专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20090144804A1 METHOD AND APPARATUS TO SUPPORT PRIVILEGES AT MULTIPLE LEVELS OF AUTHENTICATION USING A CONSTRAINING ACL 有权
标题翻译：使用约束ACL在多个级别的认证中支持特权的方法和装置
公开(公告)号：US20090144804A1
公开(公告)日：2009-06-04
申请号：US11947235
申请日：2007-11-29
申请人： Sam Idicula , Thomas Keefe , Mohammed Irfan Rafiq , Tanvir Ahmed , Vikram Pesati , Nipun Agarwal
发明人： Sam Idicula , Thomas Keefe , Mohammed Irfan Rafiq , Tanvir Ahmed , Vikram Pesati , Nipun Agarwal
IPC分类号： H04L9/32
CPC分类号： G06F21/6218 , G06F2221/2141
摘要： Embodiments of the present invention provide systems and techniques for creating, updating, and using an ACL (access control list). A database system may include a constraining ACL which represents a global security policy that is to be applied to all applications that interact with the database. By ensuring that all ACLs inherit from the constraining ACL, the database system can ensure that the global security policy is applied to all applications that interact with the database. During operation, the system may receive a request to create or update an ACL. Before creating or updating the ACL, the system may modify the ACL to ensure that it inherits from the constraining ACL. In an embodiment, the system grants a privilege to a user only if both the ACL and the constraining ACL grant the privilege.
摘要翻译：本发明的实施例提供了用于创建，更新和使用ACL（访问控制列表）的系统和技术。数据库系统可以包括约束ACL，其表示要应用于与数据库交互的所有应用的全局安全策略。通过确保所有ACL从约束ACL继承，数据库系统可以确保将全局安全策略应用于与数据库交互的所有应用程序。在操作期间，系统可能会收到创建或更新ACL的请求。在创建或更新ACL之前，系统可能会修改ACL，以确保其从约束ACL继承。在一个实施例中，只有当ACL和约束ACL同时授予特权时，系统才向用户授予权限。

2. 发明授权

US09471801B2 Method and apparatus to support privileges at multiple levels of authentication using a constraining ACL 有权
标题翻译：使用约束ACL支持多级身份验证的权限的方法和装置
公开(公告)号：US09471801B2
公开(公告)日：2016-10-18
申请号：US11947235
申请日：2007-11-29
申请人： Sam Idicula , Thomas Keefe , Mohammed Irfan Rafiq , Tanvir Ahmed , Vikram Pesati , Nipun Agarwal
发明人： Sam Idicula , Thomas Keefe , Mohammed Irfan Rafiq , Tanvir Ahmed , Vikram Pesati , Nipun Agarwal
IPC分类号： G06F21/62
CPC分类号： G06F21/6218 , G06F2221/2141
摘要： Embodiments of the present invention provide systems and techniques for creating, updating, and using an ACL (access control list). A database system may include a constraining ACL which represents a global security policy that is to be applied to all applications that interact with the database. By ensuring that all ACLs inherit from the constraining ACL, the database system can ensure that the global security policy is applied to all applications that interact with the database. During operation, the system may receive a request to create or update an ACL. Before creating or updating the ACL, the system may modify the ACL to ensure that it inherits from the constraining ACL. In an embodiment, the system grants a privilege to a user only if both the ACL and the constraining ACL grant the privilege.
摘要翻译：本发明的实施例提供了用于创建，更新和使用ACL（访问控制列表）的系统和技术。数据库系统可以包括约束ACL，其表示要应用于与数据库交互的所有应用的全局安全策略。通过确保所有ACL从约束ACL继承，数据库系统可以确保将全局安全策略应用于与数据库交互的所有应用程序。在操作期间，系统可能会收到创建或更新ACL的请求。在创建或更新ACL之前，系统可能会修改ACL，以确保其从约束ACL继承。在一个实施例中，只有当ACL和约束ACL同时授予特权时，系统才向用户授予权限。

3. 发明授权

US08667018B2 Method and system for optimizing row level security in database systems 有权
标题翻译：优化数据库系统中行级安全性的方法和系统
公开(公告)号：US08667018B2
公开(公告)日：2014-03-04
申请号：US12188675
申请日：2008-08-08
申请人： Mohammed Irfan Rafiq , Chon Hei Lei , Vikram Kapoor , Thomas F. Keefe , Nipun Agarwal , Thomas Baby , Sam Idicula , Vikram Reddy Pesati
发明人： Mohammed Irfan Rafiq , Chon Hei Lei , Vikram Kapoor , Thomas F. Keefe , Nipun Agarwal , Thomas Baby , Sam Idicula , Vikram Reddy Pesati
IPC分类号： G06F7/00 , G06F17/00 , G06F17/30
CPC分类号： G06F21/6218 , G06F17/30306 , G06F2221/2141
摘要： One embodiment of the present invention provides a system that implements a security policy in a database. During operation, the system receives a request associated with a set of objects in the database. Next, the system obtains a set of access control lists (ACLs) associated with the database, wherein a respective ACL specifies one or more access privileges associated with a user or user group, and wherein a respective ACLs is not specific to a particular object in the database. The system then evaluates the ACLs to obtain a set of ACL results associated with the request and processes the request by applying the set of ACL results to the objects without evaluating the ACLs repeatedly for each of the objects.
摘要翻译：本发明的一个实施例提供一种在数据库中实现安全策略的系统。在操作期间，系统接收与数据库中的一组对象相关联的请求。接下来，系统获得与数据库相关联的一组访问控制列表（ACL），其中相应的ACL指定与用户或用户组相关联的一个或多个访问权限，并且其中相应的ACL不是特定于特定对象的特定对象数据库。然后，系统评估ACL以获得与请求相关联的一组ACL结果，并通过将ACL集合应用于对象来处理请求，而不对每个对象重复地评估ACL。

4. 发明申请

US20100036846A1 METHOD AND SYSTEM FOR OPTIMIZING ROW LEVEL SECURITY IN DATABASE SYSTEMS 有权
标题翻译：用于优化数据库系统中的级别安全的方法和系统
公开(公告)号：US20100036846A1
公开(公告)日：2010-02-11
申请号：US12188675
申请日：2008-08-08
申请人： Mohammed Irfan Rafiq , Chon Hei Lei , Vikram Kapoor , Thomas F. Keefe , Nipun Agarwal , Thomas Baby , Sam Idicula , Vikram Reddy Pesati
发明人： Mohammed Irfan Rafiq , Chon Hei Lei , Vikram Kapoor , Thomas F. Keefe , Nipun Agarwal , Thomas Baby , Sam Idicula , Vikram Reddy Pesati
IPC分类号： G06F17/30
CPC分类号： G06F21/6218 , G06F17/30306 , G06F2221/2141
摘要： One embodiment of the present invention provides a system that implements a security policy in a database. During operation, the system receives a request associated with a set of objects in the database. Next, the system obtains a set of access control lists (ACLs) associated with the database, wherein a respective ACL specifies one or more access privileges associated with a user or user group, and wherein a respective ACLs is not specific to a particular object in the database. The system then evaluates the ACLs to obtain a set of ACL results associated with the request and processes the request by applying the set of ACL results to the objects without evaluating the ACLs repeatedly for each of the objects.
摘要翻译：本发明的一个实施例提供一种在数据库中实现安全策略的系统。在操作期间，系统接收与数据库中的一组对象相关联的请求。接下来，系统获得与数据库相关联的一组访问控制列表（ACL），其中相应的ACL指定与用户或用户组相关联的一个或多个访问权限，并且其中相应的ACL不是特定于特定对象的特定对象数据库。然后，系统评估ACL以获得与请求相关联的一组ACL结果，并通过将ACL集合应用于对象来处理请求，而不对每个对象重复地评估ACL。

5. 发明申请

US20090319477A1 PERFORMING COST-BASED OPTIMIZATIONS OF AUTHORIZATION CHECKS IN DATABASE SYSTEMS 有权
标题翻译：在数据库系统中执行基于成本优化的授权检查
公开(公告)号：US20090319477A1
公开(公告)日：2009-12-24
申请号：US12144028
申请日：2008-06-23
申请人： Sam Idicula , Mohammed Irfan Rafiq , Nipun Agarwal
发明人： Sam Idicula , Mohammed Irfan Rafiq , Nipun Agarwal
IPC分类号： G06F17/30 , G06F7/00
CPC分类号： G06F17/30448
摘要： One embodiment of the present invention provides a system that facilitates performing a cost-based optimization of authorization checks in a database system. During operation, the system receives a query at the database system. Next, the system estimates a cost for executing the query, which involves estimating a cost for evaluating authorization checks, which involve functional evaluations of access rights for data accessed by the query. The system then rewrites the query to include evaluating authorization checks within the query. The system also estimates a cost for executing the rewritten query. Next, the system determines if executing the rewritten query has a lower cost than executing the query and performing the authorization checks. If so, the system executes the rewritten query. However, if not, the system executes the query.
摘要翻译：本发明的一个实施例提供一种有助于在数据库系统中执行授权检查的基于成本的优化的系统。在操作过程中，系统在数据库系统中接收查询。接下来，系统估计执行查询的成本，其涉及估计用于评估授权检查的成本，其涉及对查询访问的数据的访问权限的功能评估。然后系统重写查询以包括在查询中评估授权检查。该系统还估计执行重写查询的成本。接下来，系统确定执行重写查询是否具有比执行查询并执行授权检查更低的成本。如果是这样，系统将执行重写的查询。但是，如果没有，则系统执行查询。

6. 发明授权

US08584196B2 Technique for efficiently evaluating a security policy 有权
标题翻译：有效评估安全策略的技术
公开(公告)号：US08584196B2
公开(公告)日：2013-11-12
申请号：US12114915
申请日：2008-05-05
申请人： Mohammed Irfan Rafiq , Sabina Petride , Sam Idicula , Ashwini Surpur , Nipun Agarwal , Bhushan Khaladkar , Tim Wing Yu
发明人： Mohammed Irfan Rafiq , Sabina Petride , Sam Idicula , Ashwini Surpur , Nipun Agarwal , Bhushan Khaladkar , Tim Wing Yu
IPC分类号： G06F21/00
CPC分类号： G06F21/604
摘要： One embodiment of the present invention provides a system for efficiently evaluating a security policy. During operation, the system retrieves one or more roles associated with the user. Next, the system checks if a session-level cache exists for a set of Access Control Entries (ACEs) which is associated with the one or more roles. If this session-level cache exists, the system returns the set of ACEs from the session-level cache. Otherwise, the system generates the set of ACEs associated with the one or more roles from an Access Control List (ACL). During operation, the system can also update the one or more roles associated with the user and update the set of ACEs based on the updated one or more roles and the ACL. The system subsequently updates the session level cache with the updated set of ACEs and updated one or more roles.
摘要翻译：本发明的一个实施例提供了一种用于有效评估安全策略的系统。在操作期间，系统检索与用户相关联的一个或多个角色。接下来，系统检查与一个或多个角色相关联的一组访问控制条目（ACE）是否存在会话级缓存。如果此会话级缓存存在，系统会从会话级缓存中返回一组ACE。否则，系统将从访问控制列表（ACL）生成与一个或多个角色相关联的一组ACE。在操作期间，系统还可以更新与用户相关联的一个或多个角色，并根据更新的一个或多个角色和ACL更新ACE集合。系统随后使用更新的一组ACE更新会话级缓存并更新一个或多个角色。

7. 发明授权

US08392405B2 Performing cost-based optimizations of authorization checks in database systems 有权
标题翻译：在数据库系统中执行基于成本优化的授权检查
公开(公告)号：US08392405B2
公开(公告)日：2013-03-05
申请号：US12144028
申请日：2008-06-23
申请人： Sam Idicula , Mohammed Irfan Rafiq , Nipun Agarwal
发明人： Sam Idicula , Mohammed Irfan Rafiq , Nipun Agarwal
IPC分类号： G06F7/00
CPC分类号： G06F17/30448
摘要： One embodiment of the present invention provides a system that facilitates performing a cost-based optimization of authorization checks in a database system. During operation, the system receives a query at the database system. Next, the system estimates a cost for executing the query, which involves estimating a cost for evaluating authorization checks, which involve functional evaluations of access rights for data accessed by the query. The system then rewrites the query to include evaluating authorization checks within the query. The system also estimates a cost for executing the rewritten query. Next, the system determines if executing the rewritten query has a lower cost than executing the query and performing the authorization checks. If so, the system executes the rewritten query. However, if not, the system executes the query.
摘要翻译：本发明的一个实施例提供一种有助于在数据库系统中执行授权检查的基于成本的优化的系统。在操作过程中，系统在数据库系统中接收查询。接下来，系统估计执行查询的成本，其涉及估计用于评估授权检查的成本，其涉及对查询访问的数据的访问权限的功能评估。然后系统重写查询以包括在查询中评估授权检查。该系统还估计执行重写查询的成本。接下来，系统确定执行重写查询是否具有比执行查询并执行授权检查更低的成本。如果是这样，系统将执行重写的查询。但是，如果没有，则系统执行查询。

8. 发明申请

US20090276824A1 TECHNIQUE FOR EFFICIENTLY EVALUATING A SECURITY POLICY 有权
标题翻译：有效评估安全政策的技术
公开(公告)号：US20090276824A1
公开(公告)日：2009-11-05
申请号：US12114915
申请日：2008-05-05
申请人： Mohammed Irfan Rafiq , Sabina Petride , Sam Idicula , Ashwini Surpur , Nipun Agarwal , Bhushan Khaladkar , Tim Wing Yu
发明人： Mohammed Irfan Rafiq , Sabina Petride , Sam Idicula , Ashwini Surpur , Nipun Agarwal , Bhushan Khaladkar , Tim Wing Yu
IPC分类号： G06F21/00
CPC分类号： G06F21/604
摘要： One embodiment of the present invention provides a system for efficiently evaluating a security policy. During operation, the system retrieves one or more roles associated with the user. Next, the system checks if a session-level cache exists for a set of Access Control Entries (ACEs) which is associated with the one or more roles. If this session-level cache exists, the system returns the set of ACEs from the session-level cache. Otherwise, the system generates the set of ACEs associated with the one or more roles from an Access Control List (ACL). During operation, the system can also update the one or more roles associated with the user and update the set of ACEs based on the updated one or more roles and the ACL. The system subsequently updates the session level cache with the updated set of ACEs and updated one or more roles.
摘要翻译：本发明的一个实施例提供了一种用于有效评估安全策略的系统。在操作期间，系统检索与用户相关联的一个或多个角色。接下来，系统检查与一个或多个角色相关联的一组访问控制条目（ACE）是否存在会话级缓存。如果此会话级缓存存在，系统会从会话级缓存中返回一组ACE。否则，系统将从访问控制列表（ACL）生成与一个或多个角色相关联的一组ACE。在操作期间，系统还可以更新与用户相关联的一个或多个角色，并根据更新的一个或多个角色和ACL更新ACE集合。系统随后使用更新的一组ACE更新会话级缓存并更新一个或多个角色。

9. 发明申请

US20090157686A1 METHOD AND APPARATUS FOR EFFICIENTLY CACHING A SYSTEM-WIDE ACCESS CONTROL LIST 审中-公开
标题翻译：高效地访问系统访问控制列表的方法和设备
公开(公告)号：US20090157686A1
公开(公告)日：2009-06-18
申请号：US11955781
申请日：2007-12-13
申请人： Sam Idicula , Mohammed Irfan Rafiq , Nipun Agarwal
发明人： Sam Idicula , Mohammed Irfan Rafiq , Nipun Agarwal
IPC分类号： G06F17/30
CPC分类号： G06F21/6209 , G06F2221/2141
摘要： One embodiment of the present invention provides a system for efficiently caching a system-wide Access Control Entry (ACE) for a subject requesting an action on an object associated with an application. During operation, the system retrieves a security class that is associated with an application. The system then checks if a constrained system-wide ACE associated with the subject, the object, the requested action, and the security class exists in a cache. If so, then the system retrieves the entry. Otherwise, the system retrieves a system-wide ACE associated with the subject and the requested action. The system also retrieves a local ACE associated with the subject, the object, the requested action, and the security class. Next, the system constrains the system-wide ACE with the local ACE and caches the result so that the constrained system-wide ACE is associated with the subject, the object, the requested action, and the security class.
摘要翻译：本发明的一个实施例提供了一种用于有效地缓存针对与应用相关联的对象请求动作的对象的系统范围的访问控制条目（ACE）的系统。在操作期间，系统检索与应用程序相关联的安全类。然后，系统检查与主题相关联的受限系统范围的ACE，对象，请求的操作和安全级别是否存在于缓存中。如果是，则系统检索该条目。否则，系统将检索与主题相关联的系统范围的ACE和请求的操作。系统还检索与主题相关联的本地ACE，对象，请求的操作和安全类。接下来，系统使用本地ACE约束系统范围的ACE，并缓存结果，使受限系统范围的ACE与主题，对象，请求的操作和安全类相关联。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式