Method and apparatus for management of encrypted data through role separation
First Claim
1. A method for managing a database system, comprising:
- receiving a command to perform an administrative function involving an object defined within the database system;
determining if the object is a sensitive object that is associated with security functions in the database system;
if the object is not a sensitive object, and if the command is received from a normal database administrator for the database system, allowing the administrative function to proceed; and
if the object is a sensitive object, and if the command is received from a normal system administrator, disallowing the administrative function.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system for managing a database that stores sensitive information. Upon receiving a command to perform an administrative function involving an object defined within the database system, the system determines if the object is a sensitive object that is associated with security functions in the database system. If the object is not a sensitive object, and if the command is received from a normal database administrator, the system allows the administrative function to proceed. On the other hand, if the object is a sensitive object, and if the command is received from a normal system administrator, the system disallows the administrative function. In one embodiment of the present invention, the system additionally receives a request to perform an operation on a data item in the database system. If the data item is a sensitive data item containing sensitive information, and if the request is received from a sensitive user who is empowered to access sensitive data, the system allows the operation to proceed if the sensitive user has access rights to the data item. Otherwise, if the data item is a sensitive data item and the request is received from a normal user, the system disallows the operation. In one embodiment of the present invention, if the data item is a sensitive data item, if the operation is allowed to proceed, and if the operation involves retrieval of the data item, the system decrypts the data item using an encryption key after the data item is retrieved. In a variation on this embodiment, this encryption key is stored along with a table containing the data item. Note that this encryption key is preferably stored in encrypted form.
-
Citations
24 Claims
-
1. A method for managing a database system, comprising:
-
receiving a command to perform an administrative function involving an object defined within the database system;
determining if the object is a sensitive object that is associated with security functions in the database system;
if the object is not a sensitive object, and if the command is received from a normal database administrator for the database system, allowing the administrative function to proceed; and
if the object is a sensitive object, and if the command is received from a normal system administrator, disallowing the administrative function. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for managing a database system, the method comprising:
-
receiving a command to perform an administrative function involving an object defined within the database system;
determining if the object is a sensitive object that is associated with security functions in the database system;
if the object is not a sensitive object, and if the command is received from a normal database administrator for the database system, allowing the administrative function to proceed; and
if the object is a sensitive object, and if the command is received from a normal system administrator, disallowing the administrative function. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24)
-
-
17. An apparatus for managing a database system, comprising:
-
a command receiving mechanism that is configured to receive a command to perform an administrative function involving an object defined within the database system;
an execution mechanism that is configured to, determine if the object is a sensitive object that is associated with security functions in the database system, allow the administrative function to proceed, if the object is not a sensitive object, and if the command is received from a normal database administrator for the database system, and to disallow the administrative function, if the object is a sensitive object, and if the command is received from a normal system administrator.
-
Specification