A user must often authenticate with a given authentication secret to gain access to a certain data secret. No other authentication secret should be able to be used to gain access to the associated data secret. In order to link data secrets with a corresponding authentication secret (e.g., defining which data secret is owned by (or associated with) which authentication secret), a look-up table is typically employed in which each data identifier (DataId) for a given data secret is matched up with the authentication identifier (AuthId) of the corresponding authentication secret that owns the data secret. The look-up table association, however, is explicitly stored in the server's database.
From a security perspective, explicitly storing the association between data secrets and corresponding authentication secrets means that an attacker who steals the database will obtain the association between data secrets and corresponding authentication secrets. If, for instance, the attacker knows that a certain authentication secret belongs to a user of interest, then the attacker may wish to concentrate their efforts on obtaining (and recovering) the data secrets associated with the authentication secret for the user of interest (the data secrets may be individually protected at the server).
U.S. patent application Ser. No. 13/931,188, filed Jun. 28, 2013, entitled “Cryptographically Linking Data and Authentication Identifiers Without Explicit Storage of Linkage,” discloses methods and apparatus for cryptographically linking data identifiers and authentication identifiers without storing the association between the authentication and data secrets in the database of the server. While the disclosed techniques effectively cryptographically link authentication values and data values without having an explicit in-database look-up table, a need still remains for improved techniques for secure storage and retrieval of data in a database with multiple data classes and multiple data identifiers. A further need exists for additional techniques for mathematically determining the identifiers.