公开(公告)号：US20060179040A1

公开(公告)日：2006-08-10

申请号：US11053105

申请日：2005-02-08

申请人： Paul Bird ,  David Kaminsky ,  Sam Lightstone ,  Walid Rjaibi

发明人： Paul Bird ,  David Kaminsky ,  Sam Lightstone ,  Walid Rjaibi

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F17/30306 ,  G06F17/30477

摘要： A method, system and apparatus for data leak prevention. An information system, such as a database system, which has been configured for data leak protection in accordance with the present invention can include an IDS coupled to the information system and a data leak protection system configured to apply a data leak protection policy for result sets produced by the information system in response to a database query. The data leak protection policy can include a listing of data shapes and corresponding remedial measures. The data leak protection policy further can include consideration for metrics produced by the IDS.

摘要翻译： 一种防止数据泄露的方法，系统和装置。 根据本发明已被配置用于数据泄漏保护的诸如数据库系统的信息系统可以包括耦合到信息系统的IDS和被配置为对结果集合应用数据泄漏保护策略的数据泄漏保护系统 由信息系统生成的响应数据库查询。 数据泄漏保护策略可以包括数据形状列表和相应的补救措施。 数据泄漏保护政策还可以包括对IDS产生的度量的考虑。

公开(公告)号：US20070136291A1

公开(公告)日：2007-06-14

申请号：US11299857

申请日：2005-12-12

申请人： Paul Bird ,  Walid Rjaibi

发明人： Paul Bird ,  Walid Rjaibi

IPC分类号： G06F17/30

CPC分类号： G06F21/6227

摘要： A method, computer program product, and system for controlling access to elements in a database object are provided. The method, computer program product, and system provide for receiving a request from a user to access the database object, determining whether an access restriction is imposed on the database object, and controlling access to the elements in the database object by the user based on the access restriction. The access restriction specifies one or more users to which the access restriction is applicable, defines a dynamic condition the one or more users must satisfy in order to access the database object, and identifies one or more of the elements in the database object accessible to the one or more users when the dynamic condition is satisfied.

摘要翻译： 提供了一种用于控制对数据库对象中的元素的访问的方法，计算机程序产品和系统。 所述方法，计算机程序产品和系统提供用于接收来自用户访问所述数据库对象的请求，确定对所述数据库对象是否施加访问限制，以及基于用户对所述数据库对象中的元素的访问，基于 访问限制。 访问限制指定访问限制适用于的一个或多个用户，定义一个或多个用户必须满足以访问数据库对象的动态条件，并且识别可访问的数据库对象中的一个或多个元素 当满足动态条件时，一个或多个用户。

公开(公告)号：US20060143436A1

公开(公告)日：2006-06-29

申请号：US11023921

申请日：2004-12-27

申请人： Paul Bird ,  Gayathiri Chandran ,  Curt Cotner ,  Adrian Lobo ,  James Pickel ,  Walid Rjaibi

发明人： Paul Bird ,  Gayathiri Chandran ,  Curt Cotner ,  Adrian Lobo ,  James Pickel ,  Walid Rjaibi

IPC分类号： H04L9/00

CPC分类号： H04L63/08 ,  H04L63/102

摘要： A method and system for establishing a connection between a data server and a middleware server is disclosed. The method and system include defining a plurality of trust attributes corresponding to a trusted context between the middleware server and the data server and validating the plurality of trust attributes against a plurality of attributes corresponding to the middleware server. The plurality of attributes provided in a connection request. The method and system also include establishing the trusted context based on the validating the plurality of trust attributes.

摘要翻译： 公开了一种用于在数据服务器和中间件服务器之间建立连接的方法和系统。 所述方法和系统包括定义与中间件服务器和数据服务器之间的可信上下文相对应的多个信任属性，并针对对应于中间件服务器的多个属性来验证多个信任属性。 在连接请求中提供的多个属性。 所述方法和系统还包括基于验证所述多个信任属性建立所述受信任上下文。

公开(公告)号：US20060123468A1

公开(公告)日：2006-06-08

申请号：US11008507

申请日：2004-12-08

申请人： Paul Bird ,  Curt Cotner ,  Walid Rjaibi ,  Timothy Vincent

发明人： Paul Bird ,  Curt Cotner ,  Walid Rjaibi ,  Timothy Vincent

IPC分类号： H04L9/32

CPC分类号： H04L63/083 ,  G06F17/30286

摘要： A data server of a data processing system is operably coupled to a database and in communication with a middleware server. A connection between the data server and the middleware server is established and managed. A set of attributes identifying trusted middleware servers is instituted with the data server. The middleware server transmits a connection request to the data server. The connection request has request attributes including identifying the connection request as being for a new connection or reuse of an existing connection with different connection request attributes. A connection with the middleware server is established by the data server based on the connection request. A connection status message is received by the middleware server from the data server indicating a status of the connection request. A trust indicator for the connection is established at the data server according to a trust status identified by the set of attributes for the middleware server.

摘要翻译： 数据处理系统的数据服务器可操作地耦合到数据库并与中间件服务器通信。 建立和管理数据服务器与中间件服务器之间的连接。 数据服务器建立了识别可信中间件服务器的一组属性。 中间件服务器向数据服务器发送连接请求。 连接请求具有请求属性，包括将连接请求标识为用于新连接或重新使用具有不同连接请求属性的现有连接。 数据服务器根据连接请求建立与中间件服务器的连接。 连接状态消息由中间件服务器从数据服务器接收到，指示连接请求的状态。 根据由中间件服务器的属性集识别的信任状态，在数据服务器处建立用于连接的信任指示符。

公开(公告)号：US20050267865A1

公开(公告)日：2005-12-01

申请号：US10855106

申请日：2004-05-26

申请人： Paul Bird ,  Walid Rjaibi

发明人： Paul Bird ,  Walid Rjaibi

IPC分类号： G06F17/00 ,  G06F17/30

CPC分类号： G06F17/30448

摘要： Disclosed is a data processing-implemented method, a data processing system, and an article of manufacture for modifying a query during compilation of the query. The query includes a request for an element of data from a table in a database and parameters identifying the requested element. The data processing-implemented method includes determining available information from parameters for locating a classification of the requested element and a classification associated with the query, the requested data classification controlling access to the requested element according to the query associated classification, requesting a suggested action from an external system for obtaining a comparison of the requested data classification and the query associated classification based on the available information, receiving the suggested action from the external system responsive to the sent request, and incorporating the suggested action into the query, the suggested action effecting comparison of the requested data classification with the query associated classification.

摘要翻译： 公开了一种数据处理实现的方法，数据处理系统和用于在查询的编译期间修改查询的制品。 该查询包括对来自数据库中的表的数据元素的请求以及标识所请求元素的参数。 数据处理实现的方法包括从用于定位所请求的元素的分类和与查询相关联的分类的参数确定可用信息，所请求的数据分类根据查询关联分类来控制对所请求的元素的访问，请求建议的动作 用于基于所述可用信息获得所请求的数据分类和所述查询关联分类的比较的外部系统，响应于所发送的请求从所述外部系统接收所述建议的动作，并将所述建议的动作合并到所述查询中，所述建议的动作 请求的数据分类与查询关联分类的比较。

公开(公告)号：US20060059567A1

公开(公告)日：2006-03-16

申请号：US11036839

申请日：2005-01-15

申请人： Paul Bird ,  Walid Rjaibi

发明人： Paul Bird ,  Walid Rjaibi

IPC分类号： H04L9/32 ,  H04L9/00 ,  G06F17/30 ,  H04K1/00 ,  G06F7/04 ,  G06K9/00 ,  H03M1/68 ,  H04N7/16

CPC分类号： G06F12/1466 ,  G06F21/6218 ,  G06F21/6227 ,  G06F2221/2113

摘要： A data processing system having memory stores data elements, and includes an access control system that controls user access to the stored data elements using security label components. Each stored data element is associated with a set of data security label components, and each user is associated with a set of user security label components. The access control system receives a user request to access the stored data elements, compares the set of user security label components to the set of data security label components associated with the users, and based on the comparison result, determines whether or not to permit access to the stored data.

摘要翻译： 具有存储器的数据处理系统存储数据元素，并且包括访问控制系统，其使用安全标签组件来控制对存储的数据元素的访问。 每个存储的数据元素与一组数据安全标签组件相关联，并且每个用户与一组用户安全标签组件相关联。 访问控制系统接收访问存储的数据元素的用户请求，将用户安全标签组件的集合与与用户相关联的数据安全标签组件的集合进行比较，并且基于比较结果，确定是否允许访问 到存储的数据。

公开(公告)号：US20050192939A1

公开(公告)日：2005-09-01

申请号：US10788515

申请日：2004-02-27

申请人： Paul Bird ,  Walid Rjaibi

发明人： Paul Bird ,  Walid Rjaibi

IPC分类号： G06F17/30 ,  G06F21/00

CPC分类号： G06F21/6227

摘要： In accordance with one aspect of the present invention, there is provided a system and method for providing classification security in a database management system, in which the database management system operates cooperatively with an external classification engine. A classified table with declared interactions with the external classification engine is employed. A statement containing a request for access to data stored in the classified table is compiled into executable instructions. When these instructions are executed, the external classification engine is invoked that generates an indicator of whether a user is to be permitted access to data stored in each of one or more rows of the classified table, by comparing one or more classifications associated with the user to a classification derived from data stored in each respective row. The indicator is returned to the database management system and used to determine what rows of data are to be retrieved from the classified table.

摘要翻译： 根据本发明的一个方面，提供了一种用于在数据库管理系统中提供分类安全性的系统和方法，其中数据库管理系统与外部分类引擎协同工作。 采用与外部分类引擎宣称的相互作用的分类表。 包含访问存储在分类表中的数据的请求的语句被编译成可执行指令。 当执行这些指令时，调用外部分类引擎，通过比较与用户相关联的一个或多个分类，生成用户是否被允许访问存储在分类表的一行或多行中的数据的指示符 来自存储在每个相应行中的数据的分类。 指示符返回到数据库管理系统，用于确定从分类表中检索哪些数据行。

公开(公告)号：US07827608B2

公开(公告)日：2010-11-02

申请号：US11053105

申请日：2005-02-08

申请人： Paul M. Bird ,  David L. Kaminsky ,  Sam S. Lightstone ,  Walid Rjaibi

发明人： Paul M. Bird ,  David L. Kaminsky ,  Sam S. Lightstone ,  Walid Rjaibi

IPC分类号： G06F11/00 ,  G06F12/14 ,  G06F13/00 ,  G08B23/00

CPC分类号： G06F21/6227 ,  G06F17/30306 ,  G06F17/30477

摘要： A method, system and apparatus for data leak prevention. An information system, such as a database system, which has been configured for data leak protection in accordance with the present invention can include an IDS coupled to the information system and a data leak protection system configured to apply a data leak protection policy for result sets produced by the information system in response to a database query. The data leak protection policy can include a listing of data shapes and corresponding remedial measures. The data leak protection policy further can include consideration for metrics produced by the IDS.

摘要翻译： 一种防止数据泄露的方法，系统和装置。 根据本发明已被配置用于数据泄漏保护的诸如数据库系统的信息系统可以包括耦合到信息系统的IDS和被配置为对结果集合应用数据泄漏保护策略的数据泄漏保护系统 由信息系统生成的响应数据库查询。 数据泄漏保护策略可以包括数据形状列表和相应的补救措施。 数据泄漏保护政策还可以包括对IDS产生的度量的考虑。

公开(公告)号：US07568039B2

公开(公告)日：2009-07-28

申请号：US11023921

申请日：2004-12-27

申请人： Paul M. Bird ,  Gayathiri R. Chandran ,  Curt L. Cotner ,  Adrian B. Lobo ,  James W. Pickel ,  Walid Rjaibi

发明人： Paul M. Bird ,  Gayathiri R. Chandran ,  Curt L. Cotner ,  Adrian B. Lobo ,  James W. Pickel ,  Walid Rjaibi

IPC分类号： G06F21/00

CPC分类号： H04L63/08 ,  H04L63/102

摘要： A method for establishing a connection between a data server and a middleware server is disclosed. The method includes defining a plurality of trust attributes corresponding to a trusted context between the middleware server and the data server and validating the plurality of trust attributes against a plurality of attributes corresponding to the middleware server. The plurality of attributes provided in a connection request. The method also includes establishing the trusted context based on the validating the plurality of trust attributes.

摘要翻译： 公开了一种在数据服务器和中间件服务器之间建立连接的方法。 该方法包括定义与中间件服务器和数据服务器之间的信任上下文相对应的多个信任属性，并针对对应于中间件服务器的多个属性来验证多个信任属性。 在连接请求中提供的多个属性。 该方法还包括基于验证多个信任属性来建立可信赖的上下文。

公开(公告)号：US20080275880A1

公开(公告)日：2008-11-06

申请号：US12138312

申请日：2008-06-12

申请人： Paul Miller BIRD ,  Walid Rjaibi

发明人： Paul Miller BIRD ,  Walid Rjaibi

IPC分类号： G06F21/00 ,  G06F17/30

CPC分类号： G06F21/6227

摘要： A system for controlling access to elements in a database object are provided. The system provides for receiving a request from a user to access the database object, determining whether an access restriction is imposed on the database object, and controlling access to the elements in the database object by the user based on the access restriction. The access restriction specifies one or more users to which the access restriction is applicable, defines a dynamic condition the one or more users must satisfy in order to access the database object, and identifies one or more of the elements in the database object accessible to the one or more users when the dynamic condition is satisfied.

摘要翻译： 提供了用于控制对数据库对象中的元素的访问的系统。 系统提供从用户接收访问数据库对象的请求，确定对数据库对象是否施加访问限制，以及基于访问限制来控制用户对数据库对象中的元素的访问。 访问限制指定访问限制适用于的一个或多个用户，定义一个或多个用户必须满足以访问数据库对象的动态条件，并且识别可访问的数据库对象中的一个或多个元素 当满足动态条件时，一个或多个用户。