HIDDEN LINK DYNAMIC KEY MANAGER FOR USE IN COMPUTER SYSTEMS WITH DATABASE STRUCTURE FOR STORAGE OF ENCRYPTED DATA AND METHOD FOR STORAGE AND RETRIEVAL OF ENCRYPTED DATA

摘要

A computer system ( 20 ) having a security domain ( 22 ), at least one client business domain ( 26 ), and a plurality of client terminals ( 34 ) utilizes a hidden link dynamic key manager ( 24, 84 ) and a database structure that includes encrypted data entities ( 30 C, 30 D) and a security identification attribute ( 32 ) for storage of encrypted data. Methods for encrypting data and for storing, decrypting, and retrieving encrypted data operate on the computer system ( 20 ), which also includes an information database ( 62 ) and a key database ( 44 ). The key database ( 44 ) is isolated from the information database ( 62 ). The hidden link key manager is stored in the security domain ( 22 ) and includes a system key manager ( 84 ) operable to generate system keys with system key common names and an encryption key manager ( 24 ) operable to generate encryption keys having encryption key identifications. The key managers ( 24, 84 ) operate on a key server ( 40 ), which is mirrored by a secondary key server ( 42 ). A general security manager ( 82 ) also operates on the key server ( 40 ) to control access to the security domain ( 22 ). The security information attribute ( 32 ) is stored with a persistent data entity ( 30 A) that is associated with the other encrypted data entities ( 30 C, 30 D) by a database schema. The encryption key identification ( 112 ) for the encryption key used to encrypt the data entities ( 30 C, 30 D) is encrypted by a system key and then stored as part of the security information attribute ( 32 ). The system key common name hash value ( 114 ) is also stored in the security information attribute ( 32 ). The information data entities ( 30 ) are stored on the information database ( 62 ), but the encryption key identification ( 153 ), encryption key ( 154 ), system key common name hash value ( 156, 157 ), and system key common name ( 158 ) are stored in the key database ( 44 ) inside the security domain ( 22 ). The system key itself is stored on a Smart Card reader ( 56 ) inside the security domain.