专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

11. 发明授权

US07117197B1 Selectively auditing accesses to rows within a relational database at a database server 有权
标题翻译：选择性地审计对数据库服务器上的关系数据库中的行的访问
公开(公告)号：US07117197B1
公开(公告)日：2006-10-03
申请号：US09559171
申请日：2000-04-26
申请人： Daniel ManHung Wong , Chon Hei Lei , Patrick F. Sack
发明人： Daniel ManHung Wong , Chon Hei Lei , Patrick F. Sack
IPC分类号： G06F17/30
CPC分类号： G06F17/30306 , Y10S707/99933
摘要： One embodiment of the present invention provides a system that selectively audits accesses to a relational database system. This system starts by receiving a query from a client at a database server. The system processes this query at the database server to produce a query result. The system also creates an audit record for rows in relational tables that are accessed by the query, and that satisfy an auditing condition. Next, the system records the audit record in an audit record store and returns the query result to the client. Integrating the auditing facility into the relational database system in this manner ensures that auditing is performed in the same way regardless of which application generates the query. Furthermore, this auditing is transparent to applications and users. In one embodiment of the present invention, the system additionally modifies the query so that processing the query causes the audit record to be created and recorded for rows in relational tables that are accessed by the query and that satisfy the auditing condition. In a variation on this embodiment, the auditing condition is associated with a table in the relational database system.
摘要翻译：本发明的一个实施例提供了一种选择性地审计对关系数据库系统的访问的系统。该系统从数据库服务器的客户端接收查询开始。该系统在数据库服务器处理此查询以产生查询结果。该系统还为查询中访问的关系表中的行创建审计记录，并满足审计条件。接下来，系统将审计记录记录在审计记录存储中，并将查询结果返回给客户端。以这种方式将审计工具集成到关系数据库系统中确保以相同的方式执行审计，而不管哪个应用程序生成查询。此外，这种审核对应用程序和用户是透明的。在本发明的一个实施例中，系统另外修改查询，使得处理查询导致为查询中访问并满足审计条件的关系表中的行创建和记录审计记录。在该实施例的变型中，审计条件与关系数据库系统中的表相关联。

12. 发明申请

US20110067084A1 METHOD AND APPARATUS FOR SECURING A DATABASE CONFIGURATION 审中-公开
标题翻译：用于保护数据库配置的方法和装置
公开(公告)号：US20110067084A1
公开(公告)日：2011-03-17
申请号：US12561461
申请日：2009-09-17
申请人： Ji-Won Byun , Chi Ching Chui , Daniel ManHung Wong , Chon Hei Lei
发明人： Ji-Won Byun , Chi Ching Chui , Daniel ManHung Wong , Chon Hei Lei
IPC分类号： G06F21/00 , G06F17/30
CPC分类号： G06F21/6209 , G06F16/217 , G06F16/2343
摘要： One embodiment of the present invention provides a system that secures a database configuration from undesired modifications. This system allows a security officer to issue a configuration-locking command, which activates a lock for the configuration of a database object. When a configuration lock is activated for a database object, the system prevents a user (e.g., a database administrator) from modifying the configuration of the database object, without restricting the user from accessing the database object itself. The security officer is a trusted user that is responsible for maintaining the stability of the database configuration, such that a configuration lock activated by the security officer preserves the database configuration by overriding the privileges assigned to a database administrator.
摘要翻译：本发明的一个实施例提供一种确保数据库配置免受不期望的修改的系统。该系统允许安全员发布配置锁定命令，该命令激活用于配置数据库对象的锁。当为数据库对象激活配置锁定时，系统防止用户（例如，数据库管理员）修改数据库对象的配置，而不会限制用户访问数据库对象本身。安全官员是一个值得信赖的用户，负责维护数据库配置的稳定性，使得由安全人员激活的配置锁定通过覆盖分配给数据库管理员的权限来保留数据库配置。

13. 发明授权

US07873660B1 Enforcing data privacy aggregations 有权
标题翻译：执行数据隐私聚合
公开(公告)号：US07873660B1
公开(公告)日：2011-01-18
申请号：US10377366
申请日：2003-02-27
申请人： Daniel Manhung Wong , Chon Hei Lei , Rama Vissapragada
发明人： Daniel Manhung Wong , Chon Hei Lei , Rama Vissapragada
IPC分类号： G06F7/00 , G06F17/30
CPC分类号： G06F21/6245
摘要： Described herein is an approach that may be used to control access to information requested by a query, where access is granted or denied to all the information requested based on factors that relate to information requested as a whole rather than on individual-by-individual row basis. Also described is a mechanism in which a database server dynamically creates and computes another query in response to receiving a query, and then uses the computed results to determine whether access to the data requested by the received query may be granted.
摘要翻译：这里描述了一种方法，其可以用于控制对查询所请求的信息的访问，其中基于与作为整体请求的信息相关的因素而不是逐个单独行的因素而授予或拒绝所有所请求的信息的访问基础。还描述了一种机制，其中数据库服务器响应于接收到查询而动态地创建和计算另一个查询，然后使用所计算的结果来确定是否可以授予对所接收的查询所请求的数据的访问。

14. 发明授权

US07440962B1 Method and system for management of access information 有权
标题翻译：访问信息管理方法和系统
公开(公告)号：US07440962B1
公开(公告)日：2008-10-21
申请号：US09974085
申请日：2001-10-09
申请人： Daniel ManHung Wong , Nina Lewis , Chon Hei Lei
发明人： Daniel ManHung Wong , Nina Lewis , Chon Hei Lei
IPC分类号： G06F17/00
CPC分类号： G06F21/6218 , Y10S707/99942 , Y10S707/99943
摘要： An improved method and system for centrally managing and accessing attribute information in a distributed computing system is disclosed. Applications set up application specific user attributes in a directory. When an application user connects to a server, the server automatically accesses the directory to identify the relevant user attributes for that application. These user attributes are retrieved and stored in the session context. Standard LDAP attributes can also be retrieved from the directory and stored in the session context.
摘要翻译：公开了一种用于在分布式计算系统中集中管理和访问属性信息的改进方法和系统。应用程序在目录中设置应用程序特定的用户属性。当应用程序用户连接到服务器时，服务器会自动访问目录，以识别该应用程序的相关用户属性。这些用户属性被检索并存储在会话上下文中。标准LDAP属性也可以从目录中检索并存储在会话上下文中。

15. 发明授权

US06813617B2 Dynamic generation of optimizer hints 有权
标题翻译：动态生成优化器提示
公开(公告)号：US06813617B2
公开(公告)日：2004-11-02
申请号：US10431971
申请日：2003-05-07
申请人： Daniel Manhung Wong , Chon Hei Lei
发明人： Daniel Manhung Wong , Chon Hei Lei
IPC分类号： G06F1730
CPC分类号： G06F17/30471 , G06F17/3048 , G06F21/6227 , Y10S707/99933 , Y10S707/99934 , Y10S707/99935 , Y10S707/99939
摘要： A fine-grained access control mechanism uses policy functions that are associated with a database object (e.g. table and view). The policy functions are invoked, when, for example, a database server detects that a query is issued against the database object. The policy functions return optimizer hints, which are added to the query.
摘要翻译：细粒度访问控制机制使用与数据库对象（例如表和视图）相关联的策略功能。当例如数据库服务器检测到针对数据库对象发出查询时，调用策略函数。策略函数返回优化器提示，这些提示被添加到查询中。

16. 发明授权

US10339336B2 Method and apparatus for encrypting database columns 有权
公开(公告)号：US10339336B2
公开(公告)日：2019-07-02
申请号：US10459811
申请日：2003-06-11
申请人： Chon Hei Lei , Thomas Keefe , Daniel M. Wong
发明人： Chon Hei Lei , Thomas Keefe , Daniel M. Wong
IPC分类号： G06F21/62
摘要： One embodiment of the present invention provides a system that facilitates encryption of data within a column of a database. The system operates by first receiving a command to perform a database operation. Next, the system parses the command to create a parse tree. The system then examines the parse tree to determine if a column referenced in the parse tree is an encrypted column. If a column referenced in the parse tree is an encrypted column, the system automatically transforms the command to include one or more cryptographic commands to facilitate accessing the encrypted column while performing the database operation.

17. 发明授权

US09886481B2 Query optimization on VPD protected columns 有权
公开(公告)号：US09886481B2
公开(公告)日：2018-02-06
申请号：US13278095
申请日：2011-10-20
申请人： Chon Hei Lei
发明人： Chon Hei Lei
IPC分类号： G06F17/30 , G06F21/62
CPC分类号： G06F17/30442 , G06F17/30389 , G06F17/30427 , G06F17/30448 , G06F21/6227
摘要： A method and apparatus for preserving optimization hints in a transformed query is provided. In one embodiment, the methodology is implemented by query optimization logic. Upon receiving a first query to access values in a column of a table protected by an access control policy, the query optimization logic creates a second query that is equivalent to the first query as subject to the access control policy. Furthermore, the second query contains a new predicate that conjunctively joins a clone of a first expression in a predicate of the first query with a second expression that is derived, based on the access control policy, from the first expression. In one embodiment, the query optimization logic submits the second query for execution.

18. 发明申请

US20100036846A1 METHOD AND SYSTEM FOR OPTIMIZING ROW LEVEL SECURITY IN DATABASE SYSTEMS 有权
标题翻译：用于优化数据库系统中的级别安全的方法和系统
公开(公告)号：US20100036846A1
公开(公告)日：2010-02-11
申请号：US12188675
申请日：2008-08-08
申请人： Mohammed Irfan Rafiq , Chon Hei Lei , Vikram Kapoor , Thomas F. Keefe , Nipun Agarwal , Thomas Baby , Sam Idicula , Vikram Reddy Pesati
发明人： Mohammed Irfan Rafiq , Chon Hei Lei , Vikram Kapoor , Thomas F. Keefe , Nipun Agarwal , Thomas Baby , Sam Idicula , Vikram Reddy Pesati
IPC分类号： G06F17/30
CPC分类号： G06F21/6218 , G06F17/30306 , G06F2221/2141
摘要： One embodiment of the present invention provides a system that implements a security policy in a database. During operation, the system receives a request associated with a set of objects in the database. Next, the system obtains a set of access control lists (ACLs) associated with the database, wherein a respective ACL specifies one or more access privileges associated with a user or user group, and wherein a respective ACLs is not specific to a particular object in the database. The system then evaluates the ACLs to obtain a set of ACL results associated with the request and processes the request by applying the set of ACL results to the objects without evaluating the ACLs repeatedly for each of the objects.
摘要翻译：本发明的一个实施例提供一种在数据库中实现安全策略的系统。在操作期间，系统接收与数据库中的一组对象相关联的请求。接下来，系统获得与数据库相关联的一组访问控制列表（ACL），其中相应的ACL指定与用户或用户组相关联的一个或多个访问权限，并且其中相应的ACL不是特定于特定对象的特定对象数据库。然后，系统评估ACL以获得与请求相关联的一组ACL结果，并通过将ACL集合应用于对象来处理请求，而不对每个对象重复地评估ACL。

19. 发明授权

US06487552B1 Database fine-grained access control 有权
标题翻译：数据库细粒度访问控制
公开(公告)号：US06487552B1
公开(公告)日：2002-11-26
申请号：US09167092
申请日：1998-10-05
申请人： Chon Hei Lei , Douglas James McMahon
发明人： Chon Hei Lei , Douglas James McMahon
IPC分类号： G06F1730
CPC分类号： G06F17/30528 , G06F21/6227 , Y10S707/955 , Y10S707/966 , Y10S707/99932 , Y10S707/99933 , Y10S707/99934 , Y10S707/99935 , Y10S707/99939
摘要： A method and mechanism are provided for accessing data. Values are stored for a set of context attributes associated with a session between a database user and a database server. The database system includes an attribute setting mechanism that selectively restricts access to the set of context attributes based on a policy. During the session, the database server executes a query that contains a reference to one or more of the context attributes. For example, the query may contain a predicate that requires a comparison between a context attribute value and a constant. The database server processes the query based on current values of the one or more of the context attributes referenced in the query. A mechanism is also provided for dynamically attaching predicates to queries, where the predicates are attached based on a policy. For example, the database system detects that a query is issued against a database object. Prior to executing the query, a policy function associated with the database object is invoked. The policy function creates a modified query by selectively adding zero or more predicates to the query based on a policy associated with the database object. The modified query is then executed.
摘要翻译：提供了访问数据的方法和机制。存储与数据库用户和数据库服务器之间的会话相关联的一组上下文属性的值。数据库系统包括属性设置机制，其基于策略选择性地限制对该组上下文属性的访问。在会话期间，数据库服务器执行包含对一个或多个上下文属性的引用的查询。例如，查询可以包含需要在上下文属性值和常量之间进行比较的谓词。数据库服务器根据查询中引用的一个或多个上下文属性的当前值处理查询。还提供了一种机制，用于动态地将谓词附加到查询中，其中基于策略附加谓词。例如，数据库系统检测到针对数据库对象发出查询。在执行查询之前，调用与数据库对象关联的策略函数。策略函数通过根据与数据库对象相关联的策略选择性地向查询添加零个或多个谓词来创建修改的查询。然后执行修改后的查询。

20. 发明申请

US20060271783A1 Method and apparatus for authorizing a database operation 有权
标题翻译：用于授权数据库操作的方法和装置
公开(公告)号：US20060271783A1
公开(公告)日：2006-11-30
申请号：US11139709
申请日：2005-05-26
申请人： Daniel Wong , MingKang Xu , Paul Youn , MinHank Ho , Chon Hei Lei
发明人： Daniel Wong , MingKang Xu , Paul Youn , MinHank Ho , Chon Hei Lei
IPC分类号： H04L9/00
CPC分类号： H04L9/085 , G06F21/6218 , G06F2221/2115 , Y10S707/99931
摘要： One embodiment of the present invention provides a system that authorizes a sensitive database operation. During operation, the system receives a request to perform a sensitive database operation. Note that, a sensitive database operation is an operation which, in the hands of a malicious user, poses a serious security threat. Next, the system determines a multiparty authorization requirement for the sensitive database operation, wherein the multiparty authorization requirement specifies a set of approvals required for authorizing the sensitive database operation. The system then sends approval requests to one or more approving parties based on the multiparty authorization requirement. Next, the system receives approvals for authorizing the sensitive database operation. The system then determines whether the approvals satisfy the multiparty authorization requirement. Next, if the approvals satisfy the multiparty authorization requirement, the system authorizes the sensitive database operation, thereby allowing the database to perform the sensitive database operation.
摘要翻译：本发明的一个实施例提供了授权敏感数据库操作的系统。在操作期间，系统接收到执行敏感数据库操作的请求。请注意，敏感数据库操作是在恶意用户手中造成严重安全威胁的操作。接下来，系统确定敏感数据库操作的多方授权要求，其中多方授权要求指定了授权敏感数据库操作所需的一组批准。系统然后根据多方授权要求向一个或多个批准方发出批准请求。接下来，系统接收授权敏感数据库操作的批准。然后，系统确定批准是否满足多方授权要求。接下来，如果批准满足多方授权要求，则系统授权敏感数据库操作，从而允许数据库执行敏感数据库操作。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式