Cryptographic infrastructure for encrypting a database
First Claim
1. A system for managing the encryption and decryption of data residing in a database, comprising:
- a graphical user interface for automatically and transparently encrypting and decrypting a set of objects residing in the database;
the set of objects being a table, a column, a key, and a view;
a username and a password;
a graphical encryption control for encrypting and decrypting the set of objects, the graphical encryption control being accessible through the graphical user interface;
a key pair comprising a public key and a private key, the public key being stored in a key table;
a hash of the private key and the password, the hash being stored in the key table, and;
a second hash of the usernarne concatenated with the password, the second hash being stored in the database.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a transparent encryption infrastructure which allows the user to point-and-click on columns and tables to encrypt data. The creation of triggers and views are also easily implemented, to encrypt and decrypt data, to manage the encryption keys and to grant and revoke access to a column. Public and private key pairs are hashed and encrypted with a valid password. The process or encryption starts by creating a randomly generated symmetrical key, encrypting the symmetrical key with the private key for each user authorized to decrypt the data, and storing the encrypted symmetrical key, along with the user'"'"'s name and the column name, in the database.
-
Citations
5 Claims
-
1. A system for managing the encryption and decryption of data residing in a database, comprising:
-
a graphical user interface for automatically and transparently encrypting and decrypting a set of objects residing in the database; the set of objects being a table, a column, a key, and a view; a username and a password; a graphical encryption control for encrypting and decrypting the set of objects, the graphical encryption control being accessible through the graphical user interface; a key pair comprising a public key and a private key, the public key being stored in a key table; a hash of the private key and the password, the hash being stored in the key table, and; a second hash of the usernarne concatenated with the password, the second hash being stored in the database. - View Dependent Claims (2, 3)
-
-
4. An encryption system for encrypting data residing in a database, comprising:
-
a symmetrical key for encrypting a column within a table; a copy of said symmetrical key encrypted with a public key; said encrypted symmetrical key copy stored in a table; a user interface for decrypting data read from said data table; said user interface view having a trigger to encrypt data written to said table; a private key generator for generating a private key; a public key generator for generating a public key from said private key; the public key being stored in the key table; a database for storing said public key; a user having a name and a password; a hash of said user name concatenated with said user password, the bash being stored in said database; a second hash of said user password; and an encrypted private key encrypted with said hash of said user password for storage in said database.
-
-
5. An encryption system for encrypting data residing in a database, comprising:
-
a set of objects within said database operable to transparently encrypt data, comprising; a trigger operable to encrypt data as said data is modified or created in a column; a view operable to decrypt said data as said data is selected from said column; a set of functions within said database comprising; means for encrypting a private key associated with a user requiring authorization to decrypt data; means for storing an encrypted private key; means for decrypting said encrypted private key; means for verifying proper decryption of said encrypted private key; means for encrypting and decrypting, using a symmetrical key, said column containing said data; means for securely storing said symmetrical key; means for securely loading said symmetrical key; means for changing said symmetrical key and re-encrypting said data; a private key generator for generating a private key; a public key generator for generating a public key from said private key; a database for storing said public key; a user having a name and a password; a hash of said user name concatenated with said user password; a hash of said user password; and an encrypted private key encrypted with said hash of said user password, for storage in said database.
-
Specification