Data security system for a database
Abstract
A method and an apparatus for processing data provides protection for the data. The data is stored as encrypted data element values (DV) in records (P) in a first database (O-DB), each data element value being linked to a corresponding data element type (DT). In a second database (IAM-DB), a data element protection catalogue (DC) is stored, which for each individual data element type (DT) contains one or more protection attributes stating processing rules for data element values (DV), which in the first database (O-DB) are linked to the individual data element type (DT). In each user-initiated measure which aims at processing a given data element value (DV) in the first database (O-DB), a calling is initially sent to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element types. The user's processing of the given data element value is controlled in conformity with the collected protection attribute/attributes.
Claims
exact text as granted — not AI-modified1 - 8 . (canceled)
9 . A data processing method comprising:
maintaining a database containing a table of data in row and column format, at least portion of the data being encrypted; maintaining, separate from the table of data, information for controlling access to a specified proper subset of data in the table; and controlling access to the specified proper subset of data in the table according to the separately maintained information.
10 . The method of claim 9 , wherein controlling access comprises controlling access by a specified user or group of users.
11 . The method of claim 9 , wherein controlling access comprises controlling access by a specified program or group of programs.
12 . The method of claim 9 , wherein the separately maintained information comprises a separate table inaccessible to a user seeking access to the data.
13 . The method of claim 9 , wherein the separately maintained information comprises a separate table inaccessible to a program seeking access to the data.
14 . The method of claim 9 , wherein controlling access to the specified proper subset of the data comprises using a tamper-resistant hardware module.
15 . The method of claim 14 , wherein the tamper-resistant hardware module is used to perform a cryptographic operation on the data.
16 . The method of claim 14 , wherein the tamper-resistant hardware module is used to store at least a portion of the separately maintained information.
17 . The method of claim 14 , wherein the tamper-resistant hardware module comprises a hardware security module.
18 . The method of claim 14 , wherein the tamper-resistant hardware module is selected from the group consisting of a hardware security appliance and a cryptographic card.
19 . The method of claim 9 , wherein the specified proper subset of data comprises a specified column of data.
20 . The method of claim 9 , wherein the information for controlling access comprises information used in encrypting or decrypting data in the proper subset of data.
21 . The method of claim 20 , wherein the information used in encrypting or decrypting data comprises information identifying a way of encrypting or decrypting data in the proper subset of data.
22 . The method of claim 9 , wherein the information for controlling access comprises information identifying an owner of the proper subset of data.
23 . The method of claim 9 , wherein the information for controlling access comprises encrypted information.
24 . The method of claim 9 , further comprising:
receiving a request for access to a particular data element in the table, the particular data element containing encrypted data; obtaining, from the separately maintained data, cryptographic information associated with a proper subset of data in the table, the proper subset containing the particular data element; and decrypting the data in the particular data element using the cryptographic information.
25 . The method of claim 24 , wherein decrypting the data is done using a tamper-resistant hardware module.
26 . The method of claim 25 , wherein the tamper-resistant hardware module comprises a hardware security module.
27 . The method of claim 25 , wherein the tamper-resistant hardware module is selected from the group consisting of a hardware security appliance and a cryptographic card.
28 . The method of claim 9 , further comprising
receiving a request for access to a particular data element in the table, the particular data element containing encrypted data; and obtaining, from the separately maintained data, information associated with a proper subset of data in the table, the proper subset containing the particular data element; and providing decrypted data from the particular data element when the information from the separately maintained data indicates that the request for access to the particular data element is an authorized request.
29 . The method of claim 28 , further comprising decrypting the data from the particular data element using a tamper-resistant hardware module.
30 . The method of claim 29 , wherein the tamper-resistant hardware module comprises a hardware security module.
31 . The method of claim 29 , wherein the tamper-resistant hardware module is selected from the group consisting of a hardware security appliance and a cryptographic card.
32 . A method comprising:
providing a database containing a table having at least two columns of data; encrypting data in a first column using first cryptographic information; encrypting data in a second column using second cryptographic information; storing first and second cryptographic information outside of the table; controlling access to data in the first column using the first cryptographic information stored outside of the table; and controlling access to data in the second column using the second cryptographic information stored outside of the table.
33 . The method of claim 32 , further comprising storing the first and second cryptographic information in a separate table inaccessible to a user seeking access to the data.
34 . The method of claim 32 , further comprising storing the first and second cryptographic information in a separate table inaccessible to a program seeking access to the data.
35 . The method of claim 32 , wherein the first and second cryptographic information are stored, in encrypted form, outside of the table.
36 . The method of claim 32 , wherein at least a portion of the data is encrypted using a tamper-resistant hardware module.
37 . The method of claim 36 , wherein the tamper-resistant hardware module comprises a hardware security module.
38 . The method of claim 36 , wherein the tamper-resistant hardware module is selected from the group consisting of a hardware security appliance and a cryptographic card.
39 . A database management system comprising:
a database containing a table having at least two columns of data, at least one column of data being encrypted; and information stored outside of the table for controlling access to at least one column of data, the information including cryptographic information associated with the encrypted column of data.
40 . The system of claim 39 , wherein the information is stored in a separate table inaccessible to a user seeking access to the data.
41 . The system of claim 39 , wherein the information is stored in a separate table inaccessible to a program seeking access to the data.
42 . The system of claim 39 , wherein the information is stored in encrypted form.
43 . The system of claim 39 , further comprising a tamper-resistant hardware module for performing cryptographic operations on the encrypted column of data.
44 . The system of claim 43 , wherein the tamper-resistant hardware module comprises a hardware security module.
45 . The system of claim 43 , wherein the tamper-resistant hardware module is selected from the group consisting of a hardware security appliance and a cryptographic card.
46 . A data processing method comprising:
maintaining a first set of data as a collection of records having fields, at least a portion of the data being encrypted; maintaining, separate from the first set of data, information for controlling access to a specified proper subset of the first data; and controlling access to the specified proper subset of the first set of data according to the separately maintained information.
47 . The method of claim 46 , wherein controlling access comprises controlling access by a specified user or group of users.
48 . The method of claim 46 , wherein controlling access comprises controlling access by a specified program or group of programs.
49 . The method of claim 46 , wherein the separately maintained information comprises information that is inaccessible to a user seeking access to the data.
50 . The method of claim 46 , wherein the separately maintained information comprises information that is inaccessible to a program seeking access to the data.
51 . The method of claim 46 , wherein controlling access to the specified proper subset of the data comprising using a tamper-resistant hardware module.
52 . The method of claim 51 , wherein the tamper-resistant hardware module is used to perform a cryptographic operation on the data.
53 . The method of claim 51 , wherein the tamper-resistant hardware module is used to store at least a portion of the separately maintained information.
54 . The method of claim 51 , wherein the tamper-resistant hardware module comprises a hardware security module.
55 . The method of claims 51 , wherein the tamper-resistant hardware module is selected from the group consisting of a hardware security appliance and a cryptographic card.
56 . The method of claim 46 , wherein the specified proper subset of data comprises a specified field of data.
57 . The method of claim 46 , wherein the information for controlling access comprises information used in encrypting or decrypting data in the proper subset of data.
58 . The method of claim 46 , wherein the information for controlling access comprises information identifying an owner of the proper subset of data.
59 . The method of claim 46 , wherein the information for controlling access comprises encrypted information.
60 . The method of claim 46 , further comprising:
receiving a request for access to a particular data element in the first set of data, the particular data element containing encrypted data; obtaining, from the separately maintained data, cryptographic information associated with a proper subset of the first set of data, the proper subset containing the particular data element; and decrypting the data in the particular data element using the cryptographic information.
61 . The method of claim 60 , wherein decrypting the data is done using a tamper-resistant hardware module.
62 . The method of claim 61 , wherein the tamper-resistant hardware module comprises a hardware security module.
63 . The method of claim 61 , wherein the tamper-resistant hardware module is selected from the group consisting of a hardware security appliance and a cryptographic card.
64 . The method of claim 60 , wherein the proper subset comprises data in one or more specified fields.
65 . The method of claim 46 , further comprising
receiving a request for access to a particular data element in the first set of data, the particular data element containing encrypted data; and obtaining, from the separately maintained data, information associated with a proper subset of data in the first set of data, the proper subset containing the particular data element; and providing decrypted data from the particular data element when the information from the separately maintained data indicates that the request for access to the particular data element is an authorized request.
66 . The method of claim 65 , further comprising decrypting the data from the particular data element using a tamper-resistant hardware module.
67 . The method of claim 66 , wherein the tamper-resistant hardware module comprises a hardware security module.
68 . The method of claim 66 , wherein the tamper-resistant hardware module is selected from the group consisting of a hardware security appliance and a cryptographic card.
69 . A method comprising:
providing a database containing at least two columns of data; encrypting data in a first column using first cryptographic information; encrypting data in a second column using second cryptographic information; storing the first and second cryptographic information apart from the two columns of data; controlling access to data in the first column using the first cryptographic information; and controlling access to data in the second column using the second cryptographic information.
70 . The method of claim 69 , further comprising storing the first and second cryptographic information in a location that is inaccessible to a user seeking access to the data.
71 . The method of claim 69 , further comprising storing the first and second cryptographic information in a location that is inaccessible to a program seeking access to the data.
72 . The method of claim 69 , wherein the first and second cryptographic information are stored, in encrypted form, outside of the first and second column.
73 . The method of claim 69 , wherein at least a portion of the data is encrypted using a tamper-resistant hardware module.
74 . The method of claim 73 , wherein the tamper-resistant hardware module comprises a hardware security module.
75 . The method of claim 73 , wherein the tamper-resistant hardware module is selected from the group consisting of a hardware security appliance and a cryptographic card.
76 . A database management system comprising:
a database containing at least two columns of data, a first column of data being encrypted; and information stored outside of the first column of data for controlling access to the first column of data, the information including cryptographic information associated with the first column of data.
77 . The system of claim 76 , where in the information is stored in a location that is inaccessible to a user seeking access to the first column of data.
78 . The system of claim 76 , where in the information is stored in a location that is inaccessible to a program seeking access to the first column of data.
79 . The system of claim 76 , wherein the information is stored in encrypted form.
80 . The system of claim 76 , further comprising a tamper-resistant hardware module for performing cryptographic operations on the first column of data.
81 . The system of claim 80 , wherein the tamper-resistant hardware module comprises a hardware security module.
82 . The system of claim 80 , wherein the tamper-resistant hardware module is selected from the group consisting of a hardware security appliance and a cryptographic card.
83 . The method of claim 9 , further comprising revealing an unauthorized access to the data.
84 . The method of claim 32 , wherein controlling access to data in the first column comprises revealing unauthorized access to the data.
85 . The method of claim 46 , wherein controlling access comprising revealing unauthorized access to the first set of data.
86 . The method of claim 69 , wherein controlling access to data in the first columns comprises revealing unauthorized access to the data.
87 . The system of claim 39 , wherein the information stored outside of the table comprises information for revealing unauthorized access to the database.
88 . The system of claim 76 , wherein the information stored outside of the table comprises information for revealing unauthorized access to the database.Join the waitlist — get patent alerts
Track US2007180240A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.