Abstract:
A method and apparatus for data security incorporating device state. The method includes encrypting sensitive data written to an electronic device while the electronic device is in a locked state using a public key of an asymmetric master key pair. The method also includes, in response to detecting that the electronic device enters an unlocked state, converting asymmetric encryption of the sensitive data into symmetric encryption of the sensitive data using a symmetric master key. Encrypting of the sensitive data may include encrypting the sensitive data using a data encryption key (DEK) and encrypting the DEK using the public key. Converting of the asymmetric encryption of the sensitive data into the symmetric encryption may include decrypting the encrypted DEK using a private key of the asymmetric master key pair and re-encrypting the DEK using the symmetric master key without decrypting and re-encrypting the sensitive data.
Abstract:
A method and apparatus for data security incorporating device state. The method includes encrypting sensitive data written to an electronic device while the electronic device is in a locked state using a public key of an asymmetric master key pair. The method also includes, in response to detecting that the electronic device enters an unlocked state, converting asymmetric encryption of the sensitive data into symmetric encryption of the sensitive data using a symmetric master key. Encrypting of the sensitive data may include encrypting the sensitive data using a data encryption key (DEK) and encrypting the DEK using the public key. Converting of the asymmetric encryption of the sensitive data into the symmetric encryption may include decrypting the encrypted DEK using a private key of the asymmetric master key pair and re-encrypting the DEK using the symmetric master key without decrypting and re-encrypting the sensitive data.
Abstract:
An apparatus and method for operating a relational database (DB) are provided. The method includes determining a sensitivity classification for a column of a table in the DB, performing encryption, using a data encryption key (DEK), of sensitive data when writing the sensitive data to the column determined to be sensitive, performing decryption, using the DEK, of the encrypted sensitive data when reading the sensitive data from the column determined to be sensitive, and performing writing to the column and reading from the column of unencrypted non-sensitive data when the column is determined to be non-sensitive.