1. Field of the Invention
The present invention relates to databases. More specifically, the present invention relates to a method and an apparatus for protecting private information within a database.
2. Related Art
Many organizations collect personal private information from individuals for various reasons, and store the information in a database. If this information should fall into the wrong hands, the information could be used to the detriment of the individuals.
For example, many organizations use an individual's Social Security Number (SSN) as an identifier for an individual, and also as a primary key in their database. This can be a problem because SSNs are one of the primary pieces of information used for identity theft. These SSNs, along with other personal private information, aggregated in a database make a compelling target for hackers and thieves. Consequently, many localities have passed laws forbidding organizations from using SSNs or not allowing them to store SSNs in plain text.
In many cases the SSN is not even useful as information to the organizations. The organizations simply use the SSN as a unique key to look up information associated with an individual in a database. SSNs are convenient to use for this purpose because they are guaranteed to be unique and most individuals have their SSN committed to memory.
One way to protect private information is to encrypt the private information before it is stored in a database. In this way, even if someone illegally accesses the encrypted data, they will not be able to use it. However, if an application is able to access encrypted information within a database, the keys for encrypting and decrypting the data must be located somewhere on or near the server. Otherwise, the encrypted data would be useless to the application. Because the keys are located so that they can be accessed directly or indirectly by the application, the database administrator and possibly the programmers also have access to the keys, and consequently, have access to the encrypted data.
Hence, what is needed is a method and an apparatus for securing private information in a database without the problems listed above.