Method and apparatus for detecting data tampering within a database
First Claim
Patent Images
1. A method comprising:
- selecting a suspect row in a database table to check for tampering;
determining, by a computer, that the suspect row has not been tampered with, which involves;
generating a suspect row hash for the suspect row; and
comparing the suspect row hash with a stored row hash for the suspect row;
determining a suspect block for the suspect row, wherein the suspect block includes a group of rows in the database table, and wherein the group of rows includes the suspect row;
generating a first block hash for the suspect block by performing a hash function on both the individual row hashes of the group of rows and a signature for a previous block hash, wherein the previous block hash includes a block hash for a group of rows that precedes the suspect block in the database table; and
comparing the first block hash to a corresponding stored block hash for the suspect block; and
in response to determining that the first block hash does not match the stored block hash for the suspect block, determining whether a row other than the suspect row in the suspect block has been tampered with.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that facilitates detecting data tampering within a table in a database. The system operates by hashing a row in the table to create a row-hash. The system then hashes a block of consecutive row-hashes to create a block-hash. Finally, the system signs the block-hash with an encryption key, so that tampering with data in the row will result in an invalid row-hash and an invalid block-hash.
18 Citations
20 Claims
-
1. A method comprising:
-
selecting a suspect row in a database table to check for tampering; determining, by a computer, that the suspect row has not been tampered with, which involves; generating a suspect row hash for the suspect row; and comparing the suspect row hash with a stored row hash for the suspect row; determining a suspect block for the suspect row, wherein the suspect block includes a group of rows in the database table, and wherein the group of rows includes the suspect row; generating a first block hash for the suspect block by performing a hash function on both the individual row hashes of the group of rows and a signature for a previous block hash, wherein the previous block hash includes a block hash for a group of rows that precedes the suspect block in the database table; and comparing the first block hash to a corresponding stored block hash for the suspect block; and in response to determining that the first block hash does not match the stored block hash for the suspect block, determining whether a row other than the suspect row in the suspect block has been tampered with. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method, the method comprising:
-
selecting a suspect row in a database table to check for tampering; determining that the suspect row has not been tampered with, which involves; generating a suspect row hash for the suspect row; and comparing the suspect row hash with a stored row hash for the suspect row; determining a suspect block for the suspect row, wherein the suspect block includes a group of rows in the database table, and wherein the group of rows includes the suspect row; generating a first block hash for the suspect block by performing a hash function on both the individual row hashes of the group of rows and a signature for a previous block hash, wherein the previous block hash includes a block hash for a group of rows that precedes the suspect block in the database table; and comparing the first block hash to a corresponding stored block hash for the suspect block; and in response to determining that the first block hash does not match the stored block hash for the suspect block, determining whether a row other than the suspect row in the suspect block has been tampered with. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus configured to detect data tampering within a database table in a database, comprising:
-
a processor; a data-storage device; a selection mechanism configured to select a suspect row in a database table to check for tampering; a validation mechanism configured to determine that the suspect row has not been tampered with, wherein the determining involves; generating a suspect row hash for the suspect row; and comparing the suspect row hash with a stored row hash for the suspect row; a determination mechanism configured to determine a suspect block for the suspect row, wherein the suspect block includes a group of rows in the database table, and wherein the group of rows includes the suspect row; and a block-hashing mechanism configured to generate a first block hash for the suspect block by performing a hash function on both the individual row hashes of the block of rows and a signature for a previous block hash, wherein the previous block hash includes a block hash for a block of rows that precedes the suspect block in the database table; and comparing the first block hash to a corresponding stored block hash for the suspect block; and wherein the validation mechanism is further configured to determine whether a row other than the suspect row in the suspect block has been tampered with in response to determining that the first block hash does not match the stored block hash. - View Dependent Claims (18, 19, 20)
-
Specification