| 发明名称 |
METHOD AND APPARATUS TO ROTATE DATA ENCRYPTION KEYS IN DATABASES WITH NO DOWN TIME |
| 摘要 |
A database includes a first instance and a second instance. The first and second instances of the database are encrypted with a first encryption key and have content that is synchronized. Database queries from a user computing device are directed to the first instance of the database. A third instance of the database is created from one of the existing two instances of the database. The third instance is decrypted from the first encryption key and is encrypted with a second encryption key. Database queries from the user computing device are redirected from the first instance of the database to the third instance of the database without interrupting service to the user computing device. The process is repeated by creating additional instances of the database, encrypting the additional instances with new encryption keys, and by redirecting database queries to the additional instances of the database. |
| 申请公布号 |
US2015310221(A1) |
申请公布日期 |
2015.10.29 |
| 申请号 |
US201414263808 |
申请日期 |
2014.04.28 |
| 申请人 |
Intuit Inc. |
发明人 |
Lietz M. Shannon;Cabrera Luis Felipe;Philip Sabu Kuruvila;Schirmacher Jay |
| 分类号 |
G06F21/62;G06F17/30;H04L9/08 |
主分类号 |
G06F21/62 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A computing system implemented method for providing uninterrupted access to a database while rotating encryption keys to the database, comprising:
encrypting, with at least one computing device, a first instance of the database with a first encryption key and a second instance of the database with the first encryption key,
wherein the second instance of the database is synchronized with the first instance of the database,wherein the first instance of the database is designated as a primary recipient of database queries from user computing devices; creating a third instance of the database by copying the first instance of the database or the second instance of the database,
wherein, upon creation, the third instance of the database includes contents that are encrypted with the first encryption key; decrypting the third instance of the database to disassociate the contents of the third instance of the database from the first encryption key; encrypting the third instance of the database with a second encryption key; designating the third instance of the database as the primary recipient of database queries from user computing devices; encrypting the first instance of the database or the second instance of the database with the second encryption key; and decommissioning the first instance of the database or the second instance of the database that is not encrypted with the second encryption key. |
| 地址 |
Mountain View CA US |
