Storing Social Security Number WAS: Encryption/Decryption Question
in [General]
|
Prev: Storing Social Security Number WAS:Encryption/Decryption Question
Next: Storing Social Security Number WAS:Encryption/Decryption Question
From: Bastien Koert on 12 Aug 2010 12:34 On Thu, Aug 12, 2010 at 11:32 AM, tedd <tedd(a)sperling.com> wrote: > At 10:56 AM -0400 8/12/10, Bastien Koert wrote: >> >> However, the data must be stored in an encrypted format and it must be >> transmitted via SSL. We do it that way (taking both a hash for >> searching for the ssn and the encrypted form) and haven't had any >> issues as yet. > > The data will be encrypted and only accessible behind an SSL via an > authorization process -- that's given. > > I have given some thought about searching the database for encrypted SS#'s > and have been perplexed as how to do that. > > For searching standard fields, it's a piece of cake to use %LIKE%. For > example, let's say the investigator has a piece of paper that has the number > "393" on it and want's to search the database for all phone numbers that > contain "393" -- he could use %LIKE% and that would produce 517-393-1111, > 393-123-4567, 818-122-4393 and so on. That's neat! > > However, if the field is encrypted, then how do you preform a partial search > on that? You can't encrypt the search string and use that because you need > the entire string. So, how do you solve that problem? > > If you hash the number of store the hash, then you can create a hashed > search string and use that. But again it doesn't work for partial %LIKE% > searches. For example, I couldn't search for "393" in a SS# -- I would have > to search for the complete SS#. > > So, how do you solve the %LIKE% problem with encryption and hashes? We didn't...in our case the user either has the ssn or doesn't. No direct searching on ssn without the full ssn is supported. We do allow searching on names so its a work around that way. > >> The other thing to consider is that more and more states are looking to >> encrypt PII data >> (name, dob, ssn etc) for more security. > > I'm considering that as well, but that also raises more searching problems > as described above. > >> You could consider storing just the encrypted ssn and link data in a >> separate database, that would require a different logon to access when >> the data is required. > > Interesting -- I might also hash the foreign link. But I have to think about > that. > > Cheers, > > tedd > -- > ------- > http://sperling.com/ > -- Bastien Cat, the other other white meat
From: "Tommy Pham" on 12 Aug 2010 13:52 > -----Original Message----- > From: tedd [mailto:tedd(a)sperling.com] > Sent: Thursday, August 12, 2010 7:30 AM > To: ash(a)ashleysheridan.co.uk > Cc: php-general(a)lists.php.net > Subject: RE: [PHP] Storing Social Security Number WAS: > Encryption/Decryption Question > > At 2:51 PM +0100 8/12/10, Ashley Sheridan wrote: > >If you are storing the data in a DB, then I'd consider using different > >levels of access to that via different DB users, which should offer an > >extra layer of security in protecting the data. > > Of course, the routines I'm writing provide several levels of access for > different functions/job-duties. However, at some point there will be people > who will have access to SS# data. > > The real questions here are: > > 1. Is it lawful in the USA to store US SS# in an online database? > > 2. If it is lawful, then what security provisions are required? > > Cheers, > > tedd > > -- > ------- > http://sperling.com/ > Tedd, I don't think it's unlawful according to the links below: http://www.ssa.gov/kc/id_practices_best.htm http://www.wireless.att.com/learn/basics/shopping-faqs.jsp#05 If your client accepts credit card as a form of payment for collection and if you comply with PCI DSS, then you're pretty much safe. (IIRC, it's not cheap to be certified by PCI DSS but you can still put their requirements in practice without having to qualify unless the client's business requires it). Regards, Tommy
From: "Daevid Vincent" on 12 Aug 2010 15:24 > -----Original Message----- > From: tedd [mailto:tedd(a)sperling.com] > Sent: Thursday, August 12, 2010 8:32 AM > To: Bastien Koert > Cc: php-general(a)lists.php.net > Subject: Re: [PHP] Storing Social Security Number WAS: > Encryption/Decryption Question > > For searching standard fields, it's a piece of cake to use %LIKE%. > For example, let's say the investigator has a piece of paper that has > the number "393" on it and want's to search the database for all > phone numbers that contain "393" -- he could use %LIKE% and that > would produce 517-393-1111, 393-123-4567, 818-122-4393 and so on. > That's neat! > > However, if the field is encrypted, then how do you preform a partial > search on that? You can't encrypt the search string and use that > because you need the entire string. So, how do you solve that problem? > > If you hash the number of store the hash, then you can create a > hashed search string and use that. But again it doesn't work for > partial %LIKE% searches. For example, I couldn't search for "393" in > a SS# -- I would have to search for the complete SS#. > > So, how do you solve the %LIKE% problem with encryption and hashes? Well, if you can get all the encryption/decryption to take place in SQL, you can use something like this pseudocode: SELECT name, dob, DECRYPT(ssn) as rawssn FROM deadbeats HAVING rawssn LIKE '%393%'; You can assign an alias and use HAVING instead of WHERE. http://dev.mysql.com/doc/refman/5.0/en/select.html
From: =?UTF-8?Q?Hans_=C3=85hlin?= on 12 Aug 2010 20:48
I have an idea. First create a master key that the ssn ar encrypted with. Store the master key encrypted with a key accessible by users (mksk). Every user stores the key (mksk) to decrypt the (master key) and the mksk should be ecrypted with there password as key. And when a new user is created the system uses the mksk that the the admin who create the user uses. This has the advantage that you can re-encrypt the ssn table and the only key you have to change is the master key. ********************************************** Hans à hlin Tel: +46761488019 icq: 275232967 http://www.kronan-net.com/ irc://irc.freenode.net:6667 - TheCoin ********************************************** 2010/8/12 tedd <tedd(a)sperling.com> > At 5:30 PM -0700 8/11/10, Daevid Vincent wrote: > >> > -----Original Message----- >> >>> 2. Were told it was a social security number >>> (i.e., in the form of 123-45-6789). >>> >> >> Stop. >> >> Why are you even contemplating storing SS# ?? >> > > Daevid et al: > > Why? Because my client wants to store SS numbers on their online system to > aid them in their collection business. > > You see, the client in this case is not asking people for their SS numbers, > but rather trying to collect unpaid debts. Their clients (i.e., creditors) > have provided them debtor data, which may/may not include SS numbers. > > My current thoughts are that the entire process will be behind a password > protected section of a web site where only the people working for the firm > will have access. The point of the system will be to aid collectors in their > collection efforts and to allow them to conduct business anywhere they can > find Internet access. > > Of course, this will not stop employees from abusing the data, but that > possibility also exist in the hard-copy only office as well -- that's a > criminal act and will be handled accordingly. The difference here is that > the data can be accessed online via password authorization. Is that too > easy? > > My effort here with my "Encryption/Decryption Question" is to focus on the > event that the web site may hacked and access to the database is provided to > an intruder. In such case, then the SS numbers residing there should be > encrypted and that was my current quest to resolve. > > Now, if federal law prohibits storing SS numbers in an online database > that's accessible via password authorization then that's "end-of-story". > I'll simply tell the client that federal law prohibits such practice and > that will be the end of it -- it makes no difference to me. > > However, if the practice of storing SS number online is not prohibited by > law, then what are the appropriate "due diligence" steps necessary to > protect such data? > > Cheers, > > tedd > > > -- > ------- > http://sperling.com/ > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > |