Transparent encryption using secure encryption device

US 20070079386A1
Filed: 09/26/2005
Published: 04/05/2007
Est. Priority Date: 09/26/2005
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for allowing an application program to access sensitive data in a database in a manner that is transparent to said application program and said database, said method comprising:

instantiating a view, when said application program attempts to access said sensitive data, wherein said view corresponds to a source table in said database and wherein said source table is where said sensitive data resides as encrypted data;

populating said view with decrypted data corresponding to said sensitive data if said application program is authenticated; and

revealing said view to said authenticated application program.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for allowing application programs that are external to the relational database to access the sensitive data in the database in a seamless fashion are described. The application programs are allowed to use existing query statements without having to modify such statements for accessing encrypted data in the relational database.

Citations

37 Claims

1. A computer-implemented method for allowing an application program to access sensitive data in a database in a manner that is transparent to said application program and said database, said method comprising:
- instantiating a view, when said application program attempts to access said sensitive data, wherein said view corresponds to a source table in said database and wherein said source table is where said sensitive data resides as encrypted data;
  
  populating said view with decrypted data corresponding to said sensitive data if said application program is authenticated; and
  
  revealing said view to said authenticated application program.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The computer-implemented method of claim 1, further comprising encrypting said sensitive data in said source table to form said encrypted data.
  - 3. The computer-implemented method of claim 2, further comprising renaming said source table before instantiating said view.
  - 4. The computer-implemented method of claim 3, further comprising naming said instantiated view with said source table'"'"'s original name.
  - 5. The computer-implemented method of claim 2, further comprising creating a temporary table and exporting said sensitive data from said source table to said temporary table and then encrypting said sensitive data in said temporary table to form said encrypted data.
  - 6. The computer-implemented method of claim 5, further comprising returning said encrypted data from said temporary table to said source table.
  - 7. The computer-implemented method of claim 1, further comprising using one or more metadata tables for automatically instantiating said view.
  - 8. The computer-implemented method of claim 1, further comprising authenticating said application program when said application attempts to access said sensitive data stored in said database.
  - 9. The computer-implemented method of claim 1, further comprising trapping an insert statement for inserting data wherein said insert statement is executed on said view by said application program and creating, in response to said trapped insert statement, a new corresponding insert statement for inserting said data into said source table.
  - 10. The computer-implemented method of claim 1, further comprising trapping an update statement for updating said sensitive data wherein said update statement is executed on said view by said application program and creating, in response to said trapped update statement, a new corresponding update statement for updating said sensitive data in said source table.
  - 11. The computer-implemented method of claim 9, further comprising using one or more triggers for trapping said insert statement and for creating said new corresponding insert statement.
  - 12. The computer-implemented method of claim 11, further comprising automatically creating said one or more triggers based on one or more metadata tables, wherein said one or more metadata tables are configurable for defining database tables and columns that are targeted for encryption.
  - 13. The computer-implemented method of claim 9, further comprising using one or more triggers for trapping said update statement and for creating said new corresponding update statement.
  - 14. The computer-implemented method of claim 1, further comprising using a network attached encryption-decryption (NAE) mechanism that is adapted for decrypting said sensitive data for populating said view.
  - 15. The computer-implemented method of claim 1, further comprising using a network attached encryption-decryption (NAE) mechanism that is adapted for encrypting said sensitive data for storage in said source table.

16. A transparent encryption system for encrypting data in a database, the transparent encryption system comprising:
- means for encrypting and decrypting data on demand from within said database in order to integrate said database into said transparent encryption system;
  
  means for migrating data from one or more plaintext database table columns to corresponding one or more encrypted database table columns;
  
  means for automating subsequent encrypt and decrypt operations on said database after integrating said database into said transparent encryption system; and
  
  means for authenticating users so that only authorized users are able to access encrypted data in said integrated database.

17. A transparent encryption system for encrypting data in a database, the transparent encryption system comprising:
- means for instantiating a view, when an application program attempts to access sensitive data, wherein said view corresponds to a source table in a database and wherein said source table is where said sensitive data resides as encrypted data;
  
  means for populating said view with decrypted data corresponding to said sensitive data if said application program is authenticated; and
  
  means for revealing said view to said authenticated application program.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The transparent encryption system of claim 17, further comprising means for authenticating said application program when said application attempts to access said sensitive data stored in said database.
  - 19. The transparent encryption system of claim 17, further comprising means for trapping an insert statement for inserting data wherein said insert statement is executed on said view by said application program and creating, in response to said trapped insert statement, a new corresponding insert statement for inserting said data into said source table.
  - 20. The transparent encryption system of claim 17, further comprising means for trapping an update statement for updating said sensitive data wherein said update statement is executed on said view by said application program and creating, in response to said trapped update statement, a new corresponding update statement for updating said sensitive data in said source table.
  - 21. The transparent encryption system of claim 17, further comprising means for decrypting said sensitive data for populating said view.
  - 22. The transparent encryption system of claim 17, further comprising means for encrypting said sensitive data for storage in said source table.

23. One or more propagated data signals collectively conveying data that causes a computing system to perform a method for allowing an application program to access sensitive data in a database in a manner that is transparent to said application program and said database, the method comprising:
- instantiating a view, when said application program attempts to access said sensitive data, wherein said view corresponds to a source table in said database and wherein said source table is where said sensitive data resides as encrypted data;
  
  populating said view with decrypted data corresponding to said sensitive data if said application program is authenticated; and
  
  revealing said view to said authenticated application program.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 24. The propagated data signals of claim 23, further causing encrypting said sensitive data in said source table to form said encrypted data.
  - 25. The propagated data signals of claim 24, further causing renaming said source table before instantiating said view.
  - 26. The propagated data signals of claim 25, further causing naming said instantiated view with said source table'"'"'s original name.
  - 27. The propagated data signals of claim 24, further causing creating a temporary table and exporting said sensitive data from said source table to said temporary table and then encrypting said sensitive data in said temporary table to form said encrypted data.
  - 28. The propagated data signals of claim 27, further causing returning said encrypted data from said temporary table to said source table.
  - 29. The propagated data signals of claim 23, further causing using one or more metadata tables for automatically instantiating said view.
  - 30. The propagated data signals of claim 23, further causing authenticating said application program when said application attempts to access said sensitive data stored in said database.
  - 31. The propagated data signals of claim 23, further causing trapping an insert statement for inserting data wherein said insert statement is executed on said view by said application program and creating, in response to said trapped insert statement, a new corresponding insert statement for inserting said data into said source table.
  - 32. The propagated data signals of claim 23, further causing trapping an update statement for updating said sensitive data wherein said update statement is executed on said view by said application program and creating, in response to said trapped update statement, a new corresponding update statement for updating said sensitive data in said source table.
  - 33. The propagated data signals of claim 31, further causing using one or more triggers for trapping said insert statement and for creating said new corresponding insert statement.
  - 34. The propagated data signals of claim 33, further causing automatically creating said one or more triggers based on one or more metadata tables, wherein said one or more metadata tables are configurable for defining database tables and columns that are targeted for encryption.
  - 35. The propagated data signals of claim 31, further causing using one or more triggers for trapping said update statement and for creating said new corresponding update statement.
  - 36. The propagated data signals of claim 23, further causing using a network attached encryption-decryption (NAE) mechanism that is adapted for decrypting said sensitive data for populating said view.
  - 37. The propagated data signals of claim 23, further causing using a network attached encryption-decryption (NAE) mechanism that is adapted for encrypting said sensitive data for storage in said source table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SafeNet Incorporated (Thales SA)
Original Assignee
SafeNet Incorporated (Thales SA)
Inventors
Sandell, Bruce, Metzger, Brian, Mauldin, Stephen, Chang, Jorge

Application Number

US11/236,061
Publication Number

US 20070079386A1
Time in Patent Office

Days
Field of Search
US Class Current

726/29
CPC Class Codes

G06F 21/6227 where protection concerns t...

G06F 2221/2107 File encryption

Transparent encryption using secure encryption device

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Transparent encryption using secure encryption device

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links