1. Field of the Invention
The present invention generally relates to data processing and more particularly to methods of secure access to a database.
2. Description of the Related Art
Databases are computerized information storage and retrieval systems. A relational database management system is a computer database management system (DBMS) that uses relational techniques for storing and retrieving data. The most prevalent type of database is the relational database, a tabular database in which data is defined so that it can be reorganized and accessed in a number of different ways.
Regardless of the particular architecture, in a DBMS, a requesting entity (e.g., an application or the operating system) demands access to a specified database by issuing a database access request. Such requests may include, for instance, simple catalog lookup requests or transactions and combinations of transactions that operate to read, change and add specified records in the database. These requests are made using high-level query languages such as the Structured Query Language (SQL). Illustratively, SQL is used to make interactive queries for getting information from and updating a database such as International Business Machines' (IBM) DB2, Microsoft's SQL Server, and database products from Oracle, Sybase, and Computer Associates. The term “query” denominates a set of commands for retrieving data from a stored database. Queries take the form of a command language that lets programmers and programs select, insert, update, find out the location of data, and so forth.
One significant issue in the context of databases is security. Databases often contain confidential or otherwise sensitive material which require a degree of security to be protected from access. For example, medical records are considered highly personal and confidential. As such, access to medical records is typically restricted to selected users. Other examples of sensitive material include, but are certainly not limited to, credit card numbers and personal identification numbers (PINs) used to conduct financial transactions, and employee records. To this end, conventional database management systems often implement user profiles which specify a level of authority. Whether a user may access some particular data will depend upon the user's level of authority specified in their respective profile.
However, through the use of intrusive hacking techniques (snooping, spoofing, and other forms of eavesdropping), unauthorized people may still gain access to sensitive information by intercepting database queries or query results containing the sensitive information. This problem is compounded by the fact that the high level languages used to generate queries are, by design, highly readable (e.g., to facilitate the building, interpreting, and troubleshooting of queries). In other words, because queries and results are often transmitted over a network as highly readable “text on wire,” sensitive material contained therein may be readily identified if intercepted by an unauthorized user.
One technique to secure sensitive material within database transactions is through the use of protocols commonly used for secure transmission of data over the Internet, such as Secure Sockets Layer (SSL) or Secure HyperText Transfer Protocol (S-HTTP). Such protocols take an all or nothing approach, encrypting entire documents, or an entire session's worth of transactions. However, because many database queries return vast amounts of data (possibly thousands of results records), encrypting the entire set of results may place an undue burden on system resources. Particularly in cases where only a small fraction of the results needs to be secured (e.g., a 16 character credit card number, a patient identification number, etc.), encrypting the entire results would be wasteful.
Accordingly, there is a need for an improved method for securing sensitive information in a database transaction.