Patents by Inventor Chi Ching Chui
Chi Ching Chui has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10540508Abstract: One embodiment of the present invention provides a system that secures a database configuration from undesired modifications. This system allows a security officer to issue a configuration-locking command, which activates a lock for the configuration of a database object. When a configuration lock is activated for a database object, the system prevents a user (e.g., a database administrator) from modifying the configuration of the database object, without restricting the user from accessing the database object itself. The security officer is a trusted user that is responsible for maintaining the stability of the database configuration, such that a configuration lock activated by the security officer preserves the database configuration by overriding the privileges assigned to a database administrator.Type: GrantFiled: September 17, 2009Date of Patent: January 21, 2020Assignee: ORACLE INTERNATIONAL CORPORATIONInventors: Ji-Won Byun, Chi Ching Chui, Daniel ManHung Wong, Chon Hei Lei
-
Patent number: 10268705Abstract: Techniques for identifying unused privileges are provided. Database accesses are monitored to generate privilege usage data. Privilege usage data for each database access may indicate a user, a utilized privilege, an object that is the target of the privilege, and a role to which the privilege is granted. The privilege usage data is compared to database authorization data that indicates all (or a subset) of granted privileges. A result of the comparison is unused privilege data that indicates what granted privileges were not utilized. A role graph may be generated that indicates one or more privileges that were utilized and one or more privileges that were not utilized along with role paths providing the privileges.Type: GrantFiled: June 24, 2014Date of Patent: April 23, 2019Assignee: Oracle International CorporationInventors: Chi Ching Chui, Vikram R. Pesati
-
Patent number: 9886590Abstract: An application platform examines, at runtime, various specified aspects of an application environment in which an application interacts with a user. Such examinations are made to determine a state for each of the various specified aspects. Further, the platform automatically activates particular application environment roles for the user depending on the result of the examinations. For example, an application environment role may be activated representing a particular detected mode of communication (e.g., encrypted network communications) or a particular detected manner of authentication (e.g., password authentication). Such activations are based on the detected states and specified states for the various specified aspects of the application environment. Such activations may occur in the context of an application attempting to perform an operation on an access controlled object on behalf of a user.Type: GrantFiled: July 23, 2009Date of Patent: February 6, 2018Assignee: Oracle International CorporationInventors: Janaki Narasinghanallur, Min-Hank Ho, Thomas Keefe, Eric Sedlar, Chi Ching Chui, Vikram Pesati
-
Patent number: 9330116Abstract: Methods, machines, and stored instructions are provided for determining hierarchical paths to nodes based on stored information about the nodes. A node analyzer analyzes a hierarchy to create mappings that represent the hierarchy. The mappings may include a “parent mapping” that maps selected-level nodes to parent nodes of the selected-level nodes, and a “path mapping” that maps a plurality of nodes other than the selected-level nodes to a plurality of paths, within the hierarchy, to the plurality of nodes. A path module then determines path(s) to specified node(s) at least in part by mapping the specified node(s) to particular parent node(s) of the specified node(s) using the parent mapping. The path module also maps the particular parent node(s) to particular path(s) using the path mapping. The information from the path and parent mappings may be assembled to form path(s) within the hierarchy to the specified node(s).Type: GrantFiled: March 15, 2013Date of Patent: May 3, 2016Assignee: Oracle International CorporationInventors: Lijie Heng, Chi Ching Chui, Yi Ouyang
-
Publication number: 20150370824Abstract: Techniques for identifying unused privileges are provided. Database accesses are monitored to generate privilege usage data. Privilege usage data for each database access may indicate a user, a utilized privilege, an object that is the target of the privilege, and a role to which the privilege is granted. The privilege usage data is compared to database authorization data that indicates all (or a subset) of granted privileges. A result of the comparison is unused privilege data that indicates what granted privileges were not utilized. A role graph may be generated that indicates one or more privileges that were utilized and one or more privileges that were not utilized along with role paths providing the privileges.Type: ApplicationFiled: June 24, 2014Publication date: December 24, 2015Inventors: Chi Ching Chui, Vikram R. Pesati
-
Publication number: 20140280363Abstract: Methods, machines, and stored instructions are provided for determining hierarchical paths to nodes based on stored information about the nodes. A node analyzer analyzes a hierarchy to create mappings that represent the hierarchy. The mappings may include a “parent mapping” that maps selected-level nodes to parent nodes of the selected-level nodes, and a “path mapping” that maps a plurality of nodes other than the selected-level nodes to a plurality of paths, within the hierarchy, to the plurality of nodes. A path module then determines path(s) to specified node(s) at least in part by mapping the specified node(s) to particular parent node(s) of the specified node(s) using the parent mapping. The path module also maps the particular parent node(s) to particular path(s) using the path mapping. The information from the path and parent mappings may be assembled to form path(s) within the hierarchy to the specified node(s).Type: ApplicationFiled: March 15, 2013Publication date: September 18, 2014Applicant: Oracle International CorporationInventors: LIJIE HENG, Chi Ching Chui, Yi Ouyang
-
Patent number: 8239396Abstract: A machine-implemented method and machine-readable media for transforming sensitive data in a database is provided. Sensitive data in the database are transformed based on a query context of a query. The query may also be transformed. The transformed query may be applied against the transformed sensitive data to construct a query result. The query result with the transformed sensitive data represents a lenticular view. The lenticular view represents a modified form of the sensitive data that an end-user is allowed access to.Type: GrantFiled: March 20, 2009Date of Patent: August 7, 2012Assignee: Oracle International CorporationInventors: Ji-Won Byun, Chi Ching Chui, Daniel M. Wong
-
Publication number: 20110067084Abstract: One embodiment of the present invention provides a system that secures a database configuration from undesired modifications. This system allows a security officer to issue a configuration-locking command, which activates a lock for the configuration of a database object. When a configuration lock is activated for a database object, the system prevents a user (e.g., a database administrator) from modifying the configuration of the database object, without restricting the user from accessing the database object itself. The security officer is a trusted user that is responsible for maintaining the stability of the database configuration, such that a configuration lock activated by the security officer preserves the database configuration by overriding the privileges assigned to a database administrator.Type: ApplicationFiled: September 17, 2009Publication date: March 17, 2011Applicant: ORACLE INTERNATIONAL CORPORATIONInventors: Ji-Won Byun, Chi Ching Chui, Daniel ManHung Wong, Chon Hei Lei
-
Publication number: 20110023082Abstract: An application platform examines, at runtime, various specified aspects of an application environment in which an application interacts with a user. Such examinations are made to determine a state for each of the various specified aspects. Further, the platform automatically activates particular application environment roles for the user depending on the result of the examinations. For example, an application environment role may be activated representing a particular detected mode of communication (e.g., encrypted network communications) or a particular detected manner of authentication (e.g., password authentication). Such activations are based on the detected states and specified states for the various specified aspects of the application environment. Such activations may occur in the context of an application attempting to perform an operation on an access controlled object on behalf of a user.Type: ApplicationFiled: July 23, 2009Publication date: January 27, 2011Inventors: Janaki Narasinghanallur, Min-Hank Ho, Thomas Keefe, Eric Sedlar, Chi Ching Chui, Vikram Pesati
-
Patent number: 7840551Abstract: One embodiment of the present invention provides a system for automatically classifying data in a database. During operation, the system receives and executes a database operation. Next, the system automatically determines if any data was modified as a result of executing the database operation. If so, for each data item that was modified, the system automatically determines if the data item is associated with a classification-rule. If so, the system automatically reclassifies the data item according to the classification-rule. If not, the system leaves a classification of the data item unchanged.Type: GrantFiled: November 1, 2007Date of Patent: November 23, 2010Assignee: Oracle International CorporationInventors: Daniel ManHung Wong, Amit Ganesh, Bipul Sinha, Chi Ching Chui
-
Publication number: 20100241641Abstract: A machine-implemented method and machine-readable media for transforming sensitive data in a database is provided. Sensitive data in the database are transformed based on a query context of a query. The query may also be transformed. The transformed query may be applied against the transformed sensitive data to construct a query result. The query result with the transformed sensitive data represents a lenticular view. The lenticular view represents a modified form of the sensitive data that an end-user is allowed access to.Type: ApplicationFiled: March 20, 2009Publication date: September 23, 2010Applicant: ORACLE INTERNATIONAL CORPORATIONInventors: Ji-Won Byun, Chi Ching Chui, Daniel M. Wong
-
Publication number: 20100030781Abstract: One embodiment of the present invention provides a system for automatically classifying data in a database. During operation, the system receives and executes a database operation. Next, the system automatically determines if any data was modified as a result of executing the database operation. If so, for each data item that was modified, the system automatically determines if the data item is associated with a classification-rule. If so, the system automatically reclassifies the data item according to the classification-rule. If not, the system leaves a classification of the data item unchanged.Type: ApplicationFiled: November 1, 2007Publication date: February 4, 2010Applicant: ORACLE INTERNATIONAL CORPORATIONInventors: Daniel ManHung Wong, Amit Ganesh, Bipul Sinha, Chi Ching Chui