| CPC G06F 21/602 (2013.01) [H04L 9/0869 (2013.01); H04L 9/50 (2022.05)] | 14 Claims |
|
1. An active node of a secure database system, comprising:
at least one processor; and
at least one memory that stores computer executable instructions, wherein, when the computer executable instructions are executed by the at least one processor, the at least one processor are configured to:
receive a request to store a private data record;
encrypt the private data record with a first randomly generated data key to result in an encrypted private data record;
encrypt the first randomly generated data key using a first type of encryption and a second randomly generated data key to result in a first encrypted system access key;
encrypt the second randomly generated data key using a second type of encryption to result in at least two second encrypted system access keys, wherein the second type of encryption uses a public key from a randomly selected node of a plurality of nodes that, with the active node, form part of the secure database system, wherein the at least two second encrypted system access keys comprise an encrypted active node system access key and an encrypted audit node system access key, and wherein the encrypted active node system access key and the encrypted audit node system access key contain different portions of the second randomly generated data key;
transmit the encrypted private data record to a plurality of nodes for validation;
add the encrypted private data record to a datastore in the node based on validating that the encrypted private data record can be written to a datastore and receiving messages from the plurality of nodes that the encrypted private data record can be written to the datastore, wherein the datastore mirrors other datastores associated with respective nodes of the plurality of nodes;
store the first encrypted system access key and the at least one second encrypted system access key in an external access key database; and
enable decryption access to the encrypted private data record using the at least one second encrypted system access key based on consensus authorization with the plurality of nodes.
|