Method for reencryption of a database
DCFirst Claim
1. A method for re-encrypting one or more data items that are encrypted and stored in a database, where said re-encrypting being an automated background process, said method for re-encrypting comprising the steps of:
- in an initial time period, encrypting and storing the one or more data items in the database, wherein;
(1) the one or more data items are encrypted using an encryption key having a key life,(2) the key life is associated with the one or more stored encrypted data items,(3) a time stamp is stored one of with the encrypted one or more data items or in a another table or data set, and(4) where the time stamp is representative of a time period during which the encryption key used to encrypt the one or more data items was generated or started to be used and representative of the time period the one or more encrypted items were last updated or inserted into the database;
entering a next time period, the next time period being at least subsequent to the time period(s) during which the one or more data items were updated or inserted into the database and having a corresponding time length, and wherein;
generating a new encryption key with an associated key life at the start of the next time period;
scanning the data base and identifying whether any of the one or more encrypted data items were previously encrypted using an encryption key now determined to be expired, wherein key expiration being determined from the key life and time stamp associated with the encrypted one or more data items in the database; and
identifying any of the one or more encrypted data items stored in the database that were determined to be previously encrypted using a now expired encryption key, and wherein;
(a) decrypting each of the identified one or more data items and re-encrypting each of the identified one or more data items using the new encryption key,(b) changing the key life of the re-encrypted one or more encrypted data items to correspond to the key life for the new encryption, and(c) storing another time stamp and an encryption key generation counter with the re-encrypted one or more data items, where the another time stamp is representative of the next time period.
4 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A method for encryption of the content in a database, the method including the steps of detecting that a predetermined time period has elapsed, generating an unexpired encryption key, associating the unexpired encryption key with expiration information, scanning the database for an encrypted item, the encrypted item corresponding to a plaintext item, the encrypted item having been encrypted using an expired encryption key, and encrypting the plaintext item, using the unexpired encryption key, into a reencrypted item.
90 Citations
13 Claims
-
1. A method for re-encrypting one or more data items that are encrypted and stored in a database, where said re-encrypting being an automated background process, said method for re-encrypting comprising the steps of:
-
in an initial time period, encrypting and storing the one or more data items in the database, wherein; (1) the one or more data items are encrypted using an encryption key having a key life, (2) the key life is associated with the one or more stored encrypted data items, (3) a time stamp is stored one of with the encrypted one or more data items or in a another table or data set, and (4) where the time stamp is representative of a time period during which the encryption key used to encrypt the one or more data items was generated or started to be used and representative of the time period the one or more encrypted items were last updated or inserted into the database; entering a next time period, the next time period being at least subsequent to the time period(s) during which the one or more data items were updated or inserted into the database and having a corresponding time length, and wherein; generating a new encryption key with an associated key life at the start of the next time period; scanning the data base and identifying whether any of the one or more encrypted data items were previously encrypted using an encryption key now determined to be expired, wherein key expiration being determined from the key life and time stamp associated with the encrypted one or more data items in the database; and identifying any of the one or more encrypted data items stored in the database that were determined to be previously encrypted using a now expired encryption key, and wherein; (a) decrypting each of the identified one or more data items and re-encrypting each of the identified one or more data items using the new encryption key, (b) changing the key life of the re-encrypted one or more encrypted data items to correspond to the key life for the new encryption, and (c) storing another time stamp and an encryption key generation counter with the re-encrypted one or more data items, where the another time stamp is representative of the next time period. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system comprising
a computer on which is stored a program including instructions that are configured so as to carry out a method for re-encrypting one or more data items that are encrypted and stored in a database, wherein said method includes the steps of: -
in an initial time period, encrypting and storing the one or more data items in the database, wherein; (1) the one or more data items are encrypted using an encryption key having a key life, (2) the key life is associated with the one or more stored encrypted data items, (3) a time stamp is stored one of with the encrypted one or more data items or in a another table or data set, and (4) where the time stamp is representative of a time period during which the encryption key used to encrypt the one or more data items was generated or started to be used and representative of the time period the one or more encrypted items were last updated or inserted into the database; entering a next time period, the next time period being at least subsequent to the time period(s) during which the one or more data items were updated or inserted into the database and having a corresponding time length, and wherein; generating a new encryption key with an associated key life at the start of the next time period; scanning the data base and identifying whether any of the one or more encrypted data items were previously encrypted using an encryption key now determined to be expired, wherein key expiration being determined from the key life and time stamp associated with the encrypted one or more data items in the database; and identifying any of the one or more encrypted data items stored in the database that were determined to be previously encrypted using a now expired encryption key, and wherein; (a) decrypting each of the identified one or more data items and re-encrypting each of the identified one or more data items using the new encryption key, (b) changing the key life of the re-encrypted one or more encrypted data items to correspond to the key life for the new encryption, and (c) storing another time stamp and an encryption key generation counter with the re-encrypted one or more data items, where the another time stamp is representative of the next time period.
-
-
13. A system comprising:
-
a computer for executing a program for re-encrypting one or more data items that are encrypted and stored in a database, where said re-encrypting being an automated background process; and wherein said program is configured to perform the method steps of; in an initial time period, encrypting and storing the one or more data items in the database, wherein; (1) the one or more data items are encrypted using an encryption key having a key life, (2) the key life is associated with the one or more stored encrypted data items, (3) a time stamp is stored one of with the encrypted one or more data items or in a another table or data set, and (4) where the time stamp is representative of a time period during which the encryption key used to encrypt the one or more data items was generated or started to be used and representative of the time period the one or more encrypted items were last updated or inserted into the database; entering a next time period, the next time period being at least subsequent to the time period(s) during which the one or more data items were updated or inserted into the database and having a corresponding time length, and wherein; generating a new encryption key with an associated key life at the start of the next time period; scanning the data base and identifying whether any of the one or more encrypted data items were previously encrypted using an encryption key now determined to be expired, wherein key expiration being determined from the key life and time stamp associated with the encrypted one or more data items in the database; and identifying any of the one or more encrypted data items stored in the database that were determined to be previously encrypted using a now expired encryption key, and wherein; (a) decrypting each of the identified one or more data items and re-encrypting each of the identified one or more data items using the new encryption key, (b) changing the key life of the re-encrypted one or more encrypted data items to correspond to the key life for the new encryption, and (c) storing another time stamp and an encryption key generation counter with the re-encrypted one or more data items, where the another time stamp is representative of the next time period.
-
Specification