Method and apparatus for management of encrypted data through role separation
First Claim
1. A method for managing a database system, wherein the database system includes one or more sensitive users having access to sensitive data, one or more normal users having access to non-sensitive data, one or more normal database administrators allowed to perform administrative functions over the normal user and non-sensitive data, and one or more security officers allowed to perform administrative functions over the sensitive user and sensitive data, the method comprising:
- receiving a command to perform an administrative function on a user account within the database system;
determining if the user account belongs to a sensitive user who is empowered to access sensitive data in the database system;
if the user account does not belong to a sensitive user, and if the command is received from a normal database administrator for the database system, allowing the administrative function to proceed;
if the user account belongs to a sensitive user, and if the command is received from a normal database administrator, preventing the normal database administrator from performing the administrative function on the user account; and
if the user account belongs to a sensitive user, and if the command is received from a security officer within the group of one or more security officers, performing the administrative function on the user account, wherein the one or more security officers are the only database administrators empowered to perform administrative functions on the user account.
2 Assignments
0 Petitions
Accused Products
Abstract
A system is provided for managing a database that stores sensitive information. Upon receiving a command to perform a function involving a database object, the system determines if the object is a sensitive object. If the object is not a sensitive object, the system allows the function to proceed. If the object is a sensitive object and the command is received from a normal system administrator, the system disallows the function. Upon receiving a request to perform an operation on sensitive data in the database system received from a user with access rights to the data item and empowered to access sensitive data, the system allows the operation to proceed. If the request is received from a normal user for a sensitive data item, the system disallows the operation. If the operation involves retrieval of a sensitive data item, the system decrypts the data item using an encryption key.
-
Citations
18 Claims
-
1. A method for managing a database system, wherein the database system includes one or more sensitive users having access to sensitive data, one or more normal users having access to non-sensitive data, one or more normal database administrators allowed to perform administrative functions over the normal user and non-sensitive data, and one or more security officers allowed to perform administrative functions over the sensitive user and sensitive data, the method comprising:
-
receiving a command to perform an administrative function on a user account within the database system; determining if the user account belongs to a sensitive user who is empowered to access sensitive data in the database system; if the user account does not belong to a sensitive user, and if the command is received from a normal database administrator for the database system, allowing the administrative function to proceed; if the user account belongs to a sensitive user, and if the command is received from a normal database administrator, preventing the normal database administrator from performing the administrative function on the user account; and if the user account belongs to a sensitive user, and if the command is received from a security officer within the group of one or more security officers, performing the administrative function on the user account, wherein the one or more security officers are the only database administrators empowered to perform administrative functions on the user account. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for managing a database system, wherein the database system includes one or more sensitive users having access to sensitive data, one or more normal users having access to non-sensitive data, one or more normal database administrators allowed to perform administrative functions over the normal user and non-sensitive data, and one or more security officers allowed to perform administrative functions over the sensitive user and sensitive data, the method comprising:
-
receiving a command to perform an administrative function on a user account within the database system; determining if the user account belongs to a sensitive user who is empowered to access sensitive data in the database system; if the user account does not belong to a sensitive user, and if the command is received from a normal database administrator for the database system, allowing the administrative function to proceed; if the user account belongs to a sensitive user, and if the command is received from a normal database administrator, preventing the normal database administrator from performing the administrative function on the user account; and if the user account belongs to a sensitive user, and if the command is received from a security officer within the group of one or more security officers, performing the administrative function on the user account, wherein the one or more security officers are the only database administrators empowered to perform administrative functions on the user account. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus that manages a database system, wherein the database system includes one or more sensitive users having access to sensitive data, one or more normal users having access to non-sensitive data, one or more normal database administrators allowed to perform administrative functions over the normal user and non-sensitive data, and one or more security officers allowed to perform administrative functions over the sensitive user and sensitive data, comprising:
-
a command-receiving mechanism configured to receive a command to perform an administrative function on a user account within the database system; an execution mechanism configured to, determine if the user account belongs to a sensitive user who is empowered to access sensitive data in the database system; allow the administrative function to proceed, if the user account does not belong to a sensitive user, and if the command is received from a normal database administrator for the database system; prevent a normal database administrator from performing the administrative function on the user account, if the user account belongs to a sensitive user, and if the command is received from the normal database administrator; and
toallow the administrative function to proceed, if the user account belongs to a sensitive user, and if the command is received from a security officer within the group of one or more security officers, wherein the one or more security officers are the only database administrators empowered to perform administrative functions involving sensitive users. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification