Method for reencryption of a database

US 7,490,248 B1
Filed: 11/13/2000
Issued: 02/10/2009
Est. Priority Date: 11/12/1999
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A method for re-encrypting one or more data items that are encrypted and stored in a database, where said re-encrypting being an automated background process, said method for re-encrypting comprising the steps of:

in an initial time period, encrypting and storing the one or more data items in the database, wherein;

(1) the one or more data items are encrypted using an encryption key having a key life,(2) the key life is associated with the one or more stored encrypted data items,(3) a time stamp is stored one of with the encrypted one or more data items or in a another table or data set, and(4) where the time stamp is representative of a time period during which the encryption key used to encrypt the one or more data items was generated or started to be used and representative of the time period the one or more encrypted items were last updated or inserted into the database;

entering a next time period, the next time period being at least subsequent to the time period(s) during which the one or more data items were updated or inserted into the database and having a corresponding time length, and wherein;

generating a new encryption key with an associated key life at the start of the next time period;

scanning the data base and identifying whether any of the one or more encrypted data items were previously encrypted using an encryption key now determined to be expired, wherein key expiration being determined from the key life and time stamp associated with the encrypted one or more data items in the database; and

identifying any of the one or more encrypted data items stored in the database that were determined to be previously encrypted using a now expired encryption key, and wherein;

(a) decrypting each of the identified one or more data items and re-encrypting each of the identified one or more data items using the new encryption key,(b) changing the key life of the re-encrypted one or more encrypted data items to correspond to the key life for the new encryption, and(c) storing another time stamp and an encryption key generation counter with the re-encrypted one or more data items, where the another time stamp is representative of the next time period.

View all claims

4 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A method for encryption of the content in a database, the method including the steps of detecting that a predetermined time period has elapsed, generating an unexpired encryption key, associating the unexpired encryption key with expiration information, scanning the database for an encrypted item, the encrypted item corresponding to a plaintext item, the encrypted item having been encrypted using an expired encryption key, and encrypting the plaintext item, using the unexpired encryption key, into a reencrypted item.

90 Citations

View as Search Results

13 Claims

1. A method for re-encrypting one or more data items that are encrypted and stored in a database, where said re-encrypting being an automated background process, said method for re-encrypting comprising the steps of:
- in an initial time period, encrypting and storing the one or more data items in the database, wherein;
  
  (1) the one or more data items are encrypted using an encryption key having a key life,(2) the key life is associated with the one or more stored encrypted data items,(3) a time stamp is stored one of with the encrypted one or more data items or in a another table or data set, and(4) where the time stamp is representative of a time period during which the encryption key used to encrypt the one or more data items was generated or started to be used and representative of the time period the one or more encrypted items were last updated or inserted into the database;
  
  entering a next time period, the next time period being at least subsequent to the time period(s) during which the one or more data items were updated or inserted into the database and having a corresponding time length, and wherein;
  
  generating a new encryption key with an associated key life at the start of the next time period;
  
  scanning the data base and identifying whether any of the one or more encrypted data items were previously encrypted using an encryption key now determined to be expired, wherein key expiration being determined from the key life and time stamp associated with the encrypted one or more data items in the database; and
  
  identifying any of the one or more encrypted data items stored in the database that were determined to be previously encrypted using a now expired encryption key, and wherein;
  
  (a) decrypting each of the identified one or more data items and re-encrypting each of the identified one or more data items using the new encryption key,(b) changing the key life of the re-encrypted one or more encrypted data items to correspond to the key life for the new encryption, and(c) storing another time stamp and an encryption key generation counter with the re-encrypted one or more data items, where the another time stamp is representative of the next time period.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising:
    - storing expired encryption key information in an historic key table;
      
      storing unexpired encryption key information in an active key table; and
      
      determining if any of the one or more encrypted data items stored in the database were previously encrypted using a now expired encryption key, said method further includes;
      
      deleting the expired key information from the active key table; and
      
      storing the expired key information in the historic key table.
  - 3. A method according to claim 1, wherein said scanning step is performed automatically one of after insertion of a new row into the database, updating of an existing row in the database or retrieval of content from the existing row in the database.
  - 4. A method according to claim 1, wherein the key life is between 30 and 90 days in the future.
  - 5. The method of claim 1, further comprising the steps of:
    - storing unexpired encryption key information in a key table; and
      
      wherein in the case where it is determined that any of the one or more encrypted data items stored in the database were previously encrypted using a now expired encryption key said method further includes marking the expired encryption key information in the key table as a historic key.
  - 6. A method according to claim 1, wherein said storing that is performed after said scanning step further includes storing a hash value of the new encryption key in the database along with the one or more stored encrypted data items.
  - 7. The method of claim 1, wherein said previously encrypting and storing further includes:
    - storing with the one or more encrypted data items an encryption key generation counter, the encryption key generation counter representing the number of time periods since the encryption key used to encrypt the one or more data items was generated; and
      
      wherein said scanning step further includes, using the encryption key generation counter, along with the key life, to determine whether the encryption key of any of the one or more encrypted stored data items is now expired.
  - 8. The method of claim 1, wherein said scanning the data base is automatically started a period of time after entering the next time period.
  - 9. The method of claim 1, wherein there are a plurality of data items and wherein a plurality of encryption keys are in use at any given time for encrypting the plurality of data items.
  - 10. A method according to claim 6, wherein said previously encrypting and storing includes storing a hash value representative of the encryption key used to previously encrypt the one or more data items stored in the database along with the one or more stored encrypted data items and wherein said scanning step further includes using the previously stored hash value to determine whether the encryption key of any of the one or more encrypted stored data items is now expired.
  - 11. A method according to claim 7, further comprising incrementing the encryption key generation counter for each time period entered subsequent to the time period in which the one or more data items were previously encrypted and stored in the database.

12. A system comprisinga computer on which is stored a program including instructions that are configured so as to carry out a method for re-encrypting one or more data items that are encrypted and stored in a database, wherein said method includes the steps of:
- in an initial time period, encrypting and storing the one or more data items in the database, wherein;
  
  (1) the one or more data items are encrypted using an encryption key having a key life,(2) the key life is associated with the one or more stored encrypted data items,(3) a time stamp is stored one of with the encrypted one or more data items or in a another table or data set, and(4) where the time stamp is representative of a time period during which the encryption key used to encrypt the one or more data items was generated or started to be used and representative of the time period the one or more encrypted items were last updated or inserted into the database;
  
  entering a next time period, the next time period being at least subsequent to the time period(s) during which the one or more data items were updated or inserted into the database and having a corresponding time length, and wherein;
  
  generating a new encryption key with an associated key life at the start of the next time period;
  
  scanning the data base and identifying whether any of the one or more encrypted data items were previously encrypted using an encryption key now determined to be expired, wherein key expiration being determined from the key life and time stamp associated with the encrypted one or more data items in the database; and
  
  identifying any of the one or more encrypted data items stored in the database that were determined to be previously encrypted using a now expired encryption key, and wherein;
  
  (a) decrypting each of the identified one or more data items and re-encrypting each of the identified one or more data items using the new encryption key,(b) changing the key life of the re-encrypted one or more encrypted data items to correspond to the key life for the new encryption, and(c) storing another time stamp and an encryption key generation counter with the re-encrypted one or more data items, where the another time stamp is representative of the next time period.

13. A system comprising:
- a computer for executing a program for re-encrypting one or more data items that are encrypted and stored in a database, where said re-encrypting being an automated background process; and
  
  wherein said program is configured to perform the method steps of;
  
  in an initial time period, encrypting and storing the one or more data items in the database, wherein;
  
  (1) the one or more data items are encrypted using an encryption key having a key life,(2) the key life is associated with the one or more stored encrypted data items,(3) a time stamp is stored one of with the encrypted one or more data items or in a another table or data set, and(4) where the time stamp is representative of a time period during which the encryption key used to encrypt the one or more data items was generated or started to be used and representative of the time period the one or more encrypted items were last updated or inserted into the database;
  
  entering a next time period, the next time period being at least subsequent to the time period(s) during which the one or more data items were updated or inserted into the database and having a corresponding time length, and wherein;
  
  generating a new encryption key with an associated key life at the start of the next time period;
  
  scanning the data base and identifying whether any of the one or more encrypted data items were previously encrypted using an encryption key now determined to be expired, wherein key expiration being determined from the key life and time stamp associated with the encrypted one or more data items in the database; and
  
  identifying any of the one or more encrypted data items stored in the database that were determined to be previously encrypted using a now expired encryption key, and wherein;
  
  (a) decrypting each of the identified one or more data items and re-encrypting each of the identified one or more data items using the new encryption key,(b) changing the key life of the re-encrypted one or more encrypted data items to correspond to the key life for the new encryption, and(c) storing another time stamp and an encryption key generation counter with the re-encrypted one or more data items, where the another time stamp is representative of the next time period.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Valfridsson, Thomas, Mattsson, Ulf
Primary Examiner(s)
Moazzami; Nasser G
Assistant Examiner(s)
ABEDIN, SHANTO

Application Number

US10/129,013
Time in Patent Office

3,011 Days
Field of Search

713/193, 713/178, 713/194, 713/164, 713/165, 380/44, 380/259, 380/277, 707/200, 707/1, 726/26, 726/27
US Class Current

713/193
CPC Class Codes

G06F 21/6227   where protection concerns t...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2107   File encryption

Method for reencryption of a database

First Claim

4 Assignments

Litigations

0 Petitions

Accused Products

Abstract

90 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Method for reencryption of a database

First Claim

4 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

90 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links