公开(公告)号：US07840551B2

公开(公告)日：2010-11-23

申请号：US11933756

申请日：2007-11-01

申请人： Daniel ManHung Wong ,  Amit Ganesh ,  Bipul Sinha ,  Chi Ching Chui

发明人： Daniel ManHung Wong ,  Amit Ganesh ,  Bipul Sinha ,  Chi Ching Chui

IPC分类号： G06F17/00

CPC分类号： G06F21/6227

摘要： One embodiment of the present invention provides a system for automatically classifying data in a database. During operation, the system receives and executes a database operation. Next, the system automatically determines if any data was modified as a result of executing the database operation. If so, for each data item that was modified, the system automatically determines if the data item is associated with a classification-rule. If so, the system automatically reclassifies the data item according to the classification-rule. If not, the system leaves a classification of the data item unchanged.

摘要翻译： 本发明的一个实施例提供一种用于在数据库中自动分类数据的系统。 在运行期间，系统接收并执行数据库操作。 接下来，由于执行数据库操作，系统会自动确定是否修改了任何数据。 如果是，对于修改的每个数据项，系统自动确定数据项是否与分类规则相关联。 如果是这样，系统会根据分类规则自动重新分类数据项。 如果没有，系统会保留数据项的分类。

公开(公告)号：US20100030781A1

公开(公告)日：2010-02-04

申请号：US11933756

申请日：2007-11-01

申请人： Daniel ManHung Wong ,  Amit Ganesh ,  Bipul Sinha ,  Chi Ching Chui

发明人： Daniel ManHung Wong ,  Amit Ganesh ,  Bipul Sinha ,  Chi Ching Chui

IPC分类号： G06F17/30

CPC分类号： G06F21/6227

摘要： One embodiment of the present invention provides a system for automatically classifying data in a database. During operation, the system receives and executes a database operation. Next, the system automatically determines if any data was modified as a result of executing the database operation. If so, for each data item that was modified, the system automatically determines if the data item is associated with a classification-rule. If so, the system automatically reclassifies the data item according to the classification-rule. If not, the system leaves a classification of the data item unchanged.

摘要翻译： 本发明的一个实施例提供一种用于在数据库中自动分类数据的系统。 在运行期间，系统接收并执行数据库操作。 接下来，由于执行数据库操作，系统会自动确定是否修改了任何数据。 如果是，对于修改的每个数据项，系统自动确定数据项是否与分类规则相关联。 如果是这样，系统会根据分类规则自动重新分类数据项。 如果没有，系统会保留数据项的分类。

公开(公告)号：US20110067084A1

公开(公告)日：2011-03-17

申请号：US12561461

申请日：2009-09-17

申请人： Ji-Won Byun ,  Chi Ching Chui ,  Daniel ManHung Wong ,  Chon Hei Lei

发明人： Ji-Won Byun ,  Chi Ching Chui ,  Daniel ManHung Wong ,  Chon Hei Lei

IPC分类号： G06F21/00 ,  G06F17/30

CPC分类号： G06F21/6209 ,  G06F16/217 ,  G06F16/2343

摘要： One embodiment of the present invention provides a system that secures a database configuration from undesired modifications. This system allows a security officer to issue a configuration-locking command, which activates a lock for the configuration of a database object. When a configuration lock is activated for a database object, the system prevents a user (e.g., a database administrator) from modifying the configuration of the database object, without restricting the user from accessing the database object itself. The security officer is a trusted user that is responsible for maintaining the stability of the database configuration, such that a configuration lock activated by the security officer preserves the database configuration by overriding the privileges assigned to a database administrator.

摘要翻译： 本发明的一个实施例提供一种确保数据库配置免受不期望的修改的系统。 该系统允许安全员发布配置锁定命令，该命令激活用于配置数据库对象的锁。 当为数据库对象激活配置锁定时，系统防止用户（例如，数据库管理员）修改数据库对象的配置，而不会限制用户访问数据库对象本身。 安全官员是一个值得信赖的用户，负责维护数据库配置的稳定性，使得由安全人员激活的配置锁定通过覆盖分配给数据库管理员的权限来保留数据库配置。

公开(公告)号：US10540508B2

公开(公告)日：2020-01-21

申请号：US12561461

申请日：2009-09-17

申请人： Ji-Won Byun ,  Chi Ching Chui ,  Daniel ManHung Wong ,  Chon Hei Lei

发明人： Ji-Won Byun ,  Chi Ching Chui ,  Daniel ManHung Wong ,  Chon Hei Lei

IPC分类号： G06F21/62

摘要： One embodiment of the present invention provides a system that secures a database configuration from undesired modifications. This system allows a security officer to issue a configuration-locking command, which activates a lock for the configuration of a database object. When a configuration lock is activated for a database object, the system prevents a user (e.g., a database administrator) from modifying the configuration of the database object, without restricting the user from accessing the database object itself. The security officer is a trusted user that is responsible for maintaining the stability of the database configuration, such that a configuration lock activated by the security officer preserves the database configuration by overriding the privileges assigned to a database administrator.

公开(公告)号：US08234694B2

公开(公告)日：2012-07-31

申请号：US11298775

申请日：2005-12-09

申请人： Paul Youn ,  Daniel ManHung Wong

发明人： Paul Youn ,  Daniel ManHung Wong

IPC分类号： H04L29/06

CPC分类号： H04L63/0846 ,  H04L63/0428

摘要： One embodiment of the present invention provides a system that re-establishes communication between a client and a server after an unexpected termination of communication. During operation, the system receives a request from the client at the server to re-establish communication between the client and the server, wherein the request includes a temporary credential. If the temporary credential is valid, the system temporarily re-establishes communication between the client and the server, until the client can be re-authenticated with a permanent credential.

摘要翻译： 本发明的一个实施例提供一种在意外终止通信之后重新建立客户端与服务器之间的通信的系统。 在操作期间，系统从服务器处的客户端接收请求，以重新建立客户端与服务器之间的通信，其中请求包括临时证书。 如果临时凭证有效，则系统会暂时重新建立客户端与服务器之间的通信，直到客户端可以通过永久凭证进行重新身份验证。

公开(公告)号：US07925023B2

公开(公告)日：2011-04-12

申请号：US11367812

申请日：2006-03-03

申请人： Paul Youn ,  Daniel ManHung Wong ,  Min-Hank Ho ,  Chon Hei Lei

发明人： Paul Youn ,  Daniel ManHung Wong ,  Min-Hank Ho ,  Chon Hei Lei

IPC分类号： H04L9/08

CPC分类号： H04L9/3234 ,  H04L9/083 ,  H04L9/3239 ,  H04L63/06 ,  H04L63/0807

摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.

摘要翻译： 本发明的一个实施例提供一种用于管理密钥的系统。 在运行期间，系统会在密钥管理器身份验证客户端。 接下来，系统在密钥管理器处从客户端接收令牌，其中令牌与客户密钥相关联，并且包括令牌认证器。 该令牌认证器包括认证器对的一半，用于确定客户端是客户密钥的所有者。 接下来，系统使用主密钥解密令牌。 然后，系统验证客户端认证器，客户端认证器包括用于确定客户端是否是客户密钥的所有者的认证器对的另一半。 如果客户端是客户密钥的所有者，则系统将客户密钥发送给客户端，这使得客户端能够对数据进行加密/解密。 最后，客户端删除客户密钥。

公开(公告)号：US07827403B2

公开(公告)日：2010-11-02

申请号：US11106181

申请日：2005-04-13

申请人： Daniel ManHung Wong ,  Chon Hei Lei

发明人： Daniel ManHung Wong ,  Chon Hei Lei

IPC分类号： H04L29/06 ,  H04L9/08 ,  G06F11/30 ,  G06F7/04 ,  G06F7/00 ,  G06F17/30 ,  G06F12/00 ,  H04L9/00

CPC分类号： G06F21/6227

摘要： One embodiment of the present invention provides a system that decrypts an encrypted column in a row. During operation, the system receives the encrypted column in the row. The system then determines a security domain associated with the encrypted column in the row, wherein the security domain represents a set of columns in rows encrypted using the same key. Next, the system determines a key associated with the security domain. The system then decrypts the encrypted column in the row using the key. Note that using a security domain to represent a set of columns in rows enables the database to grant access to data within the database at arbitrary levels of granularity.

摘要翻译： 本发明的一个实施例提供一种解密一行中的加密列的系统。 在操作期间，系统接收该行中的加密列。 然后，系统确定与行中的加密列相关联的安全域，其中安全域表示使用相同密钥加密的行中的一组列。 接下来，系统确定与安全域相关联的密钥。 系统然后使用密钥解密行中的加密列。 请注意，使用安全域来表示行中的一组列使数据库能够以任意级别的粒度为数据库内的数据授予访问权限。

公开(公告)号：US07751570B2

公开(公告)日：2010-07-06

申请号：US11398187

申请日：2006-04-04

申请人： Paul Youn ,  Daniel ManHung Wong

发明人： Paul Youn ,  Daniel ManHung Wong

IPC分类号： H04L9/08 ,  H04L9/00 ,  H04L9/32

CPC分类号： H04L9/0822 ,  H04L9/0891 ,  H04L63/0428 ,  H04L63/06 ,  H04L2463/062

摘要： One embodiment of the present invention provides a system for managing keys. During operation, the system receives a request from a user at a database to encrypt/decrypt data at the database. In response to this request, the system sends a user-token to the user, wherein the user-token includes a user-key encrypted with a user-secret thereby enabling the user to decrypt the user-key with the user-secret. Next, the system receives the decrypted user-key from the user. The system then uses the user-key to encrypt/decrypt the data at the database. Finally, the system deletes the user-key at the database.

摘要翻译： 本发明的一个实施例提供一种用于管理密钥的系统。 在操作期间，系统从数据库接收来自用户的请求，以对数据库中的数据进行加密/解密。 响应于该请求，系统向用户发送用户令牌，其中用户令牌包括用用户秘密加密的用户密钥，从而使用户能够以用户秘密解密用户密钥。 接下来，系统从用户接收解密的用户密钥。 然后，系统使用用户密钥对数据库中的数据进行加密/解密。 最后，系统删除数据库中的用户密钥。

公开(公告)号：US09418094B2

公开(公告)日：2016-08-16

申请号：US12030393

申请日：2008-02-13

申请人： Daniel ManHung Wong

发明人： Daniel ManHung Wong

IPC分类号： G06F17/30

CPC分类号： G06F17/30371 ,  G06F17/30368 ,  G06F17/30451

摘要： One embodiment of the present invention provides a system that facilitates performing multi-stage table updates. During operation, the system receives a query at a query processor, wherein executing the query causes an update to an entire table in a database. Next, the system estimates an amount of transaction log space required to execute the query. If the amount of transaction log space is greater than a pre-determined threshold, the system splits the query into a set of sub-queries, wherein an amount of transaction log space required by each sub-query in the set of sub-queries is less than the pre-determined threshold. For each sub-query in the set of sub-queries, the system executes the sub-query, and performs a mini-commit operation for the sub-query, wherein updates which comprise the mini-commit operation are not exposed to a user. Finally, when mini-commit operations have been performed for all of the sub-queries, the system performs a commit operation for the query.

摘要翻译： 本发明的一个实施例提供一种便于执行多级表更新的系统。 在操作期间，系统在查询处理器处接收查询，其中执行查询导致对数据库中的整个表的更新。 接下来，系统估计执行查询所需的事务日志空间量。 如果事务日志空间量大于预定阈值，则系统将查询分解成一组子查询，其中子查询集中的每个子查询所需的事务日志空间量是 小于预定阈值。 对于子查询集合中的每个子查询，系统执行子查询，并且执行子查询的小提交操作，其中包括小提交操作的更新不暴露给用户。 最后，当对所有子查询执行了微型提交操作时，系统对查询执行提交操作。

公开(公告)号：US09075831B2

公开(公告)日：2015-07-07

申请号：US11391033

申请日：2006-03-28

申请人： Daniel ManHung Wong

发明人： Daniel ManHung Wong

IPC分类号： G06F17/00 ,  G06F17/30

CPC分类号： G06F17/30377 ,  G06F17/30289 ,  G06F17/30348 ,  G06F17/30365 ,  G06F17/30368

摘要： One embodiment of the present invention provides a database system that facilitates modifying a row in a database table to include meta-data about operations performed on the row. During operation, the database receives a command to perform an operation on a row in a table of the database. The database then determines if executing the command necessitates updating an extensible row descriptor for the row, wherein the extensible row descriptor is a field in the row that contains meta-data about operations performed on the row. If so, the database updates the extensible row descriptor in a manner defined by an update rule for the extensible row descriptor.

摘要翻译： 本发明的一个实施例提供一种数据库系统，其有助于修改数据库表中的行以包括关于在该行上执行的操作的元数据。 在操作期间，数据库接收到对数据库表中的行执行操作的命令。 数据库然后确定执行命令是否需要更新该行的可扩展行描述符，其中可扩展行描述符是该行中包含有关在该行上执行的操作的元数据的字段。 如果是这样，数据库将以可扩展行描述符的更新规则所定义的方式更新可扩展行描述符。