Combined hardware and software based encryption of databases
DCFirst Claim
1. A relational database system for encryption of individual data elements from a relational database, said relational database system comprisinga plurality of encryption devices being of at least two different types, the types being tamper-proof hardware and software implemented,said encryption being provided by different encryption processes utilizing at least one process key in each of the categories master keys, key encryption keys, and data encryption keys, said process keys of different categories being held in said encryption devices;
- wherein said encryption processes are of at least two different security levels, where a process of a higher security level has greater access to said tamper-proof hardware device than a process of a lower security level;
wherein each data element which is to be protected is assigned an attribute indicating an encryption level, said encryption level corresponding to an encryption process of a certain security level.
5 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A relational database system for encryption of individual data elements comprising a encryption devices of at least two different types, the types being tamper-proof hardware and software implemented. The encryption processes of the system are of at least two different security levels, differing in the type of encryption device holding the process keys for at least one of the process key categories and also differing in which type of device executing the algorithm of the process. Each data element to be protected is assigned an attribute indicating the usage of encryption process of a certain security level.
148 Citations
17 Claims
-
1. A relational database system for encryption of individual data elements from a relational database, said relational database system comprising
a plurality of encryption devices being of at least two different types, the types being tamper-proof hardware and software implemented, said encryption being provided by different encryption processes utilizing at least one process key in each of the categories master keys, key encryption keys, and data encryption keys, said process keys of different categories being held in said encryption devices; -
wherein said encryption processes are of at least two different security levels, where a process of a higher security level has greater access to said tamper-proof hardware device than a process of a lower security level; wherein each data element which is to be protected is assigned an attribute indicating an encryption level, said encryption level corresponding to an encryption process of a certain security level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for encryption of individual data elements in relational database system, wherein said system comprises a plurality of encryption devices being of at least two different types, the types being tamper-proof hardware and software implemented, comprising the steps of:
-
providing encryption processes of at least two different security levels, where a process of a higher security level has greater access to said tamper-proof hardware device than a process of a lower security level; assigning an data element which is to be protected an attribute indicating an encryption level, said encryption level corresponding to an encryption process of a certain security level; choosing an encryption process correlating to the security level assigned to said data element which is to be protected; encrypting, using chosen encryption process, said data element which is to be protected.
-
-
11. A relational database system for encrypting individual data elements from a relational database, the relational database system comprising:
-
a tamper-proof hardware encryption device holding a first key set; a software-implemented encryption device holding a second key set; each of the key sets including a master key, a data-encryption key, and a key-encryption key the database system being configured to assign a security level to a particular data element; on the basis of the assigned security level, select, from a group of encryption processes, a particular encryption process to be used to encrypt the particular data element, the group including at least a higher-security encryption process and a lower-security encryption process, wherein the higher-security encryption process uses a first key combination, and the lower-security encryption process uses a second key combination that differs from the first key combination, each of the first and second key combinations including a master key selected from among the master keys of the first and second key sets, a key-encryption key selected from among the key encryption keys of the first and second key sets, and a data-encryption key selected from the data encryption keys of the first and second key sets, wherein the number of keys in the first key combination that are selected from the first key set is greater than the number of keys in the second key combination that are selected from the first key set. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
Specification