Storage monitoring
US-11379593-B2 · Jul 5, 2022 · US
Secure storage of anchor passphrase for DBMS
US11444763B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11444763-B2 |
| Application number | US-202016875161-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 15, 2020 |
| Priority date | May 15, 2020 |
| Publication date | Sep 13, 2022 |
| Grant date | Sep 13, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method to receive, by a database service from an encryption service of a database provider in a cloud environment, an encryption key passphrase stored in a secure storage separate and distinct from a database persistence and object store of the database service, the encryption key passphrase used as a key to encrypt and decrypt a key storage of the database service that stores one or more keys used by the database service; and to use the encryption key passphrase by a recovery service of the database provider in the cloud environment to recover the database service and its associated key storage.
First claim
Opening claim text (preview).
What is claimed is: 1. A system comprising: a memory storing processor-executable program code; and a processor to execute the processor-executable program code in order to cause the system to: receive, by a database service from an encryption service of a database provider in a cloud environment, an encryption key passphrase; encrypt a key storage managed by the database service using the encryption key passphrase, the key storage storing one or more encryption keys used by the database service; store an encrypted backup of the key storage in an object store of the database service; and store the passphrase in a secure storage that is separate and distinct from the object store of the database service and a data persistence of the database service. 2. The system of claim 1 , wherein the data persistence of the database service is an object store to store data backups of the database service. 3. The system of claim 1 , wherein the object store storing the encrypted backup of the key storage further stores encrypted backups of the database service. 4. The system of claim 1 , wherein the storing of the encrypted backup of the key storage in the object store of the database service is performed in response to an initialization of the database service. 5. The system of claim 1 , wherein the secure storage storing the encryption key passphrase is inaccessible by the database service. 6. The system of claim 1 , wherein the processor is further configured to execute the processor-executable program code in order to cause the system to: initialize, in response to a request to recreate the database service, a new instance of the database service; receive, by the new database service instance from a recovery service of the database provider, the encryption key passphrase; access, using the encryption key passphrase received from the recovery service, the encrypted backup of the key storage in the object store of the database service; perform, by the new database service instance, a recovery of the key storage using the encrypted backup of the key storage; and perform, by the new database service instance, a recovery of data backups and log backups using the one or more encryption keys in the recovered key storage. 7. The system of claim 6 , wherein the encryption key passphrase is used once by the new instance of the database service to access the encrypted backup of the key storage. 8. A computer-implemented method, the method comprising: receiving, by a database service from an encryption service of a database provider in a cloud environment, an encryption key passphrase; encrypting a key storage managed by the database service using the encryption key passphrase, the key storage storing one or more encryption keys used by the database service; storing an encrypted backup of the key storage in an object store of the database service; and storing the passphrase in a secure storage that is separate and distinct from the object store of the database service and a data persistence of the database service. 9. The method of claim 8 , wherein the data persistence of the database service is an object store to store data backups of the database service. 10. The method of claim 8 , wherein the object store storing the encrypted backup of the key storage further stores encrypted backups of the database service. 11. The method of claim 8 , wherein the storing of the encrypted backup of the key storage in the object store of the database service is performed in response to an initialization of the database service. 12. The method of claim 8 , wherein the secure storage storing the encryption key passphrase is inaccessible by the database service. 13. The method of claim 8 , further comprising: initializing, in response to a request to recreate the database service, a new instance of the database service; receiving, by the new database service instance from a recovery service of the database provider, the encryption key passphrase; accessing, using the encryption key passphrase received from the recovery service, the encrypted backup of the key storage in the object store of the database service; performing, by the new database service instance, a recovery of the key storage using the encrypted backup of the key storage; and performing, by the new database service instance, a recovery of data backups and log backups using the one or more encryption keys in the recovered key storage. 14. The method of claim 13 , wherein the encryption key passphrase is used once by the new instance of the database service to access the encrypted backup of the key storage. 15. A non-transitory, computer readable medium storing instructions, which when executed by at least one processor cause a computer to perform a method comprising: receiving, by a database service from an encryption service of a database provider in a cloud environment, an encryption key passphrase; encrypting a key storage managed by the database service using the encryption key passphrase, the key storage storing one or more encryption keys used by the database service; storing an encrypted backup of the key storage in an object store of the database service; and storing the passphrase in a secure storage that is separate and distinct from the object store of the database service and a data persistence of the database service. 16. The medium of claim 15 , wherein the data persistence of the database service is an object store to store data backups of the database service. 17. The medium of claim 15 , wherein the storing of the encrypted backup of the key storage in the object store of the database service is performed in response to an initialization of the database service. 18. The medium of claim 15 , wherein the secure storage storing the encryption key passphrase is inaccessible by the database service. 19. The medium of claim 15 storing instructions, which when executed by at least one processor cause a computer to perform a method further comprising: initializing, in response to a request to recreate the database service, a new instance of the database service; receiving, by the new database service instance from a recovery service of the database provider, the encryption key passphrase; accessing, using the encryption key passphrase received from the recovery service, the encrypted backup of the key storage in the object store of the database service; performing, by the new database service instance, a recovery of the key storage using the encrypted backup of the key storage; and performing, by the new database service instance, a recovery of data backups and log backups using the one or more encryption keys in the recovered key storage. 20. The medium of claim 19 , wherein the encryption key passphrase is used once by the new instance of the database service to access the encrypted backup of the key storage.
Assignees
Inventors
Classifications
- H04L9/0894Primary
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
Management of the backup or restore process · CPC title
Solving problems relating to consistency · CPC title
Backup restoration techniques · CPC title
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11444763B2 cover?
- A system and method to receive, by a database service from an encryption service of a database provider in a cloud environment, an encryption key passphrase stored in a secure storage separate and distinct from a database persistence and object store of the database service, the encryption key passphrase used as a key to encrypt and decrypt a key storage of the database service that stores one …
- Who is the assignee on this patent?
- Sap Se
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0894. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 13 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).