专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20080019527A1 Method and apparatus for managing cryptographic keys 有权
标题翻译：用于管理加密密钥的方法和装置
公开(公告)号：US20080019527A1
公开(公告)日：2008-01-24
申请号：US11367812
申请日：2006-03-03
申请人： Paul Youn , Daniel Wong , Min-Hank Ho , Chon Lei
发明人： Paul Youn , Daniel Wong , Min-Hank Ho , Chon Lei
IPC分类号： H04L9/00
CPC分类号： H04L9/3234 , H04L9/083 , H04L9/3239 , H04L63/06 , H04L63/0807
摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.
摘要翻译：本发明的一个实施例提供一种用于管理密钥的系统。在运行期间，系统会在密钥管理器身份验证客户端。接下来，系统在密钥管理器处从客户端接收令牌，其中令牌与客户密钥相关联，并且包括令牌认证器。该令牌认证器包括认证器对的一半，用于确定客户端是客户密钥的所有者。接下来，系统使用主密钥解密令牌。然后，系统验证客户端认证器，客户端认证器包括用于确定客户端是否是客户密钥的所有者的认证器对的另一半。如果客户端是客户密钥的所有者，则系统将客户密钥发送给客户端，这使得客户端能够对数据进行加密/解密。最后，客户端删除客户密钥。

2. 发明申请

US20060210085A1 Method and apparatus for expiring encrypted data 有权
标题翻译：用于到期加密数据的方法和装置
公开(公告)号：US20060210085A1
公开(公告)日：2006-09-21
申请号：US11084346
申请日：2005-03-17
申请人： Min-Hank Ho , Daniel Wong , Chon Lei , Thomas Keefe
发明人： Min-Hank Ho , Daniel Wong , Chon Lei , Thomas Keefe
IPC分类号： H04N7/16 , H04L9/00 , H04L9/32 , G06F17/30 , G06F7/04 , G06K9/00 , H03M1/68 , H04K1/00
CPC分类号： H04N21/433 , H04L9/083 , H04L2209/56 , H04N5/913 , H04N7/165 , H04N21/4627 , H04N21/6543 , H04N21/8355 , H04N2005/91364 , Y10S707/99944
摘要： One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.
摘要翻译：本发明的一个实施例提供一种能够使加密数据过期的系统。在操作期间，系统接收包含对象标识信息的到期请求，该信息可用于标识包含加密数据的一组数据库对象，其中数据库对象可以是表，分区，行，或一列。此外，数据库对象可以具有到期时间，并且可以将其存储在通常用于使用比数据库使用的存储介质更慢但更便宜的存储介质来长时间存储大量数据的存档。然后，系统使用对象识别信息来标识用于加密数据的一组密钥。接下来，系统删除一组密钥，从而使加密数据过期。请注意，删除密钥集可确保安全密钥存储库不包含与过期的加密数据相关联的任何过时的密钥。

3. 发明授权

US07639819B2 Method and apparatus for using an external security device to secure data in a database 有权
标题翻译：使用外部安全设备来保护数据库中的数据的方法和装置
公开(公告)号：US07639819B2
公开(公告)日：2009-12-29
申请号：US11156307
申请日：2005-06-16
申请人： Min-Hank Ho , Paul Youn , Daniel ManHung Wong , Chon Lei
发明人： Min-Hank Ho , Paul Youn , Daniel ManHung Wong , Chon Lei
IPC分类号： H04L9/00
CPC分类号： G06F21/6227 , G06F2221/2153 , H04L9/0822 , H04L9/0897
摘要： One embodiment of the present invention provides a system that facilitates using an external security device to secure data in a database without having to modify database applications. The system operates by receiving a request at the database to perform an encryption/decryption operation, wherein the encryption/decryption operation is performed with the assistance of the external security module in a manner that is transparent to database applications. In response to the request, the system passes a wrapped (encrypted) column key (a key used to encrypt data within the database) to an external security module, wherein the wrapped column key is a column key encrypted with a master key that exists only within the external security module. The system then unwraps (decrypts) the wrapped column key in the external security module to retrieve the column key. Next, the system returns the column key to the database. The system then performs an encryption/decryption operation on data in the database using the column key. Finally, the system erases the column key from memory in the database.
摘要翻译：本发明的一个实施例提供一种便于使用外部安全设备来保护数据库中的数据而不必修改数据库应用的系统。该系统通过在数据库处接收请求来执行加密/解密操作，其中以对数据库应用是透明的方式在外部安全模块的帮助下执行加密/解密操作。响应于该请求，系统将包裹的（加密的）列密钥（用于将数据库内的数据加密的密钥）传递到外部安全模块，其中包装的列密钥是仅使用主密钥加密的列密钥在外部安全模块内。系统然后在外部安全模块中解包（解密）包装的列密钥以检索列密钥。接下来，系统将列键返回到数据库。然后，系统使用列键对数据库中的数据执行加密/解密操作。最后，系统从数据库中的内存中擦除列密钥。

4. 发明申请

US20060236104A1 Method and apparatus for encrypting and decrypting data in a database table 有权
标题翻译：用于在数据库表中加密和解密数据的方法和装置
公开(公告)号：US20060236104A1
公开(公告)日：2006-10-19
申请号：US11106181
申请日：2005-04-13
申请人： Daniel Wong , Chon Lei
发明人： Daniel Wong , Chon Lei
IPC分类号： H04L9/00
CPC分类号： G06F21/6227
摘要： One embodiment of the present invention provides a system that decrypts an encrypted column in a row. During operation, the system receives the encrypted column in the row. The system then determines a security domain associated with the encrypted column in the row, wherein the security domain represents a set of columns in rows encrypted using the same key. Next, the system determines a key associated with the security domain. The system then decrypts the encrypted column in the row using the key. Note that using a security domain to represent a set of columns in rows enables the database to grant access to data within the database at arbitrary levels of granularity.
摘要翻译：本发明的一个实施例提供一种解密一行中的加密列的系统。在操作期间，系统接收该行中的加密列。然后，系统确定与行中的加密列相关联的安全域，其中安全域表示使用相同密钥加密的行中的一组列。接下来，系统确定与安全域相关联的密钥。系统然后使用密钥解密行中的加密列。请注意，使用安全域来表示行中的一组列使数据库能够以任意级别的粒度为数据库内的数据授予访问权限。

5. 发明申请

US20050144176A1 Column masking of tables 有权
标题翻译：列的列屏蔽
公开(公告)号：US20050144176A1
公开(公告)日：2005-06-30
申请号：US10763583
申请日：2004-01-23
申请人： Chon Lei , Daniel Wong , Thomas Keefe , Kristy Edwards
发明人： Chon Lei , Daniel Wong , Thomas Keefe , Kristy Edwards
IPC分类号： G06F17/30 , G06F21/00 , G06F7/00
CPC分类号： G06F21/6227 , G06F17/30427 , G06F17/30483 , Y10S707/99942
摘要： Returning rows having column values masked is disclosed. In response to receiving a database command, a modified database command is created that specifies whether to mask a value by returning a mask of the value instead of the value. In an embodiment, the condition expression is included in a policy function that is referenced by a policy. In an embodiment, the policy determines how the condition expressions are used. The condition expression may be used to determine which column values to mask. The condition expression may also be used to filter which rows are returned.
摘要翻译：公开了具有屏蔽的列值的返回行。响应于接收到数据库命令，创建修改的数据库命令，该命令指定是否通过返回值的掩码而不是值来屏蔽值。在一个实施例中，条件表达式被包括在由策略引用的策略功能中。在一个实施例中，该策略确定如何使用条件表达式。条件表达式可用于确定要屏蔽的列值。条件表达式也可用于过滤哪些行被返回。

6. 发明申请

US20060288232A1 Method and apparatus for using an external security device to secure data in a database 有权
公开(公告)号：US20060288232A1
公开(公告)日：2006-12-21
申请号：US11156307
申请日：2005-06-16
申请人： Min-Hank Ho , Paul Youn , Daniel Wong , Chon Lei
发明人： Min-Hank Ho , Paul Youn , Daniel Wong , Chon Lei
IPC分类号： H04L9/00
CPC分类号： G06F21/6227 , G06F2221/2153 , H04L9/0822 , H04L9/0897
摘要： One embodiment of the present invention provides a system that facilitates using an external security device to secure data in a database without having to modify database applications. The system operates by receiving a request at the database to perform an encryption/decryption operation, wherein the encryption/decryption operation is performed with the assistance of the external security module in a manner that is transparent to database applications. In response to the request, the system passes a wrapped (encrypted) column key (a key used to encrypt data within the database) to an external security module, wherein the wrapped column key is a column key encrypted with a master key that exists only within the external security module. The system then unwraps (decrypts) the wrapped column key in the external security module to retrieve the column key. Next, the system returns the column key to the database. The system then performs an encryption/decryption operation on data in the database using the column key. Finally, the system erases the column key from memory in the database.

7. 发明申请

US20050269716A1 METHOD AND STRUCTURE FOR SELECTIVE THERMAL PASTE DEPOSITION AND RETENTION ON INTEGRATED CIRCUIT CHIP MODULES 失效
标题翻译：集成电路芯片模块的选择性热固性沉积和保持的方法和结构
公开(公告)号：US20050269716A1
公开(公告)日：2005-12-08
申请号：US10709931
申请日：2004-06-07
申请人： Tim Lee , Chon Lei , Donald Papae , Francis Szenher
发明人： Tim Lee , Chon Lei , Donald Papae , Francis Szenher
IPC分类号： H01L23/02 , H01L23/367
CPC分类号： H01L23/3675 , H01L23/3677 , H01L2224/16225 , H01L2224/73253 , H01L2924/15311 , H01L2924/3011
摘要： An integrated circuit (IC) chip module includes at least one integrated circuit chip mounted upon a substrate, and a plurality of passive components mounted upon the substrate. A polymer based bib has at least one opening formed therein, the at least one opening configured to accommodate the at least one integrated circuit chip therein, and the bib further configured for attachment to one or more of the plurality of passive components. A protective cap is mounted over the at least one integrated circuit chip and attached to the substrate, wherein the bib is configured to retain thereon a thermally conductive paste initially applied to at least one of the integrated circuit chip and the protective cap.
摘要翻译：集成电路（IC）芯片模块包括安装在基板上的至少一个集成电路芯片和安装在基板上的多个无源部件。基于聚合物的围兜具有形成在其中的至少一个开口，所述至少一个开口被配置为在其中容纳所述至少一个集成电路芯片，并且所述围兜还被配置为附接到所述多个无源元件中的一个或多个。保护盖安装在所述至少一个集成电路芯片上并附接到所述基板，其中所述围拢被配置为在其上保持最初施加到所述集成电路芯片和所述保护盖中的至少一个的导热浆。

8. 发明申请

US20050038783A1 Database fine-grained access control 有权
标题翻译：数据库细粒度访问控制
公开(公告)号：US20050038783A1
公开(公告)日：2005-02-17
申请号：US10943189
申请日：2004-09-15
申请人： Chon Lei , Douglas McMahon
发明人： Chon Lei , Douglas McMahon
IPC分类号： G06F17/30 , G06F21/00 , G06F7/00
CPC分类号： G06F17/30522 , G06F21/6218 , Y10S707/99933 , Y10S707/99934 , Y10S707/99935
摘要： A method and mechanism are provided for accessing data. Values are stored for a set of context attributes associated with a session between a database user and a database server. The database system includes an attribute setting mechanism that selectively restricts access to the set of context attributes based on a policy. During the session, the database server executes a query that contains a reference to one or more of the context attributes. For example, the query may contain a predicate that requires a comparison between a context attribute value and a constant. The database server processes the query based on current values of the one or more of the context attributes referenced in the query. A mechanism is also provided for dynamically attaching predicates to queries, where the predicates are attached based on a policy. For example, the database system detects that a query is issued against a database object. Prior to executing the query, a policy function associated with the database object is invoked. The policy function creates a modified query by selectively adding zero or more predicates to the query based on a policy associated with the database object. The modified query is then executed.
摘要翻译：提供了访问数据的方法和机制。存储与数据库用户和数据库服务器之间的会话相关联的一组上下文属性的值。数据库系统包括属性设置机制，其基于策略选择性地限制对该组上下文属性的访问。在会话期间，数据库服务器执行包含对一个或多个上下文属性的引用的查询。例如，查询可以包含需要在上下文属性值和常量之间进行比较的谓词。数据库服务器根据查询中引用的一个或多个上下文属性的当前值处理查询。还提供了一种机制，用于动态地将谓词附加到查询中，其中基于策略附加谓词。例如，数据库系统检测到针对数据库对象发出查询。在执行查询之前，调用与数据库对象关联的策略函数。策略函数通过根据与数据库对象相关联的策略选择性地向查询添加零个或多个谓词来创建修改的查询。然后执行修改后的查询。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式