Database encryption key management
US10615969B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 14, 2017 |
| Grant date | Apr 7, 2020 |
| Priority date | — |
| Expiry date | Jun 8, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L9/3242
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods and systems are described for enhanced-security database encryption via cryptographic software, where key management is carried out, without exporting or exposing cleartext keys, using an independent key manager coupled to a cryptographic hardware security module (HSM). A database encryption key management system is part of an HSM. A key manager circuit of the database encryption key management system generates a master key encryption key and stores it in the HSM. The key manager circuit generates an HMAC key and encrypts the HMAC key using the master key encryption key to generate a HMAC key cryptogram. The interface circuit of the database encryption key management system transmits the HMAC key cryptogram to a database server, which independently generates and stores a unique identifier. The HSM deletes the HMAC key from its storage media. The key manager circuit receives the HMAC key cryptogram and the unique identifier, decrypts the HMAC key cryptogram to obtain the HMAC key and, based at least on the HMAC key and the unique identifier, generates an HMAC. The interface circuit transmits the HMAC to the database server, which derives a database encryption key (DEK) using…
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.