专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US07639819B2 Method and apparatus for using an external security device to secure data in a database 有权
标题翻译：使用外部安全设备来保护数据库中的数据的方法和装置
公开(公告)号：US07639819B2
公开(公告)日：2009-12-29
申请号：US11156307
申请日：2005-06-16
申请人： Min-Hank Ho , Paul Youn , Daniel ManHung Wong , Chon Lei
发明人： Min-Hank Ho , Paul Youn , Daniel ManHung Wong , Chon Lei
IPC分类号： H04L9/00
CPC分类号： G06F21/6227 , G06F2221/2153 , H04L9/0822 , H04L9/0897
摘要： One embodiment of the present invention provides a system that facilitates using an external security device to secure data in a database without having to modify database applications. The system operates by receiving a request at the database to perform an encryption/decryption operation, wherein the encryption/decryption operation is performed with the assistance of the external security module in a manner that is transparent to database applications. In response to the request, the system passes a wrapped (encrypted) column key (a key used to encrypt data within the database) to an external security module, wherein the wrapped column key is a column key encrypted with a master key that exists only within the external security module. The system then unwraps (decrypts) the wrapped column key in the external security module to retrieve the column key. Next, the system returns the column key to the database. The system then performs an encryption/decryption operation on data in the database using the column key. Finally, the system erases the column key from memory in the database.
摘要翻译：本发明的一个实施例提供一种便于使用外部安全设备来保护数据库中的数据而不必修改数据库应用的系统。该系统通过在数据库处接收请求来执行加密/解密操作，其中以对数据库应用是透明的方式在外部安全模块的帮助下执行加密/解密操作。响应于该请求，系统将包裹的（加密的）列密钥（用于将数据库内的数据加密的密钥）传递到外部安全模块，其中包装的列密钥是仅使用主密钥加密的列密钥在外部安全模块内。系统然后在外部安全模块中解包（解密）包装的列密钥以检索列密钥。接下来，系统将列键返回到数据库。然后，系统使用列键对数据库中的数据执行加密/解密操作。最后，系统从数据库中的内存中擦除列密钥。

2. 发明授权

US07925023B2 Method and apparatus for managing cryptographic keys 有权
标题翻译：用于管理加密密钥的方法和装置
公开(公告)号：US07925023B2
公开(公告)日：2011-04-12
申请号：US11367812
申请日：2006-03-03
申请人： Paul Youn , Daniel ManHung Wong , Min-Hank Ho , Chon Hei Lei
发明人： Paul Youn , Daniel ManHung Wong , Min-Hank Ho , Chon Hei Lei
IPC分类号： H04L9/08
CPC分类号： H04L9/3234 , H04L9/083 , H04L9/3239 , H04L63/06 , H04L63/0807
摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.
摘要翻译：本发明的一个实施例提供一种用于管理密钥的系统。在运行期间，系统会在密钥管理器身份验证客户端。接下来，系统在密钥管理器处从客户端接收令牌，其中令牌与客户密钥相关联，并且包括令牌认证器。该令牌认证器包括认证器对的一半，用于确定客户端是客户密钥的所有者。接下来，系统使用主密钥解密令牌。然后，系统验证客户端认证器，客户端认证器包括用于确定客户端是否是客户密钥的所有者的认证器对的另一半。如果客户端是客户密钥的所有者，则系统将客户密钥发送给客户端，这使得客户端能够对数据进行加密/解密。最后，客户端删除客户密钥。

3. 发明申请

US20080019527A1 Method and apparatus for managing cryptographic keys 有权
标题翻译：用于管理加密密钥的方法和装置
公开(公告)号：US20080019527A1
公开(公告)日：2008-01-24
申请号：US11367812
申请日：2006-03-03
申请人： Paul Youn , Daniel Wong , Min-Hank Ho , Chon Lei
发明人： Paul Youn , Daniel Wong , Min-Hank Ho , Chon Lei
IPC分类号： H04L9/00
CPC分类号： H04L9/3234 , H04L9/083 , H04L9/3239 , H04L63/06 , H04L63/0807
摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.
摘要翻译：本发明的一个实施例提供一种用于管理密钥的系统。在运行期间，系统会在密钥管理器身份验证客户端。接下来，系统在密钥管理器处从客户端接收令牌，其中令牌与客户密钥相关联，并且包括令牌认证器。该令牌认证器包括认证器对的一半，用于确定客户端是客户密钥的所有者。接下来，系统使用主密钥解密令牌。然后，系统验证客户端认证器，客户端认证器包括用于确定客户端是否是客户密钥的所有者的认证器对的另一半。如果客户端是客户密钥的所有者，则系统将客户密钥发送给客户端，这使得客户端能够对数据进行加密/解密。最后，客户端删除客户密钥。

4. 发明申请

US20060288232A1 Method and apparatus for using an external security device to secure data in a database 有权
公开(公告)号：US20060288232A1
公开(公告)日：2006-12-21
申请号：US11156307
申请日：2005-06-16
申请人： Min-Hank Ho , Paul Youn , Daniel Wong , Chon Lei
发明人： Min-Hank Ho , Paul Youn , Daniel Wong , Chon Lei
IPC分类号： H04L9/00
CPC分类号： G06F21/6227 , G06F2221/2153 , H04L9/0822 , H04L9/0897
摘要： One embodiment of the present invention provides a system that facilitates using an external security device to secure data in a database without having to modify database applications. The system operates by receiving a request at the database to perform an encryption/decryption operation, wherein the encryption/decryption operation is performed with the assistance of the external security module in a manner that is transparent to database applications. In response to the request, the system passes a wrapped (encrypted) column key (a key used to encrypt data within the database) to an external security module, wherein the wrapped column key is a column key encrypted with a master key that exists only within the external security module. The system then unwraps (decrypts) the wrapped column key in the external security module to retrieve the column key. Next, the system returns the column key to the database. The system then performs an encryption/decryption operation on data in the database using the column key. Finally, the system erases the column key from memory in the database.

5. 发明授权

US08234694B2 Method and apparatus for re-establishing communication between a client and a server 有权
标题翻译：用于重建客户端和服务器之间的通信的方法和装置
公开(公告)号：US08234694B2
公开(公告)日：2012-07-31
申请号：US11298775
申请日：2005-12-09
申请人： Paul Youn , Daniel ManHung Wong
发明人： Paul Youn , Daniel ManHung Wong
IPC分类号： H04L29/06
CPC分类号： H04L63/0846 , H04L63/0428
摘要： One embodiment of the present invention provides a system that re-establishes communication between a client and a server after an unexpected termination of communication. During operation, the system receives a request from the client at the server to re-establish communication between the client and the server, wherein the request includes a temporary credential. If the temporary credential is valid, the system temporarily re-establishes communication between the client and the server, until the client can be re-authenticated with a permanent credential.
摘要翻译：本发明的一个实施例提供一种在意外终止通信之后重新建立客户端与服务器之间的通信的系统。在操作期间，系统从服务器处的客户端接收请求，以重新建立客户端与服务器之间的通信，其中请求包括临时证书。如果临时凭证有效，则系统会暂时重新建立客户端与服务器之间的通信，直到客户端可以通过永久凭证进行重新身份验证。

6. 发明授权

US07751570B2 Method and apparatus for managing cryptographic keys 有权
标题翻译：用于管理加密密钥的方法和装置
公开(公告)号：US07751570B2
公开(公告)日：2010-07-06
申请号：US11398187
申请日：2006-04-04
申请人： Paul Youn , Daniel ManHung Wong
发明人： Paul Youn , Daniel ManHung Wong
IPC分类号： H04L9/08 , H04L9/00 , H04L9/32
CPC分类号： H04L9/0822 , H04L9/0891 , H04L63/0428 , H04L63/06 , H04L2463/062
摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system receives a request from a user at a database to encrypt/decrypt data at the database. In response to this request, the system sends a user-token to the user, wherein the user-token includes a user-key encrypted with a user-secret thereby enabling the user to decrypt the user-key with the user-secret. Next, the system receives the decrypted user-key from the user. The system then uses the user-key to encrypt/decrypt the data at the database. Finally, the system deletes the user-key at the database.
摘要翻译：本发明的一个实施例提供一种用于管理密钥的系统。在操作期间，系统从数据库接收来自用户的请求，以对数据库中的数据进行加密/解密。响应于该请求，系统向用户发送用户令牌，其中用户令牌包括用用户秘密加密的用户密钥，从而使用户能够以用户秘密解密用户密钥。接下来，系统从用户接收解密的用户密钥。然后，系统使用用户密钥对数据库中的数据进行加密/解密。最后，系统删除数据库中的用户密钥。

7. 发明授权

US08375224B2 Data masking with an encrypted seed 有权
标题翻译：使用加密的种子进行数据屏蔽
公开(公告)号：US08375224B2
公开(公告)日：2013-02-12
申请号：US12616127
申请日：2009-11-10
申请人： Paul Youn , Daniel ManHung Wong
发明人： Paul Youn , Daniel ManHung Wong
IPC分类号： G06F21/00
CPC分类号： G06F21/6218
摘要： A method and apparatus is provided for generating a masked value from a cryptographically transformed value by using the cryptographically transformed value as a random seed, without decrypting the cryptographically transformed value. A query is evaluated against a set of data to produce a result. The result may be cryptographically transformed or unencrypted. If the result is unencrypted, the result may be cryptographically transformed to produce a random seed. If the result is already cryptographically transformed, then the result is used as the random seed. The random seed is used to generate a masked value, without decrypting the cryptographically transformed random seed value. The masked value conforms to a particular data characteristic such as a data format or a data type, which may be determined from metadata stored in a database, received with a query, or gleaned from unencrypted data. The masked value is returned as a result of the query.
摘要翻译：提供了一种方法和装置，用于通过使用加密变换的值作为随机种子从密码变换的值生成掩蔽值，而不对密码变换的值进行解密。对一组数据进行查询以产生结果。结果可能是加密转换或未加密的。如果结果未被加密，则结果可能被加密地转换以产生随机种子。如果结果已被加密地转换，则结果被用作随机种子。随机种子用于生成掩蔽值，而不对密码变换的随机种子值进行解密。掩蔽值符合诸如数据格式或数据类型的特定数据特征，其可以从存储在数据库中的元数据中，通过查询接收到的元数据确定，或从未加密的数据中收集。作为查询的结果返回被屏蔽的值。

8. 发明授权

US07694154B2 Method and apparatus for securely executing a background process 有权
标题翻译：用于安全执行后台进程的方法和装置
公开(公告)号：US07694154B2
公开(公告)日：2010-04-06
申请号：US11433592
申请日：2006-05-12
申请人： Paul Youn , Daniel ManHung Wong
发明人： Paul Youn , Daniel ManHung Wong
IPC分类号： H04L9/14 , H04L29/06
CPC分类号： H04L9/0827 , H04L63/061 , H04L63/145 , H04L2463/061
摘要： One embodiment of the present invention provides a system that enables a background process to access encrypted data. During operation, the system executes the background process. Next, the system obtains a set of unencrypted keys by decrypting a set of encrypted keys with a server-key. The system then makes the set of unencrypted keys available to the background process, thereby enabling the background process to encrypt and decrypt data. Finally, the system deletes the set of unencrypted keys.
摘要翻译：本发明的一个实施例提供一种能够使后台进程访问加密数据的系统。在运行期间，系统执行后台进程。接下来，系统通过使用服务器密钥解密一组加密密钥来获得一组未加密的密钥。该系统然后使一组未加密的密钥可用于后台进程，从而使后台进程能够加密和解密数据。最后，系统删除一组未加密的密钥。

9. 发明申请

US20080232592A1 Method and apparatus for performing selective encryption/decryption in a data storage system 有权
标题翻译：用于在数据存储系统中执行选择性加密/解密的方法和装置
公开(公告)号：US20080232592A1
公开(公告)日：2008-09-25
申请号：US11726428
申请日：2007-03-21
申请人： Adam Y. Lee , Varun Malhotra , Daniel ManHung Wong , Tirthankar Lahiri , Kiran Goyal , Juan R. Loaiza , Paul Youn
发明人： Adam Y. Lee , Varun Malhotra , Daniel ManHung Wong , Tirthankar Lahiri , Kiran Goyal , Juan R. Loaiza , Paul Youn
IPC分类号： H04L9/00
CPC分类号： H04L9/0894
摘要： One embodiment of the present invention provides a system for performing selective encryption/decryption in a data storage system. During operation, the system receives a data block from a storage medium at an input/output layer, wherein the input/output layer serves as an interface between the storage medium and a buffer cache. Next, the system determines whether the data block is an encrypted data block. If not, the system stores the data block in the buffer cache. Otherwise, if the data block is an encrypted data block, the system retrieves a storage-key, wherein the storage-key is associated with a subset of storage, which is associated with the encrypted data block. Using the storage-key, the system then decrypts the encrypted data block to produce a decrypted data block. Finally, the system stores the decrypted data block in the buffer cache, wherein the data block remains encrypted in the storage medium.
摘要翻译：本发明的一个实施例提供一种用于在数据存储系统中执行选择性加密/解密的系统。在操作期间，系统在输入/输出层从存储介质接收数据块，其中输入/输出层用作存储介质和缓冲器高速缓存之间的接口。接下来，系统确定数据块是否是加密数据块。如果没有，系统将数据块存储在缓冲区高速缓存中。否则，如果数据块是加密数据块，则系统检索存储密钥，其中存储密钥与与加密数据块相关联的存储子集相关联。使用存储密钥，系统然后解密加密的数据块以产生解密的数据块。最后，系统将解密的数据块存储在缓冲器高速缓存中，其中数据块在存储介质中保持加密。

10. 发明申请

US20110113050A1 DATA MASKING WITH AN ENCRYPTED SEED 有权
标题翻译：数据用加密种子进行掩蔽
公开(公告)号：US20110113050A1
公开(公告)日：2011-05-12
申请号：US12616127
申请日：2009-11-10
申请人： Paul Youn , Daniel ManHung Wong
发明人： Paul Youn , Daniel ManHung Wong
IPC分类号： G06F17/30 , G06F7/00
CPC分类号： G06F21/6218
摘要： A method and apparatus is provided for generating a masked value from a cryptographically transformed value by using the cryptographically transformed value as a random seed, without decrypting the cryptographically transformed value. A query is evaluated against a set of data to produce a result. The result may be cryptographically transformed or unencrypted. If the result is unencrypted, the result may be cryptographically transformed to produce a random seed. If the result is already cryptographically transformed, then the result is used as the random seed. The random seed is used to generate a masked value, without decrypting the cryptographically transformed random seed value. The masked value conforms to a particular data characteristic such as a data format or a data type, which may be determined from metadata stored in a database, received with a query, or gleaned from unencrypted data. The masked value is returned as a result of the query.
摘要翻译：提供了一种方法和装置，用于通过使用加密变换的值作为随机种子从密码变换的值生成掩蔽值，而不对密码变换的值进行解密。对一组数据进行查询以产生结果。结果可能是加密转换或未加密的。如果结果未被加密，则结果可能被加密地转换以产生随机种子。如果结果已被加密地转换，则结果被用作随机种子。随机种子用于生成掩蔽值，而不对密码变换的随机种子值进行解密。掩蔽值符合诸如数据格式或数据类型的特定数据特征，其可以从存储在数据库中的元数据中，通过查询接收到的元数据确定，或从未加密的数据中收集。作为查询的结果返回被屏蔽的值。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式