110 may ereate customer ID card
118 from the customer registration information and a public
key provided by digital cetfiate server 112
Digital certificate server 112 may be, for example, but not
Fimited 10, a Microsol cerifiete server another servers that
enerate digital cenifiates for customers, for example, with
128-bit encryption or 256-bit encryption, et. Digital cert
‘cate server 112 is configured to store a plurality of digital
‘erlfcaes associated with a plurality of customers. Digital
certificate server 112 may also be configured to provide 3
plurality of public keys associated, respectively, with the
Dlurality of digital cerificates. The digital certificate server
112 may provide the public key tothe customer, and retain the
private key for use in deeryptng data stored in the encrypted
‘ata server 114. The digital eentifieate may be, for example, 2
128:bit, orbetter, encryption code, as known to those having
shill in the art. The private key may also be linked tothe file
ID iz.
nerypled data storage server 114 may’ be configured 10
store a plurality of encrypted transaction files, such as
‘encrypted transaction fle 120. The plurality of encrypted
transaction files may be associated, espectvely, with a pla-
rality of encryption keys that are required to access a respec-
0
o
8
tive encrypted transaction fle, Encrypted data storage server
114 muy also be configured to associatea plurality of file IDs,
{or example file ID 122, respectively with the plurality of
ceneryption keys, suc that the respective file ID is required to
access the respective encrypted transaction file,
‘One exemplary method for storing confidential informa-
‘ion associated with fist transaction may’ include storing a
data set related to the fist transaction in a first server, lor
‘example, storing less-confidential datafile 128 in tansaction
processing system 106, the data set configured tobe search-
able by an suthorized administrator, for example, less-conti-
dential data fle 128 may be searchable by an siministrator
authorized through administrator workstation 116; storing a
plurality ofencrypied fle that include confidential informa
‘ion lated to plurality oftansactions in asecond server, for
‘example, storing plurality of encrypted transaction files in
cenerypted data storage server 114, including 2 first encrypted
file that includes confidential information related wo the frst
‘ransaetion, for example, the plurality of enerypted transae-
‘ion ies may’ include enerypled transaction file 120; storing
fan identifier forthe first enerypte file, for example storing
ile ID 122, where the identifier is configured to include at
least ane key required to access the confidential information
related to the frst transaction, for example, configuring the
file ID 122 to include the private Key required t0 access the
contideatal information related tothe first trnsaetion: ink-
ing the data set to the identifier, for example linking less
confidential data 128 to file 1D 122 through Fink 130; and
limiting the acess to the plraity of encrypted files by the
‘administrator, for example, by limiting the administrator TD
‘ard andior the administrator workstation to accessing one of
the plurality of encrypted transaction fle ata time.
“The functionality, operations and architecture depicted by
the blocks of method 200,300, and 400 may be implemented
using modules, segments, and/or portions of software andior
Jinware code. The modules, segments, andar portions of
cade include one or more exsettable insirations for imple-
‘menting the speified logical fanetion(). In some implemen-
tons, the functions noted in the blocks may occur in a
diferent ode than that shown in FIG. 2-FIG. 4. Forexample,
to blocks shown in succession in FIG. 2-£1G. 4 may be
executed concurrently or the blocks may sometimes. be
‘executed in another order, depending upon the functionality
involved
“Those of skill wil rer appreciate thatthe various il
trative functional blocks, modules, circuits, and stops
described herein maybe implemented aselectronic hardware
‘computer software, or combinations of both. To eleaely ills:
‘wate this interchangeability of hardware and software, vari
‘ous illustrative components, blocks, modules, circuits, and
steps have boon described above generally in terms of their
funetionality. Whether such functionality is implemented as
hardware or software depends upon the particular application
and design constrains imposed on the overall system. Skilled
antsans may implement the described functionality in vary-
‘ng way’ for each particular applicston, but such implemen-
{ation decisions should not be interpreted as causing a depar-
ture from the seope ofthe append claims
The various illustrative functional blocks, modules, and
circuits disclosed herein may be implemented or performed
‘witha general purpose processor, a digital signal processor
(DSP), an application specific integrated circuit (ASIC), a
field programmable gate array (FPGA) of other program-
able logie device, discrete gate or transistor logic, disrote
hardware components, or any combination thereof designed
to perform the functions described herein. A general purpose
processor may be a microprocessor, but inthe alternative, theUS 8,613,105 B2
9
processor may be any conventional processor, controller,
rmcrocontoller or state machine. A processor may’also be
Jmplemented as a combination af computing devices, e. @
‘combination of a DSP and a microprocessor, plurality of
microprocessors or DSPs, one or more microprocessors ia
‘conjunction witha DSP eore,orany other such configuration,
Soltwarelfirmware implementing any of the functions,
blocks or processes disclosed herein may’ reside in RAM
memory, fash memory, ROM memory, EPROM memory,
EEPROM memory, registers, hard disk, a removable disk, &
‘CD-ROM, of any other form ofstoragemedium known inthe
‘a. Anexemplary storage medium is coupled the processor
such tht the processor can red information from, and write
jnformation to, the storage mediusn. In the alterative, the
storage medium may be integral othe processor. The proces-
sor and the storage medium may resideinan ASIC. The ASIC
‘may reside ina user terminal. In thealternative the processor
‘and thestorage medium may resides discrete components
‘user teminal
If implemented in software, tbe methods, blocks, algo
rithms, and funetions described herein may be stored on
transmitted over as instruction or code on one of more eo
puterreadable media. Computer-eadable medium includes
both compute storage medium and communication medi
‘including any medium that facilitates transfer ofa computer
program from one place to another. storage medium may be
ny available meditim that ean be accessed by s computer. By
way of example, and not limitation, such computer-wadable
‘medium can comprise RAM, ROM, FEPROM, CD-ROM or
‘ther optical disk storage, magnetic disk sforage or other
‘magnetic storage devices, oF ay other medium that can be
used fo cary of store desired program code in the form of
Jnstructions or data structures and thal can be accessed by &
‘computer. Also, any consection is properly termed a com=
puter-readable mediom, For example ifthe software is trans-
rite from a website, server or ether remote sauree using 8
‘coaxial cable fer optic cable, twisted par, digital subscriber
Tine (DSL), or wireless technologies suchas infrared, rio,
and microwave, thea the coaxial cable, fiber optic cable,
twisted pai, DSL, or witeless technologies such as inared.
radio, and microwave are included in the definition of
‘medium, Disk and dse, as used herein, includes compact dise
(CD), laserdisc, optical disc, digital versatile dise (DVD).
floppy disk and blu-ray dise where disks usually reproduce
‘data magnetically, while dses reproduce data optically with
lasers. Combinations of the above should also he included
‘within the scope of computer-eadable medium.
The above description of the disclosed embodiments is
provided io enable any person skilled inthe art to make or use
that which is defined by the appended claims. The following
‘luins are aot intended tobe limited to the disclosed embod
ments, Other embodiments and modifications will readily
‘eccur t those of ontinary skill inthe art in view of these
teachings. Therefore the following claims are intended t0
‘cover all sich embodiments and modifications whea Viewed
in conjunction with the above specification and accompany
ing drasvings|
What i claimed is
1. An apparatus for storing confidenta! information, com-
prising:
a fist server storing a data set related toa first business
transaction ofa user, the data set configured to be search
able by an authorized administrator:
1 second server storing # plurality of encrypted files that
‘nclide confidentil information related toa plurality of
0
o
transactions
the confidential information relate to the fst business
transaction of the user
the first server farther storing an identifier forthe first
‘encrypted file, where the identifier is configured 10
inchide at least one key required to access the coafiden-
tial information related tothe first business transaction
of the user
thin server to encrypt the plurality of enerypted files
using digital certificates ited to rexpective users
‘Tink between the data set and the identi: and
‘ode for limiting the administrators aovess to the plurality
‘of encrypted files, the code for limiting inelnding
ing the administrator to accessing one fle at time
‘wherein the first encrypted file is searchable within the
second server only with the identifier.
2. The apparatus of claim 1, wherein the dataset includes
related to completion time forthe frst trnsaction,S
‘3. Theapparatus of claim 1, wherein the data set includes a
“The apparatus of claim 3, wherein the enerypted file is
encrypted using a digital certificate associated with the cus-
tomer, and not associated with any other customer.
'5. The apparatus of claim 1, wherein the plurality of
encrypted files are the only record of confidential information
related to the fist transtction that remains available to a
‘ransaetion processing system after thecompletion a the fst
transaction.
6. An apparatus for storing confidential information, com-
rising:
‘means for storing a data sct related to a first business
‘wansaction of a user in a first location, the data set
‘configured to be searchable by an authorized aden
trator,
means forstoring a plarality of encrypted file that include
‘confidential information related tea plurality of trans-
‘ction ina second location, inclading a first enerypted
file that inetudes the confidential information related to
the frst business transaction of the wsce
‘means for storing an identifier forthe first encrypted file,
‘where the identifiers configured to include at least one
key requited to access the confidential information
‘elated tothe fist business transaction of the user,
‘means for encrypting the plurality of encrypted files ata
third location:
‘means fr linking the data se tothe dentifier, and
snicans fr limiting the access tothe plurality of encrypted
files hy the administestor, the means or limiting. includ
ing limiting the administrator to aocessing one file at a
‘wherein the fist encrypted fle is searchable within the
means for storing» plurality of enerypied files only with
the identifier
7. The apparatus of claim 6, wherwn the dataset includes
ata related to a completion time for the frst transaction.
‘8. Theapparatus of claim 6, wherein the data set includes
9. The apparatus ofelaim 8, wherein the eneryped file is
encrypted using a digital certificate associated with the cus-
‘ome, and not associated with any other eustomer.
10, The apparaivs of claim 6, wherein the plurality of
cenerypted files are the only record of eonfidentil information
related to the fist transaction that remains available to 9
transaetion processing system afer the completion a the fist
11. A method for storing confident
rss
aUS 8,613,105 B2
ul
storing a dataset related toa fest business transaction of
user ina fist server, the data set configured to be earch-
able by an authorized administrator;
storing aphrality of eneryped files that include confiden-
tial infomation related toa plurality of tansations in a
second server, including & first encrypted file that
inchades the confidential information related tothe frst.
business transaction of the user:
storing an identifier for the fist encrypted file, where the
identifier is configured 10 include at least one key
required to access the confidential information related
the frst business transaction ofthe user
‘encrypting the plurality of enerypted fies ina third server;
Tinking the dataset to the identifier, and
Timing the access othe plurality of encrypted files by the
‘administrator, the limiting inluding imiting dhe adm
istator to accessing one file at a ime,
wherein the fit encrypted file is searchable within the
second serve only withthe identifier.
12. The method of elaim 11, wherein the dataset includes
data related toa completion tim for the firs transaction
18. The method of claim 11, wherein the dataset includes
14, The method of claim 13, wherein the enerypted fle is
‘encrypted using digital certificate associated with the cus
tomer, and aot astocisted with any other customer,
15. The method of claim 11, wherein the plurality of
‘encrypted ilesare the only record of confidential information
related to the fist transaction that remains available to
transaction processing system after the completion ofthe fist
16. A computer-eadable medium embodying a set of
instructions executable by one or more processors, compris-
ing:
' non-ransitory compulersreadable medium comprising
code for storing a data set related 10 a frst business
transaction ofa user in a ist server, the dataset config-
tured tobe searchable by an authorized administrator,
the non-ransitory computerreadahle medium comprising
code forstoringa plurality ofenerypted files that include
‘confidential information related to plurality of tras-
12
‘sctions ina second server inching first encrypted file
that includes confidential information related t the rst
business transaction ofthe user;
the non-transitory computer-readable medium comprising
code for enerypling the frst enerypied file ata thin!
the non-iransitory computer-seadable medium comprising
‘code for storing an identifier forthe fst encrypted file,
where the identifier is configured to include at least one
key required to access the confidential information
related othe first business transaction of the user,
the non-irunsitory computer-readable medium comprising
‘code for Finking the dataset to the identifier, and the
‘on-ransitory computerzeadable medium comprising
‘code for limiting the acess tothe plurality of enerypted
hy the administrator. the non-transtory code for
limiting including Timing the sdministrator to access
ing one flea a ine,
‘wherein the first encrypted file is searchable within the
second server only with te identifier.
17. The computer-readable medium of claim 16, wherein
the dataset includes data related to a completion time forthe
int trnsaetion,
18, The computer-readable medium of claim 16, wherein
the data set inclndes a customer name
19, The computer-readable medium of claim 18, wherein
theenerypted file is enerypted using a digital certificate ass0-
ciated with the customer, and not associated with any other
20. The computer-readable medium of claim 16, wherein
the plurality of encrypted files are the only record of con
dential information elated tothe frst transaction that remains
available toa transaction processing system after the consple-
tion ofthe frst transaction.
21. The apparatus of claim 1, wherein encryption of the
cncrypted file incorporates «public key in such a manner that
the private key is required to deeryp ihe encrypted ile