IL253210B2 - Database authentication proxy - Google Patents
Database authentication proxyInfo
- Publication number
- IL253210B2 IL253210B2 IL253210A IL25321017A IL253210B2 IL 253210 B2 IL253210 B2 IL 253210B2 IL 253210 A IL253210 A IL 253210A IL 25321017 A IL25321017 A IL 25321017A IL 253210 B2 IL253210 B2 IL 253210B2
- Authority
- IL
- Israel
- Prior art keywords
- database
- authentication
- external
- credentials
- proxy server
- Prior art date
Links
- 238000000034 method Methods 0.000 claims description 27
- 238000013519 translation Methods 0.000 claims description 8
- 230000001133 acceleration Effects 0.000 claims description 6
- 230000000873 masking effect Effects 0.000 claims description 6
- 230000000977 initiatory effect Effects 0.000 claims description 4
- 230000003068 static effect Effects 0.000 description 9
- 230000008520 organization Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 238000007726 management method Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012795 verification Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Description
DATABASE AUTHENTICATION PROXY FIELD OF THE INVENTION The present invention is of a system and method for a database authentication proxy and in particular, such a system and method for transparent authentication for an external database.
BACKGROUND OF THE INVENTION Relational databases, and their corresponding management systems, are very popular for storage and access of data. Typically, such databases require access credentials such as a username and password to be provided before they can be accessed. Ideally, an organization with one or more databases will use a centralized authentication server which manages Authentication, Authorization and Accounting (AAA) policies to ensure that users have appropriate access rights. A non-limiting example of an AAA server is Microsoft's Active Directory (AD). A further non-limiting example is an LDAP server.
Many organizations now also use databases that are external to the organization, such as cloud based databases, also known as Database as a Service (DBaaS). While DBaaS provides many advantages, it relies on static access credentials. In other words, each user or group of users may have static credentials for each DBaaS and cannot use credentials that can be internally verified. Since the DBaaS is external to the organization, it cannot be used with the internal AAA server and the organization therefore cannot control authentication and the level of access (permissions) as with internal services.
Organizations are thus not able to authenticate using organizational polices, need to manage multiple credentials per user, and cannot enforce policies according active directory grouping. A similar problem arises with databases that are on the internal network but do not support authentication using AAA servers. From the point of view of the AAA server these databases may also be considered external databases.
There is an unmet need for, and it would be highly useful to have a method and system transparently enabling local users to use of an organization's AAA services with external databases such as DBaaS and others.
SUMMARY OF THE INVENTION The present invention overcomes the deficiencies of the background art by providing a system and method, in at least some embodiments, for use of an internal AAA server with an external database. A database authentication proxy server is provided that maps and translates internal authentication using the AAA server to external authentication using the appropriate static or external credentials for the external database.
In use, database accessing applications direct requests for access to both internal and external databases to the database authentication proxy server, which is in communication with the AAA server of the organization and verifies user credentials and access policy from the AAA server. The authentication proxy server stores appropriate static/external access credentials for the external database and, following verification of a user's internal credentials and access permissions from the AAA server, enables access to the external database by logging into the external database using the appropriate access credentials.
These may include multiple external credentials for specific external databases each with specific access rights.
The database authentication proxy server is preferably part of a database proxy that provides other database related functionality such as database security, translation of queries between database languages, smart caching of query results, data masking of sensitive data and database auditing as well as other features.
According to at least some embodiments of the present invention, a method for database authentication termination comprises: providing a database authentication proxy server running on a computer; sending a login request for a database to the database authentication proxy server by an accessing application; verifying the login request with a AAA server by the database authentication proxy server; and when the login request is verified, and the database is an external database, initiating a session with the external database on behalf of the accessing application by the database authentication proxy server using external credentials. Preferably the login request comprises internal login credentials and verifying comprises verifying the user login credentials and querying the access rights of the user.
Preferably, the method further comprises provisioning the database authentication proxy server to define whether authentication termination is required for a database; confirming that a database requires authentication termination based on the provisioning; when the login request is not verified, informing the accessing application by the database authentication proxy server; when the database is an internal database, initiating a session with the internal database on behalf of the accessing application by the database authentication proxy server using the internal credentials.
Preferably, the external credentials are different per user and access level.
Optionally, the database is selected from the group consisting of: relational database, non-relational database, SQL based; MySQL based; Microsoft SQL based; Oracle SQL based; PostgreSQL based; and MongoDB based. Optionally, the session continues via a database proxy operated by a computer. Optionally, the database proxy comprises functionality selected from the group comprising: security; database encryption; caching; translation; acceleration; and data masking.
According to further embodiments of the present invention, a system for database authentication termination comprises: a database authentication proxy server running on a computer; a database running on a computer; a AAA server running on a computer; and an accessing application running on a computer; wherein the accessing application sends a login request for the database to the database authentication proxy server which verifies the login request with a AAA server; wherein when the login request is verified, and the database is an external database, a session is initiated with the external database on behalf of the accessing application by the database authentication proxy server using external credentials. Preferably, the login request comprises internal login credentials and the verifying comprises verifying the user login credentials and querying the access rights of the user.
Preferably, the database authentication proxy server is provisioned to define whether authentication termination is required for a database and the database authentication proxy server confirms whether a database requires authentication termination based on the provisioning. Preferably, the external credentials are different per user and access level. Preferably, when the login request is not verified, informing the accessing application by the database authentication proxy server. Preferably, when the database is an internal database, a session is initiated with the internal database on behalf of the accessing application by the database authentication proxy server using internal credentials. Preferably the database is selected from the group consisting of: relational database, non-relational database, SQL based; MySQL based; Microsoft SQL based; Oracle SQL based; PostgreSQL based; and MongoDB based.
Optionally, the system comprises a database proxy operated by a computer and wherein the session continues via the database proxy. Optionally, the database proxy comprises functionality selected from the group comprising: security; database encryption; caching; translation; acceleration; and data masking.
As used herein the terms internal and external relate to the ability to use the internal AAA server (such as Active Directory and others). External databases cannot be used with the AAA server while internal databases can access the AAA server for verification of user access. Thus, as used herein, a database that is part of the same internal network as the AAA but which does not support authentication via the AAA server is considered an external database. Non limiting examples of external databases include Database as a Service (DBaaS), hosted database, cloud database, or any database not supporting or without access to the relevant AAA server.
The terms static credentials as used herein refers to a username and password combination however, the credentials may also include some other identifier or may be based on a dynamic identifier such as those used for two- factor authentication such as generated by a token, dongle, soft token, app or other software or hardware. As used herein, internal credentials are those that can be verified by the AAA server and also used with an internal database and external credentials are those used for accessing external databases.
Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The materials, methods, and examples provided herein are illustrative only and not intended to be limiting.
Implementation of the method and system of the present invention involves performing or completing certain selected tasks or steps manually, automatically, or a combination thereof. Moreover, according to actual instrumentation and equipment of preferred embodiments of the method and system of the present invention, several selected steps could be implemented by hardware or by software on any operating system of any firmware or a combination thereof. For example, as hardware, selected steps of the invention could be implemented as a chip or a circuit. As software, selected steps of the invention could be implemented as a plurality of software instructions being executed by a computer using any suitable operating system. In any case, selected steps of the method and system of the invention could be described as being performed by a data processor, such as a computing platform for executing a plurality of instructions.
Although the present invention is described with regard to a "computer", it should be noted that optionally any device featuring a data processor and the ability to execute one or more instructions may be described as a computer, computing device, mobile computing device, or user device including but not limited to any type of personal computer (PC), a server, a cellular telephone, an IP telephone, a smartphone, a PDA (personal digital assistant), or a pager. A server as used herein may refer to any of a single server, multiple servers, distributed servers or cloud computing environment. Any two or more of such devices in communication with each other may optionally comprise a "computer network".
BRIEF DESCRIPTION OF THE DRAWINGS The invention is herein described, by way of example only, with reference to the accompanying drawings. With specific reference now to the drawings in detail, it is stressed that the particulars shown are by way of example and for purposes of illustrative discussion of the preferred embodiments of the present invention only, and are presented in order to provide what is believed to be the most useful and readily understood description of the principles and conceptual aspects of the invention. In this regard, no attempt is made to show structural details of the invention in more detail than is necessary for a fundamental understanding of the invention, the description taken with the drawings making apparent to those skilled in the art how the several forms of the invention may be embodied in practice.
In the drawings: FIGS. 1A-1B show an exemplary, illustrative non-limiting system for a database authentication proxy server, according to some embodiments of the present invention; FIG. 2 shows an exemplary non-limiting screenshot of a provisioning interface for a database authentication proxy server according to at least some embodiments of the present invention; and FIG. 3 is a flowchart of an exemplary, illustrative method for operation of a database authentication proxy server according to at least some embodiments of the present invention.
DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention provides a system and method, in at least some embodiments, for a database authentication proxy server that enables use of an internal AAA server with an external database. Non-limiting examples of AAA servers include LDAP, and Microsoft Active Directory. In a preferred embodiment a user can use internal login credentials or user single sign on technologies for accessing an external database via the database authentication proxy server.
Referring now to the drawings, Figure 1A and 1B show an exemplary, illustrative non-limiting system for a database authentication proxy server, according to some embodiments of the present invention. As shown in Figure 1A, a system 100 features a plurality of database accessing applications 102 for providing a software application interface to access one or more of a plurality of internal and external databases 104. Two database accessing applications 102, A and B, are shown for the purpose of illustration only and without any intention of being limiting. Three databases 104, Internal database A, and external databases B and C, are shown for the purpose of illustration only and without any intention of being limiting.
Database accessing application 102 may optionally be any type of software, or many optionally form a part of any type of software, for example and without limitation, a user interface, administrative applications, a back-up system, web applications, data accessing solutions, data warehouse solutions, CRM (customer relationship management) software and ERP (enterprise resource planning) software.
Database accessing application 102 is adapted for queries to, and responses from a database system and therefore communicates using the languages and protocols of databases.
Accessing application 102 is a software application (or applications) that is operated by some type of computational hardware, shown as a computer 106.
However, optionally computer 106 is in fact a plurality of separate computational devices or computers, any type of distributed computing platform and the like; nonetheless, a single computer is shown for the sake of clarity only and without any intention of being limiting.
Similarly, database 104 is a database software application (or applications) that is operated by some type of computational hardware, shown as a computer 108. Again, optionally computer 108 is in fact a plurality of separate computational devices or computers, any type of distributed or cloud computing platform and the like; nonetheless, a single computer is shown for the sake of clarity only and without any intention of being limiting.
Database 104 may optionally be implemented according to any type of database system or protocol; however, according to preferred embodiments of the present invention, database 104 is implemented as a relational database with a relational database management system. Optionally, database 104 is non relational. Non-limiting examples of different types of databases include SQL based databases, including but not limited to MySQL, Microsoft SQL, Oracle SQL, PostgreSQL, MongoDB, and so forth. Optionally and preferably, system 100 may comprise a plurality of different databases 104 operating according to different database protocols and/or query languages and/or even having different structures.
Database authentication proxy server 110 is shown as being operated by a computer 112, but in fact could optionally be implemented as software (by computer 112 for example), hardware, firmware or a combination thereof. Again, if present, optionally computer 112 is in fact a plurality of separate computational devices or computers, any type of distributed computing platform and the like; nonetheless, a single computer is shown for the sake of clarity only and without any intention of being limiting.
System 100 comprises an internal zone 114 and an external zone 120.
Internal zone 114 is here shown as computing network 116 with shared access to a AAA server 140. Internal zone 114 is defined by connectivity of the various components therein to the AAA server and is not limited to a specific geographical location or specific network. External zone 120 is shown here as a single zone, however, external zone 120 may comprise multiple networks, regions and zones and is here identified by a non limiting single external zone 120 to illustrate a zone wherein the databases either have no access to AAA server 1 or wherein the database platform/version does not support authentication with AAA services. External database A 104 and external database B 104 are therefore characterized by inability to connect or to use the services of AAA server 140.
Internal computer network 116 may optionally comprise a local area network, while external computer network 118 may optionally be the Internet, although both of networks 116 and 118 could be the same network and/or could be implemented according to any type of computer network.
In this embodiment of the system 100 according to the present invention, database authentication proxy server 110 preferably is addressable through both computer networks 116 and 118; for example, database authentication proxy server 110 could optionally feature an IP address for being addressable through either computer network 116 and/or 118.
Database authentication proxy server 110 preferably comprises an authentication module 130 as shown. Authentication module 130 is in communication with databases 104, optionally through a database connection interface A, B and C 132 as shown. Each database connection interface 132 is optionally specific for a particular type of database software 104, for example; optionally only a single such database connection interface 132 may be implemented (not shown). Database connection interface 132 is preferably able to communicate with each database 104, for authentication or other communication. Authentication module 130 is also in communication with AAA server 140 via network 116.
Database connection interface 132 and authentication module 1 optionally and preferably rely upon database commands for authentication and database access using database languages and protocols as known in the art, according to the type of database 104. Authentication module is also adapted to communicate with AAA server 140 using languages and protocols as known in the art.
In a configuration stage, authentication module 130 is provisioned with information related to databases 104 via provisioning module 134. The provisioning information, further described below with reference to figure 2, is entered and stored in provisioning module 134 and includes an indication as to whether the database 104 requires authentication termination or not.
All database authentication requests from database accessing applications 102 to databases 104 are directed via database authentication proxy server 110.
Accessing applications A or B 102 optionally communicate with database authentication proxy server 110 via query interface 126 A or B as shown. Query interface 126 may optionally be adapted for each accessing application 102; alternatively a single query interface 126 may optionally be provided (not shown).
When a user (not shown) of a database accessing application 102 attempts to log into a database 104, the authentication request is passed from the database accessing application 102 to authentication module 130 optionally via the query interface 126. The authentication request preferably includes the internal user credentials.
Optionally, database authentication proxy server 110 receives authentication requests through a particular port for each database type. By "database type" it is meant a particular combination of database structure, protocol and query language. For example, one database type could optionally be a relational database operated by MySQL, while another database type could optionally be a relational database operated by MS (Microsoft) SQL.
Authentication requests for each such type are preferably received through a different port, which accessing application 102 is more preferably configured to access. Optionally there could be a generic port for any non pre-configured database types.
Authentication module 130 connects to AAA server 140 to verify the login request. Verifying the login request comprises verifying the received credentials and querying the access rights of the accessing user. AAA server 140 stores credentials and related policies in a user policy module 144. The credentials and access rights of the particular user are verified for the database 104 requested in the login request. This information is returned to authentication module 1 from AAA server 140.
Authentication module 130 then proceeds differently depending on whether the database 104 requires authentication termination or not, whether the user login has been verified, and the level of access allowed for the user. In the case where authentication termination is required and the user login is verified, such as for external databases A and B 104, authentication module now performs a login based on the relevant static credentials for that database A or B 104 on behalf of the accessing application. Multiple static credentials may be stored in provisioning module 134 for a particular external database A or B 104 to allow for multiple levels of access to external databases A or B 104.
In the case where authentication termination is not required and the user login is verified, such as for internal database C 104, authentication module 1 now performs a login on behalf of the accessing application based on the relevant credentials for that database C 104. Optionally, static credentials may be stored in provisioning module 134 for a particular internal database to allow for multiple levels of access to internal databases 104.
In either case, once the login/authentication process is completed the database session continues between the accessing application 102 and the database 104, preferably via proxy server 160.
In either case, where a user is denied access, authentication module 1 sends a rejection message to the accessing application 102 using the appropriate database protocol or language.
As shown in figure 1B, database authentication proxy server is optionally part of a database proxy server 160 offering additional database functionality as described below. Following the granting of access and the completion of the authentication process opposite a database 104 as described herein, all database queries and responses optionally pass through database proxy 160.
Database proxy server 160 is operated by some type of computational hardware, shown as a computer 162. As above, optionally computer 162 is in fact a plurality of separate computational devices or computers, any type of distributed or cloud computing platform and the like; nonetheless, a single computer is shown for the sake of clarity only and without any intention of being limiting.
Functionality offered by database proxy 160 optionally includes security 164, database encryption 166, caching 168, translation 170, acceleration 172 and data masking 174 which are described below and are disclosed in US patent applications 14/380,036, 13/698,055, 13/813,662, and 14/541,416.
In a typical prior art system, accessing application 102 would communicate directly with database 104, and would therefore need to be able communicate in the query language and according to the query protocol for database 104.
However, in this illustrative embodiment of the present invention, accessing application 102 communicates with database 104 through translation apparatus 170 which provides translation into the query language and according to the query protocol of the used database.
Security apparatus 164 preferably screens all received queries and data from portions of system 100 that are external to databases 104, including for example accessing applications 102 A and B. Caching module 168 at least temporarily stores requests and responses for example, or any other data or information which could improve the performance of system 100. Caching 1 may optionally be used alone or in combination with a database acceleration module 172 for further improving the performance of system 100. Also optionally one or more databases 104 may be encrypted, such that queries to and responses from such an encrypted database 104 are also encrypted, through a database encryption module 166.
These embodiments with regard to different database types and non limiting examples of advantages may also optionally be applied to any of the embodiments of the system according to the present invention as described herein.
Reference is now made to figure 2 which is an exemplary non-limiting screenshot of a provisioning interface for a database authentication proxy server according to at least some embodiments of the present invention.
As shown, a checkbox 210 defines whether authentication termination is required for a specific database. Where authentication termination is required, such as for an external database as described herein, provisioning boxes for the database authentication method (dropdown list 212), and static credentials for the database, including the username (username box 214) and password (password box 216) are provided.
Checkbox 240 to enable fallback allows for a situation when the authentication termination process fails and direct access from the accessing application to the external database is allowed.
Additional provisioning elements (not shown) include details of the AAA server, such as server 140. These details include the type of AAA server, protocols supported, and authentication details required.
Figure 3 is a flowchart of an exemplary, illustrative method for operation of a database authentication proxy server according to at least some embodiments of the present invention. It is assumed, before the method starts, that the authentication module 130 has been provisioned with the authentication configuration of the connected databases 104 as described above.
As shown, in stage 1, a user attempts to log into a chosen database 104 via an accessing application 102. The login/access request is optionally transferred via the query interface 126 of the database authentication proxy server 110 to the authentication module 130. The access request comprises internal login credentials as described above. In stage 2, the authentication module 1 verifies the provided internal user credentials and access rights to the chosen database 104 of the user by querying the AAA server 140.
In stage 3 the AAA server 140 responds to the request from the authentication module 130 verifying the internal user credentials and access permissions for the chosen database or indicating that these are not verified and that access should be denied. Stages 4 and 5 depend on the response from the AAA server 140 and also the provisioning of the chosen database 104 in the database authentication proxy server 110.
In stage 4A, the AAA server 140 has verified the user credentials and access permission to the chosen database and the authentication module 1 checks the provisioning module 134 to confirm that the chosen database 104 is a database that is provisioned in the database authentication proxy server 110 as a database requiring authentication termination. In stage 5A, the authentication module initiates a connection/session with an external database A or B 1 optionally via a database connection interface 132 using the appropriate external credentials for the user and access permissions. In stage 6, the user is now connected to the external database A or B 104 and the database session may continue, optionally via proxy 160 as described above.
In alternative stage 4B, the AAA server 140 has verified the user credentials and access permission to the chosen database and the authentication module 130 checks the provisioning module 134 to confirm that the chosen database 104 is a database that is provisioned in the database authentication proxy server 110 as a database that does not require authentication termination.
In stage 5A, the authentication module initiates a connection to the internal database C 104 optionally via a database connection interface 132 using the user's internal credentials provided in stage 1. In stage 6, the user is now connected to the internal database C 104 and the database session may continue, optionally via proxy 160 as described above.
In alternative stage 4C, the AAA server 140 has indicated that the user is not allowed to access the chosen database optionally along with the reason of denial. In stage 5C, the authentication module 130 sends an appropriate "access denied" message back to the user via the accessing application 102 and optionally via the query interface 126.
While the invention has been described with respect to a limited number of embodiments, it will be appreciated that many variations, modifications and other applications of the invention may be made.
Claims (18)
1. A method for database authentication termination comprising: sending a login request for a database to a database authentication proxy server by an accessing application, wherein login requests for different pre-configured database types are sent through different ports and a login request for any non pre-configured database type is sent through a generic port, wherein said database authentication proxy server is running on a computer; verifying said login request with an AAA server by said database authentication proxy server; provisioning said database authentication proxy server to define whether authentication termination is required for a database; confirming that a database requires authentication termination based on said provisioning; and when said login request is verified, and said database is an external database, initiating a session with said external database on behalf of said accessing application by said database authentication proxy server using external credentials, wherein the external credentials are stored in said database authentication proxy server for said particular external database, wherein the external database is a database requiring authentication termination, wherein the external database is a database not supporting the AAA server.
2. The method of claim 1, wherein said login request comprises internal login credentials.
3. The method of claim 2, wherein said verifying comprises verifying said user login credentials and querying the access rights of the user.
4. The method of claim 1, wherein said external credentials are different per user and access level.
5. The method of claim 1, further comprising, when said login request is not verified, informing said accessing application by said database authentication proxy server.
6. The method of claim 2, further comprising, when said database is an internal 30 database, initiating a session with said internal database on behalf of said accessing application by said database authentication proxy server using said internal credentials.
7. The method of claim 1 wherein said database is selected from the group consisting of: relational database, non-relational database, SQL based; MySQL based; Microsoft SQL based; Oracle SQL based; PostgreSQL based; and MongoDB based.
8. The method of claim 1, wherein said session continues via a database proxy operated by a computer.
9. The method of claim 8 wherein said database proxy comprises functionality selected from the group comprising: security; database encryption; caching; translation; acceleration; and data masking.
10. A system for database authentication termination comprising: a database authentication proxy server running on a computer; a database running on a computer; an AAA server running on a computer; an accessing application running on a computer; wherein said accessing application is configured to send a login request for said database to said database authentication proxy server which verifies said login request with said AAA server, wherein login requests for different pre-configured database types are sent through different ports and a login request for any non pre-configured database type is sent through a generic port; said database authentication proxy server is configured to verify said login request with said AAA server, provision to define whether authentication termination is required for a database, and confirm whether a database requires authentication termination based on said provisioning; when said login request is verified, and said database is an external database, a session is initiated with said external database on behalf of said accessing application by said database authentication proxy server using external credentials, wherein the external credentials are stored in said database authentication proxy server for said particular external database; wherein the external database is a database not 30 supporting to the AAA server.
11. The system of claim 10, wherein said login request comprises internal login credentials.
12. The system of claim 11, wherein said verifying comprises verifying said user login credentials and querying the access rights of the user.
13. The system of claim 10, wherein said external credentials are different per user and access level.
14. The system of claim 10, wherein when said login request is not verified, informing said accessing application by said database authentication proxy server.
15. The system of claim 11, wherein when said database is an internal database, a session is initiated with said internal database on behalf of said accessing application by said database authentication proxy server using internal credentials.
16. The system of claim 10, wherein said database is selected from the group consisting of: relational database, non-relational database, SQL based; MySQL based; Microsoft SQL based; Oracle SQL based; PostgreSQL based; and MongoDB based.
17. The system of claim 10, further comprising a database proxy operated by a computer and wherein said session continues via said database proxy.
18. The system of claim 10, wherein said database proxy comprises functionality selected from the group comprising: security; database encryption; caching; translation; acceleration; and data masking. 20
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US201662367639P | 2016-07-27 | 2016-07-27 |
Publications (3)
| Publication Number | Publication Date |
|---|---|
| IL253210A0 IL253210A0 (en) | 2017-09-28 |
| IL253210B1 IL253210B1 (en) | 2023-12-01 |
| IL253210B2 true IL253210B2 (en) | 2024-04-01 |
Family
ID=62454928
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| IL253210A IL253210B2 (en) | 2016-07-27 | 2017-06-27 | Database authentication proxy |
Country Status (1)
| Country | Link |
|---|---|
| IL (1) | IL253210B2 (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140073288A1 (en) * | 2012-09-11 | 2014-03-13 | Wavemax Corp. | Mobile device authorization, authentication and data usage accounting for mobile data offload in a network of shared protected/locked wifi access points |
| CN103873449A (en) * | 2012-12-18 | 2014-06-18 | 中国电信股份有限公司 | Network access method and system |
| US20150234639A1 (en) * | 2013-04-23 | 2015-08-20 | Clearblade, Inc. | System and Method for Creating a Development and Operational Platform for Mobile Applications |
| US20160359828A1 (en) * | 2015-06-03 | 2016-12-08 | Sap Se | Sensitive information cloud service |
-
2017
- 2017-06-27 IL IL253210A patent/IL253210B2/en unknown
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140073288A1 (en) * | 2012-09-11 | 2014-03-13 | Wavemax Corp. | Mobile device authorization, authentication and data usage accounting for mobile data offload in a network of shared protected/locked wifi access points |
| CN103873449A (en) * | 2012-12-18 | 2014-06-18 | 中国电信股份有限公司 | Network access method and system |
| US20150234639A1 (en) * | 2013-04-23 | 2015-08-20 | Clearblade, Inc. | System and Method for Creating a Development and Operational Platform for Mobile Applications |
| US20160359828A1 (en) * | 2015-06-03 | 2016-12-08 | Sap Se | Sensitive information cloud service |
Also Published As
| Publication number | Publication date |
|---|---|
| IL253210B1 (en) | 2023-12-01 |
| IL253210A0 (en) | 2017-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10924465B2 (en) | Split authentication network systems and methods | |
| US10484385B2 (en) | Accessing an application through application clients and web browsers | |
| US10432608B2 (en) | Selectively enabling multi-factor authentication for managed devices | |
| US10055561B2 (en) | Identity risk score generation and implementation | |
| EP2973166B1 (en) | Systems and methods for identifying a secure application when connecting to a network | |
| US8327441B2 (en) | System and method for application attestation | |
| EP2761527B1 (en) | Mobile application, single sign-on management | |
| US9613224B2 (en) | Integrating a user's security context in a database for access control | |
| US10049205B2 (en) | Asserting identities of application users in a database system based on delegated trust | |
| US11368462B2 (en) | Systems and method for hypertext transfer protocol requestor validation | |
| EP3815329B1 (en) | Registration of the same domain with different cloud services networks | |
| CN105577835B (en) | Cross-platform single sign-on system based on cloud computing | |
| WO2021242454A1 (en) | Secure resource authorization for external identities using remote principal objects | |
| EP3062254B1 (en) | License management for device management system | |
| EP2795522B1 (en) | Techniques to store secret information for global data centers | |
| US9900294B2 (en) | Key-based access in batch mode | |
| IL253210B2 (en) | Database authentication proxy | |
| US20240236107A1 (en) | Cloud based application access privilege governance | |
| WO2023160632A1 (en) | Method for setting cloud service access permissions of enclave instance, and cloud management platform | |
| US20230113325A1 (en) | External identity provider as a domain resource | |
| Ferle | Account Access and Security |