Databases are used to store information for an innumerable number of applications, including various commercial, industrial, technical, scientific and educational applications. As the reliance on information increases, the security of the information stored in a database, as well as the security of the data output by a database to its clients, likewise increases. Database management systems (DBMS's), which are the computer programs that are used to access the information stored in databases, often include functionality for securing data, e.g., using an encryption algorithm that relies on private keys or combinations of public and private keys.
In many databases, in particular relational databases, data is stored in the form of tables (or files), with the columns of the tables defining different fields of information, and with each row of a table representing a unique record. Likewise, data that is returned to a client in response to a query is typically organized into a table and forwarded to the client. In some databases, such as object-oriented databases, data is not stored directly in tables, but is instead stored in objects. However, result data that is returned to a client in response to a query may nonetheless be formatted in a table of rows and columns for use by the client.
Conventional encryption of database information often relies on a single encryption function applied on all of the data in a table such as a result table. Often, a private or public encryption key is used to encrypt all of the data in a result table prior to forwarding the table to a client. Once the client receives the result table, the client then applies a private decryption key to the data in the result table to decrypt the data. The data is thus protected from unauthorized access against anyone not possessing the key required to decrypt the table.
However, under such a scheme, a potential security risk exists in that if the key required to decrypt the data is ever obtained by a hacker or other unauthorized party, either through careless protection of the key by the client, or as a result of a hacker breaking the encryption algorithm, that party then has access to all of the data in the table.
Therefore, a significant need exists in the art for a more effective manner of protecting the information stored in database tables.