Method and apparatus for expiring encrypted data

Assignee

• Oracle International Corporation · US

Inventors

• Min-Hank Ho · Redwood Shores, US
• Daniel ManHung Wong · Sacramento, US
• Chon Hei Lei · Alameda, US
• Thomas Keefe · Mill Valley, US

Key dates

Classification

• Technology area (CPC Y)Emerging Cross-Sectional Technologies
• CPC primaryY10S707/99944
• WIPO fieldAudio-visual technology
• WIPO sectorElectrical engineering

Abstract

One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.