公开(公告)号：US20180145831A1

公开(公告)日：2018-05-24

申请号：US15356938

申请日：2016-11-21

Applicant: SAP SE

Inventor： Fabian Garagnon ,  Thomas Wenckebach

IPC: H04L9/08 ,  H04L9/16 ,  G06F21/64 ,  G06F11/14 ,  G06F17/30

CPC classification number: H04L9/0894 ,  G06F11/1469 ,  G06F17/30312 ,  G06F17/30557 ,  G06F17/30587 ,  G06F21/602 ,  G06F21/6227 ,  G06F21/64 ,  G06F2201/80 ,  H04L9/083 ,  H04L9/16 ,  H04L2209/24

Abstract: A request is received to change a first, current encryption root key used to encrypt and decrypt a set of data in a database. A new, second encryption root key is generated. The second encryption root key is stored in a secured area in disk storage as a new current encryption root key. The first encryption root key is maintained in the secured area as a historical encryption root key. New root key version information that identifies the new, second encryption root key is generated and stored as current root key version information. A request is received to encrypt the set of data. The second encryption root key is identified as the current encryption root key based on the current root key version information. The second encryption root key is used to encrypt the set of data to create an encrypted set of data.

公开(公告)号：US09992020B1

公开(公告)日：2018-06-05

申请号：US15356938

申请日：2016-11-21

Applicant: SAP SE

Inventor： Fabian Garagnon ,  Thomas Wenckebach

IPC: H04L9/08 ,  H04L9/16 ,  G06F21/64 ,  G06F11/14 ,  G06F17/30

CPC classification number: H04L9/0894 ,  G06F11/1469 ,  G06F17/30312 ,  G06F17/30557 ,  G06F17/30587 ,  G06F21/602 ,  G06F21/6227 ,  G06F21/64 ,  G06F2201/80 ,  H04L9/083 ,  H04L9/16 ,  H04L2209/24

Abstract: A request is received to change a first, current encryption root key used to encrypt and decrypt a set of data in a database. A new, second encryption root key is generated. The second encryption root key is stored in a secured area in disk storage as a new current encryption root key. The first encryption root key is maintained in the secured area as a historical encryption root key. New root key version information that identifies the new, second encryption root key is generated and stored as current root key version information. A request is received to encrypt the set of data. The second encryption root key is identified as the current encryption root key based on the current root key version information. The second encryption root key is used to encrypt the set of data to create an encrypted set of data.