SECURE DATABASE BACKUP AND RECOVERY
First Claim
1. A system for secure database backup and recovery in a secure database network having N distributed data nodes, the system comprising:
- a processor;
a database system backup file;
a fragment engine for fragmenting, by the processor, the file into fragments;
a coordination engine for associating, by the processor, each fragment with a node such that the node will not be used to store the fragment;
one or more database agents for communicating, by the processor, the fragments to the nodes for storage and for retrieving, by the processor, the fragments a determined time later from the nodes wherein no fragment is stored on its associated distinct node; and
an encryption engine for encrypting fragments, by the processor and using a first key, before storing and decrypting the fragments, by the processor, on retrieval using the first key wherein the fragments are further encrypted with a different key before storing again on said nodes and wherein fragments are not stored on their associated node but only on nodes that are not associated with them.
1 Assignment
0 Petitions
Accused Products
Abstract
As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.
12 Citations
7 Claims
-
1. A system for secure database backup and recovery in a secure database network having N distributed data nodes, the system comprising:
-
a processor; a database system backup file; a fragment engine for fragmenting, by the processor, the file into fragments; a coordination engine for associating, by the processor, each fragment with a node such that the node will not be used to store the fragment; one or more database agents for communicating, by the processor, the fragments to the nodes for storage and for retrieving, by the processor, the fragments a determined time later from the nodes wherein no fragment is stored on its associated distinct node; and an encryption engine for encrypting fragments, by the processor and using a first key, before storing and decrypting the fragments, by the processor, on retrieval using the first key wherein the fragments are further encrypted with a different key before storing again on said nodes and wherein fragments are not stored on their associated node but only on nodes that are not associated with them. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsBarbas, Pedro M., Duffy, Joseph, Maycock, Ken, Tilson, David M.
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current1/1
-
CPC Class CodesG06C 1/00 Computing aids in which the...G06F 11/1448 Management of the data invo...G06F 11/1464 for networked environmentsG06F 16/182 Distributed file systemsG06F 21/602 Providing cryptographic fac...G06F 21/6209 to a single file or object,...G06F 2201/80 Database-specific techniquesG06F 2201/805 Real-timeG06F 2221/2107 File encryptionG06F 3/067 Distributed or networked st...H04L 67/1065 Discovery involving distrib...H04L 67/1097 for distributed storage of ...H04L 9/085 Secret sharing or secret sp...H04L 9/0861 Generation of secret inform...H04L 9/0891 Revocation or update of sec...H04L 9/0894 Escrow, recovery or storing...H04L 9/14 using a plurality of keys o...H04L 9/30 Public key, i.e. encryption...H04N 21/2318 using striping
