公开(公告)号：US08218761B2

公开(公告)日：2012-07-10

申请号：US11784457

申请日：2007-04-06

申请人： Adam Y. Lee ,  Paul Youn

发明人： Adam Y. Lee ,  Paul Youn

IPC分类号： H04L9/00 ,  H04L9/32

CPC分类号： H04L9/0822 ,  H04L9/0894

摘要： One embodiment of the present invention provides a system that facilitates generating random data-encryption keys for data files. During operation, the system receives a command at a computer system to create a data file that may include encrypted data. This data file includes a wrapped data-encryption key to facilitate encrypting and decrypting data. In response to the command, the system generates a bit pattern to be used as the wrapped data-encryption key. Finally, the system creates the data file, which includes the bit pattern as the wrapped data-encryption key.

摘要翻译： 本发明的一个实施例提供一种便于产生用于数据文件的随机数据加密密钥的系统。 在操作期间，系统在计算机系统处接收命令以创建可以包括加密数据的数据文件。 该数据文件包括用于促进加密和解密数据的封装数据加密密钥。 响应于该命令，系统生成要用作包装的数据加密密钥的位模式。 最后，系统创建数据文件，其中包含作为包装数据加密密钥的位模式。

公开(公告)号：US20100008499A1

公开(公告)日：2010-01-14

申请号：US11784457

申请日：2007-04-06

申请人： Adam Y. Lee ,  Paul Youn

发明人： Adam Y. Lee ,  Paul Youn

IPC分类号： H04L9/00

CPC分类号： H04L9/0822 ,  H04L9/0894

摘要： One embodiment of the present invention provides a system that facilitates generating random data-encryption keys for data files. During operation, the system receives a command at a computer system to create a data file that may include encrypted data. This data file includes a wrapped data-encryption key to facilitate encrypting and decrypting data. In response to the command, the system generates a bit pattern to be used as the wrapped data-encryption key. Finally, the system creates the data file, which includes the bit pattern as the wrapped data-encryption key.

摘要翻译： 本发明的一个实施例提供一种便于产生用于数据文件的随机数据加密密钥的系统。 在操作期间，系统在计算机系统处接收命令以创建可以包括加密数据的数据文件。 该数据文件包括用于促进加密和解密数据的封装数据加密密钥。 响应于该命令，系统生成要用作包装的数据加密密钥的位模式。 最后，系统创建数据文件，其中包含作为包装数据加密密钥的位模式。

公开(公告)号：US20080019527A1

公开(公告)日：2008-01-24

申请号：US11367812

申请日：2006-03-03

申请人： Paul Youn ,  Daniel Wong ,  Min-Hank Ho ,  Chon Lei

发明人： Paul Youn ,  Daniel Wong ,  Min-Hank Ho ,  Chon Lei

IPC分类号： H04L9/00

CPC分类号： H04L9/3234 ,  H04L9/083 ,  H04L9/3239 ,  H04L63/06 ,  H04L63/0807

摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.

摘要翻译： 本发明的一个实施例提供一种用于管理密钥的系统。 在运行期间，系统会在密钥管理器身份验证客户端。 接下来，系统在密钥管理器处从客户端接收令牌，其中令牌与客户密钥相关联，并且包括令牌认证器。 该令牌认证器包括认证器对的一半，用于确定客户端是客户密钥的所有者。 接下来，系统使用主密钥解密令牌。 然后，系统验证客户端认证器，客户端认证器包括用于确定客户端是否是客户密钥的所有者的认证器对的另一半。 如果客户端是客户密钥的所有者，则系统将客户密钥发送给客户端，这使得客户端能够对数据进行加密/解密。 最后，客户端删除客户密钥。

公开(公告)号：US20070136795A1

公开(公告)日：2007-06-14

申请号：US11298775

申请日：2005-12-09

申请人： Paul Youn

发明人： Paul Youn

IPC分类号： H04L9/32

CPC分类号： H04L63/0846 ,  H04L63/0428

摘要： One embodiment of the present invention provides a system that re-establishes communication between a client and a server after an unexpected termination of communication. During operation, the system receives a request from the client at the server to re-establish communication between the client and the server, wherein the request includes a temporary credential. If the temporary credential is valid, the system temporarily re-establishes communication between the client and the server, until the client can be re-authenticated with a permanent credential.

摘要翻译： 本发明的一个实施例提供一种在意外终止通信之后重新建立客户端与服务器之间的通信的系统。 在操作期间，系统从服务器处的客户端接收请求，以重新建立客户端与服务器之间的通信，其中请求包括临时证书。 如果临时凭证有效，则系统会暂时重新建立客户端与服务器之间的通信，直到客户端可以通过永久凭证进行重新身份验证。

公开(公告)号：US20070245159A1

公开(公告)日：2007-10-18

申请号：US11405738

申请日：2006-04-18

申请人： Paul Youn

发明人： Paul Youn

IPC分类号： H04L9/00 ,  G06F12/14 ,  H04L9/32 ,  G06F11/30

CPC分类号： H04L9/3236

摘要： Systems, methods, media, and other embodiments associated with hash functions are described. One example system embodiment includes logic for computing a first hash for a first data set, logic for manipulating the first data set into a second data set, and logic for computing a second hash for the second data set. The example system embodiment may also include logic for producing a signature from the first hash and/or the second hash.

摘要翻译： 描述与散列函数相关联的系统，方法，媒体和其他实施例。 一个示例性系统实施例包括用于计算第一数据集的第一散列，用于将第一数据集操作为第二数据集的逻辑以及用于计算第二数据集的第二散列的逻辑。 示例系统实施例还可以包括用于从第一散列和/或第二散列产生签名的逻辑。

公开(公告)号：US20070230704A1

公开(公告)日：2007-10-04

申请号：US11398187

申请日：2006-04-04

申请人： Paul Youn ,  Daniel Wong

发明人： Paul Youn ,  Daniel Wong

IPC分类号： H04L9/00

CPC分类号： H04L9/0822 ,  H04L9/0891 ,  H04L63/0428 ,  H04L63/06 ,  H04L2463/062

摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system receives a request from a user at a database to encrypt/decrypt data at the database. In response to this request, the system sends a user-token to the user, wherein the user-token includes a user-key encrypted with a user-secret thereby enabling the user to decrypt the user-key with the user-secret. Next, the system receives the decrypted user-key from the user. The system then uses the user-key to encrypt/decrypt the data at the database. Finally, the system deletes the user-key at the database.

摘要翻译： 本发明的一个实施例提供一种用于管理密钥的系统。 在操作期间，系统从数据库接收来自用户的请求，以对数据库中的数据进行加密/解密。 响应于该请求，系统向用户发送用户令牌，其中用户令牌包括用用户秘密加密的用户密钥，从而使用户能够以用户秘密解密用户密钥。 接下来，系统从用户接收解密的用户密钥。 然后，系统使用用户密钥对数据库中的数据进行加密/解密。 最后，系统删除数据库中的用户密钥。

公开(公告)号：US20060288232A1

公开(公告)日：2006-12-21

申请号：US11156307

申请日：2005-06-16

申请人： Min-Hank Ho ,  Paul Youn ,  Daniel Wong ,  Chon Lei

发明人： Min-Hank Ho ,  Paul Youn ,  Daniel Wong ,  Chon Lei

IPC分类号： H04L9/00

CPC分类号： G06F21/6227 ,  G06F2221/2153 ,  H04L9/0822 ,  H04L9/0897

摘要： One embodiment of the present invention provides a system that facilitates using an external security device to secure data in a database without having to modify database applications. The system operates by receiving a request at the database to perform an encryption/decryption operation, wherein the encryption/decryption operation is performed with the assistance of the external security module in a manner that is transparent to database applications. In response to the request, the system passes a wrapped (encrypted) column key (a key used to encrypt data within the database) to an external security module, wherein the wrapped column key is a column key encrypted with a master key that exists only within the external security module. The system then unwraps (decrypts) the wrapped column key in the external security module to retrieve the column key. Next, the system returns the column key to the database. The system then performs an encryption/decryption operation on data in the database using the column key. Finally, the system erases the column key from memory in the database.

公开(公告)号：US08064604B2

公开(公告)日：2011-11-22

申请号：US11651283

申请日：2007-01-09

申请人： Paul Youn

发明人： Paul Youn

IPC分类号： H04L9/00

CPC分类号： G06Q20/3829 ,  H04L9/0822 ,  H04L9/083 ,  H04L63/0428 ,  H04L63/06 ,  H04L2463/062

摘要： One embodiment of the present invention provides a system that facilitates role-based cryptographic key management. The system operates by receiving a request at a database server from a user to perform a cryptographic operation on data on the database server, wherein the user is a member of a role, and wherein the role has been granted permission to perform the cryptographic operation on the data. Next, the system receives from the user at the database server a user key, which is associated with the user. The system then unwraps a wrapped role key with the user key to obtain a role key, which is associated with the role. Next, the system unwraps a wrapped data key with the role key to obtain a data key, which is used to encrypt and decrypt the data. Finally, the system uses the data key to perform the cryptographic operation on the data.

摘要翻译： 本发明的一个实施例提供一种有助于基于角色的加密密钥管理的系统。 该系统通过从用户接收来自数据库服务器的请求来执行对数据库服务器上的数据的加密操作，其中该用户是角色的成员，并且其中该角色被授予对该密码操作执行加密操作的权限 数据。 接下来，系统从数据库服务器处的用户接收与用户相关联的用户密钥。 系统然后使用用户密钥解包包裹的角色密钥，以获取与该角色相关联的角色密钥。 接下来，系统使用角色钥匙打开包裹的数据密钥，以获得用于加密和解密数据的数据密钥。 最后，系统使用数据密钥对数据执行加密操作。

公开(公告)号：US20070263868A1

公开(公告)日：2007-11-15

申请号：US11433592

申请日：2006-05-12

申请人： Paul Youn ,  Daniel Wong

发明人： Paul Youn ,  Daniel Wong

IPC分类号： H04K1/00

CPC分类号： H04L9/0827 ,  H04L63/061 ,  H04L63/145 ,  H04L2463/061

摘要： One embodiment of the present invention provides a system that enables a background process to access encrypted data. During operation, the system executes the background process. Next, the system obtains a set of unencrypted keys by decrypting a set of encrypted keys with a server-key. The system then makes the set of unencrypted keys available to the background process, thereby enabling the background process to encrypt and decrypt data. Finally, the system deletes the set of unencrypted keys.

摘要翻译： 本发明的一个实施例提供一种能够使后台进程访问加密数据的系统。 在运行期间，系统执行后台进程。 接下来，系统通过使用服务器密钥解密一组加密密钥来获得一组未加密的密钥。 该系统然后使一组未加密的密钥可用于后台进程，从而使后台进程能够加密和解密数据。 最后，系统删除一组未加密的密钥。

公开(公告)号：US08819067B2

公开(公告)日：2014-08-26

申请号：US12950938

申请日：2010-11-19

申请人： Paul Youn ,  Javed Samuel

发明人： Paul Youn ,  Javed Samuel

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： G06F17/30289 ,  G06F21/6227 ,  G06F2221/2101

摘要： Embodiments of the present disclosure provide a system that performs non-deterministic auditing. The system audits an operation, a record associated with which is maintained in an audit log. In one embodiment, the system subsequently determines whether the operation satisfies one or more criteria. In response to the operation satisfying the criteria, the system protects the audit log. In a further embodiment, the system protects the audit log based on a probability distribution, which indicates a frequency of audit log protection.

摘要翻译： 本公开的实施例提供执行非确定性审计的系统。 系统会审核一个操作，与审核日志中维护的记录相关联。 在一个实施例中，系统随后确定操作是否满足一个或多个标准。 响应满足标准的操作，系统保护审核日志。 在进一步的实施例中，系统基于概率分布来保护审计日志，该概率分布指示审计日​​志保护的频率。