Re: Database design and confidential data protection

Anne & Lynn Wheeler <lynn_at_garlic.com> writes:
> A symmetric key implementation might, however use some sort of derived
> key for the actual encryption/decryption (making the environment
> somewhat less susceptable to a brute-force key attack). You find such
> implementations in the financial infrastructure where the
> infrastructure generates a derived key (for actual
> encryption/decryption) from the "master" key combined with some
> information from the transaction (like account number).
>
> for patient records, a derived key might involve the infrastructure
> master key and some sort of patient number.

note that if crypto is primary thing being used for patient info confidentiality ... with field level encryption & w/o derived key ... then the same condition could always appear as the same encrypted value in all patient records. Information leakage then can occur if the condition for any specific patient is learned ... then all you do is look for the same encrypted value for other patients.

some sort of derived key makes sure that the same condition would encrypt to unique values across all patient records.

-- 
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/ 
Internet trivia 20th anv http://www.garlic.com/~lynn/rfcietff.htm