Abstract: A computer system is disclosed that contains cryptographic keys and cryptographic key identifiers. The system has a repository cryptographic engine that communicates securely with a remote cryptographic engine, and the repository cryptographic engine is associated with a user data store. The user data store includes a hidden link including a session key identifier encrypted with a protection key. The hidden link is associated with a remote data entity. A key data store associated with the repository server includes a session key encrypted with a session-key-protection key. The session key is used to encrypt and decrypt the remote data entity. The system also includes a repository key exchange module operable to exchange the session key with a remote key exchange module.

Abstract: A computer-based system (10) and method for dis-identifying personal identifiable information (152, 162) and associated records (172) is disclosed. The system includes a system manager (20) module, an encryption and key management module (30), and a storage module (40). The system manager module (20) stores related sensitive information portions (152) of the personal identifiable information (152, 162), non-sensitive information portions (162) of the personal identifiable information, and associated records (172) in separate databases (100, 110, 120 or 150, 160, 170) in storage module (40) with each database record including one or more hidden links generated by the encryption and key management module (30) that can be used to determine the related records or information in one of the other databases. The hidden links are encrypted so that the relationships between the database records are hidden.

Abstract: A computer system is disclosed that contains cryptographic keys and cryptographic key identifiers. The system has a repository cryptographic engine that communicates securely with a remote cryptographic engine, and the repository cryptographic engine is associated with a user data store. The user data store includes a hidden link including a session key identifier encrypted with a protection key. The hidden link is associated with a remote data entity. A key data store associated with the repository server includes a session key encrypted with a session-key-protection key. The session key is used to encrypt and decrypt the remote data entity. The system also includes a repository key exchange module operable to exchange the session key with a remote key exchange module.

Abstract: A computer system (20) having a security domain (22), at least one client business domain (26), and a plurality of client terminals (34) utilizes a hidden link dynamic key manager (24, 84) and a database structure that includes encrypted data entities (30C, 30D) and a security identification attribute (32) for storage of encrypted data. Methods for encrypting data and for storing, decrypting, and retrieving encrypted data operate on the computer system (20), which also includes an information database (62) and a key database (44). The key database (44) is isolated from the information database (62). The hidden link key manager is stored in the security domain (22) and includes a system key manager (84) operable to generate system keys with system key common names and an encryption key manager (24) operable to generate encryption keys having encryption key identifications. The key managers (24, 84) operate on a key server (40), which is mirrored by a secondary key server (42).

Abstract: A computer-based system (10) and method for dis-identifying personal identifiable information (152, 162) and associated records (172) is disclosed. The system includes a system manager (20) module, an encryption and key management module (30), and a storage module (40). The system manager module (20) stores related sensitive information portions (152) of the personal identifiable information (152, 162), non-sensitive information portions (162) of the personal identifiable information, and associated records (172) in separate databases (100, 110, 120 or 150, 160, 170) in storage module (40) with each database record including one or more hidden links generated by the encryption and key management module (30) that can be used to determine the related records or information in one of the other databases. The hidden links are encrypted so that the relationships between the database records are hidden.

Abstract: A computer system is disclosed that contains cryptographic keys and cryptographic key identifiers. The system has a repository cryptographic engine that communicates securely with a remote cryptographic engine, and the repository cryptographic engine is associated with a user data store. The user data store includes a hidden link including a session key identifier encrypted with a protection key. The hidden link is associated with a remote data entity. A key data store associated with the repository server includes a session key encrypted with a session-key-protection key. The session key is used to encrypt and decrypt the remote data entity. The system also includes a repository key exchange module operable to exchange the session key with a remote key exchange module.