CA2417516A1 - Method and apparatus for automatic database encryption - Google Patents
Method and apparatus for automatic database encryption Download PDFInfo
- Publication number
- CA2417516A1 CA2417516A1 CA002417516A CA2417516A CA2417516A1 CA 2417516 A1 CA2417516 A1 CA 2417516A1 CA 002417516 A CA002417516 A CA 002417516A CA 2417516 A CA2417516 A CA 2417516A CA 2417516 A1 CA2417516 A1 CA 2417516A1
- Authority
- CA
- Canada
- Prior art keywords
- column
- database system
- encrypted
- encryption
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99931—Database or file accessing
- Y10S707/99939—Privileged access
Abstract
One embodiment of the present invention provides a system for managing encryption within a database system that is managed by a database administrator, and wherein a user administrator not otherwise associated with the database system, manages users of the database system. This system performs encryption automatically and transparently to a user of the database system. The system operates by receiving a request to store data in a column of the database system. If a user has designated the column as an encrypted column, the system automatically encrypts the data using an encryption function. This encryption function uses a key stored in a keyfile managed by the security administrator. After encrypting the data, the system stores the data in the database system using a storage function of the database system.
Claims (24)
1. A method for managing encryption within a database system that is managed by a security administrator, wherein encryption is performed automatically and transparently to a user of the database system, wherein users of the database system are managed by a user administrator, the method comprising:
receiving a request to store data in a column of the database system, wherein the column is designated as an encrypted column;
in response to receiving the request, automatically encrypting data using an encryption function, wherein the encryption function uses a key stored in a keyfile managed by the security administrator; and storing data in the database system using a storage function of the database system.
receiving a request to store data in a column of the database system, wherein the column is designated as an encrypted column;
in response to receiving the request, automatically encrypting data using an encryption function, wherein the encryption function uses a key stored in a keyfile managed by the security administrator; and storing data in the database system using a storage function of the database system.
2. The method of claim 1, further comprising:
receiving a request to retrieve data from the encrypted column of the database system;
if the request to retrieve data is received from the database administrator, preventing the database administrator from decrypting encrypted data;
if the request to retrieve data is received from the security administrator, preventing the security administrator from decrypting encrypted data; and if the request to retrieve data is from an authorized user of the database system, allowing the authorized user to decrypt encrypted data.
receiving a request to retrieve data from the encrypted column of the database system;
if the request to retrieve data is received from the database administrator, preventing the database administrator from decrypting encrypted data;
if the request to retrieve data is received from the security administrator, preventing the security administrator from decrypting encrypted data; and if the request to retrieve data is from an authorized user of the database system, allowing the authorized user to decrypt encrypted data.
3. The method of claim 1, wherein the security administrator selects one of, data encryption standard (DES) and triple DES as a mode of encryption for the column.
4. The method of claim 1, wherein the security administrator, the database administrator, and the user administrator are distinct roles, and wherein a person selected for one of these roles is not allowed to be selected for another of these roles.
5. The method of claim 1, wherein managing the keyfile includes, but is not limited to:
creating the keyfile;
establishing a plurality of keys to be stored in the keyfile;
establishing a relationship between a key identifier and the key stored in the keyfile;
storing the keyfile in one of, an encrypted file in the database system, and a location separate from the database system; and moving an obfuscated copy of the keyfile to a volatile memory within a server associated with the database system.
creating the keyfile;
establishing a plurality of keys to be stored in the keyfile;
establishing a relationship between a key identifier and the key stored in the keyfile;
storing the keyfile in one of, an encrypted file in the database system, and a location separate from the database system; and moving an obfuscated copy of the keyfile to a volatile memory within a server associated with the database system.
6. The method of claim 1, wherein upon receiving a request from the security administrator specifying the column to be encrypted, if the column currently contains data, the method further comprises:
decrypting the column using an old key if the column was previously encrypted; and encrypting the column using a new key.
decrypting the column using an old key if the column was previously encrypted; and encrypting the column using a new key.
7. The method of claim 5, wherein the key identifier associated with the encrypted column is stored as metadata associated with a table containing the encrypted column within the database system.
8. The method of claim 5, further comprising establishing encryption parameters for the encrypted column, wherein the encryption parameters include encryption mode, key length, and integrity type by:
entering encryption parameters for the encrypted column manually; and recovering encryption parameters for the encrypted column from a profile table in the database system.
entering encryption parameters for the encrypted column manually; and recovering encryption parameters for the encrypted column from a profile table in the database system.
9. A computer-readable storage medium storing instructions that when executed by a computer causes the computer to perform a method for managing encryption within a database system that is managed by a security administrator, wherein encryption is performed automatically and transparently to a user of the database system, wherein users of the database system are managed by a user administrator, the method comprising:
receiving a request to store data in a column of the database system, wherein the column is designated as an encrypted column;
in response to receiving the request, automatically encrypting data using an encryption function, wherein the encryption function uses a key stored in a keyfile managed by the security administrator; and storing data in the database system using a storage function of the database system.
receiving a request to store data in a column of the database system, wherein the column is designated as an encrypted column;
in response to receiving the request, automatically encrypting data using an encryption function, wherein the encryption function uses a key stored in a keyfile managed by the security administrator; and storing data in the database system using a storage function of the database system.
10. The computer-readable storage medium of claim 9, the method further comprises:
receiving a request to retrieve data from the encrypted column of the database system;
if the request to retrieve data is received from the database administrator, preventing the database administrator from decrypting encrypted data;
if the request to retrieve data is received from the security administrator, preventing the security administrator from decrypting encrypted data; and if the request to retrieve data is from an authorized user of the database system, allowing the authorized user to decrypt encrypted data.
receiving a request to retrieve data from the encrypted column of the database system;
if the request to retrieve data is received from the database administrator, preventing the database administrator from decrypting encrypted data;
if the request to retrieve data is received from the security administrator, preventing the security administrator from decrypting encrypted data; and if the request to retrieve data is from an authorized user of the database system, allowing the authorized user to decrypt encrypted data.
11. The computer-readable storage medium of claim 9, wherein the security administrator selects one of, data encryption standard {DES) and triple DES
as a mode of encryption for the column.
as a mode of encryption for the column.
12. The computer-readable storage medium of claim 9, wherein the security administrator, the database administrator, and the user administrator are distinct roles, and wherein a person selected for one of these roles is not allowed to be selected for another of these roles.
13. The computer-readable storage medium of claim 9, wherein managing the keyfile includes, but is not limited to:
creating the keyfile;
establishing a plurality of keys to be stored in the keyfile;
establishing a relationship between a key identifier and the key stored in the keyfile;
storing the keyfile in one of, an encrypted file in the database system, and a location separate from the database system; and moving an obfuscated copy of the keyfile to a volatile memory within a server associated with the database system.
creating the keyfile;
establishing a plurality of keys to be stored in the keyfile;
establishing a relationship between a key identifier and the key stored in the keyfile;
storing the keyfile in one of, an encrypted file in the database system, and a location separate from the database system; and moving an obfuscated copy of the keyfile to a volatile memory within a server associated with the database system.
14. The computer-readable storage medium of claim 9, wherein upon receiving a request from the security administrator specifying the column to be encrypted, if the column currently contains data, the method further comprises:
decrypting the column using an old key if the column was previously encrypted; and encrypting the column using a new key.
decrypting the column using an old key if the column was previously encrypted; and encrypting the column using a new key.
15. The computer-readable storage medium of claim 13, wherein the key identifier associated with the encrypted column is stored as metadata associated with a table containing the encrypted column within the database system.
16. The computer-readable storage medium of claim 13, wherein the method further comprises establishing encryption parameters for the encrypted column, wherein the encryption parameters include encryption mode, key length, and integrity type by:
entering encryption parameters for the encrypted column manually; and recovering encryption parameters for the encrypted column from a profile table in the database system.
entering encryption parameters for the encrypted column manually; and recovering encryption parameters for the encrypted column from a profile table in the database system.
17. An apparatus that facilitates managing encryption within a database system that is managed by a security administrator, wherein encryption is performed automatically and transparently to a user of the database system, wherein users of the database system are managed by a user administrator, comprising:
a receiving mechanism that is configured to receive a request to store data in a column of the database system, wherein the column is designated as an encrypted column;
an encrypting mechanism that is configured to encrypt data using an encryption function, wherein the encryption function uses a key stored in a keyfile managed by the security administrator; and a storing mechanism that is configured to store data in the database system using a storage function of the database system.
a receiving mechanism that is configured to receive a request to store data in a column of the database system, wherein the column is designated as an encrypted column;
an encrypting mechanism that is configured to encrypt data using an encryption function, wherein the encryption function uses a key stored in a keyfile managed by the security administrator; and a storing mechanism that is configured to store data in the database system using a storage function of the database system.
18. The apparatus of claim 17, further comprising:
the receiving mechanism that is further configured to receive a request to retrieve data from the encrypted column of the database system;
an access mechanism that is configured to prevent the database administrator and the security administrator from decrypting encrypted data; and wherein the access mechanism is configured to allow an authorized user of the database system to decrypt encrypted data.
the receiving mechanism that is further configured to receive a request to retrieve data from the encrypted column of the database system;
an access mechanism that is configured to prevent the database administrator and the security administrator from decrypting encrypted data; and wherein the access mechanism is configured to allow an authorized user of the database system to decrypt encrypted data.
19. The apparatus of claim 17, further comprising a selection mechanism that is configured to select one of, data encryption standard (DES) and triple DES as a mode of encryption for the column.
20. The apparatus of claim 17, wherein the security administrator, the database administrator, and the user administrator are distinct roles, and wherein a person selected for one of these roles is not allowed to be selected for another of these roles.
21. The apparatus of claim 17, further comprising:
a creating mechanism that is configured to create the keyfile;
an establishing mechanism that is configured to establish a plurality of keys to be stored in the keyfile;
wherein the establishing mechanism is further configured to establish a relationship between a lcey identifier and the key stored in the keyfile;
a storing mechanism that is configured to store the keyfile in one of, an encrypted file in the database system, and a location separate from the database system; and a moving mechanism that is configured to move an obfuscated copy of the keyfile to a volatile memory within a server associated with the database system.
a creating mechanism that is configured to create the keyfile;
an establishing mechanism that is configured to establish a plurality of keys to be stored in the keyfile;
wherein the establishing mechanism is further configured to establish a relationship between a lcey identifier and the key stored in the keyfile;
a storing mechanism that is configured to store the keyfile in one of, an encrypted file in the database system, and a location separate from the database system; and a moving mechanism that is configured to move an obfuscated copy of the keyfile to a volatile memory within a server associated with the database system.
22. The apparatus of claim 17, further comprising:
a decrypting mechanism that is configured to decrypt the column using a previous key if the column was previously encrypted; and wherein the encrypting mechanism is further configured to encrypt the column using a new key.
a decrypting mechanism that is configured to decrypt the column using a previous key if the column was previously encrypted; and wherein the encrypting mechanism is further configured to encrypt the column using a new key.
23. The apparatus of claim 21, wherein the key identifier associated with the encrypted column is stored as metadata associated with a table containing the encrypted column within the database system.
24. The apparatus of claim 21, wherein the establishing mechanism is further configured to establish encryption parameters for the encrypted column, wherein encryption parameters include encryption mode, key length, and integrity type, and wherein the establishing mechanism includes:
an entering mechanism that is configured to enter encryption parameter s for the encrypted column manually; and a recovering mechanism that is configured to recover encryption parameters for the encrypted column from a profile table in the database system.
an entering mechanism that is configured to enter encryption parameter s for the encrypted column manually; and a recovering mechanism that is configured to recover encryption parameters for the encrypted column from a profile table in the database system.
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/680,599 | 2000-10-06 | ||
US09/680,599 US7111005B1 (en) | 2000-10-06 | 2000-10-06 | Method and apparatus for automatic database encryption |
PCT/US2001/042469 WO2002029577A2 (en) | 2000-10-06 | 2001-10-05 | Method and apparatus for automatic database encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2417516A1 true CA2417516A1 (en) | 2002-04-11 |
CA2417516C CA2417516C (en) | 2012-12-18 |
Family
ID=24731734
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2417516A Expired - Lifetime CA2417516C (en) | 2000-10-06 | 2001-10-05 | Method and apparatus for automatic database encryption |
Country Status (6)
Country | Link |
---|---|
US (1) | US7111005B1 (en) |
EP (1) | EP1374063A2 (en) |
JP (1) | JP4398145B2 (en) |
AU (2) | AU1343602A (en) |
CA (1) | CA2417516C (en) |
WO (1) | WO2002029577A2 (en) |
Families Citing this family (111)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
SE9904094D0 (en) * | 1999-11-12 | 1999-11-12 | Protegrity Research & Dev | Method for reencryption of a database |
US7362868B2 (en) * | 2000-10-20 | 2008-04-22 | Eruces, Inc. | Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data |
US20030021417A1 (en) | 2000-10-20 | 2003-01-30 | Ognjen Vasic | Hidden link dynamic key manager for use in computer systems with database structure for storage of encrypted data and method for storage and retrieval of encrypted data |
US20070079119A1 (en) * | 2000-11-16 | 2007-04-05 | Ulf Mattsson | Encryption key rotation |
US7418098B1 (en) * | 2000-11-27 | 2008-08-26 | Protegrity Corporation | Data type preserving encryption |
US7757278B2 (en) * | 2001-01-04 | 2010-07-13 | Safenet, Inc. | Method and apparatus for transparent encryption |
DE60130902T2 (en) * | 2001-11-23 | 2008-07-17 | Protegrity Research & Development | Method for detecting intrusion into a database system |
US8010405B1 (en) | 2002-07-26 | 2011-08-30 | Visa Usa Inc. | Multi-application smart card device software solution for smart cardholder reward selection and redemption |
US8015060B2 (en) | 2002-09-13 | 2011-09-06 | Visa Usa, Inc. | Method and system for managing limited use coupon and coupon prioritization |
US9852437B2 (en) | 2002-09-13 | 2017-12-26 | Visa U.S.A. Inc. | Opt-in/opt-out in loyalty system |
US8626577B2 (en) | 2002-09-13 | 2014-01-07 | Visa U.S.A | Network centric loyalty system |
US7827077B2 (en) | 2003-05-02 | 2010-11-02 | Visa U.S.A. Inc. | Method and apparatus for management of electronic receipts on portable devices |
US10339336B2 (en) * | 2003-06-11 | 2019-07-02 | Oracle International Corporation | Method and apparatus for encrypting database columns |
US8554610B1 (en) | 2003-08-29 | 2013-10-08 | Visa U.S.A. Inc. | Method and system for providing reward status |
US7051923B2 (en) | 2003-09-12 | 2006-05-30 | Visa U.S.A., Inc. | Method and system for providing interactive cardholder rewards image replacement |
US8005763B2 (en) | 2003-09-30 | 2011-08-23 | Visa U.S.A. Inc. | Method and system for providing a distributed adaptive rules based dynamic pricing system |
US8407083B2 (en) | 2003-09-30 | 2013-03-26 | Visa U.S.A., Inc. | Method and system for managing reward reversal after posting |
US7653602B2 (en) | 2003-11-06 | 2010-01-26 | Visa U.S.A. Inc. | Centralized electronic commerce card transactions |
US7681042B2 (en) | 2004-06-17 | 2010-03-16 | Eruces, Inc. | System and method for dis-identifying sensitive information and associated records |
JP2006018499A (en) * | 2004-06-30 | 2006-01-19 | Sony Corp | Data storage device, data providing system, and data providing method |
US7797342B2 (en) * | 2004-09-03 | 2010-09-14 | Sybase, Inc. | Database system providing encrypted column support for applications |
US7743069B2 (en) * | 2004-09-03 | 2010-06-22 | Sybase, Inc. | Database system providing SQL extensions for automated encryption and decryption of column data |
US20060074897A1 (en) * | 2004-10-04 | 2006-04-06 | Fergusson Iain W | System and method for dynamic data masking |
KR20060058546A (en) * | 2004-11-25 | 2006-05-30 | 펜타시큐리티시스템 주식회사 | Method and apparatus for providing database encryption and access control |
US8045714B2 (en) * | 2005-02-07 | 2011-10-25 | Microsoft Corporation | Systems and methods for managing multiple keys for file encryption and decryption |
US7827403B2 (en) * | 2005-04-13 | 2010-11-02 | Oracle International Corporation | Method and apparatus for encrypting and decrypting data in a database table |
US8171238B1 (en) | 2007-07-05 | 2012-05-01 | Silver Peak Systems, Inc. | Identification of data stored in memory |
US8392684B2 (en) | 2005-08-12 | 2013-03-05 | Silver Peak Systems, Inc. | Data encryption in a network memory architecture for providing data based on local accessibility |
US8095774B1 (en) | 2007-07-05 | 2012-01-10 | Silver Peak Systems, Inc. | Pre-fetching data into a memory |
US8811431B2 (en) | 2008-11-20 | 2014-08-19 | Silver Peak Systems, Inc. | Systems and methods for compressing packet data |
US8929402B1 (en) | 2005-09-29 | 2015-01-06 | Silver Peak Systems, Inc. | Systems and methods for compressing packet data by predicting subsequent data |
US8489562B1 (en) | 2007-11-30 | 2013-07-16 | Silver Peak Systems, Inc. | Deferred data storage |
JP4794571B2 (en) * | 2005-12-02 | 2011-10-19 | インターナショナル・ビジネス・マシーンズ・コーポレーション | System and method for efficient access to database |
US7844829B2 (en) * | 2006-01-18 | 2010-11-30 | Sybase, Inc. | Secured database system with built-in antivirus protection |
US7827525B1 (en) * | 2006-06-02 | 2010-11-02 | Richard Paul Navaro | Data object utilization in software applications |
US7769176B2 (en) * | 2006-06-30 | 2010-08-03 | Verint Americas Inc. | Systems and methods for a secure recording environment |
US7848524B2 (en) | 2006-06-30 | 2010-12-07 | Verint Americas Inc. | Systems and methods for a secure recording environment |
US7853800B2 (en) * | 2006-06-30 | 2010-12-14 | Verint Americas Inc. | Systems and methods for a secure recording environment |
US8885632B2 (en) | 2006-08-02 | 2014-11-11 | Silver Peak Systems, Inc. | Communications scheduler |
US8755381B2 (en) | 2006-08-02 | 2014-06-17 | Silver Peak Systems, Inc. | Data matching using flow based packet data storage |
US7882354B2 (en) | 2006-09-07 | 2011-02-01 | International Business Machines Corporation | Use of device driver to function as a proxy between an encryption capable tape drive and a key manager |
US7904732B2 (en) * | 2006-09-27 | 2011-03-08 | Rocket Software, Inc. | Encrypting and decrypting database records |
US8661263B2 (en) | 2006-09-29 | 2014-02-25 | Protegrity Corporation | Meta-complete data storage |
US20080163332A1 (en) * | 2006-12-28 | 2008-07-03 | Richard Hanson | Selective secure database communications |
US8892905B2 (en) * | 2007-03-21 | 2014-11-18 | Oracle International Corporation | Method and apparatus for performing selective encryption/decryption in a data storage system |
US20080235603A1 (en) * | 2007-03-21 | 2008-09-25 | Holm Aaron H | Digital file management system with dynamic roles assignment and user level image/data interchange |
US20080263645A1 (en) * | 2007-04-23 | 2008-10-23 | Telus Communications Company | Privacy identifier remediation |
US20100031321A1 (en) * | 2007-06-11 | 2010-02-04 | Protegrity Corporation | Method and system for preventing impersonation of computer system user |
US9158933B2 (en) * | 2007-08-17 | 2015-10-13 | Sybase, Inc. | Protection of encryption keys in a database |
JP2009111687A (en) * | 2007-10-30 | 2009-05-21 | Fujitsu Ltd | Storage device, and encrypted data processing method |
US8307115B1 (en) | 2007-11-30 | 2012-11-06 | Silver Peak Systems, Inc. | Network memory mirroring |
US8479013B2 (en) * | 2008-01-18 | 2013-07-02 | Photonic Data Security, Llc | Secure portable data transport and storage system |
US8225106B2 (en) | 2008-04-02 | 2012-07-17 | Protegrity Corporation | Differential encryption utilizing trust modes |
US7904489B2 (en) * | 2008-05-09 | 2011-03-08 | Target Brands, Inc. | Database unload/reload of partitioned tables |
US8743683B1 (en) | 2008-07-03 | 2014-06-03 | Silver Peak Systems, Inc. | Quality of service using multiple flows |
US10805840B2 (en) | 2008-07-03 | 2020-10-13 | Silver Peak Systems, Inc. | Data transmission via a virtual wide area network overlay |
US9717021B2 (en) | 2008-07-03 | 2017-07-25 | Silver Peak Systems, Inc. | Virtual network overlay |
US10164861B2 (en) | 2015-12-28 | 2018-12-25 | Silver Peak Systems, Inc. | Dynamic monitoring and visualization for network health characteristics |
EP2189925A3 (en) * | 2008-11-25 | 2015-10-14 | SafeNet, Inc. | Database obfuscation system and method |
US8504844B2 (en) * | 2008-12-19 | 2013-08-06 | Teradata Us, Inc. | System, method, and computer-readable medium for cryptographic key rotation in a database system |
US8751826B2 (en) * | 2009-04-01 | 2014-06-10 | Salesforce.Com, Inc. | Enhanced system security |
US20100287597A1 (en) * | 2009-05-07 | 2010-11-11 | Microsoft Corporation | Security policy trigger for policy enforcement |
US10540508B2 (en) * | 2009-09-17 | 2020-01-21 | Oracle International Corporation | Method and apparatus for securing a database configuration |
US20110145082A1 (en) | 2009-12-16 | 2011-06-16 | Ayman Hammad | Merchant alerts incorporating receipt data |
US8429048B2 (en) | 2009-12-28 | 2013-04-23 | Visa International Service Association | System and method for processing payment transaction receipts |
US8856157B2 (en) * | 2011-08-23 | 2014-10-07 | Business Objects Software Limited | Automatic detection of columns to be obfuscated in database schemas |
US9130991B2 (en) | 2011-10-14 | 2015-09-08 | Silver Peak Systems, Inc. | Processing data packets in performance enhancing proxy (PEP) environment |
US9626224B2 (en) | 2011-11-03 | 2017-04-18 | Silver Peak Systems, Inc. | Optimizing available computing resources within a virtual environment |
JP6048414B2 (en) * | 2011-11-11 | 2016-12-21 | 日本電気株式会社 | Database apparatus, method and program |
US8812877B2 (en) | 2011-11-11 | 2014-08-19 | Nec Corporation | Database encryption system, method, and program |
US8996887B2 (en) | 2012-02-24 | 2015-03-31 | Google Inc. | Log structured volume encryption for virtual machines |
US9223807B2 (en) * | 2012-09-13 | 2015-12-29 | International Business Machines Corporation | Role-oriented database record field security model |
US10032216B2 (en) * | 2013-10-07 | 2018-07-24 | State Farm Mutual Automobile Insurance Company | Method and system for a vehicle auction tool with vehicle condition assessments |
US10140782B2 (en) | 2013-10-07 | 2018-11-27 | State Farm Mutual Automobile Insurance Company | Vehicle sharing tool based on vehicle condition assessments |
US10423989B2 (en) | 2013-10-07 | 2019-09-24 | State Farm Mutual Automobile Insurance Company | Systems and methods to assess the condition of a vehicle |
US10515231B2 (en) * | 2013-11-08 | 2019-12-24 | Symcor Inc. | Method of obfuscating relationships between data in database tables |
US9948496B1 (en) | 2014-07-30 | 2018-04-17 | Silver Peak Systems, Inc. | Determining a transit appliance for data traffic to a software service |
US9875344B1 (en) | 2014-09-05 | 2018-01-23 | Silver Peak Systems, Inc. | Dynamic monitoring and authorization of an optimization device |
JP6435815B2 (en) * | 2014-12-01 | 2018-12-12 | 富士通株式会社 | Information concealment program, information concealment method and information concealment device |
KR101613146B1 (en) * | 2015-03-24 | 2016-04-18 | 주식회사 티맥스데이터 | Method for encrypting database |
KR101563461B1 (en) * | 2015-03-24 | 2015-10-26 | 주식회사 티맥스데이터 | Method, server and computer program for security management in database |
KR101939755B1 (en) | 2015-05-08 | 2019-01-17 | 주식회사 예일전자 | Vibration output device coupled to wearable device |
KR20160114492A (en) | 2015-09-17 | 2016-10-05 | 주식회사 티맥스데이터 | Method, server and computer program for security management in database |
US9946744B2 (en) * | 2016-01-06 | 2018-04-17 | General Motors Llc | Customer vehicle data security method |
KR101692055B1 (en) | 2016-02-24 | 2017-01-18 | 주식회사 티맥스데이터 | Method, apparatus, and computer program stored in computer readable storage medium for managing shared memory in database server |
KR101643278B1 (en) | 2016-02-26 | 2016-07-28 | 주식회사 티맥스데이터 | Method, apparatus, and computer program stored in computer readable medium for managing storage server in database system |
KR101797482B1 (en) | 2016-04-22 | 2017-11-14 | 주식회사 티맥스데이터 | Method, apparatus, and computer program stored in computer readable medium for recoverying block in database system |
US10432484B2 (en) | 2016-06-13 | 2019-10-01 | Silver Peak Systems, Inc. | Aggregating select network traffic statistics |
KR101747265B1 (en) | 2016-06-20 | 2017-06-15 | 주식회사 티맥스데이터 | Method and apparatus for executing query and computer readable medium therefor |
KR101751970B1 (en) | 2016-06-20 | 2017-07-03 | 주식회사 티맥스데이터 | Method and apparatus for executing query and computer readable medium therefor |
US9967056B1 (en) | 2016-08-19 | 2018-05-08 | Silver Peak Systems, Inc. | Forward packet recovery with constrained overhead |
EP3516575B1 (en) | 2016-09-21 | 2023-03-15 | INTEL Corporation | Technologies for user-mode persistence of certificates and keys in resource-constrained devices |
US11393046B1 (en) * | 2017-01-17 | 2022-07-19 | Intuit Inc. | System and method for perpetual rekeying of various data columns with a frequency and encryption strength based on the sensitivity of the data columns |
US10303895B1 (en) | 2017-01-19 | 2019-05-28 | Intuit Inc. | System and method for perpetual rekeying of various data columns with respective encryption keys and on alternating bases |
US10771394B2 (en) | 2017-02-06 | 2020-09-08 | Silver Peak Systems, Inc. | Multi-level learning for classifying traffic flows on a first packet from DNS data |
US11044202B2 (en) | 2017-02-06 | 2021-06-22 | Silver Peak Systems, Inc. | Multi-level learning for predicting and classifying traffic flows from first packet data |
US10257082B2 (en) | 2017-02-06 | 2019-04-09 | Silver Peak Systems, Inc. | Multi-level learning for classifying traffic flows |
US10892978B2 (en) | 2017-02-06 | 2021-01-12 | Silver Peak Systems, Inc. | Multi-level learning for classifying traffic flows from first packet data |
US10540522B2 (en) * | 2017-07-14 | 2020-01-21 | Avoka Technologies Pty Ltd. | Storing data securely in a database |
US11212210B2 (en) | 2017-09-21 | 2021-12-28 | Silver Peak Systems, Inc. | Selective route exporting using source type |
US10699023B1 (en) * | 2017-11-20 | 2020-06-30 | Amazon Technologies, Inc. | Encryption profiles for encrypting user-submitted data |
US10637721B2 (en) | 2018-03-12 | 2020-04-28 | Silver Peak Systems, Inc. | Detecting path break conditions while minimizing network overhead |
US11595205B1 (en) | 2019-11-22 | 2023-02-28 | Amazon Technologies, Inc. | Database with client-controlled encryption key |
US11568063B1 (en) | 2019-11-22 | 2023-01-31 | Amazon Technologies, Inc. | Database with client-controlled encryption key |
US11860673B1 (en) * | 2019-11-22 | 2024-01-02 | Amazon Technologies, Inc. | Database with client-controlled encryption key |
US11483147B2 (en) * | 2020-01-23 | 2022-10-25 | Bank Of America Corporation | Intelligent encryption based on user and data properties |
US11374748B2 (en) * | 2020-04-15 | 2022-06-28 | Salesforce.Com, Inc. | Cache management for encryption key rotation |
US11483150B2 (en) | 2020-06-01 | 2022-10-25 | Salesforce.Com, Inc. | Private key cache in secure enclave |
WO2022002351A1 (en) * | 2020-06-29 | 2022-01-06 | Huawei Technologies Co., Ltd. | Data storage server and client devices for securely storing data |
CN116194920A (en) * | 2020-06-29 | 2023-05-30 | 华为技术有限公司 | Data storage server and client device for securely storing data |
CN115086354A (en) * | 2022-05-31 | 2022-09-20 | 北京融讯智晖技术有限公司 | User data management system for video cloud fusion |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DK279089D0 (en) * | 1989-06-07 | 1989-06-07 | Kommunedata I S | PROCEDURE FOR TRANSFER OF DATA, AN ELECTRONIC DOCUMENT OR SIMILAR, SYSTEM FOR EXERCISING THE PROCEDURE AND A CARD FOR USE IN EXERCISING THE PROCEDURE |
US5052040A (en) | 1990-05-25 | 1991-09-24 | Micronyx, Inc. | Multiple user stored data cryptographic labeling system and method |
GB9112644D0 (en) | 1991-06-12 | 1991-07-31 | Int Computers Ltd | Data processing system with cryptographic facility |
US5751949A (en) | 1995-05-23 | 1998-05-12 | Mci Corporation | Data security system and method |
US5835594A (en) * | 1996-02-09 | 1998-11-10 | Intel Corporation | Methods and apparatus for preventing unauthorized write access to a protected non-volatile storage |
SE506853C2 (en) * | 1996-06-20 | 1998-02-16 | Anonymity Prot In Sweden Ab | Method of data processing |
US5924094A (en) * | 1996-11-01 | 1999-07-13 | Current Network Technologies Corporation | Independent distributed database system |
US6185681B1 (en) * | 1998-05-07 | 2001-02-06 | Stephen Zizzi | Method of transparent encryption and decryption for an electronic document management system |
US6292899B1 (en) * | 1998-09-23 | 2001-09-18 | Mcbride Randall C. | Volatile key apparatus for safeguarding confidential data stored in a computer system memory |
US6564225B1 (en) * | 2000-07-14 | 2003-05-13 | Time Warner Entertainment Company, L.P. | Method and apparatus for archiving in and retrieving images from a digital image library |
-
2000
- 2000-10-06 US US09/680,599 patent/US7111005B1/en not_active Expired - Lifetime
-
2001
- 2001-10-05 AU AU1343602A patent/AU1343602A/en active Pending
- 2001-10-05 WO PCT/US2001/042469 patent/WO2002029577A2/en active Application Filing
- 2001-10-05 JP JP2002533080A patent/JP4398145B2/en not_active Expired - Lifetime
- 2001-10-05 EP EP01981819A patent/EP1374063A2/en not_active Ceased
- 2001-10-05 CA CA2417516A patent/CA2417516C/en not_active Expired - Lifetime
- 2001-10-05 AU AU2002213436A patent/AU2002213436B2/en not_active Expired
Also Published As
Publication number | Publication date |
---|---|
CA2417516C (en) | 2012-12-18 |
WO2002029577A2 (en) | 2002-04-11 |
AU2002213436B2 (en) | 2006-04-13 |
US7111005B1 (en) | 2006-09-19 |
JP2004528615A (en) | 2004-09-16 |
EP1374063A2 (en) | 2004-01-02 |
JP4398145B2 (en) | 2010-01-13 |
WO2002029577A3 (en) | 2003-09-18 |
AU1343602A (en) | 2002-04-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2417516A1 (en) | Method and apparatus for automatic database encryption | |
AU2002213436A1 (en) | Method and apparatus for automatic database encryption | |
CN104662870B (en) | Data safety management system | |
US8751804B1 (en) | Controlling access to data within encrypted copies of files using salt parameters | |
US7313694B2 (en) | Secure file access control via directory encryption | |
US7921305B2 (en) | Portable information terminal and data protecting method | |
US20010056541A1 (en) | File management apparatus | |
US20110085664A1 (en) | Systems and methods for managing multiple keys for file encryption and decryption | |
US20060010323A1 (en) | Method for a repository to provide access to a document, and a repository arranged in accordance with the same method | |
EP2013709A2 (en) | Method, system, and computer-readable medium to maintain and/or purge files of a document management system | |
WO2012151785A1 (en) | Built-in file encryption method for mobile terminal and mobile terminal | |
EP0695997A3 (en) | Methods for providing secure access to shared information | |
CA2568739A1 (en) | System, method, and computer program product for providing digital rights management of protected content | |
WO2001065545A3 (en) | Method and apparatus for using non-secure file servers for secure information storage | |
JP2005534104A5 (en) | ||
CA2548356A1 (en) | Avoiding server storage of client state | |
CN105787387A (en) | Database encryption method and encryption database query method | |
GB2274229A (en) | Cryptography system. | |
CA2388537A1 (en) | Wireless security access management for a portable data storage cartridge | |
US20020078049A1 (en) | Method and apparatus for management of encrypted data through role separation | |
JP2004126639A (en) | Data management system, method and program | |
TW201329776A (en) | System and method for protection of file content security | |
WO2001033829A3 (en) | Internet-based shared file service and distributed access control | |
CA2586172A1 (en) | System and method for providing authorized access to digital content | |
CN106919850B (en) | File encryption and decryption method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKEX | Expiry |
Effective date: 20211005 |
|
MKEX | Expiry |
Effective date: 20211005 |