Method and apparatus for facilitating role-based cryptographic key management for a database
First Claim
1. A method for facilitating role-based cryptographic key management, the method comprising:
- receiving a request at a database server from a user to perform a cryptographic operation on data on the database server, wherein the user is a member of a role, and wherein the role has been granted permission to perform the cryptographic operation on the data;
receiving from the user at the database server a user key, which is associated with the user;
unwrapping a wrapped role key with the user key to obtain a role key, which is associated with the role;
unwrapping a wrapped data key with the role key to obtain a data key, which is used to encrypt and decrypt the data; and
using the data key to perform the cryptographic operation on the data.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment of the present invention provides a system that facilitates role-based cryptographic key management. The system operates by receiving a request at a database server from a user to perform a cryptographic operation on data on the database server, wherein the user is a member of a role, and wherein the role has been granted permission to perform the cryptographic operation on the data. Next, the system receives from the user at the database server a user key, which is associated with the user. The system then unwraps a wrapped role key with the user key to obtain a role key, which is associated with the role. Next, the system unwraps a wrapped data key with the role key to obtain a data key, which is used to encrypt and decrypt the data. Finally, the system uses the data key to perform the cryptographic operation on the data.
116 Citations
21 Claims
-
1. A method for facilitating role-based cryptographic key management, the method comprising:
-
receiving a request at a database server from a user to perform a cryptographic operation on data on the database server, wherein the user is a member of a role, and wherein the role has been granted permission to perform the cryptographic operation on the data;
receiving from the user at the database server a user key, which is associated with the user;
unwrapping a wrapped role key with the user key to obtain a role key, which is associated with the role;
unwrapping a wrapped data key with the role key to obtain a data key, which is used to encrypt and decrypt the data; and
using the data key to perform the cryptographic operation on the data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for facilitating role-based cryptographic key management, the method comprising:
-
receiving a request at a database server from a user to perform a cryptographic operation on data on the database server, wherein the user is a member of a role, and wherein the role has been granted permission to perform the cryptographic operation on the data;
receiving from the user at the database server a user key, which is associated with the user;
unwrapping a wrapped role key with the user key to obtain a role key, which is associated with the role;
unwrapping a wrapped data key with the role key to obtain a data key, which is used to encrypt and decrypt the data; and
using the data key to perform the cryptographic operation on the data. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. An apparatus configured to facilitate role-based cryptographic key management, comprising:
-
a database server;
a receiving mechanism configured to receive a request at the database server from a user to perform a cryptographic operation on data on the database server, wherein the user is a member of a role, and wherein the role has been granted permission to perform the cryptographic operation on the data;
wherein the receiving mechanism is further configured to receive from the user at the database server a user key, which is associated with the user;
a cryptographic mechanism configured to unwrap a wrapped role key with the user key to obtain a role key, which is associated with the role;
wherein the cryptographic mechanism is further configured to unwrap a wrapped data key with the role key to obtain a data key, which is used to encrypt and decrypt the data; and
wherein the cryptographic mechanism is further configured to use the data key to perform the cryptographic operation on the data.
-
Specification