Cryptographic infrastructure for encrypting a database

US 20030046572A1
Filed: 08/29/2002
Published: 03/06/2003
Est. Priority Date: 08/30/2001
Status: Active Grant

First Claim

Patent Images

1. An encryption system for encrypting data residing in a database, comprising:

a symmetrical key for encrypting a column within a table;

a copy of said symmetrical key encrypted with a public key;

said encrypted symmetrical key copy stored in a table;

a user interface view for decrypting data read from said table; and

said user interface view having a trigger to encrypt data written to said key table.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a transparent encryption infrastructure which allows the user to point-and-click on columns and tables to encrypt data. The creation of triggers and views are also easily implemented, to encrypt and decrypt data, to manage the encryption keys and to grant and revoke access to a column. Public and private key pairs are hashed and encrypted with a valid password. The process or encryption starts by creating a randomly generated symmetrical key, encrypting the symmetrical key with the private key for each user authorized to decrypt the data, and storing the encrypted symmetrical key, along with the user'"'"'s name and the column name, in the database.

192 Citations

16 Claims

1. An encryption system for encrypting data residing in a database, comprising:
- a symmetrical key for encrypting a column within a table;
  
  a copy of said symmetrical key encrypted with a public key;
  
  said encrypted symmetrical key copy stored in a table;
  
  a user interface view for decrypting data read from said table; and
  
  said user interface view having a trigger to encrypt data written to said key table.
- View Dependent Claims (2, 3, 4)
- - 2. The encryption system of claim 1, wherein said encryption system has a search engine for searching data in an encrypted column, further comprising:
    - means for accepting a search criteria;
      
      means for retrieving said symmetrical key used to encrypt said column;
      
      means for encrypting said search criteria with said symmetrical key; and
      
      means for searching for a value matching that of said encrypted search criteria.
  - 3. The encryption system of claim 1, wherein said trigger is an INSTEAD OF trigger.
  - 4. The encryption system of claim 1, further comprising:
    - a private key generator for generating a private key;
      
      a public key generator for generating a public key from said private key;
      
      a database for storing said public key;
      
      a user having a name and a password;
      
      a hash of said user name concatenated with said user password, for storing in said database;
      
      a hash of said user password; and
      
      an encrypted private key encrypted with said hash of said user password for storage in said database.

5. An encryption system for encrypting data residing in a database, comprising:
- a set of objects within said database operable to transparently encrypt data, comprising;
  
  a trigger operable to encrypt data as said data is modified or created in a column;
  
  a view operable to decrypt said data as said data is selected from said column;
  
  a set of functions within said database comprising;
  
  means for encrypting a private key associated with a user requiring authorization to decrypt data;
  
  means for storing an encrypted private key;
  
  means for decrypting said encrypted private key;
  
  means for verifying proper decryption of said encrypted private key;
  
  means for encrypting and decrypting, using a symmetrical key, said column containing said data;
  
  means for securely storing said symmetrical key;
  
  means for securely loading said symmetrical key; and
  
  means for changing said symmetrical key and re-encrypting said data.
- View Dependent Claims (6, 7, 8, 9, 10)
- - 6. The encryption system of claim 5, wherein said encryption system has means for searching data in an encrypted column, further comprising:
    - means for accepting a search criteria;
      
      means for retrieving said symmetrical key used to encrypt said column;
      
      means for encrypting said search criteria with said symmetrical key; and
      
      means for searching a table for a value matching that of said encrypted search criteria.
  - 7. The system of claim 5, wherein said means for encrypting a private key associated with a user further comprises:
    - a private key generator for generating a private key;
      
      a public key generator for generating a public key from said private key;
      
      a database for storing said public key;
      
      a user having a name and a password;
      
      a hash of said user name concatenated with said user password;
      
      a hash of said user name concatenated with said user password;
      
      a hash of said user password; and
      
      an encrypted private key encrypted with said hash of said user password, for storage in said database.
  - 8. The system of claim 5, wherein said means for decrypting said encrypted private key comprises:
    - a hash of a user name concatenated with a user password;
      
      a hash of said user name concatenated with an accepted user password;
      
      a hash of said accepted user password for decrypting said encrypted private key; and
      
      a server memory for storing a decrypted private key.
  - 9. The system of claim 5, wherein said means for encrypting and decrypting, using a symmetrical key, a column containing data, comprises:
    - a symmetrical key generator for generating a symmetrical key;
      
      column data for encryption with said symmetrical key;
      
      a public key for each user retrieved from a database; and
      
      said symmetrical key encrypted with said retrieved public key for storage in said database.
  - 10. The system of claim 9, wherein said means for securely decrypting a symmetrical key comprises:
    - a user having an encrypted symmetrical key and a private key; and
      
      said user private key being operable to decrypt said encrypted symmetrical key.

11. The system of claim 5, wherein said means for changing said symmetrical key and re-encrypting data comprises:
- a user copy of said encrypted symmetrical key a user private key to decrypt said encrypted symmetrical key;
  
  a lock for locking a column to re-encrypt;
  
  said column being decrypted by a decrypted symmetrical key;
  
  a symmetrical key generator for generating a second symmetrical key; and
  
  said second symmetrical key encrypted with a public key and stored in database.

11-1. A method of transparent encryption, comprising the steps of:
- renaming a base table with a base suffix;
  
  creating a view that uses functions and a data key in an application context to decrypt data;
  
  generating a trigger for the view; and
  
  executing said trigger upon changes to a data row.

12. A method of securing a user'"'"'s private key, comprising the steps of:
- hashing a password to create a hashed password;
  
  using said hashed password to encrypt a private key with an algorithm to create an encrypted private key;
  
  storing said encrypted private key in a database;
  
  concatenating and hashing a user name and said password to create a hash value; and
  
  storing said hash value.
- View Dependent Claims (13)
- - 13. The method of claim 12, further comprising the steps of:
    - executing a login function to read said hashed password and said encrypted private key;
      
      appending a password to a username and hashing said password and said username to create a hash result;
      
      comparing said hash result to said hash value to verify that said password is correct;
      
      decrypting a private key with said hashed password to create a decrypted private key; and
      
      storing said decrypted private key.

14. A method of reading encrypted data from a table, comprising the steps of:
- loading a private key;
  
  loading an encrypted symmetrical key;
  
  de-encrypting said encrypted symmetrical key using said private key to create a de-encrypted symmetrical key; and
  
  decrypting data located in a table using said de-encrypted symmetrical key.

15. A method for encrypting a column, comprising the steps of:
- creating a symmetrical key;
  
  encrypting said column with said symmetrical key;
  
  creating a copy of said symmetrical key;
  
  encrypting said copy of said symmetrical key with a public key to create an encrypted copy; and
  
  storing said encrypted copy in a table.
- View Dependent Claims (16)
- - 16. The method for encrypting a column of claim 15, further comprising the steps of:
    - renaming said table with an extension to create a renamed table;
      
      creating a view to decrypt data read from said renamed table; and
      
      creating a trigger on said view to encrypt data written to said renamed table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Application Security Incorporated (Singapore Telecommunications Limited)
Original Assignee
Application Security Incorporated (Singapore Telecommunications Limited)
Inventors
Newman, Aaron Charles, Mari, Jay

Granted Patent

US 7,266,699 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/6227   where protection concerns t...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3239   involving non-keyed hash fu...

Cryptographic infrastructure for encrypting a database

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

192 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic infrastructure for encrypting a database

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

192 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links