| 主权项 |
1. A computer-implemented method for protecting sensitive data elements by using access control and associating aliases to the sensitive data elements, comprising:
encrypting, by a computer processor, sensitive data elements to produce encrypted sensitive data elements; generating, by the computer processor and for the sensitive data elements, aliases that are independent from the sensitive data elements; generating, by the computer processor, an association between the aliases and the sensitive data elements; storing the aliases and the encrypted sensitive data elements in one or more storage devices; displaying an interface that includes selection options for requesting access to the one or more storage devices and for verifying an identity of users that are requesting the access to the one or more storage devices; determining, by the computer processor, that a first user is in a standard set of users, the first user requesting the access to the one or more storage devices through the interface; returning, by the computer processor and in response to determining that the first user is in the standard set of users, the aliases in place of the sensitive data elements to the first user via the interface; receiving, from a second user, an alias of the aliases in place of the sensitive data elements; determining, by the computer processor, that the second user is in an authorized set of users, where the authorized set of users does include at least some users in the standard set of users; and returning a sensitive data element associated with the received alias, by the computer processor and based upon a generated association between the returned sensitive data element and the received alias, to the second user via the interface. |
