专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07639819B2 Method and apparatus for using an external security device to secure data in a database 有权
标题翻译：使用外部安全设备来保护数据库中的数据的方法和装置
公开(公告)号：US07639819B2
公开(公告)日：2009-12-29
申请号：US11156307
申请日：2005-06-16
申请人： Min-Hank Ho , Paul Youn , Daniel ManHung Wong , Chon Lei
发明人： Min-Hank Ho , Paul Youn , Daniel ManHung Wong , Chon Lei
IPC分类号： H04L9/00
CPC分类号： G06F21/6227 , G06F2221/2153 , H04L9/0822 , H04L9/0897
摘要： One embodiment of the present invention provides a system that facilitates using an external security device to secure data in a database without having to modify database applications. The system operates by receiving a request at the database to perform an encryption/decryption operation, wherein the encryption/decryption operation is performed with the assistance of the external security module in a manner that is transparent to database applications. In response to the request, the system passes a wrapped (encrypted) column key (a key used to encrypt data within the database) to an external security module, wherein the wrapped column key is a column key encrypted with a master key that exists only within the external security module. The system then unwraps (decrypts) the wrapped column key in the external security module to retrieve the column key. Next, the system returns the column key to the database. The system then performs an encryption/decryption operation on data in the database using the column key. Finally, the system erases the column key from memory in the database.
摘要翻译：本发明的一个实施例提供一种便于使用外部安全设备来保护数据库中的数据而不必修改数据库应用的系统。该系统通过在数据库处接收请求来执行加密/解密操作，其中以对数据库应用是透明的方式在外部安全模块的帮助下执行加密/解密操作。响应于该请求，系统将包裹的（加密的）列密钥（用于将数据库内的数据加密的密钥）传递到外部安全模块，其中包装的列密钥是仅使用主密钥加密的列密钥在外部安全模块内。系统然后在外部安全模块中解包（解密）包装的列密钥以检索列密钥。接下来，系统将列键返回到数据库。然后，系统使用列键对数据库中的数据执行加密/解密操作。最后，系统从数据库中的内存中擦除列密钥。

2. 发明授权

US07925023B2 Method and apparatus for managing cryptographic keys 有权
标题翻译：用于管理加密密钥的方法和装置
公开(公告)号：US07925023B2
公开(公告)日：2011-04-12
申请号：US11367812
申请日：2006-03-03
申请人： Paul Youn , Daniel ManHung Wong , Min-Hank Ho , Chon Hei Lei
发明人： Paul Youn , Daniel ManHung Wong , Min-Hank Ho , Chon Hei Lei
IPC分类号： H04L9/08
CPC分类号： H04L9/3234 , H04L9/083 , H04L9/3239 , H04L63/06 , H04L63/0807
摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.
摘要翻译：本发明的一个实施例提供一种用于管理密钥的系统。在运行期间，系统会在密钥管理器身份验证客户端。接下来，系统在密钥管理器处从客户端接收令牌，其中令牌与客户密钥相关联，并且包括令牌认证器。该令牌认证器包括认证器对的一半，用于确定客户端是客户密钥的所有者。接下来，系统使用主密钥解密令牌。然后，系统验证客户端认证器，客户端认证器包括用于确定客户端是否是客户密钥的所有者的认证器对的另一半。如果客户端是客户密钥的所有者，则系统将客户密钥发送给客户端，这使得客户端能够对数据进行加密/解密。最后，客户端删除客户密钥。

3. 发明申请

US20080019527A1 Method and apparatus for managing cryptographic keys 有权
标题翻译：用于管理加密密钥的方法和装置
公开(公告)号：US20080019527A1
公开(公告)日：2008-01-24
申请号：US11367812
申请日：2006-03-03
申请人： Paul Youn , Daniel Wong , Min-Hank Ho , Chon Lei
发明人： Paul Youn , Daniel Wong , Min-Hank Ho , Chon Lei
IPC分类号： H04L9/00
CPC分类号： H04L9/3234 , H04L9/083 , H04L9/3239 , H04L63/06 , H04L63/0807
摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.
摘要翻译：本发明的一个实施例提供一种用于管理密钥的系统。在运行期间，系统会在密钥管理器身份验证客户端。接下来，系统在密钥管理器处从客户端接收令牌，其中令牌与客户密钥相关联，并且包括令牌认证器。该令牌认证器包括认证器对的一半，用于确定客户端是客户密钥的所有者。接下来，系统使用主密钥解密令牌。然后，系统验证客户端认证器，客户端认证器包括用于确定客户端是否是客户密钥的所有者的认证器对的另一半。如果客户端是客户密钥的所有者，则系统将客户密钥发送给客户端，这使得客户端能够对数据进行加密/解密。最后，客户端删除客户密钥。

4. 发明申请

US20060288232A1 Method and apparatus for using an external security device to secure data in a database 有权
公开(公告)号：US20060288232A1
公开(公告)日：2006-12-21
申请号：US11156307
申请日：2005-06-16
申请人： Min-Hank Ho , Paul Youn , Daniel Wong , Chon Lei
发明人： Min-Hank Ho , Paul Youn , Daniel Wong , Chon Lei
IPC分类号： H04L9/00
CPC分类号： G06F21/6227 , G06F2221/2153 , H04L9/0822 , H04L9/0897
摘要： One embodiment of the present invention provides a system that facilitates using an external security device to secure data in a database without having to modify database applications. The system operates by receiving a request at the database to perform an encryption/decryption operation, wherein the encryption/decryption operation is performed with the assistance of the external security module in a manner that is transparent to database applications. In response to the request, the system passes a wrapped (encrypted) column key (a key used to encrypt data within the database) to an external security module, wherein the wrapped column key is a column key encrypted with a master key that exists only within the external security module. The system then unwraps (decrypts) the wrapped column key in the external security module to retrieve the column key. Next, the system returns the column key to the database. The system then performs an encryption/decryption operation on data in the database using the column key. Finally, the system erases the column key from memory in the database.

5. 发明授权

US07761704B2 Method and apparatus for expiring encrypted data 有权
标题翻译：用于到期加密数据的方法和装置
公开(公告)号：US07761704B2
公开(公告)日：2010-07-20
申请号：US11084346
申请日：2005-03-17
申请人： Min-Hank Ho , Daniel ManHung Wong , Chon Hei Lei , Thomas Keefe
发明人： Min-Hank Ho , Daniel ManHung Wong , Chon Hei Lei , Thomas Keefe
IPC分类号： H04L29/06
CPC分类号： H04N21/433 , H04L9/083 , H04L2209/56 , H04N5/913 , H04N7/165 , H04N21/4627 , H04N21/6543 , H04N21/8355 , H04N2005/91364 , Y10S707/99944
摘要： One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.
摘要翻译：本发明的一个实施例提供一种能够使加密数据过期的系统。在操作期间，系统接收包含对象标识信息的到期请求，该信息可用于标识包含加密数据的一组数据库对象，其中数据库对象可以是表，分区，行，或一列。此外，数据库对象可以具有到期时间，并且可以将其存储在通常用于使用比数据库使用的存储介质更慢但更便宜的存储介质来长时间存储大量数据的存档。然后，系统使用对象识别信息来标识用于加密数据的一组密钥。接下来，系统删除一组密钥，从而使加密数据过期。请注意，删除密钥集可确保安全密钥存储库不包含与过期的加密数据相关联的任何过时的密钥。

6. 发明申请

US20060210085A1 Method and apparatus for expiring encrypted data 有权
标题翻译：用于到期加密数据的方法和装置
公开(公告)号：US20060210085A1
公开(公告)日：2006-09-21
申请号：US11084346
申请日：2005-03-17
申请人： Min-Hank Ho , Daniel Wong , Chon Lei , Thomas Keefe
发明人： Min-Hank Ho , Daniel Wong , Chon Lei , Thomas Keefe
IPC分类号： H04N7/16 , H04L9/00 , H04L9/32 , G06F17/30 , G06F7/04 , G06K9/00 , H03M1/68 , H04K1/00
CPC分类号： H04N21/433 , H04L9/083 , H04L2209/56 , H04N5/913 , H04N7/165 , H04N21/4627 , H04N21/6543 , H04N21/8355 , H04N2005/91364 , Y10S707/99944
摘要： One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.
摘要翻译：本发明的一个实施例提供一种能够使加密数据过期的系统。在操作期间，系统接收包含对象标识信息的到期请求，该信息可用于标识包含加密数据的一组数据库对象，其中数据库对象可以是表，分区，行，或一列。此外，数据库对象可以具有到期时间，并且可以将其存储在通常用于使用比数据库使用的存储介质更慢但更便宜的存储介质来长时间存储大量数据的存档。然后，系统使用对象识别信息来标识用于加密数据的一组密钥。接下来，系统删除一组密钥，从而使加密数据过期。请注意，删除密钥集可确保安全密钥存储库不包含与过期的加密数据相关联的任何过时的密钥。

7. 发明授权

US08762406B2 Real-time data redaction in a database management system 有权
标题翻译：数据库管理系统中的实时数据编辑
公开(公告)号：US08762406B2
公开(公告)日：2014-06-24
申请号：US13309466
申请日：2011-12-01
申请人： Min-Hank Ho , Javed Samuel , Peter Knaggs , Dah-Yoh Lim , Paul Youn
发明人： Min-Hank Ho , Javed Samuel , Peter Knaggs , Dah-Yoh Lim , Paul Youn
IPC分类号： G06F17/30
CPC分类号： G06F17/30498 , G06F17/30554
摘要： A database server receives a data request from a client. In response to the data request, the database server selects, from a database, actual data that satisfies criteria specified by the data request. The database server retrieves the selected actual data from the database. Also in response to the data request, the database server redacts the retrieved data in real time without modifying the actual data contained within the database. This may be accomplished by the prior insertion of masking operators into a top SELECT clause of a query representation generated during semantic analysis. The database server returns the redacted data to the client as a reply to the data request.
摘要翻译：数据库服务器从客户端接收数据请求。响应于数据请求，数据库服务器从数据库中选择满足由数据请求指定的标准的实际数据。数据库服务器从数据库中检索选定的实际数据。另外响应于数据请求，数据库服务器实时地对检索到的数据进行重新编辑，而无需修改数据库中包含的实际数据。这可以通过先前将掩码运算符插入到在语义分析期间生成的查询表达式的顶部SELECT子句中来实现。数据库服务器将编辑的数据作为对数据请求的回复返回给客户端。

8. 发明申请

US20130144901A1 REAL-TIME DATA REDACTION IN A DATABASE MANAGEMENT SYSTEM 有权
标题翻译：数据库管理系统中的实时数据删除
公开(公告)号：US20130144901A1
公开(公告)日：2013-06-06
申请号：US13309466
申请日：2011-12-01
申请人： Min-Hank Ho , Javed Samuel , Peter Knaggs , Dah-Yoh Lim , Paul Youn
发明人： Min-Hank Ho , Javed Samuel , Peter Knaggs , Dah-Yoh Lim , Paul Youn
IPC分类号： G06F17/30
CPC分类号： G06F17/30498 , G06F17/30554
摘要： A database server receives a data request from a client. In response to the data request, the database server selects, from a database, actual data that satisfies criteria specified by the data request. The database server retrieves the selected actual data from the database. Also in response to the data request, the database server redacts the retrieved data in real time without modifying the actual data contained within the database. This may be accomplished by the prior insertion of masking operators into a top SELECT clause of a query representation generated during semantic analysis. The database server returns the redacted data to the client as a reply to the data request.
摘要翻译：数据库服务器从客户端接收数据请求。响应于数据请求，数据库服务器从数据库中选择满足由数据请求指定的标准的实际数据。数据库服务器从数据库中检索选定的实际数据。另外响应于数据请求，数据库服务器实时地对检索到的数据进行重新编辑，而无需修改数据库中包含的实际数据。这可以通过先前将掩码运算符插入到在语义分析期间生成的查询表达式的顶部SELECT子句中来实现。数据库服务器将编辑的数据作为对数据请求的回复返回给客户端。

9. 发明授权

US08549038B2 Pluggable session context 有权
标题翻译：可插拔会话上下文
公开(公告)号：US08549038B2
公开(公告)日：2013-10-01
申请号：US12484977
申请日：2009-06-15
申请人： Janaki Narasinghanallur , Min-Hank Ho , Eric Sedlar , Thomas Keefe , Chon Hei Lei , Vikram Pesati
发明人： Janaki Narasinghanallur , Min-Hank Ho , Eric Sedlar , Thomas Keefe , Chon Hei Lei , Vikram Pesati
IPC分类号： G06F21/00 , G06F7/00
CPC分类号： G06F17/30289 , G06F17/3056
摘要： A method and apparatus are described for sharing a session to access a database. A database server receives, in a session, a session context identifier and a command. The session context identifier identifies a session context to use for the session. The session context is a set of information or commands that plug into a session state and specify how commands in the session are to be performed for a particular user or privilege level. In response to receiving the identifier, the database server associates the session context with the database session for the connection. The database server uses the session context to process the command. The session context may then be detached from the session, allowing another user to attach to the session via another session context.
摘要翻译：描述了一种用于共享会话以访问数据库的方法和装置。数据库服务器在会话中接收会话上下文标识符和命令。会话上下文标识符标识用于会话的会话上下文。会话上下文是一组插入会话状态的信息或命令，并指定如何为特定用户或特权级别执行会话中的命令。响应于接收到标识符，数据库服务器将会话上下文与连接的数据库会话相关联。数据库服务器使用会话上下文来处理命令。然后会话上下文可以从会话分离，允许另一用户经由另一会话上下文附加到会话。

10. 发明申请

US20100318570A1 PLUGGABLE SESSION CONTEXT 有权
标题翻译：可插拔的会话背景
公开(公告)号：US20100318570A1
公开(公告)日：2010-12-16
申请号：US12484977
申请日：2009-06-15
申请人： Janaki Narasinghanallur , Min-Hank Ho , Eric Sedlar , Thomas Keefe , Chon Hei Lei , Vlkram Pesati
发明人： Janaki Narasinghanallur , Min-Hank Ho , Eric Sedlar , Thomas Keefe , Chon Hei Lei , Vlkram Pesati
IPC分类号： G06F12/14 , G06F17/30
CPC分类号： G06F17/30289 , G06F17/3056
摘要： A method and apparatus are described for sharing a session to access a database. A database server receives, in a session, a session context identifier and a command. The session context identifier identifies a session context to use for the session. The session context is a set of information or commands that plug into a session state and specify how commands in the session are to be performed for a particular user or privilege level. In response to receiving the identifier, the database server associates the session context with the database session for the connection. The database server uses the session context to process the command. The session context may then be detached from the session, allowing another user to attach to the session via another session context.
摘要翻译：描述了一种用于共享会话以访问数据库的方法和装置。数据库服务器在会话中接收会话上下文标识符和命令。会话上下文标识符标识用于会话的会话上下文。会话上下文是一组插入会话状态的信息或命令，并指定如何为特定用户或特权级别执行会话中的命令。响应于接收到标识符，数据库服务器将会话上下文与连接的数据库会话相关联。数据库服务器使用会话上下文来处理命令。然后会话上下文可以从会话分离，允许另一用户经由另一会话上下文附加到会话。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式