公开(公告)号：US20090285396A1

公开(公告)日：2009-11-19

申请号：US12122597

申请日：2008-05-16

申请人： Daniel ManHung Wong

发明人： Daniel ManHung Wong

IPC分类号： H04L9/06 ,  G06F17/30

CPC分类号： G06F17/303 ,  H04L9/0819

摘要： Various techniques are described for processing externally encrypted data by database management system. Specifically, techniques are described for incorporating encrypted data stored in a first database that was encrypted by a first database management system into a second database where the encrypted data is accessed by a second database management system. When accessing externally encrypted data incorporated into the second database, the second database management system can decrypt portions of the data as needed. Because of the manner of incorporation of externally encrypted data into the second database, specifically because the externally encrypted data need not be decrypted before being incorporated into the second database, the computational overhead and security concerns associated with conventional approaches for migrating encrypted data from one database management system to another are avoided.

摘要翻译： 描述了用于通过数据库管理系统处理外部加密的数据的各种技术。 具体地，描述了将存储在由第一数据库管理系统加密的第一数据库中的加密数据合并到由第二数据库管理系统访问加密数据的第二数据库中的技术。 当访问合并到第二数据库中的外部加密数据时，第二数据库管理系统可以根据需要对部分数据进行解密。 由于将外部加密的数据并入第二数据库的方式，具体地说是因为外部加密的数据在被并入第二数据库之前不需要解密，所以与从一个数据库迁移加密数据的常规方法相关联的计算开销和安全考虑 管理系统到另一个避免。

公开(公告)号：US20080232592A1

公开(公告)日：2008-09-25

申请号：US11726428

申请日：2007-03-21

申请人： Adam Y. Lee ,  Varun Malhotra ,  Daniel ManHung Wong ,  Tirthankar Lahiri ,  Kiran Goyal ,  Juan R. Loaiza ,  Paul Youn

发明人： Adam Y. Lee ,  Varun Malhotra ,  Daniel ManHung Wong ,  Tirthankar Lahiri ,  Kiran Goyal ,  Juan R. Loaiza ,  Paul Youn

IPC分类号： H04L9/00

CPC分类号： H04L9/0894

摘要： One embodiment of the present invention provides a system for performing selective encryption/decryption in a data storage system. During operation, the system receives a data block from a storage medium at an input/output layer, wherein the input/output layer serves as an interface between the storage medium and a buffer cache. Next, the system determines whether the data block is an encrypted data block. If not, the system stores the data block in the buffer cache. Otherwise, if the data block is an encrypted data block, the system retrieves a storage-key, wherein the storage-key is associated with a subset of storage, which is associated with the encrypted data block. Using the storage-key, the system then decrypts the encrypted data block to produce a decrypted data block. Finally, the system stores the decrypted data block in the buffer cache, wherein the data block remains encrypted in the storage medium.

摘要翻译： 本发明的一个实施例提供一种用于在数据存储系统中执行选择性加密/解密的系统。 在操作期间，系统在输入/输出层从存储介质接收数据块，其中输入/输出层用作存储介质和缓冲器高速缓存之间的接口。 接下来，系统确定数据块是否是加密数据块。 如果没有，系统将数据块存储在缓冲区高速缓存中。 否则，如果数据块是加密数据块，则系统检索存储密钥，其中存储密钥与与加密数据块相关联的存储子集相关联。 使用存储密钥，系统然后解密加密的数据块以产生解密的数据块。 最后，系统将解密的数据块存储在缓冲器高速缓存中，其中数据块在存储介质中保持加密。

公开(公告)号：US07346617B2

公开(公告)日：2008-03-18

申请号：US10764180

申请日：2004-01-23

申请人： Daniel Manhung Wong

发明人： Daniel Manhung Wong

IPC分类号： G06F17/30 ,  G06F12/00

CPC分类号： G06F21/6227 ,  Y10S707/99939

摘要： Multi-table access control is disclosed that limits access to tables when a requirement for access to multiple columns is detected, where the multiple columns includes at least one column from one table and another column from another table. In an embodiment, the detection of the requirement for access to multiple columns triggers a policy to rewrite the query to include a condition expression that limits access to the multiple columns to those that are entitled to access.

摘要翻译： 公开了多表访问控制，当检测到访问多个列的需求时，限制对表的访问，其中多个列包括来自一个表的至少一个列和来自另一个表的另一列。 在一个实施例中，对对多个列的访问需求的检测触发了重写该查询的策略以包括限制对有权访问的多个列的访问的条件表达式。

公开(公告)号：US20070294205A1

公开(公告)日：2007-12-20

申请号：US11454170

申请日：2006-06-14

申请人： Mingkang Xu ,  Daniel ManHung Wong

发明人： Mingkang Xu ,  Daniel ManHung Wong

IPC分类号： G06F17/30

CPC分类号： G06F17/3033 ,  G06F21/64

摘要： One embodiment of the present invention provides a system that facilitates detecting data tampering within a table in a database. The system operates by hashing a row in the table to create a row-hash. The system then hashes a block of consecutive row-hashes to create a block-hash. Finally, the system signs the block-hash with an encryption key, so that tampering with data in the row will result in an invalid row-hash and an invalid block-hash.

摘要翻译： 本发明的一个实施例提供一种便于检测数据库中的表内的数据篡改的系统。 该系统通过在表中散列一行来创建行哈希。 然后，系统将散列连续的行哈希块以创建块哈希。 最后，系统使用加密密钥对块哈希进行签名，以便篡改该行中的数据将导致无效的行哈希和无效的块哈希。

公开(公告)号：US20070283021A1

公开(公告)日：2007-12-06

申请号：US11445633

申请日：2006-06-02

申请人： Daniel ManHung Wong

发明人： Daniel ManHung Wong

IPC分类号： G06F15/16

CPC分类号： G06F17/3056

摘要： One embodiment of the present invention provides a system for establishing multiple sessions between a database and a middle-tier client. During operation, the system receives a request for a plurality of sessions at a database from a middle-tier client. In response to the request, the system authenticates the middle-tier client, and creates a session between the database and the middle-tier client. The system clones the session one or more times to create the plurality of sessions. Finally, the system sends a plurality of session-handles associated with the plurality of sessions to the middle-tier client. This enables the middle-tier client to distribute the session-handles to end-user clients in response to subsequent requests from the end-user clients to access the database.

摘要翻译： 本发明的一个实施例提供了一种用于在数据库和中间层客户端之间建立多个会话的系统。 在操作期间，系统从中间层客户端在数据库处接收对多个会话的请求。 响应请求，系统对中间层客户端进行身份验证，并在数据库和中间层客户端之间创建会话。 系统克隆会话一次或多次以创建多个会话。 最后，系统将与多个会话相关联的多个会话句柄发送到中间层客户端。 这使得中间层客户端可以将会话句柄分发给最终用户客户端，以响应最终用户客户端访问数据库的后续请求。

公开(公告)号：US09576064B2

公开(公告)日：2017-02-21

申请号：US13446381

申请日：2012-04-13

申请人： Daniel ManHung Wong

发明人： Daniel ManHung Wong

IPC分类号： G06F15/16 ,  G06F17/30 ,  H04L29/08 ,  H04L29/06 ,  G06F21/62

CPC分类号： H04L63/10 ,  G06F17/3089 ,  G06F21/6209 ,  G06F2221/2115 ,  G06F2221/2119 ,  H04L29/06 ,  H04L29/08072 ,  H04L67/16 ,  H04L67/20 ,  H04L67/32 ,  H04L67/42

摘要： Disclosed herein are a resource control service, system, method and architecture. A client device's resource access is limited to an approved resource, or resources. A request for a resource is directed to a resource control service that determines whether or not to grant access to the requested resource. Where a determination is made to grant access to the resource, a response is transmitted to the client device, the response redirecting the client device to a second URI for the approved version of the requested resource. The response can be used by the client device request the resource from the location identified in the response.

摘要翻译： 这里公开了资源控制服务，系统，方法和架构。 客户端设备的资源访问仅限于已批准的资源或资源。 对资源的请求被引导到资源控制服务，其确定是否授权对所请求的资源的访问。 在确定授予对资源的访问的情况下，将响应发送到客户端设备，响应将客户端设备重定向到所请求资源的已批准版本的第二URI。 响应可以由客户端设备从响应中标识的位置请求资源。

公开(公告)号：US09355126B2

公开(公告)日：2016-05-31

申请号：US12564666

申请日：2009-09-22

申请人： Daniel ManHung Wong

发明人： Daniel ManHung Wong

IPC分类号： G06F7/00 ,  G06F17/00 ,  G06F17/30 ,  G06F21/55

CPC分类号： G06F17/30289 ,  G06F21/552 ,  G06F2221/2149

摘要： An auditing system receives a set of audit rules from a database administrator, which define a search criteria used to identify a database object that is desired to be audited. The auditing system uses the audit rules to search through a database to identify a corresponding set of database objects that satisfy at least one of the set of audit rules. Then, the system generates audit commands that configure a database management system to audit the identified set of database objects.

摘要翻译： 审计系统从数据库管理员接收一组审核规则，该数据库管理员定义用于标识希望被审计的数据库对象的搜索条件。 审计系统使用审计规则来搜索数据库以识别满足至少一组审计规则的相应数据库对象集。 然后，系统生成审计命令，配置数据库管理系统以对所识别的数据库对象集进行审计。

公开(公告)号：US08825702B2

公开(公告)日：2014-09-02

申请号：US10786941

申请日：2004-02-24

申请人： Daniel Manhung Wong

发明人： Daniel Manhung Wong

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： G06F17/30421 ,  G06F17/30306 ,  G06F17/30522

摘要： Sending control information that is associated with a statement that controls how the statement is processed is disclosed. The information is available to the server even after the window session is closed. The information may be contained in a tag appended to the statement. In an embodiment, the information may be viewed by an administrator. The information may determine aspects of how the statement is executed that is not controlled by the execution engine. For example, the information may relate to security access, priority, quality of service, scheduling, and or use supplied routines.

摘要翻译： 发布与控制如何处理语句的语句相关联的控制信息。 即使在窗口会话关闭后，该信息也可用于服务器。 信息可能包含在附加到语句的标签中。 在一个实施例中，管理员可以查看信息。 该信息可以确定语句如何被执行而不是由执行引擎控制的方面。 例如，该信息可以涉及安全访问，优先级，服务质量，调度和/或使用所提供的程序。

公开(公告)号：US08644513B2

公开(公告)日：2014-02-04

申请号：US12122597

申请日：2008-05-16

申请人： Daniel ManHung Wong

发明人： Daniel ManHung Wong

IPC分类号： G06F21/00

CPC分类号： G06F17/303 ,  H04L9/0819

摘要： Various techniques are described for processing externally encrypted data by database management system. Specifically, techniques are described for incorporating encrypted data stored in a first database that was encrypted by a first database management system into a second database where the encrypted data is accessed by a second database management system. When accessing externally encrypted data incorporated into the second database, the second database management system can decrypt portions of the data as needed. Because of the manner of incorporation of externally encrypted data into the second database, specifically because the externally encrypted data need not be decrypted before being incorporated into the second database, the computational overhead and security concerns associated with conventional approaches for migrating encrypted data from one database management system to another are avoided.

摘要翻译： 描述了用于通过数据库管理系统处理外部加密的数据的各种技术。 具体地，描述了将存储在由第一数据库管理系统加密的第一数据库中的加密数据合并到由第二数据库管理系统访问加密数据的第二数据库中的技术。 当访问合并到第二数据库中的外部加密数据时，第二数据库管理系统可以根据需要对部分数据进行解密。 由于将外部加密的数据并入第二数据库的方式，具体地说是因为外部加密的数据在被并入第二数据库之前不需要解密，所以与从一个数据库迁移加密数据的常规方法相关联的计算开销和安全考虑 管理系统到另一个避免。

公开(公告)号：US08336091B2

公开(公告)日：2012-12-18

申请号：US12552280

申请日：2009-09-01

申请人： Daniel ManHung Wong

发明人： Daniel ManHung Wong

IPC分类号： H04L9/32

CPC分类号： H04L9/3226 ,  H04L9/3234 ,  H04L63/08 ,  H04L63/102

摘要： Approaches for performing a multiple level authentication on an entity are provided. A primary authentication credential and a secondary authentication credential may be established for a user account. The primary authentication credential uniquely identifies a particular account of the software application. The secondary authentication credential uniquely identifies an entity, such as a user, application, or device, authorized to use the particular user account. Upon receiving a request to access the software application using the particular user account, a determination is made as to whether the request is accompanied by the primary authentication credentials and a secondary authentication credential associated with the particular user account. Upon determining that the request is accompanied by valid primary and secondary authentication credentials for the user account, limited access, based upon the secondary authentication credential, to the software application using the particular user account is granted.

摘要翻译： 提供了对实体执行多级认证的方法。 可以为用户帐户建立主认证证书和辅助认证证书。 主验证凭证唯一地标识软件应用程序的特定帐户。 辅助认证凭证唯一地标识被授权使用特定用户帐户的实体，诸如用户，应用或设备。 在接收到使用特定用户帐户访问软件应用程序的请求时，确定该请求是否伴随有主认证证书和与该特定用户帐户相关联的辅助认证凭证。 在确定该请求伴随着用户帐户的有效的主和辅助认证凭证之后，授予使用特定用户帐户的基于辅助认证证书的有限访问给软件应用程序。