专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08549038B2 Pluggable session context 有权
标题翻译：可插拔会话上下文
公开(公告)号：US08549038B2
公开(公告)日：2013-10-01
申请号：US12484977
申请日：2009-06-15
申请人： Janaki Narasinghanallur , Min-Hank Ho , Eric Sedlar , Thomas Keefe , Chon Hei Lei , Vikram Pesati
发明人： Janaki Narasinghanallur , Min-Hank Ho , Eric Sedlar , Thomas Keefe , Chon Hei Lei , Vikram Pesati
IPC分类号： G06F21/00 , G06F7/00
CPC分类号： G06F17/30289 , G06F17/3056
摘要： A method and apparatus are described for sharing a session to access a database. A database server receives, in a session, a session context identifier and a command. The session context identifier identifies a session context to use for the session. The session context is a set of information or commands that plug into a session state and specify how commands in the session are to be performed for a particular user or privilege level. In response to receiving the identifier, the database server associates the session context with the database session for the connection. The database server uses the session context to process the command. The session context may then be detached from the session, allowing another user to attach to the session via another session context.
摘要翻译：描述了一种用于共享会话以访问数据库的方法和装置。数据库服务器在会话中接收会话上下文标识符和命令。会话上下文标识符标识用于会话的会话上下文。会话上下文是一组插入会话状态的信息或命令，并指定如何为特定用户或特权级别执行会话中的命令。响应于接收到标识符，数据库服务器将会话上下文与连接的数据库会话相关联。数据库服务器使用会话上下文来处理命令。然后会话上下文可以从会话分离，允许另一用户经由另一会话上下文附加到会话。

2. 发明申请

US20100318570A1 PLUGGABLE SESSION CONTEXT 有权
标题翻译：可插拔的会话背景
公开(公告)号：US20100318570A1
公开(公告)日：2010-12-16
申请号：US12484977
申请日：2009-06-15
申请人： Janaki Narasinghanallur , Min-Hank Ho , Eric Sedlar , Thomas Keefe , Chon Hei Lei , Vlkram Pesati
发明人： Janaki Narasinghanallur , Min-Hank Ho , Eric Sedlar , Thomas Keefe , Chon Hei Lei , Vlkram Pesati
IPC分类号： G06F12/14 , G06F17/30
CPC分类号： G06F17/30289 , G06F17/3056
摘要： A method and apparatus are described for sharing a session to access a database. A database server receives, in a session, a session context identifier and a command. The session context identifier identifies a session context to use for the session. The session context is a set of information or commands that plug into a session state and specify how commands in the session are to be performed for a particular user or privilege level. In response to receiving the identifier, the database server associates the session context with the database session for the connection. The database server uses the session context to process the command. The session context may then be detached from the session, allowing another user to attach to the session via another session context.
摘要翻译：描述了一种用于共享会话以访问数据库的方法和装置。数据库服务器在会话中接收会话上下文标识符和命令。会话上下文标识符标识用于会话的会话上下文。会话上下文是一组插入会话状态的信息或命令，并指定如何为特定用户或特权级别执行会话中的命令。响应于接收到标识符，数据库服务器将会话上下文与连接的数据库会话相关联。数据库服务器使用会话上下文来处理命令。然后会话上下文可以从会话分离，允许另一用户经由另一会话上下文附加到会话。

3. 发明授权

US07761704B2 Method and apparatus for expiring encrypted data 有权
标题翻译：用于到期加密数据的方法和装置
公开(公告)号：US07761704B2
公开(公告)日：2010-07-20
申请号：US11084346
申请日：2005-03-17
申请人： Min-Hank Ho , Daniel ManHung Wong , Chon Hei Lei , Thomas Keefe
发明人： Min-Hank Ho , Daniel ManHung Wong , Chon Hei Lei , Thomas Keefe
IPC分类号： H04L29/06
CPC分类号： H04N21/433 , H04L9/083 , H04L2209/56 , H04N5/913 , H04N7/165 , H04N21/4627 , H04N21/6543 , H04N21/8355 , H04N2005/91364 , Y10S707/99944
摘要： One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.
摘要翻译：本发明的一个实施例提供一种能够使加密数据过期的系统。在操作期间，系统接收包含对象标识信息的到期请求，该信息可用于标识包含加密数据的一组数据库对象，其中数据库对象可以是表，分区，行，或一列。此外，数据库对象可以具有到期时间，并且可以将其存储在通常用于使用比数据库使用的存储介质更慢但更便宜的存储介质来长时间存储大量数据的存档。然后，系统使用对象识别信息来标识用于加密数据的一组密钥。接下来，系统删除一组密钥，从而使加密数据过期。请注意，删除密钥集可确保安全密钥存储库不包含与过期的加密数据相关联的任何过时的密钥。

4. 发明授权

US07925023B2 Method and apparatus for managing cryptographic keys 有权
标题翻译：用于管理加密密钥的方法和装置
公开(公告)号：US07925023B2
公开(公告)日：2011-04-12
申请号：US11367812
申请日：2006-03-03
申请人： Paul Youn , Daniel ManHung Wong , Min-Hank Ho , Chon Hei Lei
发明人： Paul Youn , Daniel ManHung Wong , Min-Hank Ho , Chon Hei Lei
IPC分类号： H04L9/08
CPC分类号： H04L9/3234 , H04L9/083 , H04L9/3239 , H04L63/06 , H04L63/0807
摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.
摘要翻译：本发明的一个实施例提供一种用于管理密钥的系统。在运行期间，系统会在密钥管理器身份验证客户端。接下来，系统在密钥管理器处从客户端接收令牌，其中令牌与客户密钥相关联，并且包括令牌认证器。该令牌认证器包括认证器对的一半，用于确定客户端是客户密钥的所有者。接下来，系统使用主密钥解密令牌。然后，系统验证客户端认证器，客户端认证器包括用于确定客户端是否是客户密钥的所有者的认证器对的另一半。如果客户端是客户密钥的所有者，则系统将客户密钥发送给客户端，这使得客户端能够对数据进行加密/解密。最后，客户端删除客户密钥。

5. 发明授权

US10339336B2 Method and apparatus for encrypting database columns 有权
公开(公告)号：US10339336B2
公开(公告)日：2019-07-02
申请号：US10459811
申请日：2003-06-11
申请人： Chon Hei Lei , Thomas Keefe , Daniel M. Wong
发明人： Chon Hei Lei , Thomas Keefe , Daniel M. Wong
IPC分类号： G06F21/62
摘要： One embodiment of the present invention provides a system that facilitates encryption of data within a column of a database. The system operates by first receiving a command to perform a database operation. Next, the system parses the command to create a parse tree. The system then examines the parse tree to determine if a column referenced in the parse tree is an encrypted column. If a column referenced in the parse tree is an encrypted column, the system automatically transforms the command to include one or more cryptographic commands to facilitate accessing the encrypted column while performing the database operation.

6. 发明授权

US07310647B2 Column masking of tables 有权
标题翻译：列的列屏蔽
公开(公告)号：US07310647B2
公开(公告)日：2007-12-18
申请号：US10763583
申请日：2004-01-23
申请人： Chon Hei Lei , Daniel Manhung Wong , Thomas Keefe , Kristy Browder Edwards
发明人： Chon Hei Lei , Daniel Manhung Wong , Thomas Keefe , Kristy Browder Edwards
IPC分类号： G06F17/30
CPC分类号： G06F21/6227 , G06F17/30427 , G06F17/30483 , Y10S707/99942
摘要： Returning rows having column values masked is disclosed. In response to receiving a database command, a modified database command is created that specifies whether to mask a value by returning a mask of the value instead of the value.In an embodiment, the condition expression is included in a policy function that is referenced by a policy. In an embodiment, the policy determines how the condition expressions are used. The condition expression may be used to determine which column values to mask. The condition expression may also be used to filter which rows are returned.
摘要翻译：公开了具有屏蔽的列值的返回行。响应于接收到数据库命令，创建修改的数据库命令，该命令指定是否通过返回值的掩码而不是值来屏蔽值。在一个实施例中，条件表达式被包括在由策略引用的策略功能中。在一个实施例中，策略确定如何使用条件表达式。条件表达式可用于确定要屏蔽的列值。条件表达式也可用于过滤哪些行被返回。

7. 发明授权

US09886481B2 Query optimization on VPD protected columns 有权
公开(公告)号：US09886481B2
公开(公告)日：2018-02-06
申请号：US13278095
申请日：2011-10-20
申请人： Chon Hei Lei
发明人： Chon Hei Lei
IPC分类号： G06F17/30 , G06F21/62
CPC分类号： G06F17/30442 , G06F17/30389 , G06F17/30427 , G06F17/30448 , G06F21/6227
摘要： A method and apparatus for preserving optimization hints in a transformed query is provided. In one embodiment, the methodology is implemented by query optimization logic. Upon receiving a first query to access values in a column of a table protected by an access control policy, the query optimization logic creates a second query that is equivalent to the first query as subject to the access control policy. Furthermore, the second query contains a new predicate that conjunctively joins a clone of a first expression in a predicate of the first query with a second expression that is derived, based on the access control policy, from the first expression. In one embodiment, the query optimization logic submits the second query for execution.

8. 发明申请

US20100036846A1 METHOD AND SYSTEM FOR OPTIMIZING ROW LEVEL SECURITY IN DATABASE SYSTEMS 有权
标题翻译：用于优化数据库系统中的级别安全的方法和系统
公开(公告)号：US20100036846A1
公开(公告)日：2010-02-11
申请号：US12188675
申请日：2008-08-08
申请人： Mohammed Irfan Rafiq , Chon Hei Lei , Vikram Kapoor , Thomas F. Keefe , Nipun Agarwal , Thomas Baby , Sam Idicula , Vikram Reddy Pesati
发明人： Mohammed Irfan Rafiq , Chon Hei Lei , Vikram Kapoor , Thomas F. Keefe , Nipun Agarwal , Thomas Baby , Sam Idicula , Vikram Reddy Pesati
IPC分类号： G06F17/30
CPC分类号： G06F21/6218 , G06F17/30306 , G06F2221/2141
摘要： One embodiment of the present invention provides a system that implements a security policy in a database. During operation, the system receives a request associated with a set of objects in the database. Next, the system obtains a set of access control lists (ACLs) associated with the database, wherein a respective ACL specifies one or more access privileges associated with a user or user group, and wherein a respective ACLs is not specific to a particular object in the database. The system then evaluates the ACLs to obtain a set of ACL results associated with the request and processes the request by applying the set of ACL results to the objects without evaluating the ACLs repeatedly for each of the objects.
摘要翻译：本发明的一个实施例提供一种在数据库中实现安全策略的系统。在操作期间，系统接收与数据库中的一组对象相关联的请求。接下来，系统获得与数据库相关联的一组访问控制列表（ACL），其中相应的ACL指定与用户或用户组相关联的一个或多个访问权限，并且其中相应的ACL不是特定于特定对象的特定对象数据库。然后，系统评估ACL以获得与请求相关联的一组ACL结果，并通过将ACL集合应用于对象来处理请求，而不对每个对象重复地评估ACL。

9. 发明授权

US06578037B1 Partitioned access control to a database 有权
标题翻译：对数据库进行分区访问控制
公开(公告)号：US06578037B1
公开(公告)日：2003-06-10
申请号：US09589602
申请日：2000-06-07
申请人： Daniel Manhung Wong , Chon Hei Lei
发明人： Daniel Manhung Wong , Chon Hei Lei
IPC分类号： G06F1730
CPC分类号： G06F17/30471 , G06F17/30528 , G06F21/6227 , G06F2221/2141 , Y10S707/99939
摘要： Described is a technique for controlling access to data in a database system. Groups of security policies are established for a database schema object, such as a table or a view. A security policy reflects access rules for accessing the database schema object. Access to the database schema object is restricted based on security policy groups selected for the user. The security policy groups are selected based on information associated with a user that is maintained or accessed by the database system. A default security policy is established and used to restrict access of users accessing the database schema object. The information associated with the user contains an attribute that identifies a policy group. The database management system uses the attribute to select policy groups that restrict the user's access to the database scheme object. When the attribute does not identify any security policy group established for the database schema object, all security policies established for the database schema object are used to restrict access to the database schema object.
摘要翻译：描述了一种用于控制对数据库系统中的数据的访问的技术。为数据库模式对象（如表或视图）建立安全策略组。安全策略反映了访问数据库模式对象的访问规则。基于为用户选择的安全策略组，对数据库模式对象的访问受到限制。基于与由数据库系统维护或访问的用户相关联的信息来选择安全策略组。建立默认安全策略，并用于限制访问数据库模式对象的用户的访问。与用户相关联的信息包含标识策略组的属性。数据库管理系统使用该属性来选择限制用户对数据库方案对象的访问的策略组。当属性不标识为数据库模式对象建立的任何安全策略组时，为数据库模式对象建立的所有安全策略都用于限制对数据库模式对象的访问。

10. 发明授权

US06487552B1 Database fine-grained access control 有权
标题翻译：数据库细粒度访问控制
公开(公告)号：US06487552B1
公开(公告)日：2002-11-26
申请号：US09167092
申请日：1998-10-05
申请人： Chon Hei Lei , Douglas James McMahon
发明人： Chon Hei Lei , Douglas James McMahon
IPC分类号： G06F1730
CPC分类号： G06F17/30528 , G06F21/6227 , Y10S707/955 , Y10S707/966 , Y10S707/99932 , Y10S707/99933 , Y10S707/99934 , Y10S707/99935 , Y10S707/99939
摘要： A method and mechanism are provided for accessing data. Values are stored for a set of context attributes associated with a session between a database user and a database server. The database system includes an attribute setting mechanism that selectively restricts access to the set of context attributes based on a policy. During the session, the database server executes a query that contains a reference to one or more of the context attributes. For example, the query may contain a predicate that requires a comparison between a context attribute value and a constant. The database server processes the query based on current values of the one or more of the context attributes referenced in the query. A mechanism is also provided for dynamically attaching predicates to queries, where the predicates are attached based on a policy. For example, the database system detects that a query is issued against a database object. Prior to executing the query, a policy function associated with the database object is invoked. The policy function creates a modified query by selectively adding zero or more predicates to the query based on a policy associated with the database object. The modified query is then executed.
摘要翻译：提供了访问数据的方法和机制。存储与数据库用户和数据库服务器之间的会话相关联的一组上下文属性的值。数据库系统包括属性设置机制，其基于策略选择性地限制对该组上下文属性的访问。在会话期间，数据库服务器执行包含对一个或多个上下文属性的引用的查询。例如，查询可以包含需要在上下文属性值和常量之间进行比较的谓词。数据库服务器根据查询中引用的一个或多个上下文属性的当前值处理查询。还提供了一种机制，用于动态地将谓词附加到查询中，其中基于策略附加谓词。例如，数据库系统检测到针对数据库对象发出查询。在执行查询之前，调用与数据库对象关联的策略函数。策略函数通过根据与数据库对象相关联的策略选择性地向查询添加零个或多个谓词来创建修改的查询。然后执行修改后的查询。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式