Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-09-03
2001-08-14
Swann, Tod R. (Department: 2767)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C380S028000, C380S285000, C380S287000, C707S793000, C707S793000, C707S793000, C707S793000, C707S793000, C707S793000, C707S793000
Reexamination Certificate
active
06275939
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention generally relates to data security systems and, in particular, to a system and method for preventing unauthorized access of a database that can be accessed remotely by authorized users.
2. Related Art
Current database systems store a variety of information, and it is often desirable to keep the information stored within many database systems private. Therefore, in many applications, it is important to allow only authorized users to access the information stored within a database system. Furthermore, it is often desirable for authorized users to access the information within the database system from remote locations. However, allowing access to database systems from remote locations presents certain security concerns. For example, it usually becomes easier for unauthorized users, sometimes referred to as “hackers,” to access information within the database system when remote access of the database system is allowed for authorized users.
In this regard, if access to the database system is only provided through devices at the premises of the database system (i.e., remote access is not allowed), then access to the premises and, hence, the database system can be effectively limited to authorized users of the database system. However, if access to the database system from remote locations is allowed, then it becomes easier for unauthorized users to gain access to the database system.
For example, in many prior art systems, a server at the premises of the database system is utilized to enable remote access to the database system. To retrieve data from the database system remotely, an authorized user establishes communication with the server, and the server verifies that the user is an authorized user. For example, the server typically requires the user to enter a valid password before allowing the user to connect to the database system. If the user enters a valid password, then the server allows the user's computer (the client) to connect to the database system. The client then queries the database system through, for example, Structured Query Language (SQL) queries or other types of queries in order to retrieve the desired data from databases within the database system.
Many times, the user is only authorized to access certain data within the database system. Therefore, the database system typically includes security features that restrict the user's access to certain columns of information within the database system based on the user's password, which identifies the user. If the user submits an acceptable query (i.e., a query for information that is within the user's authorized data), then the database system retrieves the requested data and returns it to the client computer via the server. Remote access to at least a portion of the database system is thereby enabled.
Since remote access to the server is necessary to allow the database system to be accessed at remote locations by authorized users, hackers typically are capable of establishing communication with the server associated with the database system. Once communication with the server is established, hackers often are prevented from connecting with the database system primarily through the security measures in place at the server that verify a user as being an authorized user. However, the security measures at the server are not always adequate.
For example, a hacker might discover a valid password through a variety of hacking methods. One such method could include the interception of data communications between the server and an authorized user to discover a valid password. Even if the communications between the server and the authorized user are encrypted, current encryption techniques can sometimes be broken and deciphered by hackers. Therefore, a hacker can use the password to log on with the server and gain connectivity with the database system. Once connected to the database system, the hacker can then access any information within the database accessible to the password. Furthermore, the hacker can attempt to defeat the security measures in place at the database system to gain access to other information in the database system as well.
Accordingly, providing remote access to database systems allows hackers, through a variety of methods, certain opportunities to access the data within the database system. As a result, many database systems containing sensitive or important information are either restricted from remote access entirely or allow remote access with the risk that a potential hacker can break into the database system and retrieve or manipulate the data therein.
Thus, a heretofore unaddressed need exists in the industry for providing a more secure system and method of allowing remote access to a database system.
SUMMARY OF THE INVENTION
The present invention overcomes the inadequacies and deficiencies of the prior art as discussed herein. In general, the present invention provides a system and method for securely accessing a database from a remote location.
The present invention utilizes a client computer (client), a server computer (server), and a database system. The client establishes communication with the server from a remote location and submits a request for data to the server. The server translates the request for data into a query for the database system. The server queries the database system with the translated query, and in response, the database system retrieves the requested data and transmits the requested data to the server. The server encrypts the requested data and transmits the encrypted data to the client.
If part of the data requested by the client is not stored in the database system associated with the server, the server creates a request for data and sends the request for data to a remote server. The remote server translates the request for data into another query and queries a database system associated with the remote server. The remote server then transmits the data retrieved from the database system associated with the remote server to the server. The server then assimilates all of the retrieved data and transmits the retrieved data in encrypted form to the client. The server may query a plurality of remote servers in order to retrieve all of the information requested by the client.
In accordance with another feature of the present invention, the client initially transmits a password to the server in order to identify the user of the client as an authorized user. The server translates the password into a different password (an “alias” password) and utilizes the alias password to gain access to the database system.
In accordance with another feature of the present invention, the server transmits a new encryption key to the client each time the client establishes a data session with the server. Thereafter, the client and server encrypt all information communicated therebetween in the data session with the new encryption key.
In accordance with another feature of the present invention, the server accesses a column of information within the database system in order to retrieve the information requested by the client. The server determines which information within the column is inaccessible to the user based on predefined security information stored within the server. The server discards any information determined to be inaccessible for the user and transmits to the client only information determined to be accessible for the user.
The present invention has many advantages, a few of which are delineated hereafter, as mere examples.
An advantage of the present invention is that a database system can be remotely accessed.
Another advantage of the present invention is that unauthorized access of a remotely accessible database system can be prevented.
Another advantage of the present invention is that a database system can be remotely accessible without allowing unauthorized users to connect with the database system.
Another advantage of the present invention is that information within a plurali
Callahan Paul E.
Swann Tod R.
Thomas Kayden Horstemeyer & Risley LLP
Westcorp Software Systems, Inc.
LandOfFree
System and method for securely accessing a database from a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for securely accessing a database from a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for securely accessing a database from a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2542320