Database system providing SQL extensions for automated encryption and decryption of column data
First Claim
1. In a database system, a method for providing automated encryption support for column data, the method comprising:
- defining Structured Query Language (SQL) extensions for creating and managing column encryption keys, and for creating and managing database tables with encrypted column data;
receiving a first SQL statement that uses said SQL extensions to specify creation of a named encryption key for encrypting column data, said named encryption key being identified in said first SQL statement by a user-assigned syntactically unique name;
parsing the first SQL statement, including creating said named encryption key with the user-assigned syntactically unique name, which can be parsed from within other SQL statements employing said SQL extensions;
receiving a second SQL statement that uses said SQL extensions to specify creation of a database table having particular column data encrypted with said named encryption key, said named encryption key being identified in said second SQL statement by said user-assigned syntactically unique name;
parsing the second SQL statement, including identifying said named encryption key upon parsing a portion of the statement that comprises the syntactically unique name for the key;
in response to parsing the second SQL statement, creating a database table having particular column data encrypted with said named encryption key identified upon parsing the second SQL statement; and
in response to a subsequent database operation that requires particular column data that has been encrypted with said named encryption key, automatically decrypting the particular column data with said named encryption key, so that the particular column data is available in decrypted form for use by the database operation.
1 Assignment
0 Petitions
Accused Products
Abstract
A database system providing SQL extensions for automated encryption and decryption of column data is described. In one embodiment, for example, in a database system, a method is described for providing automated encryption support for column data, the method comprises steps of: defining Structured Query Language (SQL) extensions for creating and managing column encryption keys, and for creating and managing database tables with encrypted column data; receiving an SQL statement specifying creation of a particular column encryption key; receiving an SQL statement specifying creation of a database table having particular column data encrypted with the particular column encryption key; and in response to a subsequent database operation that requires the particular column data that has been encrypted, automatically decrypting the particular column data for use by the database operation.
-
Citations
99 Claims
-
1. In a database system, a method for providing automated encryption support for column data, the method comprising:
-
defining Structured Query Language (SQL) extensions for creating and managing column encryption keys, and for creating and managing database tables with encrypted column data; receiving a first SQL statement that uses said SQL extensions to specify creation of a named encryption key for encrypting column data, said named encryption key being identified in said first SQL statement by a user-assigned syntactically unique name; parsing the first SQL statement, including creating said named encryption key with the user-assigned syntactically unique name, which can be parsed from within other SQL statements employing said SQL extensions; receiving a second SQL statement that uses said SQL extensions to specify creation of a database table having particular column data encrypted with said named encryption key, said named encryption key being identified in said second SQL statement by said user-assigned syntactically unique name; parsing the second SQL statement, including identifying said named encryption key upon parsing a portion of the statement that comprises the syntactically unique name for the key; in response to parsing the second SQL statement, creating a database table having particular column data encrypted with said named encryption key identified upon parsing the second SQL statement; and in response to a subsequent database operation that requires particular column data that has been encrypted with said named encryption key, automatically decrypting the particular column data with said named encryption key, so that the particular column data is available in decrypted form for use by the database operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A database system providing automated encryption support for column data, the system comprising:
-
a processor; a memory coupled to the processor; a parser that supports Structured Query Language (SQL) extensions for use in SQL statements to create and manage named encryption keys for encrypting column data, and for creating and managing database tables with column data encrypted with said named encryption keys; and an execution unit, operating in response to SQL statements parsed by the parser, that; creates in response to parsing a first SQL statement employing said SQL extensions a particular named encryption key having a user-assigned syntactically unique name that can be parsed from within other SQL statements employing said SQL extensions, said particular named encryption key being identified in said first SQL statement by said user-assigned syntactically unique name, creates in response to parsing a second SQL statement employing said SQL extensions one or more database tables having particular column data encrypted with said particular named encryption key, said particular named encryption key being identified in said second SQL statement by said user-assigned syntactically unique name , and automatically decrypts the particular column data for use by a subsequent database operation that requires the particular column data that has been encrypted. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70)
-
-
71. In a database system, a method for encrypting column data, the method comprising:
-
defining query language extensions for use in SQL statements to create and manage named column encryption keys, and for creating and managing database tables with encrypted column data, each named encryption key being identified in SQL statements by a user-assigned syntactically unique name; in response to a first query language statement employing said extensions, creating a named encryption key for encrypting a particular column of a database table, said named encryption key being created with a user-assigned syntactically unique name so that it can be referenced within other query language statements employing said extensions, said named encryption key being identified in said first query language statement by said user-assigned syntactically unique name; in response to a second query language statement employing said extensions, encrypting the particular column using said named encryption key, said named encryption key being identified in said second query language statement by said user-assigned syntactically unique name; and during a subsequent database operation requiring column data inserted to or selected from the particular column, automatically encrypting or decrypting the column data as necessary for carrying out the database operation. - View Dependent Claims (72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99)
-
Specification