Secure database backup and recovery
First Claim
1. A method for secure database backup and recovery in a secure database network comprising a plurality of distributed data nodes, the method comprising:
- receiving a database backup file from a database system;
fragmenting the database backup file into a plurality of fragments using a fragment engine;
associating each fragment of the plurality of fragments with a node of the plurality of distributed data nodes, respectively, wherein the associating comprises specifying that each fragment is not to be stored on the node with which the fragment is associated;
encrypting each fragment of the plurality of fragments using a first encryption key, thereby providing a plurality of encrypted fragments;
storing, randomly, the plurality of encrypted fragments on the plurality of distributed data nodes;
retrieving, after a determined duration, the plurality of encrypted fragments;
decrypting the plurality of encrypted fragments using the first encryption key, thereby providing a plurality of decrypted fragments;
re-encrypting the plurality of decrypted fragments using a different encryption key, thereby providing a plurality of re-encrypted fragments; and
storing, randomly, the plurality of re-encrypted fragments on the plurality of distributed data nodes.
1 Assignment
0 Petitions
Accused Products
Abstract
As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.
-
Citations
18 Claims
-
1. A method for secure database backup and recovery in a secure database network comprising a plurality of distributed data nodes, the method comprising:
-
receiving a database backup file from a database system; fragmenting the database backup file into a plurality of fragments using a fragment engine; associating each fragment of the plurality of fragments with a node of the plurality of distributed data nodes, respectively, wherein the associating comprises specifying that each fragment is not to be stored on the node with which the fragment is associated; encrypting each fragment of the plurality of fragments using a first encryption key, thereby providing a plurality of encrypted fragments; storing, randomly, the plurality of encrypted fragments on the plurality of distributed data nodes; retrieving, after a determined duration, the plurality of encrypted fragments; decrypting the plurality of encrypted fragments using the first encryption key, thereby providing a plurality of decrypted fragments; re-encrypting the plurality of decrypted fragments using a different encryption key, thereby providing a plurality of re-encrypted fragments; and storing, randomly, the plurality of re-encrypted fragments on the plurality of distributed data nodes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product comprising:
one or more computer readable storage media and program instructions stored on the one or more computer readable storage media, the program instructions comprising instructions to; receive a database backup file from a database system; fragment the database backup file into a plurality of fragments using a fragment engine; associate each fragment of the plurality of fragments with a node of a plurality of distributed data nodes, respectively, wherein the associating comprises specifying that each fragment is not to be stored on the node with which the fragment is associated; encrypt each fragment of the plurality of fragments using a first encryption key, thereby providing a plurality of encrypted fragments; store, randomly, the plurality of encrypted fragments on the plurality of distributed data nodes; retrieve, after a determined duration, the plurality of encrypted fragments; decrypt the plurality of encrypted fragments using the first encryption key, thereby providing a plurality of decrypted fragments; re-encrypt the plurality of decrypted fragments using a different encryption key, thereby providing a plurality of re-encrypted fragments; and store, randomly, the plurality of re-encrypted fragments on the plurality of distributed data nodes. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
Specification