In the field of computer-aided information management, it is strongly required that the protection against unauthorized access of data registers be increased, especially against violation of the individual's personal integrity when setting up and keeping personal registers, i.e. registers containing information on individuals. In particular, there are regulations restricting and prohibiting the linking and matching of personal registers. Also in other fields, such as industry, banking, insurance, etc, improved protection is desired against unauthorized access to the tools, databases, applications etc. that are used for administration and storing of sensitive information.
WO95/15628, which has the same owner as the present application, discloses a method for storing data, which results in increased possibilities of linking and matching with no risk of reduced integrity. The method, which is illustrated schematically in FIGS. 1 and 2 on the enclosed drawing sheets, concerns storing of information comprising on the one hand an identifying piece of information or original identity OID, for instance personal code numbers Pcn and, on the other hand, descriptive information DI. The information OID+DI is stored as records P in a database O-DB according to the following principle:
Step 1 OID (Pcn) is encrypted by means of a first, preferably non-reversible algorithm ALGL to an update identity UID; PA0 Step 2 UID is encrypted by means of a second, reversible algorithm ALG2 to a storage identity SID; PA0 Step 3 SID and DI are stored as a record P in the database O-DB, SID serving as a record identifier; PA0 Step 4 At predetermined times, an alteration of SID in all or selected records P is accomplished by SID of these records being decrypted by means of a decrypting algorithm ALG3 to UID, whereupon UID is encrypted by means of a modified second, reversible algorithm or ALG2' to a new storage identity SID', which is introduced as a new record identifier in the associated record P as replacement for previous SID. This results in a security-enhancing "floating" alteration of SID of the records. PA0 "Processing" may include all kinds of measures which mean any form of reading, printing, altering, coding, moving, copying etc. of data that is to be protected by the inventive method. PA0 "Data element type" identifies a specific category of data. For example, identification information (name and address) could be a particular data element type. Whereas, some descriptive information (social allowance) could be a different data element type, and other descriptive information could be yet another different data element type. PA0 "Data element value" concerns a value which in a given record specifies a data element type. PA0 "Record" concerns a number of data element values which belong together and which are linked to the respective data element types, optionally also including a record identifier, by means of which the record can be identified. Example: PA0 "Protection attribute indicating rules of processing" may concern: PA0 "Collection of protection attributes" may concern: PA0 "Encryption" may concern any form of encryption, tricryption, conversion of coding of plain-text data to non-interpretable (encrypted) data, and is especially to concern also methods of conversion including hashing. PA0 1. Statement of what "strength" or "level" (for instance none, 1, 2 . . . ) of encryption is to be used for storing the corresponding data element values in the database. Different data element values within one and the same record may thus be encrypted with mutually different strength. PA0 2. Statement of what "strength" or "level" (for instance none, 1, 2, . . . ) of encryption is to be used for the corresponding data element values if these are to be transmitted on a net. PA0 3. Statement of program and/or versions of program that are authorised to be used for processing the corresponding data element values. PA0 4. Statement of "owner" of the data element type. Different data element values within one and the same record can thus have different owners. PA0 5. Statement of sorting-out rules for the corresponding data element values, for instance, statement of method and time for automatic removal of the corresponding data element values from the database. PA0 6. Statement whether automatic logging is to be made when processing the corresponding data element values.
For a closer description of the details and advantages of this encrypting and storing method, reference is made to WO95/15628, which is to be considered to constitute part of the present description. The storing principle according to steps 1-4 above is herein referred to as PTY, which is an abbreviation of the principal of PROTEGRITY which stands for "Protection and Integrity".
A detailed technical description of PTY is also supplied in the document "PROTEGRITY (ASIS) Study 2", Ver. 1.2, Mar. 1, 1996, by Leif Jonson. Also this document is to be considered to constitute part of the present description.
In the technical field at issue, so-called shell protections are today the predominant method of protection. Shell protection comprises on the one hand the external security (premises) and, on the other hand, an authorization check system ACS with user's passwords for controlling the access. ACS is used as shell protection for main frames, client/server systems and PC, but it does not give full protection and the information at issue can often relatively easily be subjected to unauthorized access. This protection has been found more and more unsatisfactory since, to an increasing extent, "sensitive" information is being stored, which must permit managing via distribution, storing and processing in dynamically changing environments, especially local distribution to personal computers. Concurrently with this development, the limits of the system will be more and more indistinct and the effect afforded by a shell protection deteriorates.