METHOD AND SYSTEM FOR SAFEGUARDING DATABASE RELATIONS AGAINST UNAUTHORIZED ACCESS

US 20160350540A1
Filed: 08/12/2016
Published: 12/01/2016
Est. Priority Date: 02/12/2014
Status: Active Grant

First Claim

Patent Images

1. A method that protects the values of attributes of a dataset (DS), that may be stored in a first relation (T1) of a database, against unauthorized access, wherein a dataset'"'"'s foreign key attribute value (FK) refers to a key (K) of the first relation (T1) or second relation (T2), whereinthe foreign key attribute value (FK) is stored in a mapping relation (TM),the values of a number of attributes (F) of a dataset, that are not foreign key attributes, are stored in the first relation (T1), andthe mapping relation (TM) being stored in a volatile (CUA) memory.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for safeguarding values of attributes of a data record that can be stored in a first relational database against unauthorized access, wherein a value of a foreign key attribute of the data record refers to a key for the first relation or for a second relation, and wherein the value of the foreign key attribute is stored in a mapping relation, the values of attributes of the data record that are not foreign key attributes are stored in the first relation, and the mapping relation is stored in a volatile data memory.

Citations

21 Claims

1. A method that protects the values of attributes of a dataset (DS), that may be stored in a first relation (T1) of a database, against unauthorized access, wherein a dataset'"'"'s foreign key attribute value (FK) refers to a key (K) of the first relation (T1) or second relation (T2), whereinthe foreign key attribute value (FK) is stored in a mapping relation (TM),the values of a number of attributes (F) of a dataset, that are not foreign key attributes, are stored in the first relation (T1), andthe mapping relation (TM) being stored in a volatile (CUA) memory.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 16, 17, 21)
- - 2. The method of claim 1, wherein the first relation (T1) is stored in a permanent memory (PM).
  - 3. The method of claim 1, wherein the value of a primary key attribute (PK) of the dataset (DS) is stored, in addition to the value of the foreign key attribute (FK), in the mapping relation (TM), wherein the foreign key attribute value (FK) and the primary key attribute value (PK) of the dataset (DS) create a mapping dataset (MDS) in the mapping relation (TM).
  - 4. The method of claim 1, wherein a primary key attribute (PK) of the dataset (DS) is derived from a number of key attributes of the dataset (DS).
  - 5. The method of claim 1, wherein the following is stored, in addition, for each respective mapping dataset (MDS) in the mapping relation (TM), given multiple first relations (T1), in which datasets (DS) comprising foreign key attribute values may be stored:
    - a first relation ID (RK1), which comprises information referring to which first relation (T1) of the multiple first relations the respective mapping dataset (MDS) is attributed, anda first column ID (SK1), which comprises information referring to which of the dataset'"'"'s (DS) foreign key attributes (FK) the foreign key attribute value stored in the mapping dataset (DS) is attributed.
  - 6. The method of claim 1, wherein, given multiple relations in the volatile (CUA) memory, in which datasets (DS) comprising foreign key attribute values may be stored, a mapping relation (TM) is created for each of the first relations (T1), wherein the foreign key attribute values (FK) of the respective datasets (DS) and the value of the primary key attribute (PK) are stored in named mapping relation (TM), in addition to the dataset'"'"'s (DS) foreign key attribute value (FK).
  - 7. The method of claim 6, wherein the mapping relation (TM) stores, in addition, a first column ID (SK1) for each mapping dataset (MDS), which comprises information referring to which of the dataset'"'"'s (DS) foreign key attributes (FK) the foreign key attribute value stored in the respective mapping dataset (MDS) is attributed.
  - 8. The method of claim 5, wherein the following is stored, in addition, in the mapping relation (TM) for each respective mapping dataset (MDS):
    - a second relation ID (RK2), which comprises information as to which second relation (T2) is referenced by multiple second relations of the mapping dataset'"'"'s (MDS) foreign key attribute value, anda second column ID (SK2), which comprises information as to which key (K) is referenced by the mapping dataset'"'"'s (MDS) foreign key attribute value in the second relation (T2).
  - 9. The method of claim 1, wherein the first relation (T1) stores, in addition, the dataset'"'"'s (DS) value of the foreign key attribute (FK), wherein the dataset'"'"'s (DS) value of the foreign key attribute (FK) is encrypted cryptographically, preferably via a cryptographic key attributed to the dataset owner.
  - 10. The method of claim 9, wherein a value of at least one of the dataset'"'"'s (DS) further attributes (F), that is not a foreign key attribute, is encrypted cryptographically, in addition to the value of the foreign key attribute (FK)
  - 11. The method of claim 10, wherein the value of the new dataset'"'"'s (DS) foreign key attribute values (FK) and primary key attribute values (PK) are stored in the mapping relations (TM), and wherein, in any event, the values of the foreign key attributes (FK) in the first relation (T1) are encrypted cryptographically, when a dataset (DS) is created.
  - 12. The method of claim 11, wherein the mapping relations (TM) are stored, in addition, in a redundant volatile CUA memory (CUA2).
  - 16. The method of claim 1, wherein the mapping relation (TM) is stored in a secured, hermetically sealed infrastructure and/or wherein the values of the encrypted foreign key attributes (FK) are decrypted within a secured and sealed infrastructure and wherein the cryptographic keys necessary for said decryption are exclusively stored in named secured, sealed infrastructure.
  - 17. The method of claim 16, wherein a mapping relation (TM) data access application is implemented exclusively within the secured, sealed infrastructure.
  - 21. A computer program product that may be uploaded to the internal memory of a computer system and includes program sections, with which to implement the method of claim 1, wherein the computer system protects the values of foreign key attributes of a dataset (DS), that may be stored in a database'"'"'s first relation (T1), against unauthorized access, wherein the dataset'"'"'s value of a foreign key attribute (FK) refers to a key (K) of the first relation (T1) or of a second relation (T2), wherein the system comprises a volatile CUA memory and a permanent memory (PM), and wherein the system is alignedto store the value of the foreign key attribute (FK) in a mapping relation (TM), which, in turn, is stored in the volatile CUA memory, andto store the values of the attributes (F) of the dataset in the first relation (T1) stored in the permanent memory (PM), that are not foreign key attributes.

13. A method with which a mapping relation (TM) may be created or recovered in a volatile CUA memory, wherein the values of foreign key attributes (FK) of a dataset (DS) stored in one of a database'"'"'s first relations (T1) are storable and wherein said attributes are, in any event, encrypted cryptographically in the first relation (T1) and may be decrypted, preferably, exclusively via a cryptographic key of the dataset owner, whereinthe values of the foreign key attributes (FK) are decrypted via the cryptographic key of the dataset owner, when the dataset owner accesses the dataset,the decrypted values of the foreign key attributes (FK) are stored in a mapping dataset (MDS) of the mapping relation (TM), andthe value of a primary key attribute (PK) of the dataset are stored, in addition to the values of the foreign key attributes (FK), in the mapping dataset (MDS).
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, wherein storage of a mapping dataset (MDS) for the dataset'"'"'s value of the primary key attribute (PK) is verified in the mapping relation (TM) prior to decryption of the encrypted foreign key attribute (FK).
  - 15. The method of claim 13, wherein the following is stored, additionally, in the mapping dataset (MDS):
    - a first column ID (SK1) comprising information referring to which of the dataset'"'"'s foreign key attributes (FK) the foreign key attribute value stored in the mapping dataset (MDS) is attributed, andpreferably, also;
      
      a first relation ID (RK1), comprising information referring to which of the first relations (T1) of multiple first relations the mapping dataset (MDS) is attributed, and/ora second relation ID (RK2), comprising information as to which second relation (T2) or multiple second relations is referenced by the value of the foreign key attribute of the mapping dataset (MDS), and/ora second column ID (SK2), comprising information as to which key (K) is referenced in the second relation (T2) by the value of the foreign key attribute of the mapping dataset (MDS).

18. A system that protects the values of foreign key attributes of a dataset (DS), that may be stored in a database'"'"'s first relation (T1), against unauthorized access, wherein the dataset'"'"'s value of a foreign key attribute (FK) refers to a key (K) of the first relation (T1) or of a second relation (T2), wherein the system comprises a volatile CUA memory and a permanent memory (PM), and wherein the system is alignedto store the value of the foreign key attribute (FK) in a mapping relation (TM), which, in turn, is stored in the volatile CUA memory, andto store the values of the attributes (F) of the dataset in the first relation (T1) stored in the permanent memory (PM), that are not foreign key attributes.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the volatile CUA memory and the permanent memory (PM) are respectively provided by individual server systems, which are physically separated from one another.
  - 20. The system of claim 18, wherein the system implements a method that protects the values of attributes of a dataset (DS), that may be stored in a first relation (T1) of a database, against unauthorized access, wherein a dataset'"'"'s foreign key attribute value (FK) refers to a key (K) of the first relation (T1) or second relation (T2), whereinthe foreign key attribute value (FK) is stored in a mapping relation (TM),the values of a number of attributes (F) of a dataset, that are not foreign key attributes, are stored in the first relation (T1),the mapping relation (TM) being stored in a volatile (CUA) memory, andthe first relation (T1) is stored in a permanent memory (PM).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Uniscon Universal Identity Control Gmbh (T?V S?d AG)
Original Assignee
Uniscon Universal Identity Control Gmbh (T?V S?d AG)
Inventors
NGUYEN, Dau Khiem, KARATZAS, Christos, JGER, Hubert

Granted Patent

US 10,380,354 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/2272   Management thereof

G06F 21/602   Providing cryptographic fac...

G06F 21/6227   where protection concerns t...

G06F 21/6254   by anonymising data, e.g. d...

METHOD AND SYSTEM FOR SAFEGUARDING DATABASE RELATIONS AGAINST UNAUTHORIZED ACCESS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR SAFEGUARDING DATABASE RELATIONS AGAINST UNAUTHORIZED ACCESS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links