Protection of Databases

Please read about our new Cop's CRYPTO. DataBase Protection that gives a high degree of protection without changes to the browser.

In theory, the protection of databases is quite simple.

1. The database itself, i.e. the actual information, must be sufficiently encrypted so that even a powerful computer will have to use a long time to decrypt the data, if the encryption key is not known. This is just a question of using as long a key as necessary. A key of 128 bits is generally considered unbreakable.

2. The browser or search engine which displays and manipulates the database must be protected against copying and reverse engineering. This can be done in several ways, but generally, the browser must be locked to something: a particular computer, a master diskette, or an original CD.

Two Solutions

Assuming a certain level of security, the actual kind of encryption used is irrelevant. A DES encryption, triple DES for example, is acceptable. Once this is done, protection can be applied to the browser.

1. Envelope protection

An envelope protection is applied directly to the finished executable browser without making any changes to the application's source code. In other words, no re-compilation of the application is necessary. This technique has the advantage of being easy to apply. The executable is scrambled to prevent hacking and reverse engineering, but sensitive routines (the ones that handle database decryption) cannot be singled out for special treatment.

2. Integrated protection

In this case, security routines are built directly into the application's source code. The routines in the browser that do the actual decryption are scrambled at compilation time and are descrambled only when these routines need to be used. After use, they are rescrambled. An integrated solution of this type is extrmemly secure, since it is custom-designed for the particular software being used. Securiy checks can be performed periodically, while the program is running, or in different parts of the program. This technique requires more work at the start of a project and a higher degree of cooperation between the distributor and the security provider.

Common to both solutions:

1. The main executable is scrambled, so that hackers cannot see how the database decryption is handled.

2. The browser containing the decryption routines is protected. In other words, the browser cannot be run until it is installed on a particular computer and the owner of the computer has received an access code. This access code is specific for:

• The machine in question
• The database in question
• A specified period of time.

How the system functions in practice:

The database and browser can be distributed freely using any medium: CD, diskette, internet.

If desired, a "joker" code can be distributed together with the database. This allows all users to try the application until a pre-specified expiry date. After this date, the browser will not start, and the database is unusable.

After expiry, the end-user contacts the distributor and receives a new access code that is valid for his machine only and for a specified time period. In the case of network applications, the number of allowable network users is also included in the access code.

This page edited : 21 jul 1999 16:18:03

 Link Data Security A/S, Vesterbrogade 51, 1620 Copenhagen V, Denmark
Phone +45 33 23 23 50, Fax +45 33 23 84 48