AUTOMATED DATA SOURCE ASSURANCE IN DISTRIBUTED DATABASES

US 20100094902A1
Filed: 10/09/2008
Published: 04/15/2010
Est. Priority Date: 10/09/2008
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a database query comprising a logical table identifier, a data element, and at least one data source assurance indicator at a distributed database node within a distributed network of databases, where the at least one data source assurance indicator comprises a request to encrypt the data element for authentication purposes;

encrypting the data element based upon the at least one data source assurance indicator;

forming a data portion of a local query response to the database query comprising data retrieved from a local physical database table mapped by a local logical table that matches the received logical table identifier;

adding a node identifier and the encrypted data element as an authentication portion of the local query response to authenticate the data portion of the local query response; and

responding to the database query with at least the authenticated local query response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A database query is received including a logical table identifier, a data element, and at least one data source assurance indicator at a distributed database node within a distributed network of databases. The data element is encrypted based upon the at least one data source assurance indicator. A data portion of a local query response to the database query is formed including data retrieved from a local physical database table mapped by a local logical table that matches the received logical table identifier. A node identifier and the encrypted data element are added as an authentication portion of the local query response to authenticate the data portion of the local query response. The database query is responded to with at least the authenticated local query response. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.

55 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving a database query comprising a logical table identifier, a data element, and at least one data source assurance indicator at a distributed database node within a distributed network of databases, where the at least one data source assurance indicator comprises a request to encrypt the data element for authentication purposes;
  
  encrypting the data element based upon the at least one data source assurance indicator;
  
  forming a data portion of a local query response to the database query comprising data retrieved from a local physical database table mapped by a local logical table that matches the received logical table identifier;
  
  adding a node identifier and the encrypted data element as an authentication portion of the local query response to authenticate the data portion of the local query response; and
  
  responding to the database query with at least the authenticated local query response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, where encrypting the data element further comprises encrypting the data element using a private encryption key paired with a public encryption key stored at a distributed database node that originated the database query.
  - 3. The method of claim 1, where the at least one data source assurance indicator further comprises an instruction to encrypt a selected data column of the data portion of the authenticated local query response.
  - 4. The method of claim 1, further comprising determining to encrypt a selected data column of the data portion of the authenticated local query response and encrypting the selected data column.
  - 5. The method of claim 4, further comprising adding a column identifier to the authenticated local query response identifying the selected encrypted data column.
  - 6. The method of claim 1, where adding the node identifier and the encrypted data element as an authentication portion of the local query response to authenticate the data portion of the local query response further comprises associating the node identifier and the encrypted data element with a hidden result column of the authenticated local query response.
  - 7. The method of claim 1, further comprising:
    - forwarding the database query comprising the logical table identifier, the data element, and the at least one data source assurance indicator to at least one additional distributed database node within the distributed network of databases;
      
      receiving at least one distributed query response comprising a node identifier and an encrypted data element associated with data returned from each distributed database node that processed the database query; and
      
      determining authenticity of each distributed database node that processed the database query based upon the encrypted data element and node identifier associated with each distributed database node that processed the database query.
  - 8. The method of claim 7, where determining authenticity of each distributed database node that processed the database query further comprises selecting a public encryption key using the associated node identifier for each distributed database node that processed the database query and decrypting the associated encrypted data element using the selected public encryption key for each distributed database node that processed the database query.
  - 9. The method of claim 8, where determining authenticity of each distributed database node that processed the database query further comprises determining whether that the decrypted data element associated with each distributed database node that processed the database query matches the data element forwarded with the database query to each distributed database node that processed the database query.
  - 10. The method of claim 7, further comprising:
    - processing the data returned from each distributed database node in association with the distributed query response based upon the determined authenticity of each distributed database node that processed the database query; and
      
      invalidating the data returned from at least one of the distributed database nodes that processed the database query based upon a determination that the at least one of the distributed database nodes is not authenticated, andwhere responding to the database query with the at least the authenticated local query response further comprises;
      
      combining the received distributed query response associated with each distributed database node that is determined to be authenticated with to the authenticated local query response; and
      
      responding to the database query with the combined response.

11. A system, comprising:
- a memory adapted to store query authentication information and database node identifiers; and
  
  a processor programmed to;
  
  receive a database query comprising a logical table identifier, a data element, and at least one data source assurance indicator at a distributed database node within a distributed network of databases, where the at least one data source assurance indicator comprises a request to encrypt the data element for authentication purposes;
  
  encrypt the data element based upon the at least one data source assurance indicator;
  
  form a data portion of a local query response to the database query comprising data retrieved from a local physical database table mapped by a local logical table that matches the received logical table identifier;
  
  add a node identifier and the encrypted data element as an authentication portion of the local query response to authenticate the data portion of the local query response;
  
  store the authenticated local query response to the memory; and
  
  respond to the database query with at least the authenticated local query response.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, where the processor is further programmed to encrypt the data element using a private encryption key paired with a public encryption key stored at a distributed database node that originated the database query.
  - 13. The system of claim 11, where the at least one data source assurance indicator further comprises an instruction to encrypt a selected data column of the data portion of the authenticated local query response and the processor is further programmed to encrypt the selected data column of the data portion of the authenticated local query response.
  - 14. The system of claim 11, where the processor is further programmed to determine to encrypt a selected data column of the data portion of the authenticated local query response and encrypt the selected data column.
  - 15. The system of claim 14, where the processor is further programmed to add a column identifier to the authenticated local query response identifying the selected encrypted data column.
  - 16. The system of claim 11, where the processor is further programmed to associate the node identifier and the encrypted data element with a hidden result column of the authenticated local query response.
  - 17. The system of claim 11, where the processor is further programmed to:
    - forward the database query comprising the logical table identifier, the data element, and the at least one data source assurance indicator to at least one additional distributed database node within the distributed network of databases;
      
      receive at least one distributed query response comprising a node identifier and an encrypted data element associated with data returned from each distributed database node that processed the database query; and
      
      determine authenticity of each distributed database node that processed the database query based upon the encrypted data element and node identifier associated with each distributed database node that processed the database query.
  - 18. The system of claim 17, where the processor is further programmed to:
    - select a public encryption key using the associated node identifier for each distributed database node that processed the database query and decrypt the associated encrypted data element using the selected public encryption key for each distributed database node that processed the database query; and
      
      determine whether that the decrypted data element associated with each distributed database node that processed the database query matches the data element forwarded with the database query to each distributed database node that processed the database query.
  - 19. The system of claim 18, where the processor is further programmed to:
    - process the data returned from each distributed database node in association with the distributed query response based upon the determined authenticity of each distributed database node that processed the database query;
      
      invalidate the data returned from at least one of the distributed database nodes that processed the database query based upon a determination that the at least one of the distributed database nodes is not authenticated, and where, in being programmed to respond to the database query with the at least the authenticated local query response, the processor is further programmed to;
      
      combine the received distributed query response associated with each distributed database node that is determined to be authenticated with to the authenticated local query response;
      
      store the combined response to the memory; and
      
      respond to the database query with the combined response.

20. A system, comprising:
- a memory adapted to store query authentication information and database node identifiers; and
  
  a processor programmed to;
  
  receive a database query comprising a logical table identifier, a data element, and at least one data source assurance indicator at a distributed database node within a distributed network of databases, where the at least one data source assurance indicator comprises a request to encrypt the data element for authentication purposes;
  
  encrypt the data element based upon the at least one data source assurance indicator using a private encryption key paired with a public encryption key stored at a distributed database node that originated the database query;
  
  form a data portion of a local query response to the database query comprising data retrieved from a local physical database table mapped by a local logical table that matches the received logical table identifier;
  
  add a node identifier and the encrypted data element as an authentication portion of the local query response to authenticate the data portion of the local query response;
  
  associate the node identifier and the encrypted data element with a hidden result column of the authenticated local query response;
  
  store the authenticated local query response to the memory;
  
  determine to encrypt a selected data column of the data portion of the authenticated local query response;
  
  encrypt the selected data column;
  
  add a column identifier to the authenticated local query response identifying the selected encrypted data column; and
  
  respond to the database query with at least the authenticated local query response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Vyvyan, David R.

Granted Patent

US 8,458,208 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/781
CPC Class Codes

G06F 16/27 Replication, distribution o...

G06F 21/6227 where protection concerns t...

AUTOMATED DATA SOURCE ASSURANCE IN DISTRIBUTED DATABASES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

55 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTOMATED DATA SOURCE ASSURANCE IN DISTRIBUTED DATABASES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links