One of the methods to encrypt or decrypt a database which is usable or approachable by the multiple users installs a cryptographic module in a database server and processes the encryption/decryption while inquiring about the stored data by database management system (DBMS) with structured query language (SQL).
Another method to encrypt or decrypt the database installs a cryptographic module in an application server irrelevant to the database, and encrypts/decrypts the data.
Whatever form it takes, in the process of data processing, as the encryption/decryption is automatically operated in accordance with a call from a program, the administrator cannot monitor the data processing. Thus, before the administrator is informed by other notification systems or can examine the database system, he or she cannot perceive the fact that the encryption/decryption is happening, so the encryption/decryption which is not perceived can go on for a long time.
Until now, although technology for monitoring the state of the process of a database exists, there has been no technology for monitoring the process of encryption/decryption of a cryptographic module which is installed at a database server.
One of the security problems which can be generated in an operating encrypted database normally cannot prevent a licenser from intentionally leaking confidential information.
Although various security services applied to the network and put into operation can organize the structure of control, the control using the security services which is directly irrelevant to the process of the data is indirect and its reliability is poor. As a rule based access control (RBAC), because the common security services also control the access to the DBs, files or disks only, a licensor who meets with the requirement of permission cannot directly control the abnormal decryption of the mass data, so further controls in accordance with other methods are needed.