Securing the storage and the manipulation of sensitive information is a major issue in particular for organizations wherein many applications have to use such sensitive information.
The development of electronic transactions increases the number of transactions requiring sensitive information. Besides, in order to facilitate the transactions and to be more attractive for users, many organizations strive to obviate the need for re-entering all needed data to complete a transaction. This implies to store sensitive information. Yet, storing sensitive information can hardly be totally secure. Indeed, databases storing sensitive information may possibly be stolen, or hacked. Moreover, sensitive information may possibly be illegally retrieved during its transmission from the database that stores it to the application that processes it.
To increase the security of the storage, some systems allow to split the sensitive information in two parts and to store each part in a respective database.
However, these systems have turned out to be not totally satisfactory in particular in an environment where various applications need to process the same sensitive information.
These various applications may be run by a single organization that provides many services. Global Distribution Systems (GDS) such as AMADEUS or SABRE are typical examples of such organizations that provide many services involving various applications which require sensitive information.
Several distinct companies may also cooperate to provide integrated services to customers. For instance, an e-merchant and a bank may cooperate to provide customers with easy online purchase solutions. Several merchants can also cooperate to form an organization and provide customers with a wider range of services and products.
It is an object of the invention to provide an efficient and user attractive method for storing and retrieving information in an environment wherein many applications may need to process the same sensitive information.