公开(公告)号：US20120197919A1

公开(公告)日：2012-08-02

申请号：US13016010

申请日：2011-01-28

申请人： Stephen Yao Ching Chen ,  Curt L. Cotner ,  Gerald G. Kiernan ,  Irene Ching-Hua Liu ,  Claire W. McFeely ,  Walid Rjaibi ,  Timothy J. Vincent

发明人： Stephen Yao Ching Chen ,  Curt L. Cotner ,  Gerald G. Kiernan ,  Irene Ching-Hua Liu ,  Claire W. McFeely ,  Walid Rjaibi ,  Timothy J. Vincent

IPC分类号： G06F17/30

CPC分类号： G06F17/30315 ,  G06F17/30

摘要： Access to a data element stored within a database object is controlled. A request is received from a user to perform an operation in relation to the database object, the operation including retrieval of information from the data element of the database object. Prior to retrieving information from the data element, a determination is made whether at least a portion of the information from the data element is subject to masking in accordance with an access policy. In response to determining that information from the data element is subject to masking, the request is modified to require that information from the data element be retrieved in a masked condition.

摘要翻译： 控制对数据库对象中存储的数据元素的访问。 从用户接收到执行与数据库对象相关的操作的请求，该操作包括从数据库对象的数据元素检索信息。 在从数据元素检索信息之前，确定根据访问策略是否对来自数据元素的信息的至少一部分进行掩蔽。 响应于确定来自数据元素的信息被屏蔽，修改该请求以要求在掩蔽条件下检索来自数据元素的信息。

公开(公告)号：US08983985B2

公开(公告)日：2015-03-17

申请号：US13016010

申请日：2011-01-28

申请人： Stephen Yao Ching Chen ,  Curt L. Cotner ,  Gerald G. Kiernan ,  Irene Ching-Hua Liu ,  Claire W. McFeely ,  Walid Rjaibi ,  Timothy J. Vincent

发明人： Stephen Yao Ching Chen ,  Curt L. Cotner ,  Gerald G. Kiernan ,  Irene Ching-Hua Liu ,  Claire W. McFeely ,  Walid Rjaibi ,  Timothy J. Vincent

IPC分类号： G06F17/30

CPC分类号： G06F17/30315 ,  G06F17/30

摘要： Access to a data element stored within a database object is controlled. A request is received from a user to perform an operation in relation to the database object, the operation including retrieval of information from the data element of the database object. Prior to retrieving information from the data element, a determination is made whether at least a portion of the information from the data element is subject to masking in accordance with an access policy. In response to determining that information from the data element is subject to masking, the request is modified to require that information from the data element be retrieved in a masked condition.

摘要翻译： 控制对数据库对象中存储的数据元素的访问。 从用户接收到执行与数据库对象相关的操作的请求，该操作包括从数据库对象的数据元素检索信息。 在从数据元素检索信息之前，确定根据访问策略是否对来自数据元素的信息的至少一部分进行掩蔽。 响应于确定来自数据元素的信息被屏蔽，修改该请求以要求在掩蔽条件下检索来自数据元素的信息。

公开(公告)号：US08930410B2

公开(公告)日：2015-01-06

申请号：US13251448

申请日：2011-10-03

申请人： Eric L. Alton ,  Thomas A. Beavin ,  Harley W. Boughton ,  Yao-Ching S. Chen ,  Curt L. Cotner ,  Yuping Ding ,  Dengfeng Gao ,  Gerald G. Kiernan ,  Xun Li ,  Irene C. Liu ,  Walid Rjaibi ,  Gregory R. Stager ,  Joyce A. Taylor ,  Timothy J. Vincent ,  Liyan Zhou

发明人： Eric L. Alton ,  Thomas A. Beavin ,  Harley W. Boughton ,  Yao-Ching S. Chen ,  Curt L. Cotner ,  Yuping Ding ,  Dengfeng Gao ,  Gerald G. Kiernan ,  Xun Li ,  Irene C. Liu ,  Walid Rjaibi ,  Gregory R. Stager ,  Joyce A. Taylor ,  Timothy J. Vincent ,  Liyan Zhou

IPC分类号： G06F17/30

CPC分类号： G06F17/30477

摘要： According to one embodiment of the present invention, a system processes a database query, and comprises a computer system including at least one processor. The system identifies one or more expressions within the database query utilizing a database object with value masking. Masking requirements are determined for each identified expression and the database object utilized by that identified expression is replicated to provide masked and actual versions of that database object in response to the masking requirements for that expression including masked values and actual values of that database object. The value masking of the database object is applied to the identified expressions within the database query based on the determined masking requirements to produce search results with masked values for the database query. Embodiments of the present invention further include a method and computer program product for processing a database query in substantially the same manner described above.

摘要翻译： 根据本发明的一个实施例，系统处理数据库查询，并且包括包括至少一个处理器的计算机系统。 系统使用具有值屏蔽的数据库对象来识别数据库查询中的一个或多个表达式。 针对每个已标识的表达式确定掩蔽要求，并复制由该标识表达式使用的数据库对象，以响应该表达式的掩蔽要求（包括该数据库对象的掩蔽值和实际值）来提供该数据库对象的屏蔽和实际版本。 数据库对象的值屏蔽将基于确定的屏蔽要求应用于数据库查询中的标识表达式，以生成具有数据库查询的掩码值的搜索结果。 本发明的实施例还包括用于以与上述基本相同的方式处理数据库查询的方法和计算机程序产品。

公开(公告)号：US08515948B2

公开(公告)日：2013-08-20

申请号：US13044415

申请日：2011-03-09

申请人： Yao-Ching S. Chen ,  Curt L. Cotner ,  Gerald G. Kiernan ,  David J. Kuang ,  Irene C. Liu ,  Regina J. Liu ,  Walid Rjaibi ,  Timothy J. Vincent

发明人： Yao-Ching S. Chen ,  Curt L. Cotner ,  Gerald G. Kiernan ,  David J. Kuang ,  Irene C. Liu ,  Regina J. Liu ,  Walid Rjaibi ,  Timothy J. Vincent

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： G06F17/30448 ,  G06F17/30383 ,  G06F17/30442 ,  G06F17/30457 ,  G06F17/30935 ,  G06F21/604

摘要： Provided are techniques for creating one or more fine-grained access control rules that are associated with a base table. A materialized query table is created from the base table without applying the one or more fine-grained access control rules associated with the base table when obtaining data from the base table. A fine-grained access control protection indicator is turned on for the materialized query table. In response to receiving a direct access request to the materialized query table in a query referencing the materialized query table, access is provided to the data in the materialized query table by applying one or more fine-grained access control rules associated directly with the materialized query table to the data in the materialized query table before returning the data.

摘要翻译： 提供了用于创建与基表相关联的一个或多个细粒度访问控制规则的技术。 当从基表获取数据时，从基表创建物化查询表，而不应用与基表相关联的一个或多个细粒度访问控制规则。 为物化查询表打开了一个细粒度的访问控制保护指示器。 响应于在引用物化查询表的查询中接收到物化查询表的直接访问请求，通过应用与物化查询直接相关联的一个或多个细粒度访问控制规则，向物化查询表中的数据提供访问 表返回数据之前的物化查询表中的数据。

公开(公告)号：US20130086088A1

公开(公告)日：2013-04-04

申请号：US13251448

申请日：2011-10-03

申请人： Eric L. Alton ,  Thomas A. Beavin ,  Harley W. Boughton ,  Yao-Ching S. Chen ,  Curt L. Cotner ,  Yuping Ding ,  Dengfeng Gao ,  Gerald G. Kiernan ,  Xun Li ,  Irene C. Liu ,  Walid Rjaibi ,  Gregory R. Stager ,  Joyce A. Taylor ,  Timothy J. Vincent ,  Liyan Zhou

发明人： Eric L. Alton ,  Thomas A. Beavin ,  Harley W. Boughton ,  Yao-Ching S. Chen ,  Curt L. Cotner ,  Yuping Ding ,  Dengfeng Gao ,  Gerald G. Kiernan ,  Xun Li ,  Irene C. Liu ,  Walid Rjaibi ,  Gregory R. Stager ,  Joyce A. Taylor ,  Timothy J. Vincent ,  Liyan Zhou

IPC分类号： G06F17/30

CPC分类号： G06F17/30477

摘要： According to one embodiment of the present invention, a system processes a database query, and comprises a computer system including at least one processor. The system identifies one or more expressions within the database query utilizing a database object with value masking. Masking requirements are determined for each identified expression and the database object utilized by that identified expression is replicated to provide masked and actual versions of that database object in response to the masking requirements for that expression including masked values and actual values of that database object. The value masking of the database object is applied to the identified expressions within the database query based on the determined masking requirements to produce search results with masked values for the database query. Embodiments of the present invention further include a method and computer program product for processing a database query in substantially the same manner described above.

摘要翻译： 根据本发明的一个实施例，系统处理数据库查询，并且包括包括至少一个处理器的计算机系统。 系统使用具有值屏蔽的数据库对象来识别数据库查询中的一个或多个表达式。 针对每个已标识的表达式确定掩蔽要求，并复制由该标识表达式使用的数据库对象，以响应该表达式的掩蔽要求（包括该数据库对象的掩蔽值和实际值）来提供该数据库对象的屏蔽和实际版本。 数据库对象的值屏蔽将基于确定的屏蔽要求应用于数据库查询中的标识表达式，以生成具有数据库查询的掩码值的搜索结果。 本发明的实施例还包括用于以与上述基本相同的方式处理数据库查询的方法和计算机程序产品。

公开(公告)号：US5778355A

公开(公告)日：1998-07-07

申请号：US664212

申请日：1996-06-11

申请人： Philip L. Boyer ,  Michael James Carey ,  Gerald G. Kiernan

发明人： Philip L. Boyer ,  Michael James Carey ,  Gerald G. Kiernan

IPC分类号： G06F17/30

CPC分类号： G06F17/30607 ,  Y10S707/99932 ,  Y10S707/99934 ,  Y10S707/99943 ,  Y10S707/99945

摘要： A method of, and system for, interactively accessing information in response to a user command having a predefined operator and specifying one of a plurality of collections of information. The collections of information are stored in an object-oriented database in a hierarchical arrangement of data members. The hierarchical arrangement can include one level of data members and in which one of the data members is composed of a next level of data members. Each data member is stored according to one of a system-specified and a user-specified storage definition. A set of user-specified storage definitions is defined from the plurality of storage definitions. Upon detecting the user command, the specified collection of information is analyzed to determine which data members of the one level are stored according to one of the storage definitions of the set. Each data member not in the set is added to a projection list; each data member in the set is expanded into a next level of data members composing the data member in the set. Expanding can include analyzing each data member of the next level to determine whether it is in the set and if so again expanding up until a specified level of expanding. The projection list is processed to return to the user the information corresponding to the data members in the projection list. The invention may be implemented in a Parser layer of a known layered architecture for database systems.

摘要翻译： 响应于具有预定义操作符的用户命令并指定多个信息集合之一来交互地访问信息的方法和系统。 信息集合以数据成员的分层布置存储在面向对象的数据库中。 分层布置可以包括一级数据成员，并且其中一个数据成员由下一级数据成员组成。 每个数据成员根据系统指定的和用户指定的存储定义之一进行存储。 从多个存储定义中定义一组用户指定的存储定义。 在检测到用户命令时，分析指定的信息集合以根据集合的存储定义之一来确定存储一个级别的哪些数据成员。 不在集合中的每个数据成员都添加到投影列表中; 集合中的每个数据成员被扩展成组成组中的数据成员的下一级数据成员。 扩展可以包括分析下一级别的每个数据成员以确定它是否在集合中，如果再次扩展，直到指定级别的扩展。 处理投影列表以向用户返回与投影列表中的数据成员相对应的信息。 本发明可以在用于数据库系统的已知分层架构的解析器层中实现。

公开(公告)号：US08307001B2

公开(公告)日：2012-11-06

申请号：US11843961

申请日：2007-08-23

申请人： Tryg A. Ager ,  Christopher M. Johnson ,  Gerald G. Kiernan

发明人： Tryg A. Ager ,  Christopher M. Johnson ,  Gerald G. Kiernan

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F21/552 ,  G06F2221/2151

摘要： An approach that tracks curation history of sensitive information is described. In one embodiment, there is a database that contains a plurality of sensitive information. The database comprises a plurality of base tables and backlog tables for each of the base tables. A curation audit query generator is configured to receive a curation audit expression that specifies sensitive information to be audited and generates a curation audit query from the curation audit expression to run against the database. The curation audit expression contains syntax clauses that specify a time period for the audit, stipulate a specific base table in the database as source of the audit and examine whom is responsible for making changes to the specified sensitive information.

摘要翻译： 描述了跟踪敏感信息的策展历史的方法。 在一个实施例中，存在包含多个敏感信息的数据库。 数据库包括用于每个基表的多个基表和积压表。 策展审核查询生成器被配置为接收策略审核表达式，该表达式指定要审核的敏感信息，并从策略审核表达式生成针对数据库运行的策展审核查询。 策展审核表达式包含指定审核时间段的语法子句，规定数据库中的特定基表作为审计来源，并检查谁负责更改指定的敏感信息。

公开(公告)号：US20100017359A1

公开(公告)日：2010-01-21

申请号：US12174407

申请日：2008-07-16

申请人： Gerald G. Kiernan ,  Evimaria Terzi

发明人： Gerald G. Kiernan ,  Evimaria Terzi

IPC分类号： G06N5/02 ,  G06F17/00

CPC分类号： G06Q10/10

摘要： The present invention provides a method and system for constructing one or more a comprehensive summaries of event sequence(s). The present invention approaches the problem of finding the shortest yet most comprehensive summary of an event sequence by transforming this summarization problem into a concrete optimization problem and provides a computer-implementing technique for solving this optimization problem to construct and/or form the basis for constructing the summaries. The summaries describe an entire event sequence while at the same time reveal local associations between events of that sequence. In certain embodiments, the segmentation of the event sequence produced in accordance with the present invention is itself a summary of the event sequence. In other embodiments, the segmentation produced forms a basis for one or more summaries.

摘要翻译： 本发明提供一种用于构建一个或多个事件序列的综合概要的方法和系统。 本发明通过将该汇总问题转化为具体的优化问题来解决事件序列的最短但最全面的概述的问题，并提供了一种解决该优化问题的计算机实现技术，以构建和/或形成构建基础 总结。 总结描述整个事件序列，同时显示该序列事件之间的局部关联。 在某些实施例中，根据本发明产生的事件序列的分段本身是事件序列的概要。 在其他实施例中，产生的分割形成一个或多个摘要的基础。

公开(公告)号：US5774692A

公开(公告)日：1998-06-30

申请号：US539662

申请日：1995-10-05

申请人： Philip L. Boyer ,  Gerald G. Kiernan

发明人： Philip L. Boyer ,  Gerald G. Kiernan

IPC分类号： G06F17/30

CPC分类号： G06F17/30607 ,  G06F17/30454 ,  Y10S707/99933

摘要： The system, method, and program of this invention provides for a new type of quantifier that is useful for object-oriented queries that reference collections and nested collections of objects. The invention is applicable to any other type of database where the data has a hierarchical relationship, also. This new type of quantifier is called an outer quantifier. The outer quantifier appears in the language of the query (in the FROM clause) and creates a new runtime semantic. The function and semantics provided by outer quantifiers is similar to that provided partly by left outer joins in relational systems. Outer quantifiers are bound to a null instance if the collection over which they are defined is empty. Outer quantifiers are a simple way of expressing queries so that objects having empty collections of nested objects are included in the result, also.

摘要翻译： 本发明的系统，方法和程序提供了一种新类型的量词，其对于引用对象的集合和嵌套集合的面向对象的查询是有用的。 本发明也适用于数据具有层次关系的任何其他类型的数据库。 这种新型的量词被称为外部量词。 外部量词器以查询的语言（在FROM子句中）显示，并创建一个新的运行时语义。 外部量词提供的功能和语义与部分由关系系统中的左外连接提供的功能和语义相似。 如果定义它们的集合为空，则外部量词被绑定到一个空实例。 外部量词是表达查询的一种简单方式，也可以在结果中包含具有空集合的嵌套对象的对象。

公开(公告)号：US08027949B2

公开(公告)日：2011-09-27

申请号：US12174407

申请日：2008-07-16

申请人： Gerald G. Kiernan ,  Evimaria Terzi

发明人： Gerald G. Kiernan ,  Evimaria Terzi

IPC分类号： G06F17/00 ,  G06F11/00 ,  G06N7/00 ,  G06N7/08

CPC分类号： G06Q10/10

摘要： The present invention provides a method and system for constructing one or more a comprehensive summaries of event sequence(s). The present invention approaches the problem of finding the shortest yet most comprehensive summary of an event sequence by transforming this summarization problem into a concrete optimization problem and provides a computer-implementing technique for solving this optimization problem to construct and/or form the basis for constructing the summaries. The summaries describe an entire event sequence while at the same time reveal local associations between events of that sequence. In certain embodiments, the segmentation of the event sequence produced in accordance with the present invention is itself a summary of the event sequence. In other embodiments, the segmentation produced forms a basis for one or more summaries.

摘要翻译： 本发明提供一种用于构建一个或多个事件序列的综合概要的方法和系统。 本发明通过将该汇总问题转化为具体的优化问题来解决事件序列最短但最全面的概述的问题，并提供了一种用于解决这一优化问题的计算机实现技术，以构建和/或形成构建基础 总结。 总结描述整个事件序列，同时显示该序列事件之间的局部关联。 在某些实施例中，根据本发明产生的事件序列的分段本身是事件序列的概要。 在其他实施例中，产生的分割形成一个或多个摘要的基础。