As more and more personal information about users is generated and stored in computer-readable data storage devices, protecting such information becomes increasingly important. In an example, retail establishments offer credit cards to their customers, wherein customers set forth personal information when applying for these cards. Exemplary personal information that may be set forth by a customer includes the full legal name of the customer, the Social Security Number (SSN) of the customer, a date of birth of the customer, a home address of the customer, and so forth. Oftentimes, this personal information is stored in a network-accessible database.
Conventionally, to protect a database that includes personal information, the database is encrypted so as to prevent unauthorized (malicious) entities from being able to access the personal information in the database. Briefly, an encryption system converts information in the database to ciphertext through utilization of a key, wherein the key is typically a password (or data that is based upon the password). The ciphertext is indecipherable; however, the ciphertext can be converted back to the original information through use of the encryption system and the key. While encryption systems are continuously improving (such that it is nearly impossible to break an encryption scheme without having knowledge of the key), a problem with conventional encryption-based approaches for protecting personal information is that malicious entities are often able to acquire a password that can be used to decrypt the ciphertext. There are numerous techniques currently employed by malicious entities to acquire passwords including, but not limited to, social engineering, phishing schemes, and the like. In some cases, once the malicious entity acquires a password for a database, the malicious entity can access an entirety (or a very large portion) of the database. Hence, the malicious entity can acquire personally identifying data (PID) for numerous users from the database.
In another example, a healthcare enterprise (e.g., a small office, a large enterprise, etc.) can use an electronic health record application (EHR) in connection with providing services to patients, wherein the EHR is configured to receive and store PID for patients of the healthcare enterprise. In a medical setting, PID for a patient can be a portion of protected health information (PHI) for the patient. Oftentimes, PID for a patient is retained in a database, wherein an encryption system encrypts information in the database to generate ciphertext. As noted above, however, a malicious entity may acquire a username and password by way of, for example, social engineering. Thus, the malicious entity can decrypt the ciphertext, extract PID therefrom, and sell such PID to nefarious users who use the PID to acquire credit in the name of the patient (or perform some other illegal activity).