Method and apparatus for detecting data tampering within a database

US 8,190,915 B2
Filed: 06/14/2006
Issued: 05/29/2012
Est. Priority Date: 06/14/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

selecting a suspect row in a database table to check for tampering;

determining, by a computer, that the suspect row has not been tampered with, which involves;

generating a suspect row hash for the suspect row; and

comparing the suspect row hash with a stored row hash for the suspect row;

determining a suspect block for the suspect row, wherein the suspect block includes a group of rows in the database table, and wherein the group of rows includes the suspect row;

generating a first block hash for the suspect block by performing a hash function on both the individual row hashes of the group of rows and a signature for a previous block hash, wherein the previous block hash includes a block hash for a group of rows that precedes the suspect block in the database table; and

comparing the first block hash to a corresponding stored block hash for the suspect block; and

in response to determining that the first block hash does not match the stored block hash for the suspect block, determining whether a row other than the suspect row in the suspect block has been tampered with.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment of the present invention provides a system that facilitates detecting data tampering within a table in a database. The system operates by hashing a row in the table to create a row-hash. The system then hashes a block of consecutive row-hashes to create a block-hash. Finally, the system signs the block-hash with an encryption key, so that tampering with data in the row will result in an invalid row-hash and an invalid block-hash.

18 Citations

20 Claims

1. A method comprising:
- selecting a suspect row in a database table to check for tampering;
  
  determining, by a computer, that the suspect row has not been tampered with, which involves;
  
  generating a suspect row hash for the suspect row; and
  
  comparing the suspect row hash with a stored row hash for the suspect row;
  
  determining a suspect block for the suspect row, wherein the suspect block includes a group of rows in the database table, and wherein the group of rows includes the suspect row;
  
  generating a first block hash for the suspect block by performing a hash function on both the individual row hashes of the group of rows and a signature for a previous block hash, wherein the previous block hash includes a block hash for a group of rows that precedes the suspect block in the database table; and
  
  comparing the first block hash to a corresponding stored block hash for the suspect block; and
  
  in response to determining that the first block hash does not match the stored block hash for the suspect block, determining whether a row other than the suspect row in the suspect block has been tampered with.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the stored first block hash is stored in the table.
  - 3. The method of claim 1, wherein at least one of the row hashes is stored in the corresponding row.
  - 4. The method of claim 1, wherein data may only be inserted into the table, and wherein no user, including an administrator, may delete or update data which is inserted into the table.
  - 5. The method of claim 1, wherein generating the first block involves signing the first block hash with a private-key of a Public Key Infrastructure (PKI) key pair.
  - 6. The method of claim 5, wherein the private-key is stored in an External Security Module (ESM).
  - 7. The method of claim 5, wherein the private-key is held by a third-party.
  - 8. The method of claim 1, further comprising:
    - in response to determining that none of the rows in the suspect block has been tampered with, determining whether one or more rows have been deleted from the block that precedes the suspect block in the database table.

9. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method, the method comprising:
- selecting a suspect row in a database table to check for tampering;
  
  determining that the suspect row has not been tampered with, which involves;
  
  generating a suspect row hash for the suspect row; and
  
  comparing the suspect row hash with a stored row hash for the suspect row;
  
  determining a suspect block for the suspect row, wherein the suspect block includes a group of rows in the database table, and wherein the group of rows includes the suspect row;
  
  generating a first block hash for the suspect block by performing a hash function on both the individual row hashes of the group of rows and a signature for a previous block hash, wherein the previous block hash includes a block hash for a group of rows that precedes the suspect block in the database table; and
  
  comparing the first block hash to a corresponding stored block hash for the suspect block; and
  
  in response to determining that the first block hash does not match the stored block hash for the suspect block, determining whether a row other than the suspect row in the suspect block has been tampered with.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-transitory computer-readable storage medium of claim 9, wherein the stored block hash is stored in the table.
  - 11. The non-transitory computer-readable storage medium of claim 9, wherein a row hash for at least one row of the database table is stored in the corresponding row.
  - 12. The non-transitory computer-readable storage medium of claim 9, wherein data may only be inserted into the table, and wherein no user, including an administrator, may delete or update data which is inserted into the table.
  - 13. The non-transitory computer-readable storage medium of claim 9, wherein generating the first block hash involves signing the first block hash with a private-key of a Public Key Infrastructure (PKI) key pair.
  - 14. The non-transitory computer-readable storage medium of claim 13, wherein the private-key is stored in an External Security Module (ESM).
  - 15. The non-transitory computer-readable storage medium of claim 13, wherein the private-key is held by a third-party.
  - 16. The non-transitory computer-readable storage medium of claim 9, the method further comprising:
    - in response to determining that none of the rows in the suspect block has been tampered with, determining whether one or more rows have been deleted from the block that precedes the suspect block in the database table.

17. An apparatus configured to detect data tampering within a database table in a database, comprising:
- a processor;
  
  a data-storage device;
  
  a selection mechanism configured to select a suspect row in a database table to check for tampering;
  
  a validation mechanism configured to determine that the suspect row has not been tampered with, wherein the determining involves;
  
  generating a suspect row hash for the suspect row; and
  
  comparing the suspect row hash with a stored row hash for the suspect row;
  
  a determination mechanism configured to determine a suspect block for the suspect row, wherein the suspect block includes a group of rows in the database table, and wherein the group of rows includes the suspect row; and
  
  a block-hashing mechanism configured to generate a first block hash for the suspect block by performing a hash function on both the individual row hashes of the block of rows and a signature for a previous block hash, wherein the previous block hash includes a block hash for a block of rows that precedes the suspect block in the database table; and
  
  comparing the first block hash to a corresponding stored block hash for the suspect block; and
  
  wherein the validation mechanism is further configured to determine whether a row other than the suspect row in the suspect block has been tampered with in response to determining that the first block hash does not match the stored block hash.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17, wherein the first block-hashing mechanism further stores the stored block hash in the table.
  - 19. The apparatus of claim 17, wherein the row-hashing mechanism further stores a row hash for at least one row of the database table in the corresponding row.
  - 20. The apparatus of claim 17, wherein the validation mechanism is further configured to determine whether one or more rows have been deleted from the block that precedes the suspect block in the database table in response to determining that none of the rows in the suspect block has been tampered with.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Xu, Mingkang, Wong, Daniel ManHung
Primary Examiner(s)
Patel, Nirav B.

Application Number

US11/454,170
Publication Number

US 20070294205A1
Time in Patent Office

2,176 Days
Field of Search

713/193, 713/177, 713/181, 713/176, 713/189, 707/1, 707/4, 707/7, 707/10, 707/102, 707/104.1, 707/101, 707/200, 707/202, 707/687, 707/690, 707/693, 707/697, 707/698, 707/699, 707/747, 726 26- 30, 380277-279, 380/282, 380/285
US Class Current

713/193
CPC Class Codes

G06F 16/2255 Hash tables

G06F 21/64 Protecting data integrity, ...

Method and apparatus for detecting data tampering within a database

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for detecting data tampering within a database

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links