Secure database access through partial encryption
First Claim
1. A method for conducting a secure database transaction, comprising:
- receiving a query from a requesting entity, wherein the query was processed by an encryption algorithm configured to selectively encrypt conditions of the query depending on whether the query conditions contained an identified sensitive field;
issuing the query against a database;
receiving results in response to issuing the query;
determining whether the results include data corresponding to one or more sensitive fields;
if so, encrypting the data corresponding to the one or more sensitive fields; and
sending the query results to the requesting entity; and
prior to issuing the query against the database;
determining if the query comprises any encrypted conditions; and
if so, decrypting the encrypted conditions.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention generally is directed to systems, methods, and articles of manufacture for securing sensitive information involved in database transactions. Embodiments of the present invention selectively encrypt only portions of transactions involving sensitive data, thereby reducing or eliminating the processing overhead resulting from wastefully encrypting non-sensitive data. The sensitive data may be identified by a document. The document may be accessed by a requesting entity to determine which portions of a query should be encrypted prior to sending the query to a database server over a network. The document may also be accessed by a database server to determine which portions of query results should be encrypted prior to sending the query results to the requesting entity over the network.
23 Citations
4 Claims
-
1. A method for conducting a secure database transaction, comprising:
-
receiving a query from a requesting entity, wherein the query was processed by an encryption algorithm configured to selectively encrypt conditions of the query depending on whether the query conditions contained an identified sensitive field; issuing the query against a database; receiving results in response to issuing the query; determining whether the results include data corresponding to one or more sensitive fields; if so, encrypting the data corresponding to the one or more sensitive fields; and
sending the query results to the requesting entity; andprior to issuing the query against the database; determining if the query comprises any encrypted conditions; and if so, decrypting the encrypted conditions. - View Dependent Claims (2, 3, 4)
-
Specification
-
- Resources
-
Current AssigneeWorkday Incorporated
-
Original AssigneeInternational Business Machines Corporation
-
InventorsDettinger, Richard D., Stevens, Richard J., Will, Eric W., Kulack, Frederick A.
-
Primary Examiner(s)Zand; Kambiz
-
Assistant Examiner(s)Lipman; Jacob
-
Application NumberUS10/388,074Publication NumberTime in Patent Office1,993 DaysField of Search713/193US Class Current713/193CPC Class CodesG06F 21/6245 Protecting personal data, e...H04L 63/0428 wherein the data content is...
