Multi-level security model for securing access to encrypted private data
First Claim
1. A database security model for securing data in an application database, comprising:
- an encrypted storage area configured to store encrypted private data;
a first level system for implementing a plurality of first level routines, wherein each of the first level routines is callable from a database application to process and provide limited access to decrypted private data and wherein the first level routines can only be modified with a first level user account having access rights separate from the database application; and
a crypto system having a private key and decryption system that requires both the private key and a public key to decrypt encrypted private data in the encrypted storage area, wherein the crypto system decrypts private data in response to receiving a decrypt request and public key from a first level routine, and wherein the crypto system is accessible only with a crypto user account separate from the first level account and database application.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method and program product for implementing a database security model. A database security model is disclosed that includes: a system for maintaining private data in an encrypted storage area; an ENCR system for implementing a plurality of ENCR routines, wherein each of the ENCR routines is callable from a database application to access and process private data and wherein the ENCR system operates in a functional space separate from the database application; and a crypto system having a private key and decryption system, wherein the crypto system decrypts private data in response to receiving a decrypt request and public key from an ENCR routine, and wherein the crypto system operates in a functional space separate from the ENCR system.
4 Citations
20 Claims
-
1. A database security model for securing data in an application database, comprising:
-
an encrypted storage area configured to store encrypted private data; a first level system for implementing a plurality of first level routines, wherein each of the first level routines is callable from a database application to process and provide limited access to decrypted private data and wherein the first level routines can only be modified with a first level user account having access rights separate from the database application; and a crypto system having a private key and decryption system that requires both the private key and a public key to decrypt encrypted private data in the encrypted storage area, wherein the crypto system decrypts private data in response to receiving a decrypt request and public key from a first level routine, and wherein the crypto system is accessible only with a crypto user account separate from the first level account and database application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product stored on a computer readable storage medium, which when executed by a computing system, provides a database security model, the program product comprising:
-
program code for providing access to encrypted private data in an encrypted storage area; first level program code for implementing a plurality of first level routines, wherein each of the first level routines is callable from a database application to process and provide limited access to decrypted private data and wherein the first level program code can only be modified with a first level user account having access rights separate from the database application; and second level program code having a private key and a decryption routine that requires both the private key and a public key to decrypt encrypted private data in the encrypted storage area, wherein the decryption routines decrypts private data in response to receiving a decrypt request and public key from the first level program code, and wherein second level program code is accessible only with a second level account separate from the first level account and database application. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computerized method for implementing a database security model, comprising:
-
maintaining encrypted private data in an encrypted storage area; receiving a request at an application database that requires access to encrypted private data; passing a first level request from the application database to a first level routine to return a limited amount of decrypted private data, wherein the first level routine can only be modified with a first level user account separate from the database application; processing the first level request and submitting a decrypt request along with a public key to a crypto system having a decryption routine that can only be modified with a second level user account separate from the first level user account; retrieving and decrypting private data within the crypto system using a stored private key and a submitted public key; passing decrypted private data to the first level routine; and returning a first level result to the database application. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification