会员体验
专利管家(专利管理)
工作空间(专利管理)
风险监控(情报监控)
数据分析(专利分析)
侵权分析(诉讼无效)
联系我们
交流群
官方交流:
QQ群: 891211   
微信请扫码    >>>
现在联系顾问~
热词
    • 2. 发明申请
    • Database fine-grained access control
    • 数据库细粒度访问控制
    • US20050038783A1
    • 2005-02-17
    • US10943189
    • 2004-09-15
    • Chon LeiDouglas McMahon
    • Chon LeiDouglas McMahon
    • G06F17/30G06F21/00G06F7/00
    • G06F17/30522G06F21/6218Y10S707/99933Y10S707/99934Y10S707/99935
    • A method and mechanism are provided for accessing data. Values are stored for a set of context attributes associated with a session between a database user and a database server. The database system includes an attribute setting mechanism that selectively restricts access to the set of context attributes based on a policy. During the session, the database server executes a query that contains a reference to one or more of the context attributes. For example, the query may contain a predicate that requires a comparison between a context attribute value and a constant. The database server processes the query based on current values of the one or more of the context attributes referenced in the query. A mechanism is also provided for dynamically attaching predicates to queries, where the predicates are attached based on a policy. For example, the database system detects that a query is issued against a database object. Prior to executing the query, a policy function associated with the database object is invoked. The policy function creates a modified query by selectively adding zero or more predicates to the query based on a policy associated with the database object. The modified query is then executed.
    • 提供了访问数据的方法和机制。 存储与数据库用户和数据库服务器之间的会话相关联的一组上下文属性的值。 数据库系统包括属性设置机制,其基于策略选择性地限制对该组上下文属性的访问。 在会话期间,数据库服务器执行包含对一个或多个上下文属性的引用的查询。 例如,查询可以包含需要在上下文属性值和常量之间进行比较的谓词。 数据库服务器根据查询中引用的一个或多个上下文属性的当前值处理查询。 还提供了一种机制,用于动态地将谓词附加到查询中,其中基于策略附加谓词。 例如,数据库系统检测到针对数据库对象发出查询。 在执行查询之前,调用与数据库对象关联的策略函数。 策略函数通过根据与数据库对象相关联的策略选择性地向查询添加零个或多个谓词来创建修改的查询。 然后执行修改后的查询。
    • 3. 发明申请
    • Method and apparatus for managing cryptographic keys
    • 用于管理加密密钥的方法和装置
    • US20080019527A1
    • 2008-01-24
    • US11367812
    • 2006-03-03
    • Paul YounDaniel WongMin-Hank HoChon Lei
    • Paul YounDaniel WongMin-Hank HoChon Lei
    • H04L9/00
    • H04L9/3234H04L9/083H04L9/3239H04L63/06H04L63/0807
    • One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.
    • 本发明的一个实施例提供一种用于管理密钥的系统。 在运行期间,系统会在密钥管理器身份验证客户端。 接下来,系统在密钥管理器处从客户端接收令牌,其中令牌与客户密钥相关联,并且包括令牌认证器。 该令牌认证器包括认证器对的一半,用于确定客户端是客户密钥的所有者。 接下来,系统使用主密钥解密令牌。 然后,系统验证客户端认证器,客户端认证器包括用于确定客户端是否是客户密钥的所有者的认证器对的另一半。 如果客户端是客户密钥的所有者,则系统将客户密钥发送给客户端,这使得客户端能够对数据进行加密/解密。 最后,客户端删除客户密钥。
    • 4. 发明申请
    • Method and apparatus for expiring encrypted data
    • 用于到期加密数据的方法和装置
    • US20060210085A1
    • 2006-09-21
    • US11084346
    • 2005-03-17
    • Min-Hank HoDaniel WongChon LeiThomas Keefe
    • Min-Hank HoDaniel WongChon LeiThomas Keefe
    • H04N7/16H04L9/00H04L9/32G06F17/30G06F7/04G06K9/00H03M1/68H04K1/00
    • H04N21/433H04L9/083H04L2209/56H04N5/913H04N7/165H04N21/4627H04N21/6543H04N21/8355H04N2005/91364Y10S707/99944
    • One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.
    • 本发明的一个实施例提供一种能够使加密数据过期的系统。 在操作期间,系统接收包含对象标识信息的到期请求,该信息可用于标识包含加密数据的一组数据库对象,其中数据库对象可以是表,分区,行, 或一列。 此外,数据库对象可以具有到期时间,并且可以将其存储在通常用于使用比数据库使用的存储介质更慢但更便宜的存储介质来长时间存储大量数据的存档。 然后,系统使用对象识别信息来标识用于加密数据的一组密钥。 接下来,系统删除一组密钥,从而使加密数据过期。 请注意,删除密钥集可确保安全密钥存储库不包含与过期的加密数据相关联的任何过时的密钥。
    • 6. 发明授权
    • Method and apparatus for using an external security device to secure data in a database
    • 使用外部安全设备来保护数据库中的数据的方法和装置
    • US07639819B2
    • 2009-12-29
    • US11156307
    • 2005-06-16
    • Min-Hank HoPaul YounDaniel ManHung WongChon Lei
    • Min-Hank HoPaul YounDaniel ManHung WongChon Lei
    • H04L9/00
    • G06F21/6227G06F2221/2153H04L9/0822H04L9/0897
    • One embodiment of the present invention provides a system that facilitates using an external security device to secure data in a database without having to modify database applications. The system operates by receiving a request at the database to perform an encryption/decryption operation, wherein the encryption/decryption operation is performed with the assistance of the external security module in a manner that is transparent to database applications. In response to the request, the system passes a wrapped (encrypted) column key (a key used to encrypt data within the database) to an external security module, wherein the wrapped column key is a column key encrypted with a master key that exists only within the external security module. The system then unwraps (decrypts) the wrapped column key in the external security module to retrieve the column key. Next, the system returns the column key to the database. The system then performs an encryption/decryption operation on data in the database using the column key. Finally, the system erases the column key from memory in the database.
    • 本发明的一个实施例提供一种便于使用外部安全设备来保护数据库中的数据而不必修改数据库应用的系统。 该系统通过在数据库处接收请求来执行加密/解密操作,其中以对数据库应用是透明的方式在外部安全模块的帮助下执行加密/解密操作。 响应于该请求,系统将包裹的(加密的)列密钥(用于将数据库内的数据加密的密钥)传递到外部安全模块,其中包装的列密钥是仅使用主密钥加密的列密钥 在外部安全模块内。 系统然后在外部安全模块中解包(解密)包装的列密钥以检索列密钥。 接下来,系统将列键返回到数据库。 然后,系统使用列键对数据库中的数据执行加密/解密操作。 最后,系统从数据库中的内存中擦除列密钥。
    • 7. 发明申请
    • Method and apparatus for encrypting and decrypting data in a database table
    • 用于在数据库表中加密和解密数据的方法和装置
    • US20060236104A1
    • 2006-10-19
    • US11106181
    • 2005-04-13
    • Daniel WongChon Lei
    • Daniel WongChon Lei
    • H04L9/00
    • G06F21/6227
    • One embodiment of the present invention provides a system that decrypts an encrypted column in a row. During operation, the system receives the encrypted column in the row. The system then determines a security domain associated with the encrypted column in the row, wherein the security domain represents a set of columns in rows encrypted using the same key. Next, the system determines a key associated with the security domain. The system then decrypts the encrypted column in the row using the key. Note that using a security domain to represent a set of columns in rows enables the database to grant access to data within the database at arbitrary levels of granularity.
    • 本发明的一个实施例提供一种解密一行中的加密列的系统。 在操作期间,系统接收该行中的加密列。 然后,系统确定与行中的加密列相关联的安全域,其中安全域表示使用相同密钥加密的行中的一组列。 接下来,系统确定与安全域相关联的密钥。 系统然后使用密钥解密行中的加密列。 请注意,使用安全域来表示行中的一组列使数据库能够以任意级别的粒度为数据库内的数据授予访问权限。