| CPC H04L 9/3268 (2013.01) | 5 Claims |
|
1. A method of associating a first identifiable data record and a second identifiable data record, said method comprising:
generating an Association Request by a first Administrator having controlling access to the first identifiable data record, the first Administrator having an associated first public encryption key and a first private encryption key, said Association Request comprising the first public encryption key, and request data defining association parameters, said request data being encrypted with the first private encryption key;
submitting the Association Request to an Authentication
Controller having an associated second public encryption key and a second private encryption key;
decrypting, by the Authentication Controller, using the first public encryption key, the request data comprised in the Association Request;
generating, by the Authentication Controller, a private encryption key set for secure communications referencing the first identifiable record and the second identifiable record, said private encryption key set having a first portion associated with the first identifiable record and a second portion associated with the second identifiable record;
generating by the Authentication Controller responsive to the request data, a first Certificate comprising:
access data for the first and the second identifiable data records, said access data being encrypted using the second private encryption key,
the second public encryption key, and
the first portion of the private encryption key set, being further encrypted using the first public encryption key;
delivering the first Certificate to the first Administrator;
decrypting, by the first Administrator, the access data, using the second public encryption key;
decrypting, by the first Administrator, the first portion of the private encryption key set using the first private encryption key; and
storing by the first Administrator, the decrypted access data and the decrypted first portion of the private encryption key set in a data storage medium accessible only to the first Administrator.
|