会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 2. 发明申请
    • Method and apparatus for expiring encrypted data
    • 用于到期加密数据的方法和装置
    • US20060210085A1
    • 2006-09-21
    • US11084346
    • 2005-03-17
    • Min-Hank HoDaniel WongChon LeiThomas Keefe
    • Min-Hank HoDaniel WongChon LeiThomas Keefe
    • H04N7/16H04L9/00H04L9/32G06F17/30G06F7/04G06K9/00H03M1/68H04K1/00
    • H04N21/433H04L9/083H04L2209/56H04N5/913H04N7/165H04N21/4627H04N21/6543H04N21/8355H04N2005/91364Y10S707/99944
    • One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.
    • 本发明的一个实施例提供一种能够使加密数据过期的系统。 在操作期间,系统接收包含对象标识信息的到期请求,该信息可用于标识包含加密数据的一组数据库对象,其中数据库对象可以是表,分区,行, 或一列。 此外,数据库对象可以具有到期时间,并且可以将其存储在通常用于使用比数据库使用的存储介质更慢但更便宜的存储介质来长时间存储大量数据的存档。 然后,系统使用对象识别信息来标识用于加密数据的一组密钥。 接下来,系统删除一组密钥,从而使加密数据过期。 请注意,删除密钥集可确保安全密钥存储库不包含与过期的加密数据相关联的任何过时的密钥。
    • 3. 发明授权
    • Pluggable session context
    • 可插拔会话上下文
    • US08549038B2
    • 2013-10-01
    • US12484977
    • 2009-06-15
    • Janaki NarasinghanallurMin-Hank HoEric SedlarThomas KeefeChon Hei LeiVikram Pesati
    • Janaki NarasinghanallurMin-Hank HoEric SedlarThomas KeefeChon Hei LeiVikram Pesati
    • G06F21/00G06F7/00
    • G06F17/30289G06F17/3056
    • A method and apparatus are described for sharing a session to access a database. A database server receives, in a session, a session context identifier and a command. The session context identifier identifies a session context to use for the session. The session context is a set of information or commands that plug into a session state and specify how commands in the session are to be performed for a particular user or privilege level. In response to receiving the identifier, the database server associates the session context with the database session for the connection. The database server uses the session context to process the command. The session context may then be detached from the session, allowing another user to attach to the session via another session context.
    • 描述了一种用于共享会话以访问数据库的方法和装置。 数据库服务器在会话中接收会话上下文标识符和命令。 会话上下文标识符标识用于会话的会话上下文。 会话上下文是一组插入会话状态的信息或命令,并指定如何为特定用户或特权级别执行会话中的命令。 响应于接收到标识符,数据库服务器将会话上下文与连接的数据库会话相关联。 数据库服务器使用会话上下文来处理命令。 然后会话上下文可以从会话分离,允许另一用户经由另一会话上下文附加到会话。
    • 6. 发明申请
    • TECHNIQUES FOR ENFORCING APPLICATION ENVIRONMENT BASED SECURITY POLICIES USING ROLE BASED ACCESS CONTROL
    • 使用基于角色的访问控制实施基于应用环境的安全策略的技术
    • US20110023082A1
    • 2011-01-27
    • US12508011
    • 2009-07-23
    • Janaki NarasinghanallurMin-Hank HoThomas KeefeEric SedlarChi Ching ChuiVikram Pesati
    • Janaki NarasinghanallurMin-Hank HoThomas KeefeEric SedlarChi Ching ChuiVikram Pesati
    • G06F17/00
    • G06F21/6218
    • An application platform examines, at runtime, various specified aspects of an application environment in which an application interacts with a user. Such examinations are made to determine a state for each of the various specified aspects. Further, the platform automatically activates particular application environment roles for the user depending on the result of the examinations. For example, an application environment role may be activated representing a particular detected mode of communication (e.g., encrypted network communications) or a particular detected manner of authentication (e.g., password authentication). Such activations are based on the detected states and specified states for the various specified aspects of the application environment. Such activations may occur in the context of an application attempting to perform an operation on an access controlled object on behalf of a user. Further, such activations may occur in the context of establishing or maintaining a user session for a user of an application.
    • 应用程序平台在运行时检查应用程序环境的各种指定方面,其中应用程序与用户交互。 进行这样的检查以确定各个指定方面中的每一个的状态。 此外,平台根据考试的结果自动激活用户的特定应用程序环境角色。 例如,可以激活表示特定检测到的通信模式(例如,加密的网络通信)或特定检测到的认证方式(例如,密码认证)的应用环境角色。 这种激活基于针对应用环境的各个指定方面的检测状态和指定状态。 这种激活可以在尝试代表用户对访问控制对象执行操作的应用程序的上下文中发生。 此外,这种激活可以在为应用的用户建立或维护用户会话的上下文中发生。
    • 7. 发明授权
    • Method and apparatus for expiring encrypted data
    • 用于到期加密数据的方法和装置
    • US07761704B2
    • 2010-07-20
    • US11084346
    • 2005-03-17
    • Min-Hank HoDaniel ManHung WongChon Hei LeiThomas Keefe
    • Min-Hank HoDaniel ManHung WongChon Hei LeiThomas Keefe
    • H04L29/06
    • H04N21/433H04L9/083H04L2209/56H04N5/913H04N7/165H04N21/4627H04N21/6543H04N21/8355H04N2005/91364Y10S707/99944
    • One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.
    • 本发明的一个实施例提供一种能够使加密数据过期的系统。 在操作期间,系统接收包含对象标识信息的到期请求,该信息可用于标识包含加密数据的一组数据库对象,其中数据库对象可以是表,分区,行, 或一列。 此外,数据库对象可以具有到期时间,并且可以将其存储在通常用于使用比数据库使用的存储介质更慢但更便宜的存储介质来长时间存储大量数据的存档。 然后,系统使用对象识别信息来标识用于加密数据的一组密钥。 接下来,系统删除一组密钥,从而使加密数据过期。 请注意,删除密钥集可确保安全密钥存储库不包含与过期的加密数据相关联的任何过时的密钥。
    • 8. 发明申请
    • Method and apparatus for managing cryptographic keys
    • 用于管理加密密钥的方法和装置
    • US20080019527A1
    • 2008-01-24
    • US11367812
    • 2006-03-03
    • Paul YounDaniel WongMin-Hank HoChon Lei
    • Paul YounDaniel WongMin-Hank HoChon Lei
    • H04L9/00
    • H04L9/3234H04L9/083H04L9/3239H04L63/06H04L63/0807
    • One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.
    • 本发明的一个实施例提供一种用于管理密钥的系统。 在运行期间,系统会在密钥管理器身份验证客户端。 接下来,系统在密钥管理器处从客户端接收令牌,其中令牌与客户密钥相关联,并且包括令牌认证器。 该令牌认证器包括认证器对的一半,用于确定客户端是客户密钥的所有者。 接下来,系统使用主密钥解密令牌。 然后,系统验证客户端认证器,客户端认证器包括用于确定客户端是否是客户密钥的所有者的认证器对的另一半。 如果客户端是客户密钥的所有者,则系统将客户密钥发送给客户端,这使得客户端能够对数据进行加密/解密。 最后,客户端删除客户密钥。