Sensitive/confidential data may be entered by a user at a client computer. For example, a doctor, nurse or even a medical receptionist may enter sensitive data such as medical conditions or symptoms, medications, date of birth, social security number, insurance card number and credit card number into one or more medical forms. Typically, the data is sent to and stored at a central server so it is centrally available for access by client computers at different locations and for security reasons in case a client computer is hacked.
Data transmitted between client computers and servers is vulnerable to interception by hackers in both directions. Protocols such as Secure Socket Layer (SSL) or Transport Layer Security (TLS) allow for an encrypted secure bi-directional connection between a client computer and a mail server or web server. These protocols use asymmetric cryptography for authentication, and then symmetric encryption for the actual data transmission. This helps to protect sensitive data from hackers who eavesdrop on transmitted data, or change data in transit.
Computer databases allow the storage of digital data in an organized format that allows for searches to retrieve a particular subset of data utilizing specialized commands in a query language, such as Structured Query Language (SQL). SQL allows data entry, manipulation, and deletion. SQL statements may be generated by a client application based on user input or stored in database procedures to be run on a schedule or on request by a Database Administrator (DBA). The SQL is executed by a Database Management System (DBMS), which is a software system, which allows the administration of a database and to control access to a database. Databases may be encrypted as a whole to protect from hackers who may gain access to the database.
Within a database, some data tables may contain both user sensitive information, as well as non-sensitive information. Data protection is usually required by administration policy to prevent unauthorized access to sensitive information. Some databases are protected by a generic “userid” or machine identification used by all users within a company or office to access the data. A second method of data protection includes the use of a unique database userid and password for each individual user, along with table definitions that include a field to allow segregation of data by the userid. This last approach requires maintenance by a Database Administrator (DBA) to create a new userid for each user and set permission access by table for each new userid, which can be time consuming. While database files are typically encrypted as a whole, this does not prevent authorized users from gaining access to the data in the table.
Another type of encryption method protects the storage of user private data during transmission onto a server connected storage device. US 2009/0147949 A1 by Microsoft Corporation describes a method wherein a set of symmetric encryption keys is generated by a server at the request of a client computer. The server application stores the set of symmetric encryption keys on the server for a user of the client computer. The keys are sent to the client computer only when needed for encryption or decryption of data on a portable storage device during transmission. The keys are deleted from the client computer when encryption or decryption is completed.