公开(公告)号：US20240146526A1

公开(公告)日：2024-05-02

申请号：US17979206

申请日：2022-11-02

Applicant: SAP SE

Inventor： Martin SCHINDEWOLF ,  Meinolf BLOCK ,  Sascha ZORN ,  Christoph HOHNER

IPC: H04L9/08

CPC classification number: H04L9/0894 ,  H04L9/0822

Abstract: Systems and methods include assignment of first data artifacts stored in a volatile memory to a first database tenant object instance stored in the volatile memory, storage, in a persistent storage system, of a first payload database comprising a first encryption key for encrypting and decrypting the first data artifacts, storage, in the persistent storage system, a second payload database comprising a second encryption key for encrypting and decrypting second data artifacts not assigned to a database tenant object instance, and storage, in the persistent storage system, of a configuration database comprising a first portion including information usable for decrypting the first encryption key and a second portion including information usable for decrypting the second encryption key.

公开(公告)号：US20230409731A1

公开(公告)日：2023-12-21

申请号：US17968136

申请日：2022-10-18

Applicant: SAP SE

Inventor： Patrick VOELKER ,  Holger MACK ,  Meinolf BLOCK ,  Thorsten GLEBE ,  Mihnea ANDREI ,  Yong Sik KWON ,  Dirk THOMSEN ,  Martin SCHINDEWOLF ,  Martin KITTEL ,  Myung Sun PARK ,  Beomsoo KIM ,  Martin HEIDEL ,  Christian BENSBERG ,  Fabian GARAGNON ,  Michael MUEHLE ,  Sergej HARDOCK ,  Johannes BEIGEL ,  Sascha ZORN ,  Christoph HOHNER ,  Andreas HARTEL

IPC: G06F21/62 ,  H04L9/08

CPC classification number: G06F21/6227 ,  H04L9/0825 ,  H04L9/0822 ,  H04L9/0891

Abstract: A database system includes a persistent storage system, a memory storing metadata defining a tenant object and a plurality of database artifacts, a first instance of the tenant object, the first instance associated with a first plurality of the database artifacts including first data associated with the first instance of the tenant object, and a second instance of the tenant object, the second instance associated with a second plurality of the database artifacts including second data associated with the second instance of the tenant object. A processing unit is to execute program code of a database instance to cause the database system to encrypt the first data associated with the first instance of the tenant object using a first public encryption key and store the encrypted first data in the persistent storage system, and encrypt the second data associated with the second instance of the tenant object using a second public encryption key and store the encrypted second data in the persistent storage system.

公开(公告)号：US20210194678A1

公开(公告)日：2021-06-24

申请号：US16723466

申请日：2019-12-20

Applicant: SAP SE

Inventor： Martin SCHINDEWOLF ,  Meinolf BLOCK ,  Christoph HOHNER ,  Sascha ZORN

IPC: H04L9/08 ,  G06F21/62 ,  G06F16/25 ,  G06F16/27

Abstract: The system described herein provides for storing the databases and encryption keys for decrypting the data in the databases into two separate partitions. In an embodiment, the first partition includes the databases while the second partition includes a configuration database and a payload database. The payload database stores a data encryption key for decrypting the data stored in the databases. The payload database is encrypted and may be decrypted using a body encryption key. The body encryption key itself is encrypted twice. In the first instance a key encryption key is generated and in the second instance a second access key is generated. The key encryption key or the second access key may be used to decrypt the body encryption key. The second access key is stored in a secure location, to be retrieved in situations when the key encryption key is inaccessible.