Cryptographic infrastructure for encrypting a database
First Claim
1. An encryption system for encrypting data residing in a database, comprising:
- a symmetrical key for encrypting a column within a table;
a copy of said symmetrical key encrypted with a public key;
said encrypted symmetrical key copy stored in a table;
a user interface view for decrypting data read from said table; and
said user interface view having a trigger to encrypt data written to said key table.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a transparent encryption infrastructure which allows the user to point-and-click on columns and tables to encrypt data. The creation of triggers and views are also easily implemented, to encrypt and decrypt data, to manage the encryption keys and to grant and revoke access to a column. Public and private key pairs are hashed and encrypted with a valid password. The process or encryption starts by creating a randomly generated symmetrical key, encrypting the symmetrical key with the private key for each user authorized to decrypt the data, and storing the encrypted symmetrical key, along with the user'"'"'s name and the column name, in the database.
192 Citations
16 Claims
-
1. An encryption system for encrypting data residing in a database, comprising:
-
a symmetrical key for encrypting a column within a table;
a copy of said symmetrical key encrypted with a public key;
said encrypted symmetrical key copy stored in a table;
a user interface view for decrypting data read from said table; and
said user interface view having a trigger to encrypt data written to said key table. - View Dependent Claims (2, 3, 4)
-
-
5. An encryption system for encrypting data residing in a database, comprising:
a set of objects within said database operable to transparently encrypt data, comprising;
a trigger operable to encrypt data as said data is modified or created in a column;
a view operable to decrypt said data as said data is selected from said column;
a set of functions within said database comprising;
means for encrypting a private key associated with a user requiring authorization to decrypt data;
means for storing an encrypted private key;
means for decrypting said encrypted private key;
means for verifying proper decryption of said encrypted private key;
means for encrypting and decrypting, using a symmetrical key, said column containing said data;
means for securely storing said symmetrical key;
means for securely loading said symmetrical key; and
means for changing said symmetrical key and re-encrypting said data. - View Dependent Claims (6, 7, 8, 9, 10)
-
11. The system of claim 5, wherein said means for changing said symmetrical key and re-encrypting data comprises:
-
a user copy of said encrypted symmetrical key a user private key to decrypt said encrypted symmetrical key;
a lock for locking a column to re-encrypt;
said column being decrypted by a decrypted symmetrical key;
a symmetrical key generator for generating a second symmetrical key; and
said second symmetrical key encrypted with a public key and stored in database.
-
-
11-1. A method of transparent encryption, comprising the steps of:
-
renaming a base table with a base suffix;
creating a view that uses functions and a data key in an application context to decrypt data;
generating a trigger for the view; and
executing said trigger upon changes to a data row.
-
-
12. A method of securing a user'"'"'s private key, comprising the steps of:
-
hashing a password to create a hashed password;
using said hashed password to encrypt a private key with an algorithm to create an encrypted private key;
storing said encrypted private key in a database;
concatenating and hashing a user name and said password to create a hash value; and
storing said hash value. - View Dependent Claims (13)
-
-
14. A method of reading encrypted data from a table, comprising the steps of:
-
loading a private key;
loading an encrypted symmetrical key;
de-encrypting said encrypted symmetrical key using said private key to create a de-encrypted symmetrical key; and
decrypting data located in a table using said de-encrypted symmetrical key.
-
-
15. A method for encrypting a column, comprising the steps of:
-
creating a symmetrical key;
encrypting said column with said symmetrical key;
creating a copy of said symmetrical key;
encrypting said copy of said symmetrical key with a public key to create an encrypted copy; and
storing said encrypted copy in a table. - View Dependent Claims (16)
-
Specification