Method and apparatus for management of encrypted data through role separation

US 20020078049A1
Filed: 12/15/2000
Published: 06/20/2002
Est. Priority Date: 12/15/2000
Status: Active Grant

First Claim

Patent Images

1. A method for managing a database system, comprising:

receiving a command to perform an administrative function involving an object defined within the database system;

determining if the object is a sensitive object that is associated with security functions in the database system;

if the object is not a sensitive object, and if the command is received from a normal database administrator for the database system, allowing the administrative function to proceed; and

if the object is a sensitive object, and if the command is received from a normal system administrator, disallowing the administrative function.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system for managing a database that stores sensitive information. Upon receiving a command to perform an administrative function involving an object defined within the database system, the system determines if the object is a sensitive object that is associated with security functions in the database system. If the object is not a sensitive object, and if the command is received from a normal database administrator, the system allows the administrative function to proceed. On the other hand, if the object is a sensitive object, and if the command is received from a normal system administrator, the system disallows the administrative function. In one embodiment of the present invention, the system additionally receives a request to perform an operation on a data item in the database system. If the data item is a sensitive data item containing sensitive information, and if the request is received from a sensitive user who is empowered to access sensitive data, the system allows the operation to proceed if the sensitive user has access rights to the data item. Otherwise, if the data item is a sensitive data item and the request is received from a normal user, the system disallows the operation. In one embodiment of the present invention, if the data item is a sensitive data item, if the operation is allowed to proceed, and if the operation involves retrieval of the data item, the system decrypts the data item using an encryption key after the data item is retrieved. In a variation on this embodiment, this encryption key is stored along with a table containing the data item. Note that this encryption key is preferably stored in encrypted form.

42 Citations

View as Search Results

24 Claims

1. A method for managing a database system, comprising:
- receiving a command to perform an administrative function involving an object defined within the database system;
  
  determining if the object is a sensitive object that is associated with security functions in the database system;
  
  if the object is not a sensitive object, and if the command is received from a normal database administrator for the database system, allowing the administrative function to proceed; and
  
  if the object is a sensitive object, and if the command is received from a normal system administrator, disallowing the administrative function.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - receiving a request to perform an operation on a data item in the database system;
      
      if the data item is a sensitive data item containing sensitive information and if the request is received from a sensitive user who is empowered to access sensitive data, allowing the operation to proceed if the sensitive user has access rights to the data item; and
      
      if the data item is a sensitive data item and the request is received from a normal user, disallowing the operation.
  - 3. The method of claim 2, wherein if the data item is a sensitive data item, if the operation is allowed to proceed, and if the operation involves retrieval of the data item, the method further comprises decrypting the data item using an encryption key after the data item is retrieved.
  - 4. The method of claim 3, wherein the encryption key is stored along with a table containing the data item.
  - 5. The method of claim 4, wherein the encryption key is stored in encrypted form.
  - 6. The method of claim 1, wherein the sensitive object can include one of:
    - a sensitive table containing sensitive data in the database system;
      
      a sensitive row within a table in the database system, wherein the sensitive row contains sensitive data; and
      
      an object that represents a sensitive user of the database system who is empowered to access sensitive data.
  - 7. The method of claim 1, wherein if the object is not a sensitive object, and if the command to perform the administrative function is received from a security officer, the method further comprises allowing the security officer to perform the administrative function on the object.
  - 8. The method of claim 1, wherein the database system includes a number of sensitive data items;
    - and wherein only specific sensitive users are allowed to access a given sensitive data item.

9. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for managing a database system, the method comprising:
- receiving a command to perform an administrative function involving an object defined within the database system;
  
  determining if the object is a sensitive object that is associated with security functions in the database system;
  
  if the object is not a sensitive object, and if the command is received from a normal database administrator for the database system, allowing the administrative function to proceed; and
  
  if the object is a sensitive object, and if the command is received from a normal system administrator, disallowing the administrative function.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24)
- - 10. The computer-readable storage medium of claim 9, wherein the method further comprises:
    - receiving a request to perform an operation on a data item in the database system;
      
      if the data item is a sensitive data item containing sensitive information and if the request is received from a sensitive user who is empowered to access sensitive data, allowing the operation to proceed if the sensitive user has access rights to the data item; and
      
      if the data item is a sensitive data item and the request is received from a normal user, disallowing the operation.
  - 11. The computer-readable storage medium of claim 10, wherein if the data item is a sensitive data item, if the operation is allowed to proceed, and if the operation involves retrieval of the data item, the method further comprises decrypting the data item using an encryption key after the data item is retrieved.
  - 12. The computer-readable storage medium of claim 11, wherein the encryption key is stored along with a table containing the data item.
  - 13. The computer-readable storage medium of claim 12, wherein the encryption key is stored in encrypted form.
  - 14. The computer-readable storage medium of claim 9, wherein the sensitive object can include one of:
    - a sensitive table containing sensitive data in the database system;
      
      a sensitive row within a table in the database system, wherein the sensitive row contains sensitive data; and
      
      an object that represents a sensitive user of the database system who is empowered to access sensitive data.
  - 15. The computer-readable storage medium of claim 9, wherein if the object is not a sensitive object, and if the command to perform the administrative function is received from a security officer, the method further comprises allowing the security officer to perform the administrative function.
  - 16. The computer-readable storage medium of claim 9, wherein the database system includes a number of sensitive data items;
    - and wherein only specific sensitive users are allowed to access a given sensitive data item.
  - 18. The apparatus of claim 17, wherein the command receiving mechanism is configured to receive a request to perform an operation on a data item in the database system;
    - wherein the execution mechanism is configured to, allow the operation to proceed, if the data item is a sensitive data item, if the request is received from a sensitive user who is empowered to access sensitive data, and if the sensitive user has access rights to the data item, and to disallow the operation, if the data item is a sensitive data item, and if the request is received from a normal user.
  - 19. The apparatus of claim 18, further comprising a decryption mechanism, wherein if the data item is a sensitive data item, if the operation is allowed to proceed, and if the operation involves retrieval of the data item, the decryption mechanism is configured to decrypt the data item using an encryption key after the data item is retrieved
  - 20. The apparatus of claim 19, wherein the encryption key is stored along with a table containing the data item.
  - 21. The apparatus of claim 20, wherein the encryption key is stored in encrypted form.
  - 22. The apparatus of claim 17, wherein the sensitive object can include one of:
    - a sensitive table containing sensitive data in the database system;
      
      a sensitive row within a table in the database system, wherein the sensitive row contains sensitive data; and
      
      an object that represents a sensitive user of the database system who is empowered to access sensitive data.
  - 23. The apparatus of claim 17, wherein if the object is not a sensitive object, and if the command to perform the administrative function is received from a security officer, the execution mechanism is configured to allow the security officer to perform the administrative function.
  - 24. The apparatus of claim 17, wherein the database system includes a number of sensitive data items;
    - and wherein only specific sensitive users are allowed to access a given sensitive data item.

17. An apparatus for managing a database system, comprising:
- a command receiving mechanism that is configured to receive a command to perform an administrative function involving an object defined within the database system;
  
  an execution mechanism that is configured to, determine if the object is a sensitive object that is associated with security functions in the database system, allow the administrative function to proceed, if the object is not a sensitive object, and if the command is received from a normal database administrator for the database system, and to disallow the administrative function, if the object is a sensitive object, and if the command is received from a normal system administrator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Samar, Vipin

Granted Patent

US 7,315,859 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Y10S 707/99939 Privileged access

Method and apparatus for management of encrypted data through role separation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

42 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for management of encrypted data through role separation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links