公开(公告)号：US07599937B2

公开(公告)日：2009-10-06

申请号：US11696024

申请日：2007-04-03

申请人： Tanmoy Dutta ,  Conor Cunningham ,  Stefano Stefani ,  Girish Chander ,  Eric N. Hanson

发明人： Tanmoy Dutta ,  Conor Cunningham ,  Stefano Stefani ,  Girish Chander ,  Eric N. Hanson

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  Y10S707/99932 ,  Y10S707/99933 ,  Y10S707/99934 ,  Y10S707/99939

摘要： A system and method for facilitating secure access to database(s) is provided. The system relates to authorizing discriminatory access to relational database data. More particularly, the invention provides for an innovative technique of defining secured access to rows in relational database tables in a way that cannot be spoofed while preserving various optimization techniques. The invention affords a persistent scheme via providing for a security architecture whereby discriminatory access policies on persistent entities can be defined and enforced while preserving set based associative query capabilities.A particular aspect of the invention relates to the specification of such policies and the technique by which those policies are enforced. With respect to one particular implementation of the invention, creation, modification and deletion of access control lists called security descriptors is provided. The security descriptors can be provisioned independent of rows in tables of the database and can be shared and embody the policy on what permissions are granted to whom when associated with a row.

摘要翻译： 提供了一种用于促进对数据库的安全访问的系统和方法。 该系统涉及授权对关系数据库数据的歧视性访问。 更具体地，本发明提供了一种创新技术，其以不能欺骗的方式定义对关系数据库表中的行的安全访问，同时保持各种优化技术。 本发明通过提供一种安全架构来提供持久性方案，从而可以在保持基于集合的关联查询能力的同时定义和实施持久性实体上的歧视性访问策略。 本发明的一个特定方面涉及这些策略的说明以及执行这些策略的技术。 关于本发明的一个具体实现，提供了称为安全描述符的访问控制列表的创建，修改和删除。 安全描述符可以独立于数据库表中的行进行配置，并且可以共享，并且包含与哪些权限相关联的权限被授予谁的策略。

公开(公告)号：US07200595B2

公开(公告)日：2007-04-03

申请号：US10878152

申请日：2004-06-28

申请人： Tanmoy Dutta ,  Conor Cunningham ,  Stefano Stefani ,  Girish Chander ,  Eric N. Hanson

发明人： Tanmoy Dutta ,  Conor Cunningham ,  Stefano Stefani ,  Girish Chander ,  Eric N. Hanson

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F17/30306 ,  Y10S707/99932 ,  Y10S707/99933 ,  Y10S707/99934 ,  Y10S707/99939

摘要： A system and method for facilitating secure access to database(s) is provided. The system relates to authorizing discriminatory access to relational database data. More particularly, the invention provides for an innovative technique of defining secured access to rows in relational database tables in a way that cannot be spoofed while preserving various optimization techniques. The invention affords a persistent scheme via providing for a security architecture whereby discriminatory access policies on persistent entities can be defined and enforced while preserving set based associative query capabilities.A particular aspect of the invention relates to the specification of such policies and the technique by which those policies are enforced. With respect to one particular implementation of the invention, creation, modification and deletion of access control lists called security descriptors is provided. The security descriptors can be provisioned independent of rows in tables of the database and can be shared and embody the policy on what permissions are granted to whom when associated with a row.

摘要翻译： 提供了一种用于促进对数据库的安全访问的系统和方法。 该系统涉及授权对关系数据库数据的歧视性访问。 更具体地，本发明提供了一种创新技术，其以不能欺骗的方式定义对关系数据库表中的行的安全访问，同时保持各种优化技术。 本发明通过提供一种安全架构来提供持续方案，从而可以在保持基于集合的关联查询能力的同时定义和实施对持久性实体的区别性访问策略。

公开(公告)号：US20050216465A1

公开(公告)日：2005-09-29

申请号：US10878152

申请日：2004-06-28

申请人： Tanmoy Dutta ,  Conor Cunningham ,  Stefano Stefani ,  Girish Chander ,  Eric Hanson

发明人： Tanmoy Dutta ,  Conor Cunningham ,  Stefano Stefani ,  Girish Chander ,  Eric Hanson

IPC分类号： G06F20060101 ,  G06F7/00 ,  G06F12/00 ,  G06F12/14 ,  G06F17/00 ,  G06F17/30 ,  G06F21/00

CPC分类号： G06F21/6227 ,  G06F17/30306 ,  Y10S707/99932 ,  Y10S707/99933 ,  Y10S707/99934 ,  Y10S707/99939

摘要： A system and method for facilitating secure access to database(s) is provided. The system relates to authorizing discriminatory access to relational database data. More particularly, the invention provides for an innovative technique of defining secured access to rows in relational database tables in a way that cannot be spoofed while preserving various optimization techniques. The invention affords a persistent scheme via providing for a security architecture whereby discriminatory access policies on persistent entities can be defined and enforced while preserving set based associative query capabilities. A particular aspect of the invention relates to the specification of such policies and the technique by which those policies are enforced. With respect to one particular implementation of the invention, creation, modification and deletion of access control lists called security descriptors is provided. The security descriptors can be provisioned independent of rows in tables of the database and can be shared and embody the policy on what permissions are granted to whom when associated with a row.

摘要翻译： 提供了一种用于促进对数据库的安全访问的系统和方法。 该系统涉及授权对关系数据库数据的歧视性访问。 更具体地，本发明提供了一种创新技术，其以不能欺骗的方式定义对关系数据库表中的行的安全访问，同时保持各种优化技术。 本发明通过提供一种安全架构来提供持续方案，从而可以在保持基于集合的关联查询能力的同时定义和实施对持久性实体的区别性访问策略。 本发明的一个特定方面涉及这些策略的说明以及执行这些策略的方法。 关于本发明的一个具体实现，提供了称为安全描述符的访问控制列表的创建，修改和删除。 安全描述符可以独立于数据库表中的行进行配置，并且可以共享，并且包含与哪些权限相关联的权限被授予谁的策略。

公开(公告)号：US20070174285A1

公开(公告)日：2007-07-26

申请号：US11696024

申请日：2007-04-03

申请人： Tanmoy Dutta ,  Conor Cunningham ,  Stefano Stefani ,  Girish Chander ,  Eric Hanson

发明人： Tanmoy Dutta ,  Conor Cunningham ,  Stefano Stefani ,  Girish Chander ,  Eric Hanson

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  Y10S707/99932 ,  Y10S707/99933 ,  Y10S707/99934 ,  Y10S707/99939

摘要： A system and method for facilitating secure access to database(s) is provided. The system relates to authorizing discriminatory access to relational database data. More particularly, the invention provides for an innovative technique of defining secured access to rows in relational database tables in a way that cannot be spoofed while preserving various optimization techniques. The invention affords a persistent scheme via providing for a security architecture whereby discriminatory access policies on persistent entities can be defined and enforced while preserving set based associative query capabilities. A particular aspect of the invention relates to the specification of such policies and the technique by which those policies are enforced. With respect to one particular implementation of the invention, creation, modification and deletion of access control lists called security descriptors is provided. The security descriptors can be provisioned independent of rows in tables of the database and can be shared and embody the policy on what permissions are granted to whom when associated with a row.

摘要翻译： 提供了一种用于促进对数据库的安全访问的系统和方法。 该系统涉及授权对关系数据库数据的歧视性访问。 更具体地，本发明提供了一种创新技术，其以不能欺骗的方式定义对关系数据库表中的行的安全访问，同时保持各种优化技术。 本发明通过提供一种安全架构来提供持续方案，从而可以在保持基于集合的关联查询能力的同时定义和实施对持久性实体的区别性访问策略。 本发明的一个特定方面涉及这些策略的说明以及执行这些策略的技术。 关于本发明的一个具体实现，提供了称为安全描述符的访问控制列表的创建，修改和删除。 安全描述符可以独立于数据库表中的行进行配置，并且可以共享，并且包含与哪些权限相关联的权限被授予谁的策略。

公开(公告)号：US07711750B1

公开(公告)日：2010-05-04

申请号：US10903338

申请日：2004-07-30

申请人： Tanmoy Dutta ,  Girish Chander ,  James R. Hamilton ,  Alain C. Comeau

发明人： Tanmoy Dutta ,  Girish Chander ,  James R. Hamilton ,  Alain C. Comeau

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： G06F21/6227 ,  Y10S707/99933 ,  Y10S707/99939

摘要： The present invention specifies database security at a row level and, optionally, at a column and table level. The systems and methods cluster one or more sets of rows with similar security characteristics and treat them as a named expression, wherein clustered data is accessed based on associated row-level security. The systems and methods specify a syntax that invokes row(s), column(s) and/or table(s) security via programming statements. Such statements include arbitrary Boolean expressions (predicates) defined over, but not restricted to table columns and/or other contextual data. These statements typically are associated with query initiators, incorporated into queries therefrom, and utilized while querying data. Rows of data that return “true” when evaluated against an aggregate of associated security expressions are said to “satisfy” the security expressions and enable access to the data stored therein. Such security expressions can be created and invoked via the Structured Query Language (SQL) database programming language.

摘要翻译： 本发明在行级别和可选地在列和表级别指定数据库安全性。 系统和方法集中一组或多组具有相似安全特性的行，并将其视为命名表达式，其中基于关联的行级安全性访问群集数据。 系统和方法通过编程语句指定调用行，列和/或表的安全性的语法。 这样的语句包括定义在但不限于表列和/或其他上下文数据的任意布尔表达式（谓词）。 这些语句通常与查询启动器相关联，并入查询中，并在查询数据时使用。 对相对于安全表达式的聚合进行评估时返回“true”的数据行被称为“满足”安全表达式并且能够访问存储在其中的数据。 可以通过结构化查询语言（SQL）数据库编程语言创建和调用此类安全表达式。

公开(公告)号：US08572716B2

公开(公告)日：2013-10-29

申请号：US11789270

申请日：2007-04-23

申请人： Girish Chander ,  Tanmoy Dutta ,  Cristian Ilac ,  Bronislav Kavsan ,  Ziquan Li ,  Andreas K. Luther ,  Gennady Medvinsky ,  Liquiang Zhu

发明人： Girish Chander ,  Tanmoy Dutta ,  Cristian Ilac ,  Bronislav Kavsan ,  Ziquan Li ,  Andreas K. Luther ,  Gennady Medvinsky ,  Liquiang Zhu

IPC分类号： H04L29/06

CPC分类号： H04L63/083 ,  G06F21/335 ,  H04L63/08 ,  H04L63/0807 ,  H04L63/0884 ,  H04L63/10 ,  H04L63/123

摘要： Example embodiments are provided for integrating operating systems with content offered by internet based entities.

公开(公告)号：US07613711B2

公开(公告)日：2009-11-03

申请号：US11151998

申请日：2005-06-14

申请人： Tanmoy Dutta ,  Girish Chander ,  Ziquan Li ,  Steven Richard Gott ,  Clifford T. Dibble

发明人： Tanmoy Dutta ,  Girish Chander ,  Ziquan Li ,  Steven Richard Gott ,  Clifford T. Dibble

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F17/30421 ,  G06F21/6218 ,  G06F2221/2145 ,  Y10S707/99939 ,  Y10S707/99952

摘要： Provided are systems and methods that facilitate providing permission to entities of a database. A system includes a component that authorizes a principal of a containing entity to grant a permission to that entity, and a component that grants the permission to the containing entity, the grantee of the permission inherits a set of permissions to one or more entities contained by the containing entity. When a permission is granted to a parent in a hierarchy of a relational database, the permission is inherited by the child nodes. Also provided is a method for transferring ownership of entities in a relational database. The method includes a two-part handshake that can be audited to avoid repudiation issues.

摘要翻译： 提供了有助于向数据库的实体提供许可的系统和方法。 系统包括授权包含实体的委托人向该实体授予许可的组件，以及向该包含实体授予许可的组件，该许可的授予者将继承一组或多个由 包含实体。 当向关系数据库的层次结构中的父级授予权限时，权限将由子节点继承。 还提供了一种用于转移关系数据库中的实体的所有权的方法。 该方法包括两部分握手，可以进行审核，以避免否认问题。

公开(公告)号：US20070005600A1

公开(公告)日：2007-01-04

申请号：US11170585

申请日：2005-06-29

申请人： Tanmoy Dutta ,  Raul Garcia ,  Ziquan Li ,  Girish Chander

发明人： Tanmoy Dutta ,  Raul Garcia ,  Ziquan Li ,  Girish Chander

IPC分类号： G06F17/30

CPC分类号： G06F21/629 ,  G06F21/6218 ,  G06F2221/2145

摘要： A database management system that supports multiple databases in an instance with controlled sharing between the databases. The invention can also support execution of procedures and other modules in the context of any principal possibly different from that of the caller. Trusted certificates can be employed to permit access to procedures (or other modules). The security context of the invention can enable the building blocks of building a pure trusted sub-system model of authorization.

摘要翻译： 数据库管理系统，支持在数据库之间具有受控共享的实例中的多个数据库。 本发明还可以支持在可能不同于呼叫者的任何主体的上下文中执行过程和其他模块。 可以使用受信任的证书来允许访问过程（或其他模块）。 本发明的安全上下文可以使建立一个纯信任子系统授权模型的构建模块。

公开(公告)号：US07743255B2

公开(公告)日：2010-06-22

申请号：US11156149

申请日：2005-06-17

申请人： Tanmoy Dutta ,  Girish Chander ,  Raul Garcia ,  Ziquan Li

发明人： Tanmoy Dutta ,  Girish Chander ,  Raul Garcia ,  Ziquan Li

IPC分类号： H04L9/32 ,  G06F17/30

CPC分类号： G06F21/6227

摘要： A database management system that supports multiple databases in an instance with controlled sharing between the databases. The invention can also support execution of procedures and other modules in the context of any principal possibly different from that of the caller. Trusted certificates can be employed to permit access to procedures (or other modules). The security context of the invention can enable the building blocks of building a pure trusted sub-system model of authorization.

摘要翻译： 数据库管理系统，支持在数据库之间具有受控共享的实例中的多个数据库。 本发明还可以支持在可能不同于呼叫者的任何主体的上下文中执行过程和其他模块。 可以使用受信任的证书来允许访问过程（或其他模块）。 本发明的安全上下文可以使建立一个纯信任子系统授权模型的构建模块。

公开(公告)号：US20060282433A1

公开(公告)日：2006-12-14

申请号：US11151998

申请日：2005-06-14

申请人： Tanmoy Dutta ,  Girish Chander ,  Ziquan Li ,  Steven Gott ,  Clifford Dibble

发明人： Tanmoy Dutta ,  Girish Chander ,  Ziquan Li ,  Steven Gott ,  Clifford Dibble

IPC分类号： G06F17/30

CPC分类号： G06F21/6227 ,  G06F17/30421 ,  G06F21/6218 ,  G06F2221/2145 ,  Y10S707/99939 ,  Y10S707/99952

摘要： Provided are systems and methods that facilitate providing permission to entities of a database. A system includes a component that authorizes a principal of a containing entity to grant a permission to that entity, and a component that grants the permission to the containing entity, the grantee of the permission inherits a set of permissions to one or more entities contained by the containing entity. When a permission is granted to a parent in a hierarchy of a relational database, the permission is inherited by the child nodes. Also provided is a method for transferring ownership of entities in a relational database. The method includes a two-part handshake that can be audited to avoid repudiation issues.

摘要翻译： 提供了有助于向数据库的实体提供许可的系统和方法。 系统包括授权包含实体的委托人向该实体授予许可的组件，以及向该包含实体授予许可的组件，该许可的授予者将继承一组或多个由 包含实体。 当向关系数据库的层次结构中的父级授予权限时，权限将由子节点继承。 还提供了一种用于转移关系数据库中的实体的所有权的方法。 该方法包括两部分握手，可以进行审核，以避免否认问题。