System and method for providing data security in a hosted service system
First Claim
1. A hosted service system for protecting sensitive data, the system comprising:
- a host computer system having a hardware processor, wherein the host system includes;
a federation server; and
a database management system (DBMS), the DBMS having;
a database;
a query pre-parser, wherein the query pre-parser is configured to receive, via the federation server, communications from a key management system (KMS) and a metadata service system (MSS) associated with a tenant system where the host system is configured to process at least some of the data of the tenant system, and wherein the query pre-parser is configured to;
receive a query;
receive, from the MSS, a determination if the query received by the query pre-parser has a part of the query associated with the sensitive data;
if the part of the query is associated with the sensitive data;
receive, from the KMS, at least one encryption key corresponding to the part of the query;
decrypt the part of the query using the at least one encryption key corresponding to the part of the query; and
generate a modified query, wherein the modified query includes the decrypted part of the query;
generate a database query (DB query) using at least one of the query or the modified query; and
transmit the DB query to the database; and
a results handler, wherein the query pre-parser and the results handler are both communicatively coupled to the federation server.
1 Assignment
0 Petitions
Accused Products
Abstract
Aspects of the present disclosure are directed to methods and systems for protecting sensitive data in a hosted service system. The system includes a host system and the host system includes a key management system (KMS) and a metadata service system (MSS). The KMS and the MSS are communicatively coupled to each other. The system further includes a database management system (DBMS) having a database, a query pre-parser, and a results handler. The query pre-parser and the results handler are communicatively coupled to the KMS and the MSS, and the system also includes a processing application adapted to process at least some data received from a tenant system.
36 Citations
5 Claims
-
1. A hosted service system for protecting sensitive data, the system comprising:
a host computer system having a hardware processor, wherein the host system includes; a federation server; and a database management system (DBMS), the DBMS having; a database; a query pre-parser, wherein the query pre-parser is configured to receive, via the federation server, communications from a key management system (KMS) and a metadata service system (MSS) associated with a tenant system where the host system is configured to process at least some of the data of the tenant system, and wherein the query pre-parser is configured to; receive a query; receive, from the MSS, a determination if the query received by the query pre-parser has a part of the query associated with the sensitive data; if the part of the query is associated with the sensitive data;
receive, from the KMS, at least one encryption key corresponding to the part of the query;
decrypt the part of the query using the at least one encryption key corresponding to the part of the query; and
generate a modified query, wherein the modified query includes the decrypted part of the query;generate a database query (DB query) using at least one of the query or the modified query; and transmit the DB query to the database; and a results handler, wherein the query pre-parser and the results handler are both communicatively coupled to the federation server. - View Dependent Claims (2, 3, 4, 5)
Specification