Database system providing encrypted column support for applications
First Claim
1. In a database system, a method for providing automated encryption support for column data which handles requests for encrypted column data from users without decrypt permission, the method comprising:
- defining Structured Query Language (SQL) extensions for creating and managing column encryption keys, and for creating and managing database tables with encrypted column data;
receiving an SQL statement that uses said SQL extensions to specify creation of a particular column encryption key for encrypting column data;
receiving at least one SQL statement that uses said SQL extensions to specify creation of a database table having particular column data encrypted with said particular column encryption key and having a default value to be provided in response to requests for said particular column data from a user without decryption permission;
upon parsing said SQL statements, creating a database table having particular column data encrypted with said particular encryption key, and storing a decrypt default attribute that associates said default value with said particular column data;
in response to a subsequent database operation requesting the particular column data that has been encrypted from a user with decrypt permission on said particular column data, automatically decrypting the particular column data for use by the database operation; and
in response to a subsequent database operation requesting the particular column data that has been encrypted from a user without decrypt permission, returning the default value specified for the particular column data by the decrypt default attribute.
1 Assignment
0 Petitions
Accused Products
Abstract
A database system providing encrypted column data support with decrypt default functionality. In a database system, a method providing automated encryption support for column data comprises steps of: defining Structured Query Language (SQL) extensions for creating and managing column encryption keys and database tables with encrypted column data; receiving an SQL statement specifying creation of a column encryption key; receiving an SQL statement specifying creation of a database table having particular column data encrypted with the column encryption key; receiving an SQL statement specifying a default value to be provided in response to requests for the column data without decrypt permission; in response to a subsequent database operation requesting encrypted column data from a user with decrypt permission, automatically decrypting the column data; and in response to a subsequent database operation requesting the encrypted column data from a user without decrypt permission, returning the default value.
106 Citations
43 Claims
-
1. In a database system, a method for providing automated encryption support for column data which handles requests for encrypted column data from users without decrypt permission, the method comprising:
-
defining Structured Query Language (SQL) extensions for creating and managing column encryption keys, and for creating and managing database tables with encrypted column data; receiving an SQL statement that uses said SQL extensions to specify creation of a particular column encryption key for encrypting column data; receiving at least one SQL statement that uses said SQL extensions to specify creation of a database table having particular column data encrypted with said particular column encryption key and having a default value to be provided in response to requests for said particular column data from a user without decryption permission; upon parsing said SQL statements, creating a database table having particular column data encrypted with said particular encryption key, and storing a decrypt default attribute that associates said default value with said particular column data; in response to a subsequent database operation requesting the particular column data that has been encrypted from a user with decrypt permission on said particular column data, automatically decrypting the particular column data for use by the database operation; and in response to a subsequent database operation requesting the particular column data that has been encrypted from a user without decrypt permission, returning the default value specified for the particular column data by the decrypt default attribute. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A database system providing automated encryption support for column data, the system comprising:
-
a parser that supports Structured Query Language (SQL) extensions for creating and managing column encryption keys, and for creating and managing database tables with encrypted column data; and an execution unit, operating in response to SQL statements parsed by the parser, for creating in response to SQL extensions present in the SQL statements a particular column encryption key, for creating in response to SQL extensions present in the SQL statements a database table having particular column data encrypted with said particular column encryption key and having a default value to be provided in response to requests for said particular column data from a user without decryption permission, for storing a decrypt default attribute that associates said default value with said particular column data, and for automatically decrypting the particular column data for use by a subsequent database operation that requests the particular column data that has been encrypted from a user with decrypt permission on said particular column data, and which provides the default value specified for the particular column data by the decrypt default attribute in response to a subsequent database operation requesting the particular column data from a user without decrypt permission. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
Specification