PROTECTION OF ENCRYPTION KEYS IN A DATABASE
First Claim
1. A method for protecting encryption keys in a database, comprising:
- (1) generating a master key, provided by a first entity;
(2) generating a dual master key, provided by a second entity; and
(3) encrypting said encryption keys using said master key and said dual master key.
1 Assignment
0 Petitions
Accused Products
Abstract
System, method, computer program product embodiments and combinations and sub-combinations thereof for protection of encryption keys in a database are described herein. An embodiment includes a master key and a dual master key, both of which are used to encrypt encryption keys in a database. To access encrypted data, the master key and dual master key must be supplied to a database server by two separate entities, thus requiring dual control of the master and dual master keys. Furthermore, passwords for the master and dual master keys must be supplied separately and independently, thus requiring split knowledge to access the master and dual master keys. In another embodiment, a master key and a key encryption key derived from a user password is used for dual control. An embodiment also includes supplying the secrets for the master key and dual master key through server-private files.
-
Citations
27 Claims
-
1. A method for protecting encryption keys in a database, comprising:
-
(1) generating a master key, provided by a first entity; (2) generating a dual master key, provided by a second entity; and (3) encrypting said encryption keys using said master key and said dual master key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A database server for protecting encryption keys in a database, comprising:
-
a first module to generate a master key, obtained from a first entity; a second module to generate a dual master key, obtained from a second entity; and a third module to encrypt said encryption keys using said master key and said dual master key. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A computer program product having control logic stored therein, said control logic enabling a processor to protect encryption keys in a database, said control logic comprising:
-
first computer readable program code means for enabling a processor to generate a master key, provided by a first entity; second computer readable program code means for enabling a processor to generate a dual master key, provided by a second entity; and third computer readable program code means for enabling a processor to encrypt said encryption keys using said master key and said dual master key.
-
Specification