WO2001001222A1 - Securisation de bases de donnees : acces par consentement mutuel - Google Patents

Securisation de bases de donnees : acces par consentement mutuel Download PDF

Info

Publication number
WO2001001222A1
WO2001001222A1 PCT/US2000/016902 US0016902W WO0101222A1 WO 2001001222 A1 WO2001001222 A1 WO 2001001222A1 US 0016902 W US0016902 W US 0016902W WO 0101222 A1 WO0101222 A1 WO 0101222A1
Authority
WO
WIPO (PCT)
Prior art keywords
database
data
key
vendor
user
Prior art date
Application number
PCT/US2000/016902
Other languages
English (en)
Inventor
Nicholas Spicer
Original Assignee
Centura Software
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Centura Software filed Critical Centura Software
Priority to AU61995/00A priority Critical patent/AU6199500A/en
Publication of WO2001001222A1 publication Critical patent/WO2001001222A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Definitions

  • the present invention relates to the field of database handling. More specifically, one embodiment of the invention provides a database architecture that secures a database against access by a vendor or a user without the other's consent.
  • the creator of the database application may include some data that is proprietary to the creator but that is necessary for operation of the database application.
  • a software vendor might create a program for estimating annuity costs and sell or license the program to insurance and finance companies.
  • the software vendor might need to provide actuarial tables and other data structures required b the application.
  • the software vendor would like to limit access to that data so that the data user cannot get at the data, except as needed by the application.
  • the insurance or finance company that is the data owner in this example would also like to prevent the software vendor from accessing the data owner's data that is added to the database.
  • the vendor could secure the vendor data in a separate database, but often the vendor data, or part of it, resides in the databases provided for user data, such as templates and the like.
  • One embodiment of the present invention provides a mechanism to secure a database from access by a vendor or a user without the other's consent.
  • a method to effect that mechanism includes generating a database key that is a function of a vendor secret and a data user secret, wherein the database key is difficult to generate without the vendor secret and the data user secret, and using the database key to encrypt a database.
  • BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a block diagram of a database system according to one embodiment of the present invention.
  • Fig. 1 is a block diagram of a database system according to one embodiment of the present invention.
  • a computer system 10 supports an application 12, a user interface 14, a database management system (DBMS) 16 and data storage 18.
  • DBMS 16 might be a SQLBaseTM DBMS provided by Centura Software of Redwood City, California, but other DBMS's can also be used.
  • a user provides a user key 20 to application 12.
  • User key 20 is information that is generally only known to users that own or are authorized to access the application and its attendant data.
  • Application 12 uses user key 20 to generate a server key 22 in some way that is known to the application but not generally known to users. This is shown as vendor secret (VS) 36.
  • the vendor secret can be data, method steps or a combination of the two.
  • the data used by application 12 is encrypted as database 28, shown comprising a database control block 30 and a collection of data records 32.
  • the data records 32 are encrypted using a data records key 34 and data records key 34 is stored in database control block 30.
  • Database control block 30 is encrypted using server key 22 and database control block 30 is required by DBMS 16 to access database 28. Because of that requirement, DBMS 16 requires server key 22 before it can access database 28.
  • a vendor supplies application 12 and database 28 without user data.
  • the database schema and seed data of database 28 are created as a template into which specific data will be placed after installation by the user for the purposes of application 12.
  • database 28 After database 28 is populated with user data, database 28 will contain private information of the vendor and private information owned by the user. Neither have rights to both sets of data, yet the application requires access to all the data to perform.
  • the vendor will ship the database encrypted a default server key 54 and provide a default user password 50 to the user.
  • the vendor generates default server key 54 using a key generator 52 that generates keys from passwords, using a process equivalent to that of application 12, such as using vendor secret 36.
  • the vendor can start with an unencrypted database and encrypt it with default server key 54 before shipping. If default server key 54 is generated from default user password 50 in such a manner, the user can use default user password 50 until the user changes the user password for database 28. Note that the user is not provided with default server key 54, so a user is prevented from accessing database 28 through DBMS 16 directly without going through application 12.
  • application 12 can access data in database 28, but users cannot access the data outside application 12 and the vendor cannot get access to the user data.
  • the vendor preferably programs application 12 so that the user cannot use application 12 to access the vendor's protected data, because the vendor is implicitly granting the user access to any vendor data the user can access through the vendor's application.
  • Fig. 1 shows database 28 with a DCB 30 including data records key 34 and data records.
  • the data records are encrypted with data records key 34 and DCB 30 is encrypted with server key 22.
  • Any suitable encryption scheme can be used, such as triple-DES.
  • the structure for database 28 could be other than the structure shown in Fig. 1.
  • database 28 might be encrypted all with one key.
  • One advantage of encrypting only the DCB with the server key is that the server key can be changed , without having to reencrypt the entire database.
  • the channel between the application and the DBMS is an encrypted channel, so a user cannot easily listen in and steal the server key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé permettant d'une part, de générer une clef de base de données qui est fonction d'un secret du fournisseur et d'un secret de l'utilisateur des données, ladite clef étant difficile à générer sans le secret du vendeur ni le secret de l'utilisateur des données, et d'autre part, d'utiliser cette clef de base de données pour le cryptage d'une base de données.
PCT/US2000/016902 1999-06-25 2000-06-19 Securisation de bases de donnees : acces par consentement mutuel WO2001001222A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU61995/00A AU6199500A (en) 1999-06-25 2000-06-19 Securing databases using mutual consent access

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US34006799A 1999-06-25 1999-06-25
US09/340,067 1999-06-25

Publications (1)

Publication Number Publication Date
WO2001001222A1 true WO2001001222A1 (fr) 2001-01-04

Family

ID=23331725

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/016902 WO2001001222A1 (fr) 1999-06-25 2000-06-19 Securisation de bases de donnees : acces par consentement mutuel

Country Status (2)

Country Link
AU (1) AU6199500A (fr)
WO (1) WO2001001222A1 (fr)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5319705A (en) * 1992-10-21 1994-06-07 International Business Machines Corporation Method and system for multimedia access control enablement
US5764762A (en) * 1995-06-08 1998-06-09 Wave System Corp. Encrypted data package record for use in remote transaction metered data system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5319705A (en) * 1992-10-21 1994-06-07 International Business Machines Corporation Method and system for multimedia access control enablement
US5764762A (en) * 1995-06-08 1998-06-09 Wave System Corp. Encrypted data package record for use in remote transaction metered data system

Also Published As

Publication number Publication date
AU6199500A (en) 2001-01-31

Similar Documents

Publication Publication Date Title
JP4167300B2 (ja) データ処理方法および装置
AU2002213436B2 (en) Method and apparatus for automatic database encryption
EP0561685B1 (fr) Système de protection de données électroniques
US7904732B2 (en) Encrypting and decrypting database records
US6314409B2 (en) System for controlling access and distribution of digital property
US20030208686A1 (en) Method of data protection
US5857021A (en) Security system for protecting information stored in portable storage media
US7801310B1 (en) Nestable skeleton decryption keys for digital rights management
US5138712A (en) Apparatus and method for licensing software on a network of computers
JP4851200B2 (ja) アイテムに対する使用権をアクセス権に基づいて生成する方法およびコンピュータ読取り可能媒体
US7313694B2 (en) Secure file access control via directory encryption
US20060178997A1 (en) Systems and methods for authoring and protecting digital property
US20070226488A1 (en) System and method for protecting digital files
US7945586B1 (en) Methods and apparatus to protect data
AU2002213436A1 (en) Method and apparatus for automatic database encryption
US20080320601A1 (en) Providing access rights to portions of a software application
US20050246551A1 (en) System and method for rendering selective presentation of documents
US20060106801A1 (en) Securing location of an installed middleware application and securing location of containers contained within installed middleware application
US20030046564A1 (en) Storage medium and method for storing data decrypting algorithm
US7607176B2 (en) Trainable rule-based computer file usage auditing system
WO2001001222A1 (fr) Securisation de bases de donnees : acces par consentement mutuel
JP4192738B2 (ja) 電子文書編集装置、電子文書編集プログラム
JP3646482B2 (ja) アクセス制御装置、アクセス制御プログラムを記録したコンピュータ読み取り可能な記録媒体及びアクセス制御方法
JP2000099385A (ja) ファイルを複数ユーザで共有するためのセキュリティ方法ならびにシステム及び同方法がプログラムされ記録される記録媒体
USRE39802E1 (en) Storage medium for preventing an irregular use by a third party

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP