SEMI-TRUSTED DATA-AS-A-SERVICE PLATFORM

摘要

A system and method provide for shared access to a database in a semi-trusted platform. In the method, for each of a set of users, provision is made for regenerating a respective user key, based on a respective predefined user input, such as a hashed password. One or more of the users is authorized to have access to an encrypted database. For each of these, the method includes encrypting a key for the encrypted database with the respective user's user key to generate an encrypted database key. During a user session, one of the authorized users is provided with access to the encrypted database by decrypting the database key from the encrypted database key with the respective user's user key, and decrypting the database, from the encrypted database, with the database key. The database key and each user's user key are not stored on the platform and are thus inaccessible to platform administrators and unauthorized users between user sessions.

主权项

1. A method for providing shared access to a database comprising:
for each of a set of users, providing for regenerating a respective user key based on a respective predefined user input to a system; for each of the set of users that is authorized to have access to an encrypted database, encrypting a database key for that database with the respective user's user key to generate an encrypted database key; and during a user session, providing one of the authorized users with access to the encrypted database by decrypting the database key from the encrypted database key with the respective user's user key, and decrypting the database, from the encrypted database, with the database key, the database key and each user's user key being inaccessible to the system between user sessions, wherein at least one of the providing for generating the respective user key, encrypting of the database key, and providing one of the authorized users with access is performed with a processor.