专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07873660B1 Enforcing data privacy aggregations 有权
标题翻译：执行数据隐私聚合
公开(公告)号：US07873660B1
公开(公告)日：2011-01-18
申请号：US10377366
申请日：2003-02-27
申请人： Daniel Manhung Wong , Chon Hei Lei , Rama Vissapragada
发明人： Daniel Manhung Wong , Chon Hei Lei , Rama Vissapragada
IPC分类号： G06F7/00 , G06F17/30
CPC分类号： G06F21/6245
摘要： Described herein is an approach that may be used to control access to information requested by a query, where access is granted or denied to all the information requested based on factors that relate to information requested as a whole rather than on individual-by-individual row basis. Also described is a mechanism in which a database server dynamically creates and computes another query in response to receiving a query, and then uses the computed results to determine whether access to the data requested by the received query may be granted.
摘要翻译：这里描述了一种方法，其可以用于控制对查询所请求的信息的访问，其中基于与作为整体请求的信息相关的因素而不是逐个单独行的因素而授予或拒绝所有所请求的信息的访问基础。还描述了一种机制，其中数据库服务器响应于接收到查询而动态地创建和计算另一个查询，然后使用所计算的结果来确定是否可以授予对所接收的查询所请求的数据的访问。

2. 发明授权

US07925023B2 Method and apparatus for managing cryptographic keys 有权
标题翻译：用于管理加密密钥的方法和装置
公开(公告)号：US07925023B2
公开(公告)日：2011-04-12
申请号：US11367812
申请日：2006-03-03
申请人： Paul Youn , Daniel ManHung Wong , Min-Hank Ho , Chon Hei Lei
发明人： Paul Youn , Daniel ManHung Wong , Min-Hank Ho , Chon Hei Lei
IPC分类号： H04L9/08
CPC分类号： H04L9/3234 , H04L9/083 , H04L9/3239 , H04L63/06 , H04L63/0807
摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.
摘要翻译：本发明的一个实施例提供一种用于管理密钥的系统。在运行期间，系统会在密钥管理器身份验证客户端。接下来，系统在密钥管理器处从客户端接收令牌，其中令牌与客户密钥相关联，并且包括令牌认证器。该令牌认证器包括认证器对的一半，用于确定客户端是客户密钥的所有者。接下来，系统使用主密钥解密令牌。然后，系统验证客户端认证器，客户端认证器包括用于确定客户端是否是客户密钥的所有者的认证器对的另一半。如果客户端是客户密钥的所有者，则系统将客户密钥发送给客户端，这使得客户端能够对数据进行加密/解密。最后，客户端删除客户密钥。

3. 发明授权

US07827403B2 Method and apparatus for encrypting and decrypting data in a database table 有权
标题翻译：用于在数据库表中加密和解密数据的方法和装置
公开(公告)号：US07827403B2
公开(公告)日：2010-11-02
申请号：US11106181
申请日：2005-04-13
申请人： Daniel ManHung Wong , Chon Hei Lei
发明人： Daniel ManHung Wong , Chon Hei Lei
IPC分类号： H04L29/06 , H04L9/08 , G06F11/30 , G06F7/04 , G06F7/00 , G06F17/30 , G06F12/00 , H04L9/00
CPC分类号： G06F21/6227
摘要： One embodiment of the present invention provides a system that decrypts an encrypted column in a row. During operation, the system receives the encrypted column in the row. The system then determines a security domain associated with the encrypted column in the row, wherein the security domain represents a set of columns in rows encrypted using the same key. Next, the system determines a key associated with the security domain. The system then decrypts the encrypted column in the row using the key. Note that using a security domain to represent a set of columns in rows enables the database to grant access to data within the database at arbitrary levels of granularity.
摘要翻译：本发明的一个实施例提供一种解密一行中的加密列的系统。在操作期间，系统接收该行中的加密列。然后，系统确定与行中的加密列相关联的安全域，其中安全域表示使用相同密钥加密的行中的一组列。接下来，系统确定与安全域相关联的密钥。系统然后使用密钥解密行中的加密列。请注意，使用安全域来表示行中的一组列使数据库能够以任意级别的粒度为数据库内的数据授予访问权限。

4. 发明授权

US07228300B2 Caching the results of security policy functions 有权
标题翻译：缓存安全策略功能的结果
公开(公告)号：US07228300B2
公开(公告)日：2007-06-05
申请号：US10431972
申请日：2003-05-07
申请人： Chon Hei Lei , Daniel Manhung Wong
发明人： Chon Hei Lei , Daniel Manhung Wong
IPC分类号： G06F17/30
CPC分类号： G06F17/30471 , G06F17/3048 , G06F17/30528 , G06F21/6227 , Y10S707/955 , Y10S707/99933 , Y10S707/99934
摘要： A fine-grained access control mechanism uses policy functions that are associated with a database object (e.g. table and view). The policy functions are invoked, when, for example, a database server detects that a query is issued against the database object. The value of a policy function remains constant under certain conditions. For example, once a database server is brought up, the value of a policy function may remain the same. Users can specify the conditions under which the value of a policy function remain constant. Based on this information, when a policy function is computed while processing a query, the database server caches the value of the policy function. When processing another query that requires the value of the policy function, the database server retrieves the result from the cache rather than re-computing the policy function, as long as the condition under which the policy function remains constant persists.
摘要翻译：细粒度访问控制机制使用与数据库对象（例如表和视图）相关联的策略功能。当例如数据库服务器检测到针对数据库对象发出查询时，调用策略函数。在某些条件下，策略函数的值保持不变。例如，一旦数据库服务器被启动，策略功能的值可能保持不变。用户可以指定策略函数的值保持不变的条件。基于该信息，当处理查询时计算策略函数时，数据库服务器缓存策略函数的值。当处理需要策略功能值的另一个查询时，数据库服务器从缓存中检索结果，而不是重新计算策略函数，只要策略函数保持不变的条件保持不变即可。

5. 发明授权

US06578037B1 Partitioned access control to a database 有权
标题翻译：对数据库进行分区访问控制
公开(公告)号：US06578037B1
公开(公告)日：2003-06-10
申请号：US09589602
申请日：2000-06-07
申请人： Daniel Manhung Wong , Chon Hei Lei
发明人： Daniel Manhung Wong , Chon Hei Lei
IPC分类号： G06F1730
CPC分类号： G06F17/30471 , G06F17/30528 , G06F21/6227 , G06F2221/2141 , Y10S707/99939
摘要： Described is a technique for controlling access to data in a database system. Groups of security policies are established for a database schema object, such as a table or a view. A security policy reflects access rules for accessing the database schema object. Access to the database schema object is restricted based on security policy groups selected for the user. The security policy groups are selected based on information associated with a user that is maintained or accessed by the database system. A default security policy is established and used to restrict access of users accessing the database schema object. The information associated with the user contains an attribute that identifies a policy group. The database management system uses the attribute to select policy groups that restrict the user's access to the database scheme object. When the attribute does not identify any security policy group established for the database schema object, all security policies established for the database schema object are used to restrict access to the database schema object.
摘要翻译：描述了一种用于控制对数据库系统中的数据的访问的技术。为数据库模式对象（如表或视图）建立安全策略组。安全策略反映了访问数据库模式对象的访问规则。基于为用户选择的安全策略组，对数据库模式对象的访问受到限制。基于与由数据库系统维护或访问的用户相关联的信息来选择安全策略组。建立默认安全策略，并用于限制访问数据库模式对象的用户的访问。与用户相关联的信息包含标识策略组的属性。数据库管理系统使用该属性来选择限制用户对数据库方案对象的访问的策略组。当属性不标识为数据库模式对象建立的任何安全策略组时，为数据库模式对象建立的所有安全策略都用于限制对数据库模式对象的访问。

6. 发明授权

US10540508B2 Method and apparatus for securing a database configuration 有权
公开(公告)号：US10540508B2
公开(公告)日：2020-01-21
申请号：US12561461
申请日：2009-09-17
申请人： Ji-Won Byun , Chi Ching Chui , Daniel ManHung Wong , Chon Hei Lei
发明人： Ji-Won Byun , Chi Ching Chui , Daniel ManHung Wong , Chon Hei Lei
IPC分类号： G06F21/62
摘要： One embodiment of the present invention provides a system that secures a database configuration from undesired modifications. This system allows a security officer to issue a configuration-locking command, which activates a lock for the configuration of a database object. When a configuration lock is activated for a database object, the system prevents a user (e.g., a database administrator) from modifying the configuration of the database object, without restricting the user from accessing the database object itself. The security officer is a trusted user that is responsible for maintaining the stability of the database configuration, such that a configuration lock activated by the security officer preserves the database configuration by overriding the privileges assigned to a database administrator.

7. 发明授权

US07770006B2 Method and apparatus for authorizing a database operation 有权
标题翻译：用于授权数据库操作的方法和装置
公开(公告)号：US07770006B2
公开(公告)日：2010-08-03
申请号：US11139709
申请日：2005-05-26
申请人： Daniel ManHung Wong , MingKang Xu , Paul Youn , MinHank Ho , Chon Hei Lei
发明人： Daniel ManHung Wong , MingKang Xu , Paul Youn , MinHank Ho , Chon Hei Lei
IPC分类号： H04L9/32 , G06F21/00 , G06F17/30
CPC分类号： H04L9/085 , G06F21/6218 , G06F2221/2115 , Y10S707/99931
摘要： One embodiment of the present invention provides a system that authorizes a sensitive database operation. During operation, the system receives a request to perform a sensitive database operation. Note that, a sensitive database operation is an operation which, in the hands of a malicious user, poses a serious security threat. Next, the system determines a multiparty authorization requirement for the sensitive database operation, wherein the multiparty authorization requirement specifies a set of approvals required for authorizing the sensitive database operation. The system then sends approval requests to one or more approving parties based on the multiparty authorization requirement. Next, the system receives approvals for authorizing the sensitive database operation. The system then determines whether the approvals satisfy the multiparty authorization requirement. Next, if the approvals satisfy the multiparty authorization requirement, the system authorizes the sensitive database operation, thereby allowing the database to perform the sensitive database operation.
摘要翻译：本发明的一个实施例提供了授权敏感数据库操作的系统。在操作期间，系统接收到执行敏感数据库操作的请求。请注意，敏感数据库操作是在恶意用户手中造成严重安全威胁的操作。接下来，系统确定敏感数据库操作的多方授权要求，其中多方授权要求指定了授权敏感数据库操作所需的一组批准。系统然后根据多方授权要求向一个或多个批准方发出批准请求。接下来，系统接收授权敏感数据库操作的批准。然后，系统确定批准是否满足多方授权要求。接下来，如果批准满足多方授权要求，则系统授权敏感数据库操作，从而允许数据库执行敏感数据库操作。

8. 发明授权

US07310647B2 Column masking of tables 有权
标题翻译：列的列屏蔽
公开(公告)号：US07310647B2
公开(公告)日：2007-12-18
申请号：US10763583
申请日：2004-01-23
申请人： Chon Hei Lei , Daniel Manhung Wong , Thomas Keefe , Kristy Browder Edwards
发明人： Chon Hei Lei , Daniel Manhung Wong , Thomas Keefe , Kristy Browder Edwards
IPC分类号： G06F17/30
CPC分类号： G06F21/6227 , G06F17/30427 , G06F17/30483 , Y10S707/99942
摘要： Returning rows having column values masked is disclosed. In response to receiving a database command, a modified database command is created that specifies whether to mask a value by returning a mask of the value instead of the value.In an embodiment, the condition expression is included in a policy function that is referenced by a policy. In an embodiment, the policy determines how the condition expressions are used. The condition expression may be used to determine which column values to mask. The condition expression may also be used to filter which rows are returned.
摘要翻译：公开了具有屏蔽的列值的返回行。响应于接收到数据库命令，创建修改的数据库命令，该命令指定是否通过返回值的掩码而不是值来屏蔽值。在一个实施例中，条件表达式被包括在由策略引用的策略功能中。在一个实施例中，策略确定如何使用条件表达式。条件表达式可用于确定要屏蔽的列值。条件表达式也可用于过滤哪些行被返回。

9. 发明授权

US07117197B1 Selectively auditing accesses to rows within a relational database at a database server 有权
标题翻译：选择性地审计对数据库服务器上的关系数据库中的行的访问
公开(公告)号：US07117197B1
公开(公告)日：2006-10-03
申请号：US09559171
申请日：2000-04-26
申请人： Daniel ManHung Wong , Chon Hei Lei , Patrick F. Sack
发明人： Daniel ManHung Wong , Chon Hei Lei , Patrick F. Sack
IPC分类号： G06F17/30
CPC分类号： G06F17/30306 , Y10S707/99933
摘要： One embodiment of the present invention provides a system that selectively audits accesses to a relational database system. This system starts by receiving a query from a client at a database server. The system processes this query at the database server to produce a query result. The system also creates an audit record for rows in relational tables that are accessed by the query, and that satisfy an auditing condition. Next, the system records the audit record in an audit record store and returns the query result to the client. Integrating the auditing facility into the relational database system in this manner ensures that auditing is performed in the same way regardless of which application generates the query. Furthermore, this auditing is transparent to applications and users. In one embodiment of the present invention, the system additionally modifies the query so that processing the query causes the audit record to be created and recorded for rows in relational tables that are accessed by the query and that satisfy the auditing condition. In a variation on this embodiment, the auditing condition is associated with a table in the relational database system.
摘要翻译：本发明的一个实施例提供了一种选择性地审计对关系数据库系统的访问的系统。该系统从数据库服务器的客户端接收查询开始。该系统在数据库服务器处理此查询以产生查询结果。该系统还为查询中访问的关系表中的行创建审计记录，并满足审计条件。接下来，系统将审计记录记录在审计记录存储中，并将查询结果返回给客户端。以这种方式将审计工具集成到关系数据库系统中确保以相同的方式执行审计，而不管哪个应用程序生成查询。此外，这种审核对应用程序和用户是透明的。在本发明的一个实施例中，系统另外修改查询，使得处理查询导致为查询中访问并满足审计条件的关系表中的行创建和记录审计记录。在该实施例的变型中，审计条件与关系数据库系统中的表相关联。

10. 发明申请

US20110067084A1 METHOD AND APPARATUS FOR SECURING A DATABASE CONFIGURATION 审中-公开
标题翻译：用于保护数据库配置的方法和装置
公开(公告)号：US20110067084A1
公开(公告)日：2011-03-17
申请号：US12561461
申请日：2009-09-17
申请人： Ji-Won Byun , Chi Ching Chui , Daniel ManHung Wong , Chon Hei Lei
发明人： Ji-Won Byun , Chi Ching Chui , Daniel ManHung Wong , Chon Hei Lei
IPC分类号： G06F21/00 , G06F17/30
CPC分类号： G06F21/6209 , G06F16/217 , G06F16/2343
摘要： One embodiment of the present invention provides a system that secures a database configuration from undesired modifications. This system allows a security officer to issue a configuration-locking command, which activates a lock for the configuration of a database object. When a configuration lock is activated for a database object, the system prevents a user (e.g., a database administrator) from modifying the configuration of the database object, without restricting the user from accessing the database object itself. The security officer is a trusted user that is responsible for maintaining the stability of the database configuration, such that a configuration lock activated by the security officer preserves the database configuration by overriding the privileges assigned to a database administrator.
摘要翻译：本发明的一个实施例提供一种确保数据库配置免受不期望的修改的系统。该系统允许安全员发布配置锁定命令，该命令激活用于配置数据库对象的锁。当为数据库对象激活配置锁定时，系统防止用户（例如，数据库管理员）修改数据库对象的配置，而不会限制用户访问数据库对象本身。安全官员是一个值得信赖的用户，负责维护数据库配置的稳定性，使得由安全人员激活的配置锁定通过覆盖分配给数据库管理员的权限来保留数据库配置。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式