Method and apparatus for automatic database encryption
First Claim
1. A method for managing encryption within a database system, wherein encryption is performed automatically and transparently to a user of the database system, the method comprising:
- receiving a request at the database system to store data in the database system;
wherein the request is directed to one or more columns of the database system that have been designated as encrypted;
in response to the request;
creating a digest of the data using a cryptographic function, andautomatically encrypting the data within the database system using an encryption function and an encryption key, wherein information about the encryption key is stored in a metadata table, which includes information identifying the cryptographic function used to create the digest; and
storing the encrypted data in the database system.
2 Assignments
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system for managing encryption within a database system that is managed by a database administrator, and wherein a user administrator not otherwise associated with the database system, manages users of the database system. This system performs encryption automatically and transparently to a user of the database system. The system operates by receiving a request to store data in a column of the database system. If a user has designated the column as an encrypted column, the system automatically encrypts the data using an encryption function. This encryption function uses a key stored in a keyfile managed by the security administrator. After encrypting the data, the system stores the data in the database system using a storage function of the database system.
153 Citations
27 Claims
-
1. A method for managing encryption within a database system, wherein encryption is performed automatically and transparently to a user of the database system, the method comprising:
-
receiving a request at the database system to store data in the database system; wherein the request is directed to one or more columns of the database system that have been designated as encrypted; in response to the request; creating a digest of the data using a cryptographic function, and automatically encrypting the data within the database system using an encryption function and an encryption key, wherein information about the encryption key is stored in a metadata table, which includes information identifying the cryptographic function used to create the digest; and storing the encrypted data in the database system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable storage medium storing instructions that when executed by a computer causes the computer to perform a method for managing encryption within a database system, wherein encryption is performed automatically and transparently to a user of the database system, the method comprising:
-
receiving a request at the database system to store data in the database system; wherein the request is directed to one or more columns of the database system that have been designated as encrypted; in response to the request; creating a digest of the data using a cryptographic function, and automatically encrypting the data within the database system using an encryption function and an encryption key, wherein information about the encryption key is stored in a metadata table, which includes information identifying the cryptographic function used to create the digest; and storing the encrypted data in the database system. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus that facilitates managing encryption within a database system, wherein encryption is performed automatically and transparently to a user of the database system, comprising:
-
a receiving mechanism that is configured to receive a request at the database system to store data in the database system; wherein the request is directed to one or more columns of the database system that have been designated as encrypted; a digest creating mechanism configured to create a digest of the data using a cryptographic function; an encrypting mechanism that is configured to automatically encrypt the data within the database system using an encryption function and an encryption key, wherein information about the encryption key is stored in a metadata table, which includes information identifying the cryptographic function used to create the digest; and a storing mechanism that is configured to store the encrypted data in the database system. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification