EP1415215A1 - Verfahren zur sicherung von datenbanken - Google Patents

Verfahren zur sicherung von datenbanken

Info

Publication number
EP1415215A1
EP1415215A1 EP20020779619 EP02779619A EP1415215A1 EP 1415215 A1 EP1415215 A1 EP 1415215A1 EP 20020779619 EP20020779619 EP 20020779619 EP 02779619 A EP02779619 A EP 02779619A EP 1415215 A1 EP1415215 A1 EP 1415215A1
Authority
EP
European Patent Office
Prior art keywords
server
database
data
request
secure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP20020779619
Other languages
English (en)
French (fr)
Inventor
Philippe Pucheral
Luc Bouganim
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Centre National de la Recherche Scientifique CNRS
Original Assignee
Centre National de la Recherche Scientifique CNRS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Centre National de la Recherche Scientifique CNRS filed Critical Centre National de la Recherche Scientifique CNRS
Publication of EP1415215A1 publication Critical patent/EP1415215A1/de
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • the present invention relates to the field of secure information systems, and more particularly to systems and methods for securing databases.
  • the problem is not limited to protecting oneself against external hackers entering the attacked computer system.
  • internal attacks that is, attacks by employees with legal access to all or part of a company's data, are the most frequent and the most expensive.
  • the external hacker is an intruder who infiltrates a computer system and retrieves the data files produced by the DBMS.
  • a natural solution is to encrypt data in order to make their disk imprint unreadable.
  • the external hacker will then try to break the encryption key. Attacks on keys are facilitated in a database context due to the large volume of data encrypted with the same key (statistical attacks).
  • data encryption is static (the keys do not change from one session to another), thereby increasing the vulnerability of the database.
  • the user pirate is a current user of the computer system recognized by the operating system and the DBMS. He has rights to part of a shared database and wants to access data beyond his rights. This pirate potentially has the same power as an external pirate and can also exploit his restricted rights. If the database is encrypted, it also has access to certain decryption keys.
  • the administrator or DBA hacker is an unscrupulous employee of the company whose function is to administer the computer resources of the company or the database (DBA: Data Base Administrator). As such, it has all the system rights, it has information inaccessible to any other (ex: logs memorizing the operations carried out on the base) and can spy on the behavior of the DBMS during its execution. Note that an external hacker or user who manages to grant himself administrative rights has the same powers as the administrator hacker.
  • DBMS database management system
  • Authentication is typically done using a password stored encrypted in a DBMS catalog, the latter checking the correspondence between the user's identity and password on each new connection.
  • the authentication procedure can be reinforced by the use of a dedicated service [Oracle Advanced Security Administrator Guide, Release 8.1.7, September 2000]. This dedicated service avoids the clear passage of the password on the network.
  • a variant is known which makes it possible to authenticate a user by various means such as a smart card or TokenCard.
  • PIN personal code
  • the card hardware element In addition to authentication by a personal code (PIN), the card hardware element must itself be recognized by the server, thereby increasing the degree of security.
  • DBMS DBMS
  • the rights relating to the data can be assigned to the users, either on the basic tables (one thus obtains a primitive management of rights close to that offered by a operating system), either on views (virtual tables calculated by an SQL query), or on stored procedures (the right then relates to the triggering of a processing).
  • These last two cases allow sophisticated and very selective rights management.
  • this management of rights is ineffective against an attack directed against the files containing the database (the DBMS is again short-circuited) or against an attack carried out by a DBA (because it has all the rights, including the right to change the rights).
  • Another solution is based on encryption of communications.
  • Communication encryption can be used in addition to other security mechanisms, in particular to ensure the confidentiality and integrity of messages sent and received over a network. Their use goes far beyond the framework of databases.
  • SSL Secure Soket Layer
  • C-SET Chip-Secured Transaction
  • C-SET Chip-Secured Transaction
  • encryption of communications does not protect against an attack on the files containing the database.
  • the company Oracle offers a PL / SQL package (set of stored procedures) allowing to perform secret key encryption DES (Data Encryption Standard) [Oracle Technical White Paper. Database Security in Oracle 8i, November 1999].
  • the key to encryption must be passed as a parameter to the PL / SQL encryption / decryption procedure.
  • Key management (including confidentiality) is left to the application using this package. This management is all the more delicate since the same keys must be shared by users sharing the same data.
  • this encryption technique does not allow to resist the attacks of a DBA because it has the means to intercept the keys or to replace the encryption package by another. This last problem seems to be unresolved because restricting the rights of the DBA amounts to preventing it from performing its administrative task.
  • Protegrity offers a data encryption solution, called Secure.Data [P. Nilsson, U. Mattsson. Secure. Data Functional Overview, Doc. TWP-0011, Protegrity Inc., January 2000], adaptable to different DBMS.
  • Secure.Data P. Nilsson, U. Mattsson. Secure. Data Functional Overview, Doc. TWP-0011, Protegrity Inc., January 2000
  • Secure. Server is a module integrated into the host DBMS which interfaces with Secure .Manager and executes the data encryption / decryption primitives on the fly, during the execution of requests.
  • the security core and the surrounding SOE must be simple enough to be self-administrating.
  • a DBMS is not self-administered.
  • the aim of the present invention is to remedy these drawbacks by proposing a system and a method guaranteeing a maximum degree of protection against any type of attack (internal or external) targeting data put online on any network and managed by a Traditional Database Management System (DBMS).
  • DBMS Traditional Database Management System
  • the aims of the invention are as follows: - to ensure perfect confidentiality of the data managed by a DBMS,
  • the invention relates, in its most general sense, to a secure management system for confidential databases
  • a server consisting of at least one computer equipped with means for recording databases and means of communication, by at least host computer equipment comprising means of communication with the server and means for constructing requests and processing the results of requests, as well as a means for securing exchanges between the client equipment and the server (also referred to below as C-SDA, for "Chip-Secured Data Access "), characterized in that said securing means is constituted by a secure hardware medium interfacing between the client equipment and the server and comprising a microprocessor for the encryption of the attributes of the requests sent by the client equipment and the decryption of the responses sent by the server, a random access memory for recording intermediate results, a non-writable memory for recording the operating system and a memory for recording user personalization information and that said server saves encrypted data.
  • the client (s) and the server are connected by means of communication connected to a telecommunications network (Internet, intranet, etc.).
  • a telecommunications network Internet, intranet, etc.
  • the client and the server are installed on the same physical machine and the communication means correspond to means of communication internal to a computer, or even to software communication means.
  • the invention takes into account the following constraints: - the database can be managed by any traditional commercial DBMS,
  • the secure hardware support used is current technology (for example, a conventional smart card),
  • the applications of the invention are diverse, and take into account the development of mobile computing which reflects a growing tendency of users to access their data anytime, from anywhere and especially from any terminal (PC, personal assistant, cell phone, unmarked terminal, etc.).
  • PC personal assistant
  • cell phone unmarked terminal, etc.
  • the data hosted in this context is generally personal, for example:
  • the medical file which contains highly confidential data and which a patient wants to be able to access at the doctor, at the pharmacy, at home, while traveling, etc.
  • the virtual or virtual home environment which lists private information of various kinds such as: bank data, calendar, address book, passwords, bookmarks, cookies ..., and which must be able to be accessed by n ' anywhere.
  • the invention also relates to a method implementing a security application which interfaces between a client and a data server and it complies with the following rules:
  • the securing means is constituted by a microprocessor card.
  • the latest generation smart cards include on a monolithic chip, a 32-bit RISC processor at about 30 MIPS, memory modules (about 96 KB of ROM, 4 KB of RAM and 128 KB of EE-PROM), a component of I / O managing communications with the terminal and finally security modules protecting the card against physical attacks.
  • the EEPROM stores persistent information with a very fast access time for reading, comparable to that of RAM (60 to 100 ns / word) but very slow for writing (1 to 10 ms / word).
  • the main interest of the smart card is its very high level of security. This security is obtained thanks to the hardware security modules present in the chip and also thanks to the very small size of the chips used ( ⁇ 25mm_) making physical attacks very complex and costly.
  • the smart card is undoubtedly the smallest and most secure of the "computers". However, the small size of the chips has an immediate impact on the storage capacity of memory components.
  • a microprocessor card has the following characteristics:
  • the security means is constituted by a microprocessor card.
  • the securing means consists of a key connectable to a port of client equipment.
  • the security means further comprises at least one counter for the execution of statistical queries.
  • the securing means further comprises a register for the temporary registration of the rights downloaded during the opening of a session with the server.
  • the securing means further comprises a memory for recording a part of the database.
  • This solution avoids the recording on the server of certain sensitive data.
  • the database is then divided into two parts, one saved on the server, the other saved on the security medium.
  • the invention also relates to a means of securing the exchanges between a client equipment and a server constituted by a secure hardware support connected to the client equipment and comprising a microprocessor for the encryption of the attributes of the requests sent by the client equipment and the decryption. responses from the server, RAM for recording intermediate results, non-writable memory for recording the operating system, and memory for saving user personalization information.
  • the invention also relates to a method for secure management of a database comprising a step of constructing a request comprising at least one attribute characterized in that it comprises a step of encrypting the attributes by a computer integral with a individual security device connected to client equipment, the method consisting in then interrogating a database containing encrypted data with the same encryption means as those used in the previous step, in returning a response containing the data corresponding to the attributes of the requests and to decrypt said data by said computer of an individual security device before transmitting it to the host equipment.
  • the encryption of the attributes of the request and the decryption of the response is carried out according to a DES algorithm.
  • the translation of requests is limited to equality predicates to allow the execution of said requests executable directly by the server on encrypted data.
  • the translation of queries comprising inequality predicates or calculation functions includes a step of decomposing the query Q into a plane Q t (Q c (Q s ))), of interrogating the base of encrypted data (3) by inequality requests from encrypted attributes, a step of recording the results of the requests in a temporary memory of the individual security means after decryption of the data, and of recomposition of the result;
  • Q s symbolizes the portion of the request that can be evaluated by the server directly on the encrypted data
  • Qc symbolizes the complement of this evaluable request by the means of security after decryption
  • Qt symbolizes the portion of request linked to the presentation and which can be deported to the terminal without reducing the degree of security.
  • part of the database is recorded in a memory of the individual security means.
  • FIG. 1 shows a schematic view of a system according to the invention
  • FIG. 2 represents a schematic view of the encryption of a table:
  • FIG. 3 shows a diagram of information flows between the client equipment and the server
  • FIG. 4 shows a diagram of information flows between the client equipment and the server, in an advanced version of the invention
  • FIG. 7 shows a schematic view of the treatments; - Figure 8 shows the architecture of the security card.
  • the description which follows relates to a nonlimiting example of implementation of the invention. It combines software (management of database requests and encryption algorithms) and hardware (code embedded on a smart card or hardware support ensuring the same level of security) technologies.
  • FIG. 1 represents a schematic view of a system according to the invention.
  • client equipment (1) which can be constituted by a microcomputer, or even portable equipment such as a PDA, a cell phone or any other equipment making it possible to consult a database. It is equipped with a calculator and applications for managing a database
  • This server (2) comprises a database (3) of known type.
  • the database contains exclusively data encrypted by the user, as will be explained in the following description.
  • the server (2) manages the data without having access to it.
  • the data server is relational technology (Oracle, DB2, SQL Server, Sybase, Informix ). Taking into account other types of data servers and other query languages can bring about some modifications in the algorithms presented, without calling into question the principles described in the description which follows.
  • the communication between the client equipment (1) and the server (2) passes through a microprocessor card (4) operated by a peripheral of the client equipment (1), for example a terminal connected to a USB port of the client equipment.
  • the encryption of the database is ensured by the card (4) in the following manner.
  • the card (4) intercepts all SQL requests for schema creation / modification as well as all SQL requests for inserting / modifying / destroying tuples in the tables.
  • the schema of the database as well as the data are encrypted by the card, for example with a secret key algorithm of the DES type.
  • the encryption algorithm used is called Encryption. These requests, the parameters of which are now encrypted, are then sent to the data server (2) like conventional requests. This technology therefore requires no modification of the DBMS used.
  • the data recorded in the server (2) is recorded in encrypted form.
  • the Product table (ref, name, type, price) is stored as table P (r, n, t, x) where P Number ("product"), r ⁇ Number (re), n ⁇ Encryption (name), etc.
  • P P Number
  • r Number
  • r Number
  • n Encryption
  • all of the data is encrypted, knowing that partial encryption of the data can also be considered.
  • the encryption is applied to the data as well as to global information such as the name of the table and the names of the items.
  • FIG. 3 represents the steps of a procedure for consulting the encrypted database.
  • the first step is to prepare a clear request on the client equipment (step 1).
  • This request is transmitted by the client equipment to the card (4) where the attributes of the request are encrypted before being transmitted to the server (2).
  • This request is then processed in the usual way, the search being carried out on criteria of equality between the encrypted content of the request and the content encrypted with the same digit, recorded in the database (3). (2nd step) .
  • the server therefore does not require any adaptation, the only difference with a traditional application coming from the fact that the search is carried out on encrypted attributes.
  • the response to this request again passes through the card (4), which converts the content to restore the data corresponding to the request in clear (step 3).
  • This clear data is then retransmitted to the client equipment, for viewing or recording in a local table (step 4).
  • This query evaluation technique is possible when all users sharing the same data have the same encryption key. This brings two important remarks: The encryption must in no case interfere with the access rights. With regard to rights, it is possible to encrypt the entire database with a single key. Each user has access only to the data to which he has a right, the key being known only by the card (4) and not by each user. For example, in the case where the security application is executed in a smart card, the key allowing to decrypt the whole database is present in the smart card of each user without this one n have access to it.
  • the definition of rights is stored on the server and is loaded dynamically (or simply refreshed) on the card when the user connects to the server.
  • the definition of rights must be stored encrypted on the server.
  • the power of the DBMS rights mechanism comes from the ability to assign a right to a user on views, that is to say virtual tables calculated by an SQL query. It then becomes possible to express rights of great finesse, for example: giving the right to a user to consult a view defined as the average salary of employees over 40 years working in the IT department without giving him any right to the data allowing this calculation to be made. Or a view V defined by the Qview request on which the user has the right D.
  • the description which follows relates to an improved version of the invention, making it possible to process any type of SQL request.
  • This extended solution means that the security application actively participates in the processing of the request in order to evaluate the predicates that cannot be evaluated by the server.
  • This interaction of the card security application (4) in the processing has two consequences. The first relates to the performance of the global execution and the second to the appearance of new perspectives to strengthen the protection of the data of the base.
  • the query Q In the case of complex queries (predicates inequality, calculation functions, aggregates 7), the query Q must be decomposed into a Q s evaluable part by the server on the encrypted data and its complement Q c to be assessed by the security application on the partial result, after decryption. It is essential that Q c is executed by the security application and not by the terminal because only C-SDA is executed in a secure environment.
  • user rights generally relate to views whose virtual content is calculated by a query. Therefore, only a treatment of Q c by the security application, without outsourcing confidential data, can guarantee the level of security expected by rights management. For example, a user may have the right to consult the result of an aggregate calculation without having the right to consult the elementary data from which this aggregate is calculated.
  • C-SDA In order to evaluate Q c , C-SDA must contain filtering functions (to deal with inequality predicates) and calculation functions. This is the subject of the second example.
  • Map Decryption of the result of Q s and evaluation of Q c (calculation of the mean).
  • Terminal Display of the result in clear.
  • the evaluation of Q c by the card (4) must be able to be made while respecting the constraints inherent in the card. These constraints make it necessary to evaluate Q c without ever materializing temporary results because the very low capacity of the RAM does not allow such a materialization in volatile memory and the cost of writing the EEPROM also makes this materialization impossible in stable memory.
  • the proposed solution consists in executing the whole of Q c in pipeline mode (ie, tuple to tuple).
  • Order by clause can be systematically transferred to the terminal and therefore constitutes a third request noted Q ⁇ . Indeed, the Order by clause does not influence the value of the result tuples but simply their ordering. This clause therefore has no effect on rights management and can therefore be executed outside of C-SDA.
  • step 1 The evaluation of Q s , as presented above, suggests that the Cartesian products are executed first (step 1). In fact, the assessment all or parts of 2s and 6s can be performed before step 1 by following traditional query optimization techniques (replacement of Cartesian products by joins, application of restrictions and projections as soon as possible). Q s is transmitted to the server as a standard SQL query, it will follow the traditional optimization process.
  • the card's security application decrypts the Date attribute of these tuples, selects only the tuples whose date is greater than 1996 and returns their key to the server in the form of a temporary table R;
  • the volume of data transferred is greatly reduced. Indeed, the additional cost compared to a traditional execution is limited to size (II key / ai (T)) + size ( ⁇ key ( ⁇ ai ⁇ value (T)). This principle applies similarly to inequalities -joints.
  • This technique can be combined with a horizontal fragmentation encryption technique which consists in using several encryption keys for different values of the same attribute.
  • the encryption key applied to each value is determined by applying a hash function to that value.
  • the result of the hash function h (v) gives the index of the encryption key to be used.
  • the pair (h (v), Number h (v) (v)) is stored in the base in place of each value. It is easy to show that the previous constraint is respected. In these two techniques, all of the encryption keys used are managed by the security card.
  • the security application To evaluate a request for data, part of which resides in a smart card, the security application must generate an execution plan distributed between two sites.
  • This task complex for a smart card, can be simplified by imposing a particular way of isolating sensitive data.
  • the idea is to delete sensitive data from the database stored on the server, replacing it with clues in a sensitive area (set of data without duplicates), stored on the smart card.
  • the credit card codes of a set of customers could be stored as indices in the 'credit card codes' area stored in the smart card.
  • This 'coding' of sensitive data can be seen as a very specific encryption of this data, encryption whose particularity is to be definitively unbreakable without the smart card.
  • static sensitive data i.e., without updates
  • This particular case is likely to represent a majority of practical cases (for example, personal or SME identification data).
  • the durability of static data can be ensured by redundant storage of this data in a backup smart card.
  • This backup card is only used in the event of loss, theft or destruction of the initial card.
  • Static sensitive data is shared by copying it to each user's smart cards. For this type of data, the level of security reached is maximum since no copy is accessible on any server and the content of the card is considered inviolable.
  • Figure 7 summarizes a joint use of all the techniques exposed in the previous sections, with C-SDA running in a smart card.
  • the security application contacts the rights and views server to update the list of rights and views of the user. He deciphers them with his key database.
  • the security application contacts the sharing / durability server in order to update the dynamic sensitive data hosted by the smart card.
  • the user issues a Q request.
  • the request if it involves views, is translated into a Q 1 request relating to basic relationships.
  • Q s is sent to the server which executes it on the encrypted data and returns the tuples results to the security application.
  • the result is decrypted by the security application using the key database.
  • the additional request Q c is executed by the security application.
  • the result may be supplemented with the values of sensitive data (DS) during projections.
  • DS sensitive data
  • FIG. 8 represents a view of the architecture of the security card (4).
  • the electronic circuit includes an input-output interface circuit (14) for exchanges with the client equipment (1) and the server (2).
  • the output of this circuit (14) is connected to a buffer memory (15).
  • the card also comprises a microprocessor (10) and an EEPROM memory (11) for recording the operating system and the security application and a memory (12) for recording the personal data of the user and in particular the encryption key or the encryption parameters of the user, as well as the data relating to the rights of the user.
  • a microprocessor (10) and an EEPROM memory (11) for recording the operating system and the security application
  • a memory (12) for recording the personal data of the user and in particular the encryption key or the encryption parameters of the user, as well as the data relating to the rights of the user.
  • the card also comprises a random access memory (15) comprising registers (16) for recording the intermediate data of the calculations, and a counter (17) for carrying out the calculations corresponding to queries containing statistical predicates such as averages.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)
EP20020779619 2001-08-07 2002-08-07 Verfahren zur sicherung von datenbanken Withdrawn EP1415215A1 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR0110552 2001-08-07
FR0110552A FR2828607B1 (fr) 2001-08-07 2001-08-07 Procede de securisation de bases de donnees
PCT/FR2002/002824 WO2003014888A1 (fr) 2001-08-07 2002-08-07 Procede de securisation de bases de donnees

Publications (1)

Publication Number Publication Date
EP1415215A1 true EP1415215A1 (de) 2004-05-06

Family

ID=8866350

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20020779619 Withdrawn EP1415215A1 (de) 2001-08-07 2002-08-07 Verfahren zur sicherung von datenbanken

Country Status (4)

Country Link
US (1) US20050044366A1 (de)
EP (1) EP1415215A1 (de)
FR (1) FR2828607B1 (de)
WO (1) WO2003014888A1 (de)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10759973B2 (en) 2015-10-15 2020-09-01 Tesa Se Adhesive mass, in particular for strippable adhesive strips and use for adhering on coated woodchip wallpaper

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7418600B2 (en) * 2003-03-13 2008-08-26 International Business Machines Corporation Secure database access through partial encryption
US7500111B2 (en) * 2003-05-30 2009-03-03 International Business Machines Corporation Querying encrypted data in a relational database system
US7685437B2 (en) * 2003-05-30 2010-03-23 International Business Machines Corporation Query optimization in encrypted database systems
US10339336B2 (en) * 2003-06-11 2019-07-02 Oracle International Corporation Method and apparatus for encrypting database columns
US7512814B2 (en) 2004-11-09 2009-03-31 Fortiva Inc. Secure and searchable storage system and method
US20070011158A1 (en) * 2005-07-06 2007-01-11 Parikh Prashant S Personal information database with context-driven information retrieval
US8135948B2 (en) * 2006-01-27 2012-03-13 Imperva, Inc. Method and system for transparently encrypting sensitive information
US8510846B1 (en) * 2006-06-29 2013-08-13 Google Inc. Data encryption and isolation
US7599936B2 (en) * 2006-12-22 2009-10-06 Verizon Services Organization Inc. Publication service using web pages and web search engines
US9275249B1 (en) * 2013-03-07 2016-03-01 Amazon Technologies, Inc. Accelerated encrypted database operations
US9311504B2 (en) * 2014-06-23 2016-04-12 Ivo Welch Anti-identity-theft method and hardware database device
CN104348609B (zh) * 2014-09-18 2017-06-06 成都西山居互动娱乐科技有限公司 一种非存储的密码管理算法
US9767219B2 (en) * 2014-10-27 2017-09-19 Successfactors, Inc. Automatic detection of queries missing order-by via unit test
US10284535B2 (en) * 2016-12-13 2019-05-07 Chronicle Llc Secure database
CN111225051A (zh) * 2020-01-03 2020-06-02 湖北民族大学 一种新型云环境下静态数据安全共享系统及方法
US11582208B1 (en) 2021-10-11 2023-02-14 Cisco Technology, Inc. Detecting domain fronting through correlated connections
CN116861474B (zh) * 2023-05-26 2024-02-20 东莞市铁石文档科技有限公司 一种在线档案安全评估系统和方法

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5913214A (en) * 1996-05-30 1999-06-15 Massachusetts Inst Technology Data extraction from world wide web pages
EP1089194A2 (de) * 1999-09-30 2001-04-04 Casio Computer Co., Ltd. Gerät zur Verwaltung einer Datenbank und System zum Verschlüssen und Entschlüssen

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5559888A (en) * 1994-02-15 1996-09-24 Lucent Technologies Inc. Secure information retrieval service (SIRS)
US5721777A (en) * 1994-12-29 1998-02-24 Lucent Technologies Inc. Escrow key management system for accessing encrypted data with portable cryptographic modules
US5713018A (en) * 1995-09-27 1998-01-27 Sun Microsystems, Inc. System and method for providing safe SQL-level access to a database
US5963642A (en) * 1996-12-30 1999-10-05 Goldstein; Benjamin D. Method and apparatus for secure storage of data
AU1230900A (en) * 1998-10-26 2000-05-15 Gte Service Corporation Data access system
US7272723B1 (en) * 1999-01-15 2007-09-18 Safenet, Inc. USB-compliant personal key with integral input and output devices
US6615349B1 (en) * 1999-02-23 2003-09-02 Parsec Sight/Sound, Inc. System and method for manipulating a computer file and/or program

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5913214A (en) * 1996-05-30 1999-06-15 Massachusetts Inst Technology Data extraction from world wide web pages
EP1089194A2 (de) * 1999-09-30 2001-04-04 Casio Computer Co., Ltd. Gerät zur Verwaltung einer Datenbank und System zum Verschlüssen und Entschlüssen

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of WO03014888A1 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10759973B2 (en) 2015-10-15 2020-09-01 Tesa Se Adhesive mass, in particular for strippable adhesive strips and use for adhering on coated woodchip wallpaper

Also Published As

Publication number Publication date
FR2828607B1 (fr) 2004-01-30
US20050044366A1 (en) 2005-02-24
WO2003014888A1 (fr) 2003-02-20
FR2828607A1 (fr) 2003-02-14

Similar Documents

Publication Publication Date Title
US11373192B2 (en) Apparatus for customer authentication of an item
US8613107B2 (en) System, method and apparatus for electronically protecting data associated with RFID tags
US8826448B2 (en) System, method and apparatus for electronically protecting data and digital content
EP1415215A1 (de) Verfahren zur sicherung von datenbanken
US20170228371A1 (en) Blockchain-enhanced database
US8359271B2 (en) Apparatus for customer authentication of an item
US7937579B2 (en) System, method and apparatus for electronically protecting data and digital content
EP3547203A1 (de) Methode und system für die zugriffsverwaltung von personenbezogenen daten mithilfe eines intelligenten vertrags
CN103563325B (zh) 用于保护数据的系统和方法
US20100005509A1 (en) System, method and apparatus for electronically protecting data and digital content
WO2019074921A1 (en) SYSTEM AND METHOD FOR PROTECTING SENSITIVE INFORMATION VIA DISTRIBUTED CONFIDENCE
US20120089835A1 (en) System and Method for Automatic Authentication of an Item
Mukherjee Popular SQL server database encryption choices
US20190392407A1 (en) Encrypted asset transfer system and method for facilitating transfer of digital assets
EP1095491A1 (de) Verfahren, server und vorrichtung zur sicherung eines computerkommunikationsnetz
Madyatmadja et al. Performance testing on Transparent Data Encryption for SQL Server's reliability and efficiency
EP3903463A1 (de) Plattform zum sichern von daten
Nanda et al. Oracle Privacy Security Auditing: Includes Federal Law Compliance with HIPAA, Sarbanes Oxley and the Gramm Leach Bliley Act GLB
EP3889809A1 (de) Schutz einer geheimen software und vertraulicher daten in einer gesicherten enklave
EP3863219A1 (de) Verfahren und vorrichtung zur auswertung der übereinstimmung von durch verschlüsselung geschützten strukturierten datensätzen
KR20230085314A (ko) 블록체인 기반 게놈 데이터 저장 및 보호 시스템
Doyle Lock up your data
CA3050353A1 (fr) Procede de recherche d'informations dans un corpus chiffre stocke sur un serveur
FR2802040A1 (fr) Systeme de communication et de fourniture de services via un reseau tel internet, destine notamment a un groupe de professionnels
FR3031824A1 (fr) Procede de securisation de donnees par anonymisation et serveur associe

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20040205

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LI LU MC NL PT SE SK TR

17Q First examination report despatched

Effective date: 20061218

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20100420