Multi-level security model for securing access to encrypted private data

US 10,339,325 B2
Filed: 03/03/2017
Issued: 07/02/2019
Est. Priority Date: 03/03/2016
Status: Active Grant

First Claim

Patent Images

1. A database security model for securing data in an application database, comprising:

an encrypted storage area configured to store encrypted private data;

a first level system for implementing a plurality of first level routines, wherein each of the first level routines is callable from a database application to process and provide limited access to decrypted private data and wherein the first level routines can only be modified with a first level user account having access rights separate from the database application; and

a crypto system having a private key and decryption system that requires both the private key and a public key to decrypt encrypted private data in the encrypted storage area, wherein the crypto system decrypts private data in response to receiving a decrypt request and public key from a first level routine, and wherein the crypto system is accessible only with a crypto user account separate from the first level account and database application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and program product for implementing a database security model. A database security model is disclosed that includes: a system for maintaining private data in an encrypted storage area; an ENCR system for implementing a plurality of ENCR routines, wherein each of the ENCR routines is callable from a database application to access and process private data and wherein the ENCR system operates in a functional space separate from the database application; and a crypto system having a private key and decryption system, wherein the crypto system decrypts private data in response to receiving a decrypt request and public key from an ENCR routine, and wherein the crypto system operates in a functional space separate from the ENCR system.

4 Citations

20 Claims

1. A database security model for securing data in an application database, comprising:
- an encrypted storage area configured to store encrypted private data;
  
  a first level system for implementing a plurality of first level routines, wherein each of the first level routines is callable from a database application to process and provide limited access to decrypted private data and wherein the first level routines can only be modified with a first level user account having access rights separate from the database application; and
  
  a crypto system having a private key and decryption system that requires both the private key and a public key to decrypt encrypted private data in the encrypted storage area, wherein the crypto system decrypts private data in response to receiving a decrypt request and public key from a first level routine, and wherein the crypto system is accessible only with a crypto user account separate from the first level account and database application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The database security model of claim 1, wherein user access to the first level routines and crypto system requires permission from a gate keeper.
  - 3. The database security model of claim 1, wherein the crypto system keeps the public key only temporarily while the decrypt request is serviced by the decryption system.
  - 4. The database security model of claim 1, wherein the crypto system is accessible by a key master with access rights granted by the gate keeper.
  - 5. The database security model of claim 1, wherein the first level system is accessible by a project lead with access rights granted by the gate keeper.
  - 6. The database security model of claim 2, wherein the gate keeper does not have access to the public key.
  - 7. The data security model of claim 1, further comprising a crypto sentry that verifies all routines involved in passing the public key.

8. A computer program product stored on a computer readable storage medium, which when executed by a computing system, provides a database security model, the program product comprising:
- program code for providing access to encrypted private data in an encrypted storage area;
  
  first level program code for implementing a plurality of first level routines, wherein each of the first level routines is callable from a database application to process and provide limited access to decrypted private data and wherein the first level program code can only be modified with a first level user account having access rights separate from the database application; and
  
  second level program code having a private key and a decryption routine that requires both the private key and a public key to decrypt encrypted private data in the encrypted storage area, wherein the decryption routines decrypts private data in response to receiving a decrypt request and public key from the first level program code, and wherein second level program code is accessible only with a second level account separate from the first level account and database application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein user access to the first level program code and second level program code requires permission from a gate keeper.
  - 10. The computer program product of claim 8, wherein the second level program code is prohibited from permanently storing the public key.
  - 11. The computer program product of claim 8, wherein the second level program code is accessible by a key master with access rights granted by the gate keeper.
  - 12. The computer program product of claim 8, wherein the first level program code is accessible by a project lead with access rights granted by the gate keeper.
  - 13. The computer program product of claim 9, wherein the gate keeper does not have access to the public key.
  - 14. The computer program product of claim 8, further comprising a crypto sentry that that verifies all routines involved in passing the public key.

15. A computerized method for implementing a database security model, comprising:
- maintaining encrypted private data in an encrypted storage area;
  
  receiving a request at an application database that requires access to encrypted private data;
  
  passing a first level request from the application database to a first level routine to return a limited amount of decrypted private data, wherein the first level routine can only be modified with a first level user account separate from the database application;
  
  processing the first level request and submitting a decrypt request along with a public key to a crypto system having a decryption routine that can only be modified with a second level user account separate from the first level user account;
  
  retrieving and decrypting private data within the crypto system using a stored private key and a submitted public key;
  
  passing decrypted private data to the first level routine; and
  
  returning a first level result to the database application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computerized method of claim 15, wherein user access to the first level routine and the decryption routine requires permission from a gate keeper.
  - 17. The computerized method of claim 15, wherein the crypto system is prohibited from permanently storing the public key.
  - 18. The computerized method of claim 16, wherein the crypto system is accessible by a key master with access rights granted by the gate keeper.
  - 19. The computerized method of claim 16, wherein the first level routine is accessible by a project lead with access rights granted by the gate keeper.
  - 20. The computerized method of claim 16, wherein the gate keeper does not have access to the public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JJD Software, LLC
Original Assignee
JJD Software, LLC
Inventors
Donohoe, Justin
Primary Examiner(s)
Patel, Ashokkumar B
Assistant Examiner(s)
Farooqui, Quazi

Application Number

US15/448,698
Publication Number

US 20170255784A1
Time in Patent Office

851 Days
Field of Search

713153, 713161, 713166, 713167, 726 2, 726 4
US Class Current
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/604   Tools and structures for ma...

G09C 1/00   Apparatus or methods whereb...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0272   Virtual private networks

H04L 63/10   for controlling access to d...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

Multi-level security model for securing access to encrypted private data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

4 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-level security model for securing access to encrypted private data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links