Integrating a digital signature service into a database

US 6,898,707 B1
Filed: 11/30/1999
Issued: 05/24/2005
Est. Priority Date: 11/30/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for integrating a digital signature service into a database, said method comprising the steps of:

storing a database comprising a plurality of records;

receiving a store procedure with data from a client of said database;

in response to said store procedure;

receiving a digital certificate for said client;

receiving a private key for said client;

generating a signature from said data, digital certificate and private key of said claim;

generating a signature object for said data, said digital signature object comprising said data, certificate and signature; and

storing said signature object as at least a portion of one of said records in said database.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A digital signature service integrates digital signature functions on data, for storage in a database. The digital signature service is integrated within a remote database management system (“RDBMS”). A database client generates a command to the RDBMS to execute a stored procedure or stored function that digitally signs the data and that saves the data in a persistent datastore. In response to the command, the RDBMS, using a digital certificate for the user, generates a signature from the data. In addition, the RDBMS generates a digital signature object for the data that includes the data, certificate and signature. The digital signature object is stored in the database. The digital signature service verifies digital signatures through execution of a query command. The digital signature service also implements business logic to retrieve data based on digital signature criteria, and implements filter functions to filter the storage and retrieval of data based on verification and authentication of digital signatures. The generation of multiple signatories on a single data item is also disclosed.

65 Citations

View as Search Results

21 Claims

1. A method for integrating a digital signature service into a database, said method comprising the steps of:
- storing a database comprising a plurality of records;
  
  receiving a store procedure with data from a client of said database;
  
  in response to said store procedure;
  
  receiving a digital certificate for said client;
  
  receiving a private key for said client;
  
  generating a signature from said data, digital certificate and private key of said claim;
  
  generating a signature object for said data, said digital signature object comprising said data, certificate and signature; and
  
  storing said signature object as at least a portion of one of said records in said database.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as set forth in claim 1, further comprising the steps of:
    - receiving a query command from said user to retrieve said data from said record of said database table;
      
      retrieving, in response to said query command, said data, certificate and signature for said user;
      
      processing said data and said certificate, using said signature, to verify that said data and said certificate are unaltered from their original contents;
      
      obtaining, from said certificate, an authentication as to the digital signatory; and
      
      generating, as a response to said query command, said data, so as to provide verification of said data with said signature and said certificate in response to said query.
  - 3. The method as set forth in claim 2, further comprising the steps of:
    - receiving, as said query command, a query command to retrieve at least one record in said database comprising criteria based on digital signatures stored for said records;
      
      identifying records in said database with said criteria regarding said digital signatures; and
      
      retrieving said records identified in response to said query command.
  - 4. The method as set forth in claim 3, further comprising the steps of:
    - extracting, from said records retrieved, data, certificate and signature stored in said record;
      
      processing said data and said certificate, using said signature, to verify that said data and said certificate are unaltered from their original contents;
      
      obtaining, from said certificate, an authentication as to the digital signatory of said data; and
      
      generating, as a response to said query command, said data, so as to provide verification of said data with said signature and said certificate in response to said query.
  - 5. The method as set forth in claim 1, wherein:
    - the step of generating a digital signature for said data comprises the step of generating a single signature object comprising said certificate, said document, and said digital signature; and
      
      the step of storing said document, certificate and signature as at least a portion of a record in said database comprises the step of storing said single signature object in said record of said database.
  - 6. The method as set forth in claim 5, wherein the step of generating a single signature object comprises the step of generating a serialized object comprising said certificate, said document, and said signature.
  - 7. The method as set forth in claim 1, further comprising the step of storing said certificate of said user in a column of said database table.
  - 8. The method as set forth in claim 7, wherein the step of storing said certificate of said user in a column of said database table comprises the step of augmenting a user identification field to include said certificate of said user.
  - 9. The method as set forth in claim 1, further comprising the steps of:
    - receiving a second digital certificate for a second client;
      
      retrieving said signature object from said record in said database as a first signature object;
      
      generating a second signature from said first signature object with said second client as a signatory;
      
      generating a second signature object, said second signature object comprising said first signature object, said second certificate, and said second signature; and
      
      storing, in said database, said second signature object.
  - 10. The method as set forth in claim 9, further comprising the steps of:
    - receiving a query command to retrieve said second signature object from said record of said database table;
      
      retrieving, in response to said query command, said second signature object for said user;
      
      processing said first signature object and said second certificate, using said second signature, to verify that said first signature object and said second certificate are unaltered from their original contents;
      
      processing said data and said certificate, using said signature, to verify that said data and said certificate are unaltered from their original contents; and
      
      generating, as a response to said query command, said data, so as to provide verification of said first and second digital signatures.

11. A computer readable medium comprising a plurality of instructions which, when executed by a computer, cause the computer to perform the steps of:
- storing a database comprising a plurality of records;
  
  receiving a store procedure with data from a client of said database;
  
  in response to said store procedure;
  
  receiving a digital certificate for said client;
  
  receiving a private key for said client;
  
  generating a signature from said data, digital certificate and private key of said client;
  
  generating a signature object for said data, said digital signature object comprising said data, certificate and signature; and
  
  storing said signature object as at least a portion of one of said records in said database.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer readable medium as set forth in claim 11, further comprising the steps of:
    - receiving a query command from said user to retrieve said data from said record of said database table;
      
      retrieving, in response to said query command, said data, certificate and signature for said user;
      
      processing said data and said certificate, using said signature, to verify that said data and said certificate are unaltered from their original contents;
      
      obtaining, from said certificate, an authentication as to the digital signatory; and
      
      generating, as a response to said query command, said data, so as to provide verification of said data with said signature and said certificate in response to said query.
  - 13. The computer readable medium as set forth in claim 12, further comprising the steps of:
    - receiving, as said query command, a query command to retrieve at least one record in said database comprising criteria based on digital signatures stored for said records;
      
      identifying records in said database with said criteria regarding said digital signatures; and
      
      retrieving said records identified in response to said query command.
  - 14. The computer readable medium as set forth in claim 13, further comprising the steps of:
    - extracting, from said records retrieved, data, certificate and signature stored in said record;
      
      processing said data and said certificate, using said signature, to verify that said data and said certificate are unaltered from their original contents;
      
      obtaining, from said certificate, an authentication as to the digital signatory of said data; and
      
      generating, as a response to said query command, said data, so as to provide verification of said data with said signature and said certificate in response to said query.
  - 15. The computer readable medium as set forth in claim 11, wherein:
    - the step of generating a digital signature for said data comprises the step of generating a single signature object comprising said certificate, said document, and said digital signature; and
      
      the step of storing said document, certificate and signature as at least a portion of a record in said database comprises the step of storing said single signature object in said record of said database.
  - 16. The computer readable medium as set forth in claim 15, wherein the step of generating a single signature object comprises the step of generating a serialized object comprising said certificate, said document, and said signature.
  - 17. The computer readable medium as set forth in claim 11, further comprising the step of storing said certificate of said user in a column of said database table.
  - 18. The computer readable medium as set forth in claim 17, wherein the step of storing said certificate of said user in a column of said database table comprises the step of augmenting a user identification field to include said certificate of said user.
  - 19. The computer readable medium as set forth in claim 11, further comprising the steps of:
    - receiving a second digital certificate for a second client;
      
      retrieving said signature object from said record in said database as a first signature object;
      
      generating a second signature from said first signature object with said second client as a signatory;
      
      generating a second signature object, said second signature object comprising said first signature object, said second certificate, and said second signature; and
      
      storing, in said database, said second signature object.
  - 20. The computer readable medium as set forth in claim 19, further comprising the steps of:
    - receiving a query command to retrieve said second signature object from said record of said database table;
      
      retrieving, in response to said query command, said second signature object for said user;
      
      processing said first signature object and said second certificate, using said second signature, to verify that said first signature object and said second certificate are unaltered from their original contents;
      
      processing said data and said certificate, using said signature, to verify that said data and said certificate are unaltered from their original contents; and
      
      generating, as a response to said query command, said data, so as to provide verification of said first and second digital signatures.

21. A computer comprising:
- an input device for receiving a digital certificate and a private key for a user of said computer;
  
  database client for generating a store procedure with data;
  
  database management system, coupled to said database client, for generating, in response to said store procedure, a signature from said data, said database management system further for generating a signature object for said data, digital certificate and private key of said database client, said digital signature object comprising said data, certificate and signature; and
  
  database, coupled to said database management system, comprising a plurality of records for storing said signature object as at least a portion of a record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Accela Incorporated (Piksel Incorporated)
Original Assignee
Accela Incorporated (Piksel Incorporated)
Inventors
Kinnis, Tony F., Sit, Ho Wing
Primary Examiner(s)
Morse, Gregory
Assistant Examiner(s)
NALVEN, ANDREW L

Application Number

US09/451,575
Time in Patent Office

2,002 Days
Field of Search

713/167, 713/189
US Class Current

713/167
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/64   Protecting data integrity, ...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 9/3247   involving digital signatures

H04L 9/3268   using certificate validatio...

Integrating a digital signature service into a database

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Integrating a digital signature service into a database

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others