公开(公告)号：US20200162250A1

公开(公告)日：2020-05-21

申请号：US16733649

申请日：2020-01-03

申请人： International Business Machines Corporation

发明人： Pedro M. Barbas ,  Joseph Duffy ,  Ken Maycock ,  David M. Tilson

IPC分类号： H04L9/08 ,  H04L9/30 ,  H04L9/14 ,  G06F11/14 ,  G06F21/62 ,  G06F21/60 ,  H04N21/2318 ,  H04L29/08 ,  G06F3/06 ,  G06F16/182

摘要： As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

公开(公告)号：US20200074107A1

公开(公告)日：2020-03-05

申请号：US16120489

申请日：2018-09-04

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Pedro M. Barbas ,  David Kelly ,  Martin J. Neary ,  Johnson Uman

IPC分类号： G06F21/62 ,  G06F17/30

摘要： A method, system and computer program for implementing fine-grained access control (FGAC) of data stored in a dataset. In response to receiving a data query statement from a user, any representational index exclusions that are relevant to the data query statement are identified, wherein each index exclusion specifies an access restriction to the data. It is then determined whether any of the identified representational index exclusions are to be applied to the data query statement, and if ‘yes’ then the data query statement is modified before being processed, so that processing of the query takes place by searching the dataset under restriction of the representational index exclusions. The proposed approach allows for easy creation and modification of FGAC privacy rules without introducing performance gaps in processing the data query statements.

公开(公告)号：US20180096051A1

公开(公告)日：2018-04-05

申请号：US15834180

申请日：2017-12-07

申请人： International Business Machines Corporation

发明人： Pedro M. Barbas ,  Konrad Emanowicz ,  Enda McCallig ,  Aslam F. Nomani ,  Lei Pan

IPC分类号： G06F17/30 ,  G06F11/36

CPC分类号： G06F16/285 ,  G06F11/3684 ,  G06F16/221 ,  G06F16/2237 ,  G06F16/2365

摘要： As disclosed herein, a method includes receiving a plurality of datasets from a database, wherein each dataset comprises one or more data fields represented in a single data format, and wherein the data fields from at least two of the datasets are represented in different data formats, combining the plurality of datasets to provide a created data column corresponding to all of the data fields from the plurality of datasets, organizing the data column into data clusters, wherein each data cluster includes data fields represented in a single data format, and wherein each data field belongs to a data cluster, providing a key-value map referencing data fields with respect to their corresponding data formats, and verifying the database with respect to the created column. A corresponding computer program product and computer system are also disclosed.

公开(公告)号：US09929861B2

公开(公告)日：2018-03-27

申请号：US15497311

申请日：2017-04-26

申请人： International Business Machines Corporation

发明人： Pedro M. Barbas ,  Joseph Duffy ,  Ken Maycock ,  David M. Tilson

IPC分类号： H04L29/06 ,  H04L9/08 ,  H04L9/14 ,  H04L9/30 ,  G06F11/14

CPC分类号： G06F21/602 ,  G06C1/00 ,  G06F11/1448 ,  G06F11/1464 ,  G06F21/6209 ,  G06F2201/80 ,  G06F2201/805 ,  G06F2221/2107 ,  H04L9/085 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/30

摘要： As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

公开(公告)号：US11163904B2

公开(公告)日：2021-11-02

申请号：US16120489

申请日：2018-09-04

申请人： INTERNATIONAL BUSINESS MACHINES CORPORATION

发明人： Pedro M. Barbas ,  David Kelly ,  Martin J. Neary ,  Johnson Uman

IPC分类号： G06F21/62 ,  G06F16/242 ,  G06F16/2455

摘要： A method, system and computer program for implementing fine-grained access control (FGAC) of data stored in a dataset. In response to receiving a data query statement from a user, any representational index exclusions that are relevant to the data query statement are identified, wherein each index exclusion specifies an access restriction to the data. It is then determined whether any of the identified representational index exclusions are to be applied to the data query statement, and if ‘yes’ then the data query statement is modified before being processed, so that processing of the query takes place by searching the dataset under restriction of the representational index exclusions. The proposed approach allows for easy creation and modification of FGAC privacy rules without introducing performance gaps in processing the data query statements.

公开(公告)号：US10678775B2

公开(公告)日：2020-06-09

申请号：US15385235

申请日：2016-12-20

申请人： International Business Machines Corporation

发明人： Pedro M. Barbas ,  Paddy Burke ,  Gary F. Murtagh ,  David M. Tilson

IPC分类号： G06F16/00 ,  G06F16/23

摘要： Evaluating integrity of database workloads includes receiving transactional database lock commands from concurrent users and identifying a usage pattern of lock actions when results of an execution of the transactional database lock commands match a usage pattern for a data integrity rule. The data integrity rule is added to a set of one or more data integrity rules for the transactional database lock commands. The transactional database lock commands and the set of one or more data integrity rules are forwarded from a primary database server to a duplicate database server that is equivalent to the primary database server and configured to execute the transactional database lock commands while applying the one or more data integrity rules. Anomalies indicating a data integrity problem may be detected based on a comparison of the results of the executions at the primary database server and the duplicate database server.

公开(公告)号：US10554403B2

公开(公告)日：2020-02-04

申请号：US16412629

申请日：2019-05-15

申请人： International Business Machines Corporation

发明人： Pedro M. Barbas ,  Joseph Duffy ,  Ken Maycock ,  David M. Tilson

IPC分类号： H04L29/06 ,  H04L9/08 ,  G06F21/60 ,  G06F11/14 ,  H04L9/30 ,  H04L9/14 ,  G06F21/62 ,  H04N21/2318 ,  H04L29/08 ,  G06F3/06 ,  G06F16/182 ,  G06C1/00

摘要： As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

公开(公告)号：US20190305947A1

公开(公告)日：2019-10-03

申请号：US16414142

申请日：2019-05-16

申请人： International Business Machines Corporation

发明人： Pedro M. Barbas ,  Joseph Duffy ,  Ken Maycock ,  David M. Tilson

IPC分类号： H04L9/08 ,  G06F21/62 ,  G06F11/14 ,  H04L9/14 ,  H04L9/30 ,  G06F21/60

摘要： As disclosed herein a computer system for secure database backup and recovery in a secure database network has N distributed data nodes. The computer system includes program instructions that include instructions to receive a database backup file, fragment the file using a fragment engine, and associate each fragment with one node, where the fragment is not stored on the associated node. The program instructions further include instructions to encrypt each fragment using a first encryption key, and store, randomly, encrypted fragments on the distributed data nodes. The program instructions further include instructions to retrieve the encrypted fragments, decrypt the encrypted fragments using the first encryption key, re-encrypt the decrypted fragments using a different encryption key, and store, randomly, the re-encrypted fragments on the distributed data nodes. A computer program product and method corresponding to the above computer system are also disclosed herein.

公开(公告)号：US20180137112A1

公开(公告)日：2018-05-17

申请号：US15350435

申请日：2016-11-14

申请人： International Business Machines Corporation

发明人： Pedro M. Barbas ,  Konrad Emanowicz ,  Gareth Jenkins ,  Enda McCallig ,  Lei Pan

IPC分类号： G06F17/30 ,  H04L29/08

CPC分类号： G06F16/214 ,  H04L67/10

摘要： Data structures stored on a source database are migrated to a destination database in which the data are structured in a different format than that of the source database. Dictionaries are stored that are based on representations of the data structures stored on the source database that are formatted in other than the structural format used on the source database for the data structures. One of the data structures and a corresponding one of the dictionaries are transferred from the source database to a destination database. The transferred data structure is loaded onto the destination database in accordance with the transferred dictionary.

公开(公告)号：US20170351746A1

公开(公告)日：2017-12-07

申请号：US15173982

申请日：2016-06-06

申请人： International Business Machines Corporation

发明人： Pedro M. Barbas ,  Konrad Emanowicz ,  Enda McCallig ,  Aslam F. Nomani ,  Lei Pan

IPC分类号： G06F17/30 ,  G06F11/36

CPC分类号： G06F16/285 ,  G06F11/3684 ,  G06F16/221 ,  G06F16/2237 ,  G06F16/2365

摘要： As disclosed herein, a method includes receiving a plurality of datasets from a database, wherein each dataset comprises one or more data fields represented in a single data format, and wherein the data fields from at least two of the datasets are represented in different data formats, combining the plurality of datasets to provide a created data column corresponding to all of the data fields from the plurality of datasets, organizing the data column into data clusters, wherein each data cluster includes data fields represented in a single data format, and wherein each data field belongs to a data cluster, providing a key-value map referencing data fields with respect to their corresponding data formats, and verifying the database with respect to the created column. A corresponding computer program product and computer system are also disclosed.