Automated data source assurance in distributed databases

US 8,458,208 B2
Filed: 10/09/2008
Issued: 06/04/2013
Est. Priority Date: 10/09/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

receiving a database query comprising a logical database table identifier, a data element, and at least one data source assurance indicator at a distributed database device within a distributed network of databases, where the at least one data source assurance indicator comprises a request to encrypt the data element received in the received query for authentication of distributed database devices that process the database query;

encrypting the data element received in the received query based upon the at least one data source assurance indicator;

forming a data portion of a local query response to the database query comprising data retrieved from a local physical database table mapped by a local logical database table that matches the received logical database table identifier;

adding a distributed database device node identifier and the encrypted data element as an authentication portion of the local query response to authenticate the data portion of the local query response; and

responding to the database query with at least the authenticated local query response.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A database query is received including a logical table identifier, a data element, and at least one data source assurance indicator at a distributed database node within a distributed network of databases. The data element is encrypted based upon the at least one data source assurance indicator. A data portion of a local query response to the database query is formed including data retrieved from a local physical database table mapped by a local logical table that matches the received logical table identifier. A node identifier and the encrypted data element are added as an authentication portion of the local query response to authenticate the data portion of the local query response. The database query is responded to with at least the authenticated local query response. This abstract is not to be considered limiting, since other embodiments may deviate from the features described in this abstract.

Citations

21 Claims

1. A method, comprising:
- receiving a database query comprising a logical database table identifier, a data element, and at least one data source assurance indicator at a distributed database device within a distributed network of databases, where the at least one data source assurance indicator comprises a request to encrypt the data element received in the received query for authentication of distributed database devices that process the database query;
  
  encrypting the data element received in the received query based upon the at least one data source assurance indicator;
  
  forming a data portion of a local query response to the database query comprising data retrieved from a local physical database table mapped by a local logical database table that matches the received logical database table identifier;
  
  adding a distributed database device node identifier and the encrypted data element as an authentication portion of the local query response to authenticate the data portion of the local query response; and
  
  responding to the database query with at least the authenticated local query response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, where encrypting the data element received in the received query based upon the at least one data source assurance indicator comprises encrypting the data element received in the received query using a private encryption key paired with a public encryption key stored at a distributed database device that originated the database query.
  - 3. The method of claim 1, where the at least one data source assurance indicator comprises an instruction to encrypt a selected data column of the data portion of the authenticated local query response.
  - 4. The method of claim 1, further comprising determining to encrypt a selected data column of the data portion of the authenticated local query response and encrypting the selected data column.
  - 5. The method of claim 4, further comprising adding a column identifier to the authenticated local query response identifying the selected encrypted data column.
  - 6. The method of claim 1, where adding the distributed database device node identifier and the encrypted data element as the authentication portion of the local query response to authenticate the data portion of the local query response comprises associating the distributed database device node identifier and the encrypted data element with a hidden result column of the authenticated local query response.
  - 7. The method of claim 1, further comprising:
    - forwarding the database query comprising the logical database table identifier, the data element, and the at least one data source assurance indicator to at least one additional distributed database device within the distributed network of databases;
      
      receiving at least one distributed query response comprising a distributed database device node identifier and an additional encrypted data element associated with data returned from each distributed database device that processed the database query; and
      
      determining authenticity of each distributed database device that processed the database query based upon the additional encrypted data element and the distributed database device node identifier associated with each distributed database device that processed the database query.
  - 8. The method of claim 7, where determining the authenticity of each distributed database device that processed the database query comprises selecting a public encryption key using the associated distributed database device node identifier for each distributed database device that processed the database query and decrypting the associated additional encrypted data element using the selected public encryption key for each distributed database device that processed the database query.
  - 9. The method of claim 8, where determining the authenticity of each distributed database device that processed the database query comprises determining whether the decrypted additional data element associated with each distributed database device that processed the database query matches the data element forwarded with the database query to each distributed database device that processed the database query.
  - 10. The method of claim 7, further comprising:
    - processing the data returned from each distributed database device in association with the at least one distributed query response based upon the determined authenticity of each distributed database device that processed the database query; and
      
      invalidating the data returned from at least one of the distributed database devices that processed the database query based upon a determination that the at least one of the distributed database devices is not authenticated; and
      
      where responding to the database query with at least the authenticated local query response comprises;
      
      combining the received distributed query response associated with each distributed database device that is determined to be authenticated with the authenticated local query response; and
      
      responding to the database query with the combined response.

11. A system, comprising:
- a memory adapted to store query authentication information and database device node identifiers; and
  
  a processor programmed to;
  
  receive a database query comprising a logical database table identifier, a data element, and at least one data source assurance indicator at a distributed database device within a distributed network of databases, where the at least one data source assurance indicator comprises a request to encrypt the data element received in the received query for authentication of distributed database devices that process the database query;
  
  encrypt the data element received in the received query based upon the at least one data source assurance indicator;
  
  form a data portion of a local query response to the database query comprising data retrieved from a local physical database table mapped by a local logical database table that matches the received logical database table identifier;
  
  add a distributed database device node identifier and the encrypted data element as an authentication portion of the local query response to authenticate the data portion of the local query response;
  
  store the authenticated local query response to the memory; and
  
  respond to the database query with at least the authenticated local query response.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, where, in being programmed to encrypt the data element received in the received query based upon the at least one data source assurance indicator, the processor is programmed to encrypt the data element received in the received query using a private encryption key paired with a public encryption key stored at a distributed database device that originated the database query.
  - 13. The system of claim 11, where the at least one data source assurance indicator comprises an instruction to encrypt a selected data column of the data portion of the authenticated local query response.
  - 14. The system of claim 11, where the processor is further programmed to determine to encrypt a selected data column of the data portion of the authenticated local query response and encrypt the selected data column.
  - 15. The system of claim 14, where the processor is further programmed to add a column identifier to the authenticated local query response identifying the selected encrypted data column.
  - 16. The system of claim 11, where, in being programmed to add the distributed database device node identifier and the encrypted data element as the authentication portion of the local query response to authenticate the data portion of the local query response, the processor is programmed to associate the distributed database device node identifier and the encrypted data element with a hidden result column of the authenticated local query response.
  - 17. The system of claim 11, where the processor is further programmed to:
    - forward the database query comprising the logical database table identifier, the data element, and the at least one data source assurance indicator to at least one additional distributed database device within the distributed network of databases;
      
      receive at least one distributed query response comprising a distributed database device node identifier and an additional encrypted data element associated with data returned from each distributed database device that processed the database query; and
      
      determine authenticity of each distributed database device that processed the database query based upon the additional encrypted data element and the distributed database device node identifier associated with each distributed database device that processed the database query.
  - 18. The system of claim 17, where, in being programmed to determine the authenticity of each distributed database device that processed the database query, the processor is programmed to:
    - select a public encryption key using the associated distributed database device node identifier for each distributed database device that processed the database query and decrypt the associated additional encrypted data element using the selected public encryption key for each distributed database device that processed the database query; and
      
      determine whether the decrypted additional data element associated with each distributed database device that processed the database query matches the data element forwarded with the database query to each distributed database device that processed the database query.
  - 19. The system of claim 17, where the processor is further programmed to:
    - process the data returned from each distributed database device in association with the at least one distributed query response based upon the determined authenticity of each distributed database device that processed the database query;
      
      invalidate the data returned from at least one of the distributed database devices that processed the database query based upon a determination that the at least one of the distributed database devices is not authenticated; and
      
      where, in being programmed to respond to the database query with at least the authenticated local query response, the processor is programmed to;
      
      combine the received distributed query response associated with each distributed database device that is determined to be authenticated with the authenticated local query response;
      
      store the combined response to the memory; and
      
      respond to the database query with the combined response.

20. A system, comprising:
- a memory adapted to store query authentication information and distributed database device node identifiers; and
  
  a processor programmed to;
  
  receive a database query comprising a logical database table identifier, a data element, and at least one data source assurance indicator at a distributed database device within a distributed network of databases, where the at least one data source assurance indicator comprises a request to encrypt the data element received in the received query for authentication of distributed database devices that process the database query;
  
  encrypt the data element received in the received query based upon the at least one data source assurance indicator using a private encryption key paired with a public encryption key stored at a distributed database device that originated the database query;
  
  form a data portion of a local query response to the database query comprising data retrieved from a local physical database table mapped by a local logical database table that matches the received logical database table identifier;
  
  add a distributed database device node identifier and the encrypted data element as an authentication portion of the local query response to authenticate the data portion of the local query response;
  
  associate the distributed database device node identifier and the encrypted data element with a hidden result column of the authenticated local query response;
  
  store the authenticated local query response to the memory;
  
  determine to encrypt a selected data column of the data portion of the authenticated local query response;
  
  encrypt the selected data column;
  
  add a column identifier to the authenticated local query response identifying the selected encrypted data column; and
  
  respond to the database query with at least the authenticated local query response.

21. An apparatus, comprising:
- means for receiving a database query comprising a logical database table identifier, a data element, and at least one data source assurance indicator at a distributed database device within a distributed network of databases, where the at least one data source assurance indicator comprises a request to encrypt the data element received in the received query for authentication of distributed database devices that process the database query;
  
  means for encrypting the data element received in the received query based upon the at least one data source assurance indicator;
  
  means for forming a data portion of a local query response to the database query comprising data retrieved from a local physical database table mapped by a local logical database table that matches the received logical database table identifier;
  
  means for adding a distributed database device node identifier and the encrypted data element as an authentication portion of the local query response to authenticate the data portion of the local query response; and
  
  means for responding to the database query with at least the authenticated local query response.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Vyvyan, David R.
Primary Examiner(s)
BOCCIO, VINCENT F

Application Number

US12/248,109
Publication Number

US 20100094902A1
Time in Patent Office

1,699 Days
Field of Search

707/769, 707/781, 707/783
US Class Current

707/769
CPC Class Codes

G06F 16/27 Replication, distribution o...

G06F 21/6227 where protection concerns t...

Automated data source assurance in distributed databases

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Automated data source assurance in distributed databases

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links