Method and apparatus for management of encrypted data through role separation

US 7,315,859 B2
Filed: 12/15/2000
Issued: 01/01/2008
Est. Priority Date: 12/15/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for managing a database system, wherein the database system includes one or more sensitive users having access to sensitive data, one or more normal users having access to non-sensitive data, one or more normal database administrators allowed to perform administrative functions over the normal user and non-sensitive data, and one or more security officers allowed to perform administrative functions over the sensitive user and sensitive data, the method comprising:

receiving a command to perform an administrative function on a user account within the database system;

determining if the user account belongs to a sensitive user who is empowered to access sensitive data in the database system;

if the user account does not belong to a sensitive user, and if the command is received from a normal database administrator for the database system, allowing the administrative function to proceed;

if the user account belongs to a sensitive user, and if the command is received from a normal database administrator, preventing the normal database administrator from performing the administrative function on the user account; and

if the user account belongs to a sensitive user, and if the command is received from a security officer within the group of one or more security officers, performing the administrative function on the user account, wherein the one or more security officers are the only database administrators empowered to perform administrative functions on the user account.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided for managing a database that stores sensitive information. Upon receiving a command to perform a function involving a database object, the system determines if the object is a sensitive object. If the object is not a sensitive object, the system allows the function to proceed. If the object is a sensitive object and the command is received from a normal system administrator, the system disallows the function. Upon receiving a request to perform an operation on sensitive data in the database system received from a user with access rights to the data item and empowered to access sensitive data, the system allows the operation to proceed. If the request is received from a normal user for a sensitive data item, the system disallows the operation. If the operation involves retrieval of a sensitive data item, the system decrypts the data item using an encryption key.

Citations

18 Claims

1. A method for managing a database system, wherein the database system includes one or more sensitive users having access to sensitive data, one or more normal users having access to non-sensitive data, one or more normal database administrators allowed to perform administrative functions over the normal user and non-sensitive data, and one or more security officers allowed to perform administrative functions over the sensitive user and sensitive data, the method comprising:
- receiving a command to perform an administrative function on a user account within the database system;
  
  determining if the user account belongs to a sensitive user who is empowered to access sensitive data in the database system;
  
  if the user account does not belong to a sensitive user, and if the command is received from a normal database administrator for the database system, allowing the administrative function to proceed;
  
  if the user account belongs to a sensitive user, and if the command is received from a normal database administrator, preventing the normal database administrator from performing the administrative function on the user account; and
  
  if the user account belongs to a sensitive user, and if the command is received from a security officer within the group of one or more security officers, performing the administrative function on the user account, wherein the one or more security officers are the only database administrators empowered to perform administrative functions on the user account.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - receiving a request to perform an operation on a data item in the database system;
      
      if the data item is a sensitive data item containing sensitive information and if the request is received from a sensitive user who is empowered to access sensitive data, allowing the operation to proceed if the sensitive user has access rights to the sensitive data item; and
      
      if the data item is a sensitive data item and the request is received from a user who is not a sensitive user, disallowing the operation.
  - 3. The method of claim 2, wherein if the data item is a sensitive data item, if the operation is allowed to proceed, and if the operation involves retrieval of the data item, the method further comprises decrypting the data item using an encryption key after the data item is retrieved.
  - 4. The method of claim 3, wherein the encryption key is stored along with a table containing the data item.
  - 5. The method of claim 4, wherein the encryption key is stored in encrypted form.
  - 6. The method of claim 1, wherein if the user is not a sensitive user, and if the command to perform the administrative function is received from a security officer, the method further comprises allowing the security officer to perform the administrative function on the user.

7. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for managing a database system, wherein the database system includes one or more sensitive users having access to sensitive data, one or more normal users having access to non-sensitive data, one or more normal database administrators allowed to perform administrative functions over the normal user and non-sensitive data, and one or more security officers allowed to perform administrative functions over the sensitive user and sensitive data, the method comprising:
- receiving a command to perform an administrative function on a user account within the database system;
  
  determining if the user account belongs to a sensitive user who is empowered to access sensitive data in the database system;
  
  if the user account does not belong to a sensitive user, and if the command is received from a normal database administrator for the database system, allowing the administrative function to proceed;
  
  if the user account belongs to a sensitive user, and if the command is received from a normal database administrator, preventing the normal database administrator from performing the administrative function on the user account; and
  
  if the user account belongs to a sensitive user, and if the command is received from a security officer within the group of one or more security officers, performing the administrative function on the user account, wherein the one or more security officers are the only database administrators empowered to perform administrative functions on the user account.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer-readable storage medium of claim 7, wherein the method further comprises:
    - receiving a request to perform an operation on a data item in the database system;
      
      if the data item is a sensitive data item containing sensitive information and if the request is received from a sensitive user who is empowered to access sensitive data, allowing the operation to proceed if the sensitive user has access rights to the sensitive data item; and
      
      if the data item is a sensitive data item and the request is received from a user who is not a sensitive user, disallowing the operation.
  - 9. The computer-readable storage medium of claim 8, wherein if the data item is a sensitive data item, if the operation is allowed to proceed, and if the operation involves retrieval of the data item, the method further comprises decrypting the data item using an encryption key after the data item is retrieved.
  - 10. The computer-readable storage medium of claim 9, wherein the encryption key is stored along with a table containing the data item.
  - 11. The computer-readable storage medium of claim 10, wherein the encryption key is stored in encrypted form.
  - 12. The computer-readable storage medium of claim 7, wherein if the user is not a sensitive user, and if the command to perform the administrative function is received from a security officer, the method further comprises allowing the security officer to perform the administrative function on the user.

13. An apparatus that manages a database system, wherein the database system includes one or more sensitive users having access to sensitive data, one or more normal users having access to non-sensitive data, one or more normal database administrators allowed to perform administrative functions over the normal user and non-sensitive data, and one or more security officers allowed to perform administrative functions over the sensitive user and sensitive data, comprising:
- a command-receiving mechanism configured to receive a command to perform an administrative function on a user account within the database system;
  
  an execution mechanism configured to,determine if the user account belongs to a sensitive user who is empowered to access sensitive data in the database system;
  
  allow the administrative function to proceed, if the user account does not belong to a sensitive user, and if the command is received from a normal database administrator for the database system;
  
  prevent a normal database administrator from performing the administrative function on the user account, if the user account belongs to a sensitive user, and if the command is received from the normal database administrator; and
  
  toallow the administrative function to proceed, if the user account belongs to a sensitive user, and if the command is received from a security officer within the group of one or more security officers, wherein the one or more security officers are the only database administrators empowered to perform administrative functions involving sensitive users.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The apparatus of claim 13,wherein the command-receiving mechanism is configured to receive a request to perform an operation on a data item in the database system;
    - wherein the execution mechanism is configured to,allow the operation to proceed, if the data item is a sensitive data item containing sensitive information and if the request is received from a sensitive user who is empowered to access sensitive data, and if the sensitive user has access rights to the sensitive data item; and
      
      todisallowing the operation, if the data item is a sensitive data item, and the request is received from a user who is not a sensitive user.
  - 15. The apparatus of claim 14, further comprising a decryption mechanism, wherein if the data item is a sensitive data item, if the operation is allowed to proceed, and if the operation involves retrieval of the data item, the decryption mechanism is configured to decrypt the data item using an encryption key after the data item is retrieved.
  - 16. The apparatus of claim 15, wherein the encryption key is stored along with a table containing the data item.
  - 17. The apparatus of claim 16, wherein the encryption key is stored in encrypted form.
  - 18. The apparatus of claim 13, wherein if the user is not a sensitive user, and if the command to perform the administrative function is received from a security officer, the execution mechanism is configured to allow the security officer to perform the administrative function on the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Samar, Vipin
Primary Examiner(s)
NGUYEN, CAM LINH T

Application Number

US09/741,680
Publication Number

US 20020078049A1
Time in Patent Office

2,573 Days
Field of Search

707/9, 726/2, 713/166, 713/182
US Class Current

1/1
CPC Class Codes

G06F 21/6218 to a system of files or obj...

Y10S 707/99939 Privileged access

Method and apparatus for management of encrypted data through role separation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for management of encrypted data through role separation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links