WO2001001222A1 - Securing databases using mutual consent access - Google Patents

Securing databases using mutual consent access Download PDF

Info

Publication number
WO2001001222A1
WO2001001222A1 PCT/US2000/016902 US0016902W WO0101222A1 WO 2001001222 A1 WO2001001222 A1 WO 2001001222A1 US 0016902 W US0016902 W US 0016902W WO 0101222 A1 WO0101222 A1 WO 0101222A1
Authority
WO
WIPO (PCT)
Prior art keywords
database
data
key
vendor
user
Prior art date
Application number
PCT/US2000/016902
Other languages
French (fr)
Inventor
Nicholas Spicer
Original Assignee
Centura Software
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Centura Software filed Critical Centura Software
Priority to AU61995/00A priority Critical patent/AU6199500A/en
Publication of WO2001001222A1 publication Critical patent/WO2001001222A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Definitions

  • the present invention relates to the field of database handling. More specifically, one embodiment of the invention provides a database architecture that secures a database against access by a vendor or a user without the other's consent.
  • the creator of the database application may include some data that is proprietary to the creator but that is necessary for operation of the database application.
  • a software vendor might create a program for estimating annuity costs and sell or license the program to insurance and finance companies.
  • the software vendor might need to provide actuarial tables and other data structures required b the application.
  • the software vendor would like to limit access to that data so that the data user cannot get at the data, except as needed by the application.
  • the insurance or finance company that is the data owner in this example would also like to prevent the software vendor from accessing the data owner's data that is added to the database.
  • the vendor could secure the vendor data in a separate database, but often the vendor data, or part of it, resides in the databases provided for user data, such as templates and the like.
  • One embodiment of the present invention provides a mechanism to secure a database from access by a vendor or a user without the other's consent.
  • a method to effect that mechanism includes generating a database key that is a function of a vendor secret and a data user secret, wherein the database key is difficult to generate without the vendor secret and the data user secret, and using the database key to encrypt a database.
  • BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a block diagram of a database system according to one embodiment of the present invention.
  • Fig. 1 is a block diagram of a database system according to one embodiment of the present invention.
  • a computer system 10 supports an application 12, a user interface 14, a database management system (DBMS) 16 and data storage 18.
  • DBMS 16 might be a SQLBaseTM DBMS provided by Centura Software of Redwood City, California, but other DBMS's can also be used.
  • a user provides a user key 20 to application 12.
  • User key 20 is information that is generally only known to users that own or are authorized to access the application and its attendant data.
  • Application 12 uses user key 20 to generate a server key 22 in some way that is known to the application but not generally known to users. This is shown as vendor secret (VS) 36.
  • the vendor secret can be data, method steps or a combination of the two.
  • the data used by application 12 is encrypted as database 28, shown comprising a database control block 30 and a collection of data records 32.
  • the data records 32 are encrypted using a data records key 34 and data records key 34 is stored in database control block 30.
  • Database control block 30 is encrypted using server key 22 and database control block 30 is required by DBMS 16 to access database 28. Because of that requirement, DBMS 16 requires server key 22 before it can access database 28.
  • a vendor supplies application 12 and database 28 without user data.
  • the database schema and seed data of database 28 are created as a template into which specific data will be placed after installation by the user for the purposes of application 12.
  • database 28 After database 28 is populated with user data, database 28 will contain private information of the vendor and private information owned by the user. Neither have rights to both sets of data, yet the application requires access to all the data to perform.
  • the vendor will ship the database encrypted a default server key 54 and provide a default user password 50 to the user.
  • the vendor generates default server key 54 using a key generator 52 that generates keys from passwords, using a process equivalent to that of application 12, such as using vendor secret 36.
  • the vendor can start with an unencrypted database and encrypt it with default server key 54 before shipping. If default server key 54 is generated from default user password 50 in such a manner, the user can use default user password 50 until the user changes the user password for database 28. Note that the user is not provided with default server key 54, so a user is prevented from accessing database 28 through DBMS 16 directly without going through application 12.
  • application 12 can access data in database 28, but users cannot access the data outside application 12 and the vendor cannot get access to the user data.
  • the vendor preferably programs application 12 so that the user cannot use application 12 to access the vendor's protected data, because the vendor is implicitly granting the user access to any vendor data the user can access through the vendor's application.
  • Fig. 1 shows database 28 with a DCB 30 including data records key 34 and data records.
  • the data records are encrypted with data records key 34 and DCB 30 is encrypted with server key 22.
  • Any suitable encryption scheme can be used, such as triple-DES.
  • the structure for database 28 could be other than the structure shown in Fig. 1.
  • database 28 might be encrypted all with one key.
  • One advantage of encrypting only the DCB with the server key is that the server key can be changed , without having to reencrypt the entire database.
  • the channel between the application and the DBMS is an encrypted channel, so a user cannot easily listen in and steal the server key.

Abstract

A method for generating a database key that is a function of a vendor secret and a data user secret, wherein the database key is difficult to generate without the vendor secret and the data user secret, and using the database key to encrypt a database.

Description

SECURING DATABASES USING MUTUAL CONSENT ACCESS
CROSS-REFERENCE TO RELATED APPLICATIONS U.S. Patent Application No. , filed on the same day as the present application and entitled "Two-Layer Encryption Of Databases" is incorporated by reference herein for all purposes.
BACKGROUND OF THE INVENTION The present invention relates to the field of database handling. More specifically, one embodiment of the invention provides a database architecture that secures a database against access by a vendor or a user without the other's consent.
In a database application sold or licensed to an end user, the creator of the database application may include some data that is proprietary to the creator but that is necessary for operation of the database application. For example, a software vendor might create a program for estimating annuity costs and sell or license the program to insurance and finance companies. In order for the program to work properly, the software vendor might need to provide actuarial tables and other data structures required b the application. Typically, the software vendor would like to limit access to that data so that the data user cannot get at the data, except as needed by the application. The insurance or finance company that is the data owner in this example would also like to prevent the software vendor from accessing the data owner's data that is added to the database.
The vendor could secure the vendor data in a separate database, but often the vendor data, or part of it, resides in the databases provided for user data, such as templates and the like.
SUMMARY OF THE INVENTION
One embodiment of the present invention provides a mechanism to secure a database from access by a vendor or a user without the other's consent. A method to effect that mechanism includes generating a database key that is a function of a vendor secret and a data user secret, wherein the database key is difficult to generate without the vendor secret and the data user secret, and using the database key to encrypt a database. BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a block diagram of a database system according to one embodiment of the present invention.
DESCRIPTION OF THE PREFERRED EMBODIMENTS Fig. 1 is a block diagram of a database system according to one embodiment of the present invention. As shown there, a computer system 10 supports an application 12, a user interface 14, a database management system (DBMS) 16 and data storage 18. DBMS 16 might be a SQLBase™ DBMS provided by Centura Software of Redwood City, California, but other DBMS's can also be used. In operation, a user provides a user key 20 to application 12. User key 20 is information that is generally only known to users that own or are authorized to access the application and its attendant data. Application 12 uses user key 20 to generate a server key 22 in some way that is known to the application but not generally known to users. This is shown as vendor secret (VS) 36. The vendor secret can be data, method steps or a combination of the two.
The data used by application 12 is encrypted as database 28, shown comprising a database control block 30 and a collection of data records 32. The data records 32 are encrypted using a data records key 34 and data records key 34 is stored in database control block 30. Database control block 30 is encrypted using server key 22 and database control block 30 is required by DBMS 16 to access database 28. Because of that requirement, DBMS 16 requires server key 22 before it can access database 28.
In a typical application, a vendor supplies application 12 and database 28 without user data. The database schema and seed data of database 28 are created as a template into which specific data will be placed after installation by the user for the purposes of application 12. After database 28 is populated with user data, database 28 will contain private information of the vendor and private information owned by the user. Neither have rights to both sets of data, yet the application requires access to all the data to perform.
Typically, the vendor will ship the database encrypted a default server key 54 and provide a default user password 50 to the user. The vendor generates default server key 54 using a key generator 52 that generates keys from passwords, using a process equivalent to that of application 12, such as using vendor secret 36. The vendor can start with an unencrypted database and encrypt it with default server key 54 before shipping. If default server key 54 is generated from default user password 50 in such a manner, the user can use default user password 50 until the user changes the user password for database 28. Note that the user is not provided with default server key 54, so a user is prevented from accessing database 28 through DBMS 16 directly without going through application 12.
When the system shown in Fig. 1 is used, application 12 can access data in database 28, but users cannot access the data outside application 12 and the vendor cannot get access to the user data. The vendor preferably programs application 12 so that the user cannot use application 12 to access the vendor's protected data, because the vendor is implicitly granting the user access to any vendor data the user can access through the vendor's application.
Fig. 1 shows database 28 with a DCB 30 including data records key 34 and data records. The data records are encrypted with data records key 34 and DCB 30 is encrypted with server key 22. Any suitable encryption scheme can be used, such as triple-DES. The structure for database 28 could be other than the structure shown in Fig. 1. For example, database 28 might be encrypted all with one key. One advantage of encrypting only the DCB with the server key is that the server key can be changed , without having to reencrypt the entire database. Typically, the channel between the application and the DBMS is an encrypted channel, so a user cannot easily listen in and steal the server key. The above description is illustrative and not restrictive. Many variations of the invention will become apparent to those of skill in the art upon review of this disclosure. The scope of the invention should, therefore, be determined not with reference to the above description, but instead should be determined with reference to the appended claims along with their full scope of equivalents.

Claims

WHAT IS CLAIMED IS:
1. A method of securing a database comprising the steps of: generating a database key that is a function of a vendor secret and a data user secret, wherein the database key is difficult to generate without the vendor secret and the data user secret; and using the database key to encrypt the database.
2. The method of claim 1, wherein the vendor secret is program code for processing the data user secret to form the database key.
3. The method of claim 1 , wherein the data user secret is a data user key.
4. The method of claim 1, wherein the step of using the database key to encrypt the database comprises the steps of: encrypting data records in the database with a data records key; recording the data records key in a database control block; and encrypting the database control block with the database key.
PCT/US2000/016902 1999-06-25 2000-06-19 Securing databases using mutual consent access WO2001001222A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU61995/00A AU6199500A (en) 1999-06-25 2000-06-19 Securing databases using mutual consent access

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US34006799A 1999-06-25 1999-06-25
US09/340,067 1999-06-25

Publications (1)

Publication Number Publication Date
WO2001001222A1 true WO2001001222A1 (en) 2001-01-04

Family

ID=23331725

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/016902 WO2001001222A1 (en) 1999-06-25 2000-06-19 Securing databases using mutual consent access

Country Status (2)

Country Link
AU (1) AU6199500A (en)
WO (1) WO2001001222A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5319705A (en) * 1992-10-21 1994-06-07 International Business Machines Corporation Method and system for multimedia access control enablement
US5764762A (en) * 1995-06-08 1998-06-09 Wave System Corp. Encrypted data package record for use in remote transaction metered data system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5319705A (en) * 1992-10-21 1994-06-07 International Business Machines Corporation Method and system for multimedia access control enablement
US5764762A (en) * 1995-06-08 1998-06-09 Wave System Corp. Encrypted data package record for use in remote transaction metered data system

Also Published As

Publication number Publication date
AU6199500A (en) 2001-01-31

Similar Documents

Publication Publication Date Title
JP4167300B2 (en) Data processing method and apparatus
AU2002213436B2 (en) Method and apparatus for automatic database encryption
EP0561685B1 (en) An electronic data protection system
US7904732B2 (en) Encrypting and decrypting database records
US6314409B2 (en) System for controlling access and distribution of digital property
US20030208686A1 (en) Method of data protection
US5857021A (en) Security system for protecting information stored in portable storage media
US7801310B1 (en) Nestable skeleton decryption keys for digital rights management
JP4851200B2 (en) Method and computer-readable medium for generating usage rights for an item based on access rights
US7313694B2 (en) Secure file access control via directory encryption
US20060178997A1 (en) Systems and methods for authoring and protecting digital property
US20070226488A1 (en) System and method for protecting digital files
US7945586B1 (en) Methods and apparatus to protect data
AU2002213436A1 (en) Method and apparatus for automatic database encryption
US20050246551A1 (en) System and method for rendering selective presentation of documents
US20080320601A1 (en) Providing access rights to portions of a software application
US20060106801A1 (en) Securing location of an installed middleware application and securing location of containers contained within installed middleware application
US20030046564A1 (en) Storage medium and method for storing data decrypting algorithm
WO2001001222A1 (en) Securing databases using mutual consent access
JP3646482B2 (en) ACCESS CONTROL DEVICE, COMPUTER-READABLE RECORDING MEDIUM CONTAINING ACCESS CONTROL PROGRAM, AND ACCESS CONTROL METHOD
JP4153709B2 (en) Access control method
JPH043224A (en) Method for managing soft module by ic card
JP4192738B2 (en) Electronic document editing device, electronic document editing program
JP2000099385A (en) Method and system for security for sharing file among plural users and storage medium for programming and recording the same method
USRE39802E1 (en) Storage medium for preventing an irregular use by a third party

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP