Patents by Inventor Mingchen Lo
Mingchen Lo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 8996458Abstract: System, method, computer program product embodiments and combinations and sub-combinations thereof for data replication in a database system environment are described. In an aspect, the data replication includes grouping, in-memory, a plurality of transactions to be replicated as a single transaction from a source database system to a target database system. A plurality of net row changes is compiled for the plurality of transactions, and data inconsistency detection and resolution within a command application order are performed. Further included is bulk application of the plurality of net row changes to the target database system.Type: GrantFiled: December 23, 2009Date of Patent: March 31, 2015Assignee: Sybase, Inc.Inventors: Heping Shang, Mingchen Lo
-
Publication number: 20110153568Abstract: System, method, computer program product embodiments and combinations and sub-combinations thereof for data replication in a database system environment are described. In an aspect, the data replication includes grouping, in-memory, a plurality of transactions to be replicated as a single transaction from a source database system to a target database system. A plurality of net row changes is compiled for the plurality of transactions, and data inconsistency detection and resolution within a command application order are performed. Further included is bulk application of the plurality of net row changes to the target database system.Type: ApplicationFiled: December 23, 2009Publication date: June 23, 2011Applicant: Sybase, Inc.Inventors: Heping Shang, Mingchen Lo
-
Patent number: 7565532Abstract: A data server platform includes a security file system layer interposed between the platform operating system kernel and file system. The secure file system layer is structured to implement a file access control function that selectively constrains data transfer operations initiated through the operating system kernel by an application program to transfer file data through the file system with respect to a persistent data store. A file access controller, implemented independent of the operating system kernel, is coupled to the security file system layer and supports the file access control function by defining permitted file data transfers through the file system. Management of the file access controller separate from the data server platform ensures that any security breach of the platform operating system kernel cannot compromise the function of the security file system layer.Type: GrantFiled: October 23, 2006Date of Patent: July 21, 2009Assignee: Vormetric, Inc.Inventors: Duc Pham, Tien Le Nguyen, Pu Paul Zhang, Mingchen Lo
-
Publication number: 20080052755Abstract: A security server qualifies the execution of programs for networked host computer systems using a database storing pre-qualified program signatures and defined policy rules associating execution permission qualifiers with execution control values. The server executes a control program in response to execution requests received via a communications network interface from identifiable hosts, wherein a predetermined execution request received from a predetermined host computer system includes an identification of a program load request, request context related data, and a secure program signature. The control program determines an execution control value based on an evaluation of the execution request relative to the pre-qualified program signatures and defined policy rules. The execution control value is then returned to the predetermined host computer system to securely qualify the execution of the program identified from the program load request.Type: ApplicationFiled: February 28, 2007Publication date: February 28, 2008Inventors: Duc Pham, Tien Nguyen, Pu Zhang, Mingchen Lo
-
Patent number: 7334124Abstract: Network data files are secure through the operation of an infrastructure gateway-based network file access appliance. Network file data, corresponding to network pocket payload data, are further reduced to a sequence of data blocks that are secured through any combination of block encryption, compression, and digital signatures. File meta-data, including encryption, compression and block-level digital signatures are persistently stored with the file data, either in-band in the file as stored or out-of-band key as a separately stored file or file policy record. File meta-data is recovered with accesses of the file data to support bidirectional encryption and compression and to detect tampering with the file data by comparison against block-level digital signatures.Type: GrantFiled: July 22, 2002Date of Patent: February 19, 2008Assignee: Vormetric, Inc.Inventors: Duc Pham, Tien Le Nguyen, Pu Paul Zhang, Mingchen Lo
-
Publication number: 20070050620Abstract: A data server platform includes a security file system layer interposed between the platform operating system kernel and file system. The secure file system layer is structured to implement a file access control function that selectively constrains data transfer operations initiated through the operating system kernel by an application program to transfer file data through the file system with respect to a persistent data store. A file access controller, implemented independent of the operating system kernel, is coupled to the security file system layer and supports the file access control function by defining permitted file data transfers through the file system. Management of the file access controller separate from the data server platform ensures that any security breach of the platform operating system kernel cannot compromise the function of the security file system layer.Type: ApplicationFiled: October 23, 2006Publication date: March 1, 2007Inventors: Duc Pham, Tien Nguyen, Pu Zhang, Mingchen Lo
-
Patent number: 7143288Abstract: A data server platform includes a security file system layer interposed between the platform operating system kernel and file system. The secure file system layer is structured to implement a file access control function that selectively constrains data transfer operations initiated through the operating system kernel by an application program to transfer file data through the file system with respect to a persistent data store. A file access controller, implemented independent of the operating system kernel, is coupled to the security file system layer and supports the file access control function by defining permitted file data transfers through the file system. Management of the file access controller separate from the data server platform ensures that any security breach of the platform operating system kernel cannot compromise the function of the security file system layer.Type: GrantFiled: October 16, 2002Date of Patent: November 28, 2006Assignee: Vormetric, Inc.Inventors: Duc Pham, Tien Le Nguyen, Pu Paul Zhang, Mingchen Lo
-
Publication number: 20050182958Abstract: A security server qualifies the execution of programs for networked host computer systems using a database storing pre-qualified program signatures and defined policy rules associating execution permission qualifiers with execution control values. The server executes a control program in response to execution requests received via a communications network interface from identifiable hosts, wherein a predetermined execution request received from a predetermined host computer system includes an identification of a program load request, request context related data, and a secure program signature. The control program determines an execution control value based on an evaluation of the execution request relative to the pre-qualified program signatures and defined policy rules. The execution control value is then returned to the predetermined host computer system to securely qualify the execution of the program identified from the program load request.Type: ApplicationFiled: February 17, 2004Publication date: August 18, 2005Inventors: Duc Pham, Tien Nguyen, Pu Zhang, Mingchen Lo
-
Publication number: 20050182966Abstract: The secure trust relationship between communicating programs is established at any policy defined level down to individual program instances. Policy enforcement modules installed on host computer systems support qualified encrypted communications channels between discretely selected program instances. Program instances are qualified to establish communication channels, each defined by a unique session encryption key, based on an evaluation of security data including the individual process execution contexts, user authorizations, and access attributes of the program instances. A security appliance server performs the policy-based qualification based on a mutually interdependent evaluation of the security data for both the communications channel source and target program instances.Type: ApplicationFiled: February 17, 2004Publication date: August 18, 2005Inventors: Duc Pham, Tien Nguyen, Pu Zhang, Mingchen Lo
-
Patent number: 6931530Abstract: A network file access appliance operates as a secure portal for network file access operations between client computer systems and network storage resources. The file access appliance terminates network file access transactions, identified by packet information including client system, mount point, and file request identifiers, between client systems and mount points supported by the access controller. A policy parser determines, based on the packet information, to selectively initiate network file access transactions between the access controller and network storage resources to enable completion of selected network file access transactions directed from the clients to the network file access appliance. The network file access transactions directed to the network storage resources are modified counterparts of policy selected client network file access transactions modified to reference mapped network storage resource mount points and support the secure transfer and storage of network file data.Type: GrantFiled: July 22, 2002Date of Patent: August 16, 2005Assignee: Vormetric, Inc.Inventors: Duc Pham, Tien Le Nguyen, Pu Paul Zhang, Mingchen Lo
-
Publication number: 20040107342Abstract: A secure network file access appliance supports the secure access and transfer of data between the file system of a client computer system and a network data store. An agent provided on the client computer system and monitored by the secure network file access appliance ensures authentication of the client computer system with respect to file system requests issued to the network data store. The secure network file access appliance is provided in the network infrastructure with the client computer system and network data store to apply qualifying access policies to file system requests. The secure network file access appliance maintains an encryption key store and associates encryption keys with corresponding filesystem files to permit encryption and decryption of file data as transferred to and read from the network data store.Type: ApplicationFiled: November 12, 2003Publication date: June 3, 2004Inventors: Duc Pham, Tien Le Nguyen, Pu Paul Zhang, Mingchen Lo
-
Publication number: 20040078568Abstract: A data server platform includes a security file system layer interposed between the platform operating system kernel and file system. The secure file system layer is structured to implement a file access control function that selectively constrains data transfer operations initiated through the operating system kernel by an application program to transfer file data through the file system with respect to a persistent data store. A file access controller, implemented independent of the operating system kernel, is coupled to the security file system layer and supports the file access control function by defining permitted file data transfers through the file system. Management of the file access controller separate from the data server platform ensures that any security breach of the platform operating system kernel cannot compromise the function of the security file system layer.Type: ApplicationFiled: October 16, 2002Publication date: April 22, 2004Inventors: Duc Pham, Tien Le Nguyen, Pu Paul Zhang, Mingchen Lo
-
Publication number: 20040015724Abstract: Network data files are secure through the operation of an infrastructure gateway-based network file access appliance. Network file data, corresponding to network pocket payload data, are further reduced to a sequence of data blocks that are secured through any combination of block encryption, compression, and digital signatures. File meta-data, including encryption, compression and block-level digital signatures are persistently stored with the file data, either in-band in the file as stored or out-of-band key as a separately stored file or file policy record. File meta-data is recovered with accesses of the file data to support bidirectional encryption and compression and to detect tampering with the file data by comparison against block-level digital signatures.Type: ApplicationFiled: July 22, 2002Publication date: January 22, 2004Inventors: Duc Pham, Tien Le Nguyen, Pu Paul Zhang, Mingchen Lo
-
Publication number: 20040015723Abstract: A network file access appliance operates as a secure portal for network file access operations between client computer systems and network storage resources. The file access appliance terminates network file access transactions, identified by packet information including client system, mount point, and file request identifiers, between client systems and mount points supported by the access controller. A policy parser determines, based on the packet information, to selectively initiate network file access transactions between the access controller and network storage resources to enable completion of selected network file access transactions directed from the clients to the network file access appliance. The network file access transactions directed to the network storage resources are modified counterparts of policy selected client network file access transactions modified to reference mapped network storage resource mount points and support the secure transfer and storage of network file data.Type: ApplicationFiled: July 22, 2002Publication date: January 22, 2004Inventors: Duc Pham, Tien Le Nguyen, Pu Paul Zhang, Mingchen Lo
-
Patent number: 6678828Abstract: A secure network file access appliance supports the secure access and transfer of data between the file system of a client computer system and a network data store. An agent provided on the client computer system and monitored by the secure network file access appliance ensures authentication of the client computer system with respect to file system requests issued to the network data store. The secure network file access appliance is provided in the network infrastructure between the client computer system and network data store to apply qualifying access policies and selectively pass through to file system requests. The secure network file access appliance maintains an encryption key store and associates encryption keys with corresponding filesystem files to encrypt and decrypt file data as transferred to and read from the network data store through the secure network file access appliance.Type: GrantFiled: July 22, 2002Date of Patent: January 13, 2004Assignee: Vormetric, Inc.Inventors: Duc Pham, Tien Le Nguyen, Pu Paul Zhang, Mingchen Lo