Method and apparatus for using an external security device to secure data in a database

Assignee

• Oracle International Corporation · US

Inventors

• Min-Hank Ho · Redwood Shores, US
• Paul Youn · Redwood City, US
• Daniel ManHung Wong · Sacramento, US
• Chon Hei Lei · Alameda, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2153
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

One embodiment of the present invention provides a system that facilitates using an external security device to secure data in a database without having to modify database applications. The system operates by receiving a request at the database to perform an encryption/decryption operation, wherein the encryption/decryption operation is performed with the assistance of the external security module in a manner that is transparent to database applications. In response to the request, the system passes a wrapped (encrypted) column key (a key used to encrypt data within the database) to an external security module, wherein the wrapped column key is a column key encrypted with a master key that exists only within the external security module. The system then unwraps (decrypts) the wrapped column key in the external security module to retrieve the column key. Next, the system returns the column key to the database. The system then performs an encryption/decryption operation on data in the database using the column key. Finally, the system erases the column key from memory in the database.