| 发明名称 |
Encrypting data and characterization data that describes valid contents of a column |
| 摘要 |
A method, computer-readable storage medium, and computer system are provided. In an embodiment, in response to receiving a first command that specifies first data, a first cryptographic key, and a column identifier that identifies a column of rows in a database, the first data is encrypted into encrypted data using the first cryptographic key. The encrypted data is stored to a first row in the column in the database. In response to the receiving the first command, characterization data is created that specifies valid contents of the column of the rows. In response to receiving a query command that specifies a second cryptographic key and the column, the column is decrypted using the second key to create decrypted data. If the decrypted data does not satisfy the valid contents specified by the characterization data, an invalid cryptographic key action is performed. |
| 申请公布号 |
US8769302(B2) |
申请公布日期 |
2014.07.01 |
| 申请号 |
US201113273725 |
申请日期 |
2011.10.14 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Mittelstadt Roger A.;Muras Brian R. |
| 分类号 |
G06F11/30;G06F12/14;G06F17/30;H04L9/08 |
主分类号 |
G06F11/30 |
| 代理机构 |
|
代理人 |
Gamon Owen J.;Zehrer Matthew C. |
| 主权项 |
1. A computer implemented method comprising:
in response to receiving a first command that specifies first data, a first cryptographic key, and a column identifier that identifies a column of rows in a database, encrypting, by a processing device, the first data to encrypted data using the first cryptographic key and storing the encrypted data to a first row in the column in the database; in response to the receiving the first command, creating characterization data that specifies valid contents of the column of the rows; wherein the creating the characterization data further comprises: adding all of the characters from the first data that are not already present in characterization data to the characterization data and refraining from adding all of the characters from the first data that are already present in the characterization data, wherein the characterization data comprises one occurrence of each character that is present in the column of rows; if more than a threshold percentage of all possible characters are present in the characterization data, disabling the adding all of the characters from the first data that are not already present in the characterization data to the characterization data; in response to receiving a query command that specifies a second cryptographic key and the column, decrypting the column using the second key to create decrypted data; and if the decrypted data does not satisfy the valid contents specified by the characterization data, performing an invalid cryptographic key action, and; if more than a threshold number of insert commands have been received within a threshold time period, disabling the creating the characterization data. |
| 地址 |
Armonk NY US |
