| 摘要 |
A secure personal data sharing method comprising the steps of:
receiving personal data relating to an enrollee and creating one or enrollee tokens therefrom;
performing public key encryption of the or each enrollee token to create one or more enrollee primary keys therefrom;
using a hash algorithm on the or each enrollee token to create one or more enrollee secondary keys therefrom;
creating a unique enrollee random key and using a symmetric encryption algorithm to encrypt the enrollee random key with the or each enrollee secondary key and thereby create one or more enrollee tertiary keys;
using a symmetric encryption algorithm to encrypt the personal data relating to the enrollee with the enrollee random key to create encrypted personal data;
storing the encrypted personal data, the or each enrollee tertiary key, the or each enrollee primary key and details of the relationships therebetween in a remote data archive;
receiving a candidate token from a candidate and performing public key encryption of the candidate token to create a candidate primary key therefrom;
comparing the candidate primary key with the enrollee primary keys stored in the data archive and in the event of a substantial match between the candidate primary key and an enrollee primary key
retrieving from the data archive the enrollee tertiary key corresponding with the enrollee primary key that substantially matches the candidate primary key;
using a hash algorithm on the candidate token to create a candidate secondary key therefrom;
decrypting the retrieved enrollee tertiary key with the candidate secondary key to regenerate the enollee random key
retrieving from the data archive, the encrypted personal data corresponding with the enrollee primary key that substantially matches the candidate primary key; and
decrypting the retrieved encrypted personal data with the enrollee random key to regenerate the personal data relating to the enrollee . |
