This invention relates to secure databases.
Many countries have legislation for controlling the way in which personal data may be stored and used on computer systems. For example, the Dutch Personal Data Registration Act (xe2x80x9cWet Persoonsregistratiesxe2x80x9d) demands (among other things) that the database must be secured against hackers who have succeeded in getting unauthorised access to the database despite all security applied to it. However, it has been found that conventional database systems do not satisfy this requirement. For example, in conventional hospital information systems, if a hacker gains access to a medical history record, the hacker can obtain the patient""s key from this record and use this key to access any other records containing information about the same patient, such as the patient""s name and address.
The object of the present invention is to provide a way of overcoming this problem.
According to the invention a computer system comprises:
(a) a server having a database including at least one personal information table and at least one further table containing information relating to persons whose details are stored in the personal information table; and
(b) a plurality of clients, for accessing said database;
(c) said tables in said database having keys that are unrelated to each other, whereby it is impossible to determine solely from information in the server which record in said further table corresponds to which record in said personal information table; and
(d) each client including an encryption process for converting a personal identifier value, which identifies a record relating to a particular person in said personal information table, into a pseudo-identifier value, which identifies a record relating to the same person in said further table.
It can be seen that, even if a hacker obtains access to the database, the hacker will not be able to relate information in the different tables. In a hospital information system for example, if a hacker obtains access to a medical history record, the hacker cannot relate this record to a particular patient.