利索-全球专利检索

  1. 登录
  2. 注册

搜索结果

19 条记录 (耗时 0.016 秒)

    Encrypted In-Memory Column-Store
    2.
    发明申请
    Encrypted In-Memory Column-Store 有权
    加密的内存列存储

    公开(公告)号:US20150149427A1

    公开(公告)日:2015-05-28

    申请号:US14088051

    申请日:2013-11-22

    申请人: FLORIAN KERSCHBAUM MARTIN HAERTERICH MATHIAS KOHLER ISABELLE HANG ANDREAS SCHAAD AXEL SCHROEPFER WALTER TIGHZERT PATRICK GROFIG

    发明人: FLORIAN KERSCHBAUM MARTIN HAERTERICH MATHIAS KOHLER ISABELLE HANG ANDREAS SCHAAD AXEL SCHROEPFER WALTER TIGHZERT PATRICK GROFIG

    IPC分类号: G06F17/30

    CPC分类号: G06F17/30864 G06F21/6227

    摘要: Embodiments relate to processing encrypted data, and in particular to identifying an appropriate layer of encryption useful for processing a query. Such identification (also known as the onion selection problem) is achieved utilizing an adjustable onion encryption procedure. Based upon defined requirements of policy configuration, alternative resolution, and conflict resolution, the adjustable onion encryption procedure entails translating a query comprising an expression in a database language (e.g. SQL) into an equivalent query on encrypted data. The onion may be configured in almost arbitrary ways directing the onion selection. An execution function introduces an execution split to allow local (e.g. client-side) query fulfillment that may otherwise not be possible in a secure manner on the server-side. A searchable encryption function may also be employed, and embodiments accommodate aggregation via homomorphic encryption. Embodiments may be implemented as an in-memory column store database system.

    摘要翻译: 实施例涉及处理加密数据,特别是涉及识别适用于处理查询的适当加密层。 利用可调节的洋葱加密程序实现了这种识别(也称为洋葱选择问题)。 根据策略配置,替代解决方案和冲突解决的定义要求,可调节洋葱加密过程需要将包含数据库语言(例如SQL)中的表达式的查询转换为对加密数据的等效查询。 洋葱可以以几乎任意方式配置,以指导洋葱选择。 执行功能引入执行分割以允许在服务器端以安全的方式可能不可能的本地(例如客户端)查询执行。 还可以采用可搜索的加密功能,并且实施例通过同态加密适应聚合。 实施例可以被实现为内存中列存储数据库系统。

    Method for operating a telecommunications system, and a telecommunications system in which the method can be used
    3.
    发明授权
    Method for operating a telecommunications system, and a telecommunications system in which the method can be used 失效
    用于操作电信系统的方法,以及可以使用该方法的电信系统

    公开(公告)号:US5983110A

    公开(公告)日:1999-11-09

    申请号:US844234

    申请日:1997-04-18

    申请人: Mathias Kohler Knut Haberland-Schlosser

    发明人: Mathias Kohler Knut Haberland-Schlosser

    IPC分类号: H04M1/725 H04W48/12 H04W74/00 H04W88/02 H04Q7/32

    CPC分类号: H04W74/006 H04M1/72505 H04M1/72511 H04W88/02 H04W48/12

    摘要: The invention relates to a method for operating a telecommunications system having a switching station (BS) and a plurality of internal subscriber stations (HA1, HA2, HA3, HA4) which are connected to it and with whose aid the switching station (BS) can simultaneously operate a limited number of channels of the same or a different type and is characterized in that the switching station (BS) reports to all the internal subscriber stations (HA1, HA2, HA3, HA4) by transmitting a respective busy signal that a channel of the appropriate type is not available, each internal subscriber station (HA1, HA2, HA3, HA4) is changed by the busy signal to a state in which it cannot initiate a connection being set up on the corresponding channel. It furthermore relates to a telecommunications system for carrying out the method, which is characterized in that the switching station (BS) contains a signal generator (SG) which produces a respective busy signal and sends it to all the internal subscriber stations (HA1, HA2, HA3, HA4) when a channel of corresponding type is not available, and each of the internal subscriber stations (HA1, HA2, HA3, HA4) contains a blocking device (B), which can be driven by the respective busy signal and, on reception of the respective busy signal, changes the internal subscriber station (HA1, HA2, HA3, HA4) to a state in which it cannot initiate a connection being set up on the corresponding channel.

    摘要翻译: 本发明涉及一种用于操作具有交换站(BS)和多个内部用户站(HA1,HA2,HA3,HA4)的电信系统的方法,所述多个内部用户站(HA1,HA2,HA3,HA4)连接到该交换站并且借助于交换站(BS) 同时操作相同或不同类型的有限数量的信道,其特征在于,交换站(BS)通过发送相应的忙信号来向所有内部用户站(HA1,HA2,HA3,HA4)报告信道 (HA1,HA2,HA3,HA4)由忙信号改变为无法启动在相应通道上建立连接的状态。 此外,本发明还涉及一种用于执行该方法的电信系统,其特征在于,交换站(BS)包含产生相应忙信号的信号发生器(SG),并将其发送到所有内部用户站(HA1,HA2 ,HA3,HA4),并且每个内部用户站(HA1,HA2,HA3,HA4)都包含阻塞装置(B),其可由相应的忙信号驱动, 在接收到相应的忙信号时,将内部用户台(HA1,HA2,HA3,HA4)改变为不能在相应信道上发起建立连接的状态。

    AVERAGE-COMPLEXITY IDEAL-SECURITY ORDER-PRESERVING ENCRYPTION
    5.
    发明申请
    AVERAGE-COMPLEXITY IDEAL-SECURITY ORDER-PRESERVING ENCRYPTION 有权
    平均复杂度理想安全订单保存加密

    公开(公告)号:US20150149773A1

    公开(公告)日:2015-05-28

    申请号:US14088123

    申请日:2013-11-22

    申请人: FLORIAN KERSCHBAUM AXEL SCHROEPFER PATRICK GROFIG ISABELLE HANG MARTIN HAERTERICH MATHIAS KOHLER ANDREAS SCHAAD WALTER TIGHZERT

    发明人: FLORIAN KERSCHBAUM AXEL SCHROEPFER PATRICK GROFIG ISABELLE HANG MARTIN HAERTERICH MATHIAS KOHLER ANDREAS SCHAAD WALTER TIGHZERT

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0428 G06F21/6227 H04L9/008 H04L9/0637 H04L9/14 H04L2209/76

    摘要: Embodiments provide ideal security, order-preserving encryption (OPE) of data of average complexity, thereby allowing processing of the encrypted data (e.g. at a database server in response to received queries). Particular embodiments achieve high encryption efficiency by processing plaintext in the order preserved by an existing compression dictionary already available to a database. Encryption is based upon use of a binary search tree of n nodes, to construct an order-preserving encryption scheme having Ω(n) complexity and even O(n), in the average case. A probability of computationally intensive updating (which renders conventional OPE impractical for ideal security) is substantially reduced by leveraging the demonstrated tendency of a height of the binary search tree to be tightly centered around O(log n). An embodiment utilizing such an encryption scheme is described in the context of a column-store, in-memory database architecture comprising n elements. OPE according to embodiments is compatible with adjustable encryption approaches.

    摘要翻译: 实施例提供平均复杂度的数据的理想的安全性,订单保留加密(OPE),从而允许加密数据的处理(例如在数据库服务器响应于接收到的查询)。 特定实施例通过以数据库已经可用的现有压缩字典保存的顺序处理明文来实现高加密效率。 加密是基于使用n个节点的二叉搜索树来构造在平均情况下具有&OHgr(n)复杂度甚至O(n)的订单保留加密方案。 通过利用二叉搜索树的高度以O(log n)为中心的显示趋势,大大减少了计算密集型更新的概率(这使得传统OPE对理想安全性不切实际)。 在包含n个元素的列存储器内存数据库架构的上下文中描述了利用这种加密方案的实施例。 根据实施例的OPE与可调整的加密方法兼容。

    Optimal Re-Encryption Strategy for Joins in Encrypted Databases
    6.
    发明申请
    Optimal Re-Encryption Strategy for Joins in Encrypted Databases 有权
    加密数据库连接的最佳重新加密策略

    公开(公告)号:US20150019879A1

    公开(公告)日:2015-01-15

    申请号:US13938571

    申请日:2013-07-10

    申请人: Martin Haerterich Florian Kerschbaum Patrick Grofig Mathias Kohler Andreas Schaad Axel Schroepfer Walter Tighzert

    发明人: Martin Haerterich Florian Kerschbaum Patrick Grofig Mathias Kohler Andreas Schaad Axel Schroepfer Walter Tighzert

    IPC分类号: G06F21/60

    CPC分类号: G06F21/602 G06F17/30345 G06F21/6218 G06F21/6227 G06F2221/2107

    摘要: Methods, systems, and computer-readable storage media for selecting columns for re-encryption in join operations. In some implementations, actions include determining a first column and a second column to be joined, receiving a first key corresponding to the first column and a second key corresponding to the second column, receiving a first rank associated with the first key and a second rank associated with the second key, selecting the second column for re-encryption based on the first rank and the second rank, and providing the first column, the second column, and the first key for performing a join operation, the second column being re-encrypted based on the first key.

    摘要翻译: 用于在连接操作中选择用于重新加密的列的方法,系统和计算机可读存储介质。 在一些实现中,动作包括确定要连接的第一列和第二列,接收对应于第一列的第一键和对应于第二列的第二键,接收与第一键相关联的第一列和第二列 与所述第二密钥相关联,基于所述第一等级和所述第二等级选择所述第二列进行重新加密,并且提供所述第一列,所述第二列和用于执行连接操作的所述第一密钥, 基于第一个密钥进行加密。

    SYSTEM TO AVOID POLICY-BASED DEADLOCKS IN WORKFLOW EXECUTION
    7.
    发明申请
    SYSTEM TO AVOID POLICY-BASED DEADLOCKS IN WORKFLOW EXECUTION 审中-公开
    在工作流程中避免基于政策的死刑犯的制度

    公开(公告)号:US20090198548A1

    公开(公告)日:2009-08-06

    申请号:US12025889

    申请日:2008-02-05

    申请人: Mathias Kohler Andreas Schaad

    发明人: Mathias Kohler Andreas Schaad

    IPC分类号: G06Q10/00 G06F17/00

    CPC分类号: G06Q10/06 G06Q10/0633

    摘要: A computer-implemented method avoids policy-based deadlocks in execution of a workflow. The method includes receiving information describing a workflow. The workflow includes tasks, roles, site of tasks and security constraints related to the tasks. A data structure, representative of relationships between the tasks and the security constraints is automatically generated. An automated, design-time evaluation is performed using the data structure to determine a minimal number of resources to be assigned to the roles in order to execute the tasks of the workflow, and to avoid deadlock in execution of the tasks of the workflow as a result of security constraints.

    摘要翻译: 计算机实现的方法可以避免执行工作流时基于策略的死锁。 该方法包括接收描述工作流的信息。 工作流包括与任务相关的任务,角色,任务站点和安全约束。 自动生成代表任务与安全约束之间关系的数据结构。 使用数据结构执行自动化的设计时评估,以确定要分配给角色的资源的最少数量以执行工作流的任务,并且避免在执行工作流的任务时的死锁 安全约束的结果。

    Adjustable proxy re-encryption
    9.
    发明授权
    Adjustable proxy re-encryption 有权
    可调代理重新加密

    公开(公告)号:US09537838B2

    公开(公告)日:2017-01-03

    申请号:US14579317

    申请日:2014-12-22

    申请人: Isabelle Hang Florian Kerschbaum Mathias Kohler Martin Haerterich Florian Hahn Axel Schroepfer Walter Tighzert Andreas Schaad

    发明人: Isabelle Hang Florian Kerschbaum Mathias Kohler Martin Haerterich Florian Hahn Axel Schroepfer Walter Tighzert Andreas Schaad

    IPC分类号: H04L29/06

    CPC分类号: H04L63/0464 H04L63/0471 H04L63/0807

    摘要: Methods, systems, and computer-readable storage media for proxy re-encryption of encrypted data stored in a first database of a first server and a second database of a second server. Implementations include actions of receiving a first token at the first server from a client-side computing device, providing a first intermediate re-encrypted value based on a first encrypted value and the first token, transmitting the first intermediate re-encrypted value to the second server, receiving a second intermediate re-encrypted value from the second server, the second intermediate re-encrypted value having been provided by encrypting the first encrypted value at the second server based on a second token, providing the first encrypted value as a first re-encrypted value based on the first intermediate re-encrypted value and the second intermediate re-encrypted value, and storing the first re-encrypted value in the first database.

    摘要翻译: 用于对存储在第一服务器的第一数据库和第二服务器的第二数据库中的加密数据进行代理重新加密的方法,系统和计算机可读存储介质。 实现包括从客户端计算设备在第一服务器处接收第一令牌的动作,基于第一加密值和第一令牌提供第一中间重新加密的值,将第一中间重新加密值发送到第二中继重新加密值 服务器,从第二服务器接收第二中间重新加密的值,第二中间重新加密值是通过基于第二令牌加密第二服务器处的第一加密值而提供的,提供第一加密值作为第一重新 基于所述第一中间重新加密值和所述第二中间重新加密值的加密值,并将所述第一重新加密值存储在所述第一数据库中。

    ACCESS CONTROL FOR ENCRYPTED QUERY PROCESSING
    10.
    发明申请
    ACCESS CONTROL FOR ENCRYPTED QUERY PROCESSING 有权
    加密查询处理的访问控制

    公开(公告)号:US20160357869A1

    公开(公告)日:2016-12-08

    申请号:US14582471

    申请日:2014-12-24

    申请人: Isabelle Hang Florian Kerschbaum Martin Haerterich Mathias Kohler Andreas Schaad Axel Schroepfer Walter Tighzert

    发明人: Isabelle Hang Florian Kerschbaum Martin Haerterich Mathias Kohler Andreas Schaad Axel Schroepfer Walter Tighzert

    IPC分类号: G06F17/30 H04L29/06

    CPC分类号: G06F17/30867 G06F17/30433 G06F17/30528 G06F17/30554 H04L63/0428 H04L63/104

    摘要: Methods, systems, and computer-readable storage media for enforcing access control in encrypted query processing. Implementations include actions of obtaining a set of user groups based on the user credential and a user group mapping, obtaining a set of relations based on the query, obtaining a set of virtual relations based on the set of user groups and the set of relations, receiving a first rewritten query based on the set of virtual relations and a query rewriting operation, encrypting the first rewritten query to provide an encrypted query, and transmitting the encrypted query to at least one server computing device over a network for execution of the encrypted query over access controlled, encrypted data.

    摘要翻译: 用于在加密查询处理中执行访问控制的方法,系统和计算机可读存储介质。 实现包括基于用户凭证和用户组映射获取一组用户组的动作,基于查询获得一组关系,基于该组用户组和该组关系获得一组虚拟关系, 基于所述一组虚拟关系和查询重写操作接收第一重写查询,对所述第一重写查询进行加密以提供加密查询,以及通过网络将加密查询发送到至少一个服务器计算设备以执行加密查询 通过访问控制,加密数据。