Secured database system with built-in antivirus protection
First Claim
1. A method for securing a database system, the method comprising:
- under control of a system administrator provisioning storage from a storage device, for storing database information;
generating an asymmetric key pair comprising an encryption key and a decryption key, said encryption key being made available only to a security officer, and said decryption key being made available only to a database administrator and the database system;
under control of the security officer utilizing said encryption key so that said database information is stored on the storage device in an encrypted manner;
under control of the database administrator utilizing said decryption key for decrypting the database information stored on the storage device, wherein access to said decryption key is controlled by the database system based on user privileges;
receiving a request from a user for access to the database information;
determining whether the user has been granted privileges allowing to access to the database information;
if the user has been granted privileges allowing access to the database information, automatically decrypting the database information to provide the access; and
otherwise denying the request if the user has not been granted privileges allowing access to the database information;
wherein no single user has access to both the encryption and decryption keys, and wherein no single user has access to the decryption key and the storage provisioned for storing the database information.
1 Assignment
0 Petitions
Accused Products
Abstract
A secured database system with built-in antivirus protection is described. In one embodiment, for example, a method of the present invention is described for securing a database system, the method comprises steps of: provisioning storage from a storage device, for storing database information; generating an encryption key so that the database information is stored on the storage device in an encrypted manner; generating a decryption key for decrypting the database information stored on the storage device, wherein access to the decryption key is controlled by the database system based on user privileges; receiving a request from a user for access to the database information; determining whether the user has been granted sufficient privileges to access the database information; if the user has been granted sufficient privileges, automatically decrypting the database information to provide the access; and otherwise denying the request if the user has not been granted sufficient privileges.
120 Citations
25 Claims
-
1. A method for securing a database system, the method comprising:
-
under control of a system administrator provisioning storage from a storage device, for storing database information; generating an asymmetric key pair comprising an encryption key and a decryption key, said encryption key being made available only to a security officer, and said decryption key being made available only to a database administrator and the database system; under control of the security officer utilizing said encryption key so that said database information is stored on the storage device in an encrypted manner; under control of the database administrator utilizing said decryption key for decrypting the database information stored on the storage device, wherein access to said decryption key is controlled by the database system based on user privileges; receiving a request from a user for access to the database information; determining whether the user has been granted privileges allowing to access to the database information; if the user has been granted privileges allowing access to the database information, automatically decrypting the database information to provide the access; and
otherwise denying the request if the user has not been granted privileges allowing access to the database information;wherein no single user has access to both the encryption and decryption keys, and wherein no single user has access to the decryption key and the storage provisioned for storing the database information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for securing a database system, the method comprising:
-
in response to input from a system administrator, provisioning storage from a storage device for storing database information; in response to input from a security officer, generating an encryption key from an asymmetric key pair so that said database information is stored on the storage device in an encrypted manner, wherein access to said encryption key is controlled by the security officer; in response to input from a database administrator, generating a decryption key from said asymmetric key pair for decrypting the database information stored on the storage device, wherein access to said decryption key is controlled by the database system based on user authorization; and providing access to the database information by decrypting the database information only for authorized users; wherein no single user has access to both the encryption and decryption keys, and wherein no single user has access to the decryption key and the storage provisioned for storing the database information. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A secured database system comprising:
-
a relational database management system (RDBMS); a storage device under control of a system administrator for provisioning storage of database information; an encryption key created from an asymmetric key pair and available only to a security officer for encrypting said database information that is stored on the storage device; a decryption key, created from said asymmetric key pair and automatically maintained by the database system, for decrypting the database information stored on the storage device, wherein access to said decryption key is not available to the system administrator or the security officer and is controlled by the database system based on user authorization; and a module for providing access to the database information by automatically decrypting the database information only for authorized users; wherein no single user has access to both the encryption and decryption keys, and wherein no single user has access to the decryption key and the storage provisioned for storing the database information. - View Dependent Claims (22, 23, 24, 25)
-
Specification