Browse Prior Art Database

Database backup with encrypting sensitive data

IP.com Disclosure Number: IPCOM000236475D
Publication Date: 2014-Apr-29
Document File: 3 page(s) / 59K

Publishing Venue

The IP.com Prior Art Database

Abstract

The issue with the "traditional" data encryption (masking) is that it has to be done as the extra work by the user, often using separate database backup (nobody wants to modify the production database directly for this purpose and next reverts the previous state). The DBAs usually create the backup of the production database, restore it on the separate machine and encrypt sensitive data. It has to be the similar machine for the binary backup and it is the extra expense for the customer. Some databases contain a tones of data and transfer of unencrypted backup to the destination machine, where the backup using "traditional" mechanisms will be created, is also a huge problem. Definitely it is very time and resources consuming process. It is also the error prone one. Additionally, invoking the encryption statements, the database statistics are updated so it is not the mirror backup of the production database anymore. Business meaning of data can be completely blurred or some problematic data, needed for investigation the issue, can be accidentally fixed (more concerns contains the disclosure text). In such cases backup becomes useless (the support team is not able to reproduce the issue and advice some solution). The last but not least - not every customer is able to create such manual backup itself and they have to request the support team for help. It is complex and generates additional costs for customer hence they stuck with some db issues that maybe are not critical, but can decrease software productivity. Proposed solution, where masking (encrypting) of data is done in one operation together with creating the backup of database, allows to save plenty of time and resources. Such solution would be distributed with some special setup tool that simplifies the entire process. The user would be able to mark data as the sensitive one by selecting the proper checkbox. Some data could be automatically recognized as sensitive. The database statistics (used to calculate the optimal execution plan for queries) are not updated using the considered solution and the business meaning of data is skipped (i.e. the specific values of some fields or having some border cases). Such process is definitely less error prone and allows the customer to create such backup itself or with little help of the support team in order to send it for analysis (for instance to adjust the indexes and db parameters to the current data set). Productivity of such managed software will be improved what is important for each customer.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 3

Database backup with encrypting sensitive data

Supporting a database system requires continuous maintenance to assure acceptable performance level, this includes adding/removing indexes, investigating problems, like deadlocks, testing migration scenarios. The preferable way of performing those operations is to work on stored original data, but clients are reluctant to share sensitive data with the support team. The common way of solving this security issue is on-site support, because clients have control over their database access. This however is very expensive and causes many organizational problems.

The invention is based on assumption that the same results can be achieved in debugging and performance tuning of data that is statistically equivalent to the original client data. By "statistically equivalent" we understand:

- the amount and complexity of data is the same
- the same length of string columns
- specific border cases (like numeric data ranges, date ranges) are reflected
- relationships between data are kept
- same issues regarding improper data caused by database structure design exist
- database containing this data has the same statistics, indexes and other metadata as the original database

The commonly used methods based on database snapshots are not always efficient and may be not sufficient to reproduce the problem..

This disclosure describes idea of the embedded database component that generates database backup containing data encrypted in the way they meet above "statistically equivalent" conditions.

1. Client chooses to generate backup using an embedded database tool...