专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20080019527A1 Method and apparatus for managing cryptographic keys 有权
标题翻译：用于管理加密密钥的方法和装置
公开(公告)号：US20080019527A1
公开(公告)日：2008-01-24
申请号：US11367812
申请日：2006-03-03
申请人： Paul Youn , Daniel Wong , Min-Hank Ho , Chon Lei
发明人： Paul Youn , Daniel Wong , Min-Hank Ho , Chon Lei
IPC分类号： H04L9/00
CPC分类号： H04L9/3234 , H04L9/083 , H04L9/3239 , H04L63/06 , H04L63/0807
摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.
摘要翻译：本发明的一个实施例提供一种用于管理密钥的系统。在运行期间，系统会在密钥管理器身份验证客户端。接下来，系统在密钥管理器处从客户端接收令牌，其中令牌与客户密钥相关联，并且包括令牌认证器。该令牌认证器包括认证器对的一半，用于确定客户端是客户密钥的所有者。接下来，系统使用主密钥解密令牌。然后，系统验证客户端认证器，客户端认证器包括用于确定客户端是否是客户密钥的所有者的认证器对的另一半。如果客户端是客户密钥的所有者，则系统将客户密钥发送给客户端，这使得客户端能够对数据进行加密/解密。最后，客户端删除客户密钥。

2. 发明申请

US20060288232A1 Method and apparatus for using an external security device to secure data in a database 有权
公开(公告)号：US20060288232A1
公开(公告)日：2006-12-21
申请号：US11156307
申请日：2005-06-16
申请人： Min-Hank Ho , Paul Youn , Daniel Wong , Chon Lei
发明人： Min-Hank Ho , Paul Youn , Daniel Wong , Chon Lei
IPC分类号： H04L9/00
CPC分类号： G06F21/6227 , G06F2221/2153 , H04L9/0822 , H04L9/0897
摘要： One embodiment of the present invention provides a system that facilitates using an external security device to secure data in a database without having to modify database applications. The system operates by receiving a request at the database to perform an encryption/decryption operation, wherein the encryption/decryption operation is performed with the assistance of the external security module in a manner that is transparent to database applications. In response to the request, the system passes a wrapped (encrypted) column key (a key used to encrypt data within the database) to an external security module, wherein the wrapped column key is a column key encrypted with a master key that exists only within the external security module. The system then unwraps (decrypts) the wrapped column key in the external security module to retrieve the column key. Next, the system returns the column key to the database. The system then performs an encryption/decryption operation on data in the database using the column key. Finally, the system erases the column key from memory in the database.

3. 发明申请

US20060210085A1 Method and apparatus for expiring encrypted data 有权
标题翻译：用于到期加密数据的方法和装置
公开(公告)号：US20060210085A1
公开(公告)日：2006-09-21
申请号：US11084346
申请日：2005-03-17
申请人： Min-Hank Ho , Daniel Wong , Chon Lei , Thomas Keefe
发明人： Min-Hank Ho , Daniel Wong , Chon Lei , Thomas Keefe
IPC分类号： H04N7/16 , H04L9/00 , H04L9/32 , G06F17/30 , G06F7/04 , G06K9/00 , H03M1/68 , H04K1/00
CPC分类号： H04N21/433 , H04L9/083 , H04L2209/56 , H04N5/913 , H04N7/165 , H04N21/4627 , H04N21/6543 , H04N21/8355 , H04N2005/91364 , Y10S707/99944
摘要： One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.
摘要翻译：本发明的一个实施例提供一种能够使加密数据过期的系统。在操作期间，系统接收包含对象标识信息的到期请求，该信息可用于标识包含加密数据的一组数据库对象，其中数据库对象可以是表，分区，行，或一列。此外，数据库对象可以具有到期时间，并且可以将其存储在通常用于使用比数据库使用的存储介质更慢但更便宜的存储介质来长时间存储大量数据的存档。然后，系统使用对象识别信息来标识用于加密数据的一组密钥。接下来，系统删除一组密钥，从而使加密数据过期。请注意，删除密钥集可确保安全密钥存储库不包含与过期的加密数据相关联的任何过时的密钥。

4. 发明申请

US20060047625A1 DBMS administration of secure stores 审中-公开
标题翻译： DBMS管理安全商店
公开(公告)号：US20060047625A1
公开(公告)日：2006-03-02
申请号：US10921416
申请日：2004-08-16
申请人： Min-Hank Ho , Daniel Wong , Thomas Keefe , Rama Vissapragada
发明人： Min-Hank Ho , Daniel Wong , Thomas Keefe , Rama Vissapragada
IPC分类号： G06F17/30
CPC分类号： G06F21/6227
摘要： Methods, systems, and machine-readable mediums are disclosed for administering secure stores using a database management system (DBMS). In one embodiment, the method comprises receiving, at a DBMS, a command to access a secure store. In response to the command, at least a portion of the contents are loaded into a memory structure.
摘要翻译：公开了用于使用数据库管理系统（DBMS）来管理安全存储的方法，系统和机器可读介质。在一个实施例中，该方法包括在DBMS处接收访问安全存储的命令。响应于该命令，内容的至少一部分被加载到存储器结构中。

5. 发明申请

US20050234932A1 Method and apparatus for facilitating secure centralized administration of databases 审中-公开
标题翻译：促进数据库安全集中管理的方法和装置
公开(公告)号：US20050234932A1
公开(公告)日：2005-10-20
申请号：US10822242
申请日：2004-04-08
申请人： Daniel Wong , Min-Hank Ho
发明人： Daniel Wong , Min-Hank Ho
IPC分类号： G06F7/00 , G06F17/30
CPC分类号： G06F16/21
摘要： One embodiment of the present invention provides a system that facilitates configuring a database. During operation, the system requests database configuration information from a directory server that stores configuration information for a plurality of database instances. In response to this request, the system receives the database configuration information, and configures the database in accordance with the database configuration information received from the directory server. This enables the database server to be configured without requiring manual configuration operations by a database administrator.
摘要翻译：本发明的一个实施例提供一种便于配置数据库的系统。在操作期间，系统从存储多个数据库实例的配置信息的目录服务器请求数据库配置信息。响应于该请求，系统接收数据库配置信息，并根据从目录服务器接收到的数据库配置信息配置数据库。这样可以配置数据库服务器，而不需要数据库管理员的手动配置操作。

6. 发明申请

US20060236104A1 Method and apparatus for encrypting and decrypting data in a database table 有权
标题翻译：用于在数据库表中加密和解密数据的方法和装置
公开(公告)号：US20060236104A1
公开(公告)日：2006-10-19
申请号：US11106181
申请日：2005-04-13
申请人： Daniel Wong , Chon Lei
发明人： Daniel Wong , Chon Lei
IPC分类号： H04L9/00
CPC分类号： G06F21/6227
摘要： One embodiment of the present invention provides a system that decrypts an encrypted column in a row. During operation, the system receives the encrypted column in the row. The system then determines a security domain associated with the encrypted column in the row, wherein the security domain represents a set of columns in rows encrypted using the same key. Next, the system determines a key associated with the security domain. The system then decrypts the encrypted column in the row using the key. Note that using a security domain to represent a set of columns in rows enables the database to grant access to data within the database at arbitrary levels of granularity.
摘要翻译：本发明的一个实施例提供一种解密一行中的加密列的系统。在操作期间，系统接收该行中的加密列。然后，系统确定与行中的加密列相关联的安全域，其中安全域表示使用相同密钥加密的行中的一组列。接下来，系统确定与安全域相关联的密钥。系统然后使用密钥解密行中的加密列。请注意，使用安全域来表示行中的一组列使数据库能够以任意级别的粒度为数据库内的数据授予访问权限。

7. 发明申请

US20050144176A1 Column masking of tables 有权
标题翻译：列的列屏蔽
公开(公告)号：US20050144176A1
公开(公告)日：2005-06-30
申请号：US10763583
申请日：2004-01-23
申请人： Chon Lei , Daniel Wong , Thomas Keefe , Kristy Edwards
发明人： Chon Lei , Daniel Wong , Thomas Keefe , Kristy Edwards
IPC分类号： G06F17/30 , G06F21/00 , G06F7/00
CPC分类号： G06F21/6227 , G06F17/30427 , G06F17/30483 , Y10S707/99942
摘要： Returning rows having column values masked is disclosed. In response to receiving a database command, a modified database command is created that specifies whether to mask a value by returning a mask of the value instead of the value. In an embodiment, the condition expression is included in a policy function that is referenced by a policy. In an embodiment, the policy determines how the condition expressions are used. The condition expression may be used to determine which column values to mask. The condition expression may also be used to filter which rows are returned.
摘要翻译：公开了具有屏蔽的列值的返回行。响应于接收到数据库命令，创建修改的数据库命令，该命令指定是否通过返回值的掩码而不是值来屏蔽值。在一个实施例中，条件表达式被包括在由策略引用的策略功能中。在一个实施例中，该策略确定如何使用条件表达式。条件表达式可用于确定要屏蔽的列值。条件表达式也可用于过滤哪些行被返回。

8. 发明申请

US20060271783A1 Method and apparatus for authorizing a database operation 有权
标题翻译：用于授权数据库操作的方法和装置
公开(公告)号：US20060271783A1
公开(公告)日：2006-11-30
申请号：US11139709
申请日：2005-05-26
申请人： Daniel Wong , MingKang Xu , Paul Youn , MinHank Ho , Chon Hei Lei
发明人： Daniel Wong , MingKang Xu , Paul Youn , MinHank Ho , Chon Hei Lei
IPC分类号： H04L9/00
CPC分类号： H04L9/085 , G06F21/6218 , G06F2221/2115 , Y10S707/99931
摘要： One embodiment of the present invention provides a system that authorizes a sensitive database operation. During operation, the system receives a request to perform a sensitive database operation. Note that, a sensitive database operation is an operation which, in the hands of a malicious user, poses a serious security threat. Next, the system determines a multiparty authorization requirement for the sensitive database operation, wherein the multiparty authorization requirement specifies a set of approvals required for authorizing the sensitive database operation. The system then sends approval requests to one or more approving parties based on the multiparty authorization requirement. Next, the system receives approvals for authorizing the sensitive database operation. The system then determines whether the approvals satisfy the multiparty authorization requirement. Next, if the approvals satisfy the multiparty authorization requirement, the system authorizes the sensitive database operation, thereby allowing the database to perform the sensitive database operation.
摘要翻译：本发明的一个实施例提供了授权敏感数据库操作的系统。在操作期间，系统接收到执行敏感数据库操作的请求。请注意，敏感数据库操作是在恶意用户手中造成严重安全威胁的操作。接下来，系统确定敏感数据库操作的多方授权要求，其中多方授权要求指定了授权敏感数据库操作所需的一组批准。系统然后根据多方授权要求向一个或多个批准方发出批准请求。接下来，系统接收授权敏感数据库操作的批准。然后，系统确定批准是否满足多方授权要求。接下来，如果批准满足多方授权要求，则系统授权敏感数据库操作，从而允许数据库执行敏感数据库操作。

9. 发明申请

US20070263868A1 Method and apparatus for securely executing a background process 有权
标题翻译：用于安全执行后台进程的方法和装置
公开(公告)号：US20070263868A1
公开(公告)日：2007-11-15
申请号：US11433592
申请日：2006-05-12
申请人： Paul Youn , Daniel Wong
发明人： Paul Youn , Daniel Wong
IPC分类号： H04K1/00
CPC分类号： H04L9/0827 , H04L63/061 , H04L63/145 , H04L2463/061
摘要： One embodiment of the present invention provides a system that enables a background process to access encrypted data. During operation, the system executes the background process. Next, the system obtains a set of unencrypted keys by decrypting a set of encrypted keys with a server-key. The system then makes the set of unencrypted keys available to the background process, thereby enabling the background process to encrypt and decrypt data. Finally, the system deletes the set of unencrypted keys.
摘要翻译：本发明的一个实施例提供一种能够使后台进程访问加密数据的系统。在运行期间，系统执行后台进程。接下来，系统通过使用服务器密钥解密一组加密密钥来获得一组未加密的密钥。该系统然后使一组未加密的密钥可用于后台进程，从而使后台进程能够加密和解密数据。最后，系统删除一组未加密的密钥。

10. 发明申请

US20070230704A1 Method and apparatus for managing cryptographic keys 有权
标题翻译：用于管理加密密钥的方法和装置
公开(公告)号：US20070230704A1
公开(公告)日：2007-10-04
申请号：US11398187
申请日：2006-04-04
申请人： Paul Youn , Daniel Wong
发明人： Paul Youn , Daniel Wong
IPC分类号： H04L9/00
CPC分类号： H04L9/0822 , H04L9/0891 , H04L63/0428 , H04L63/06 , H04L2463/062
摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system receives a request from a user at a database to encrypt/decrypt data at the database. In response to this request, the system sends a user-token to the user, wherein the user-token includes a user-key encrypted with a user-secret thereby enabling the user to decrypt the user-key with the user-secret. Next, the system receives the decrypted user-key from the user. The system then uses the user-key to encrypt/decrypt the data at the database. Finally, the system deletes the user-key at the database.
摘要翻译：本发明的一个实施例提供一种用于管理密钥的系统。在操作期间，系统从数据库接收来自用户的请求，以对数据库中的数据进行加密/解密。响应于该请求，系统向用户发送用户令牌，其中用户令牌包括用用户秘密加密的用户密钥，从而使用户能够以用户秘密解密用户密钥。接下来，系统从用户接收解密的用户密钥。然后，系统使用用户密钥对数据库中的数据进行加密/解密。最后，系统删除数据库中的用户密钥。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式