Further enhancing public-private key encryption/decryption

15 pts.
Tags:
Decryption
Encryption keys
I am a volunteer with a non-profit organization. Part of my proposal entails encrypting and decrypting Personal Identifying Information, its storage on a database, and transfer over the internet. I would like to use or extend software code that improves upon the public-key and private-key paradigm. I have previously written code as a software engineer. There are two processing stages to this proposal: 1) The first time a PII number is entered on or provided to an organization, a public key is used to encrypt a PII number using a random number. Then the resulting encryption is transferred over the internet to a central internet based database. 2), A private key is used to decrypt what has been recorded on the database. However the result of decryption should not be the PII itself, but indication whether this PII has been received previously - where in stage 1 a different random number was used. After processing, the outcome is transferred back to the originating organization. As there is no requirement for encrypted PII to be stored on the database, the rational for this approach is if the database and private key are compromised, the unauthorized party will not have access to PII stored on the database. I appreciate your advice and opinion on the best approach to achieve this objective.

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    The PII doesn't seem to be actually used for anything in your description. How does it do anything except get encrypted/decrypted and get sent back and forth over a network? Who owns the 'database'? (I.e., who has legal rights to the content? Who is liable?) What is the purpose of this? Who is the intended customer? Who pays for the process? How does it improve anything? What types of circumstances or transactions would this be expected to service? Since it requires two-way network communication, what happens to a transaction when communication is interrupted? Since this introduces at least two additional layers of encryption/decryption, how does it affect throughput? Other questions exist, but much more detail needs to be provided. -- Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following