Patents by Inventor Min-Hank Ho
Min-Hank Ho has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 9886590Abstract: An application platform examines, at runtime, various specified aspects of an application environment in which an application interacts with a user. Such examinations are made to determine a state for each of the various specified aspects. Further, the platform automatically activates particular application environment roles for the user depending on the result of the examinations. For example, an application environment role may be activated representing a particular detected mode of communication (e.g., encrypted network communications) or a particular detected manner of authentication (e.g., password authentication). Such activations are based on the detected states and specified states for the various specified aspects of the application environment. Such activations may occur in the context of an application attempting to perform an operation on an access controlled object on behalf of a user.Type: GrantFiled: July 23, 2009Date of Patent: February 6, 2018Assignee: Oracle International CorporationInventors: Janaki Narasinghanallur, Min-Hank Ho, Thomas Keefe, Eric Sedlar, Chi Ching Chui, Vikram Pesati
-
Patent number: 9715528Abstract: A database server receives a data request from a client. In response to the data request, the database server selects, from a database, actual data that satisfies criteria specified by the data request. The database server retrieves the selected actual data from the database. Also in response to the data request, the database server redacts the retrieved data in real time without modifying the actual data contained within the database. This may be accomplished by the prior insertion of masking operators into a top SELECT clause of a query representation generated during semantic analysis. The database server returns the redacted data to the client as a reply to the data request.Type: GrantFiled: June 23, 2014Date of Patent: July 25, 2017Assignee: Oracle International CorporationInventors: Min-Hank Ho, Javed Samuel, Peter Knaggs, Dah-Yoh Lim, Paul Youn
-
Patent number: 9495394Abstract: A method and apparatus are described for sharing a session to access a database. A database server receives, in a session, a session context identifier and a command. The session context identifier identifies a session context to use for the session. The session context is a set of information or commands that plug into a session state and specify how commands in the session are to be performed for a particular user or privilege level. In response to receiving the identifier, the database server associates the session context with the database session for the connection. The database server uses the session context to process the command. The session context may then be detached from the session, allowing another user to attach to the session via another session context.Type: GrantFiled: August 29, 2013Date of Patent: November 15, 2016Assignee: Oracle International CorporationInventors: Janaki Narasinghanallur, Min-Hank Ho, Eric Sedlar, Thomas Keefe, Chon Hei Lei, Vikram Pesati
-
Publication number: 20140304298Abstract: A database server receives a data request from a client. In response to the data request, the database server selects, from a database, actual data that satisfies criteria specified by the data request. The database server retrieves the selected actual data from the database. Also in response to the data request, the database server redacts the retrieved data in real time without modifying the actual data contained within the database. This may be accomplished by the prior insertion of masking operators into a top SELECT clause of a query representation generated during semantic analysis. The database server returns the redacted data to the client as a reply to the data request.Type: ApplicationFiled: June 23, 2014Publication date: October 9, 2014Inventors: Min-Hank Ho, Javed Samuel, Peter Knaggs, Dah-Yoh Lim, Paul Youn
-
Patent number: 8762406Abstract: A database server receives a data request from a client. In response to the data request, the database server selects, from a database, actual data that satisfies criteria specified by the data request. The database server retrieves the selected actual data from the database. Also in response to the data request, the database server redacts the retrieved data in real time without modifying the actual data contained within the database. This may be accomplished by the prior insertion of masking operators into a top SELECT clause of a query representation generated during semantic analysis. The database server returns the redacted data to the client as a reply to the data request.Type: GrantFiled: December 1, 2011Date of Patent: June 24, 2014Assignee: Oracle International CorporationInventors: Min-Hank Ho, Javed Samuel, Peter Knaggs, Dah-Yoh Lim, Paul Youn
-
Publication number: 20140006344Abstract: A method and apparatus are described for sharing a session to access a database. A database server receives, in a session, a session context identifier and a command. The session context identifier identifies a session context to use for the session. The session context is a set of information or commands that plug into a session state and specify how commands in the session are to be performed for a particular user or privilege level. In response to receiving the identifier, the database server associates the session context with the database session for the connection. The database server uses the session context to process the command. The session context may then be detached from the session, allowing another user to attach to the session via another session context.Type: ApplicationFiled: August 29, 2013Publication date: January 2, 2014Applicant: Oracle International CorporationInventors: JANAKI NARASINGHANALLUR, MIN-HANK HO, ERIC SEDLAR, THOMAS KEEFE, CHON HEI LEI, VIKRAM PESATI
-
Patent number: 8549038Abstract: A method and apparatus are described for sharing a session to access a database. A database server receives, in a session, a session context identifier and a command. The session context identifier identifies a session context to use for the session. The session context is a set of information or commands that plug into a session state and specify how commands in the session are to be performed for a particular user or privilege level. In response to receiving the identifier, the database server associates the session context with the database session for the connection. The database server uses the session context to process the command. The session context may then be detached from the session, allowing another user to attach to the session via another session context.Type: GrantFiled: June 15, 2009Date of Patent: October 1, 2013Assignee: Oracle International CorporationInventors: Janaki Narasinghanallur, Min-Hank Ho, Eric Sedlar, Thomas Keefe, Chon Hei Lei, Vikram Pesati
-
Publication number: 20130144901Abstract: A database server receives a data request from a client. In response to the data request, the database server selects, from a database, actual data that satisfies criteria specified by the data request. The database server retrieves the selected actual data from the database. Also in response to the data request, the database server redacts the retrieved data in real time without modifying the actual data contained within the database. This may be accomplished by the prior insertion of masking operators into a top SELECT clause of a query representation generated during semantic analysis. The database server returns the redacted data to the client as a reply to the data request.Type: ApplicationFiled: December 1, 2011Publication date: June 6, 2013Applicant: ORACLE INTERNATIONAL CORPORATIONInventors: Min-Hank Ho, Javed Samuel, Peter Knaggs, Dah-Yoh Lim, Paul Youn
-
Patent number: 7925023Abstract: One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.Type: GrantFiled: March 3, 2006Date of Patent: April 12, 2011Assignee: Oracle International CorporationInventors: Paul Youn, Daniel ManHung Wong, Min-Hank Ho, Chon Hei Lei
-
Publication number: 20110023082Abstract: An application platform examines, at runtime, various specified aspects of an application environment in which an application interacts with a user. Such examinations are made to determine a state for each of the various specified aspects. Further, the platform automatically activates particular application environment roles for the user depending on the result of the examinations. For example, an application environment role may be activated representing a particular detected mode of communication (e.g., encrypted network communications) or a particular detected manner of authentication (e.g., password authentication). Such activations are based on the detected states and specified states for the various specified aspects of the application environment. Such activations may occur in the context of an application attempting to perform an operation on an access controlled object on behalf of a user.Type: ApplicationFiled: July 23, 2009Publication date: January 27, 2011Inventors: Janaki Narasinghanallur, Min-Hank Ho, Thomas Keefe, Eric Sedlar, Chi Ching Chui, Vikram Pesati
-
Publication number: 20100318570Abstract: A method and apparatus are described for sharing a session to access a database. A database server receives, in a session, a session context identifier and a command. The session context identifier identifies a session context to use for the session. The session context is a set of information or commands that plug into a session state and specify how commands in the session are to be performed for a particular user or privilege level. In response to receiving the identifier, the database server associates the session context with the database session for the connection. The database server uses the session context to process the command. The session context may then be detached from the session, allowing another user to attach to the session via another session context.Type: ApplicationFiled: June 15, 2009Publication date: December 16, 2010Applicant: ORACLE INTERNATIONAL CORPORATIONInventors: Janaki Narasinghanallur, Min-Hank Ho, Eric Sedlar, Thomas Keefe, Chon Hei Lei, Vlkram Pesati
-
Patent number: 7761704Abstract: One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.Type: GrantFiled: March 17, 2005Date of Patent: July 20, 2010Assignee: Oracle International CorporationInventors: Min-Hank Ho, Daniel ManHung Wong, Chon Hei Lei, Thomas Keefe
-
Patent number: 7639819Abstract: One embodiment of the present invention provides a system that facilitates using an external security device to secure data in a database without having to modify database applications. The system operates by receiving a request at the database to perform an encryption/decryption operation, wherein the encryption/decryption operation is performed with the assistance of the external security module in a manner that is transparent to database applications. In response to the request, the system passes a wrapped (encrypted) column key (a key used to encrypt data within the database) to an external security module, wherein the wrapped column key is a column key encrypted with a master key that exists only within the external security module. The system then unwraps (decrypts) the wrapped column key in the external security module to retrieve the column key. Next, the system returns the column key to the database.Type: GrantFiled: June 16, 2005Date of Patent: December 29, 2009Assignee: Oracle International CorporationInventors: Min-Hank Ho, Paul Youn, Daniel ManHung Wong, Chon Lei
-
Publication number: 20080019527Abstract: One embodiment of the present invention provides a system for managing keys. During operation, the system authenticates a client at a key manager. Next, the system receives a token from the client at the key manager, wherein the token is associated with a customer key, and includes a token authenticator. This token authenticator comprises one-half of an authenticator pair which is used to determine if the client is the owner of the customer key. Next, the system decrypts the token using a master key. The system then verifies a client authenticator, which comprises the other half of the authenticator pair which is used to determine if the client is the owner of the customer key. If the client is the owner of the customer key, the system sends the customer key to the client, which enables the client to encrypt/decrypt data. Finally, the client deletes the customer key.Type: ApplicationFiled: March 3, 2006Publication date: January 24, 2008Inventors: Paul Youn, Daniel Wong, Min-Hank Ho, Chon Lei
-
Publication number: 20060288232Abstract: One embodiment of the present invention provides a system that facilitates using an external security device to secure data in a database without having to modify database applications. The system operates by receiving a request at the database to perform an encryption/decryption operation, wherein the encryption/decryption operation is performed with the assistance of the external security module in a manner that is transparent to database applications. In response to the request, the system passes a wrapped (encrypted) column key (a key used to encrypt data within the database) to an external security module, wherein the wrapped column key is a column key encrypted with a master key that exists only within the external security module. The system then unwraps (decrypts) the wrapped column key in the external security module to retrieve the column key. Next, the system returns the column key to the database.Type: ApplicationFiled: June 16, 2005Publication date: December 21, 2006Inventors: Min-Hank Ho, Paul Youn, Daniel Wong, Chon Lei
-
Publication number: 20060210085Abstract: One embodiment of the present invention provides a system that can expire encrypted-data. During operation, the system receives an expiry-request that includes object-identifying information, which can be used to identify a set of database objects that contain the encrypted-data, wherein a database object can be a table, a partition, a row, or a column in a row. Furthermore, a database object can have an expiration time, and it can be stored in an archive, which is typically used to store large amounts of data for long periods using a slower, but cheaper storage medium than the storage medium used by the database. The system then identifies a set of keys for the encrypted-data using the object-identifying information. Next, the system deletes the set of keys, thereby expiring the encrypted-data. Note that, deleting the set of keys ensures that the secure key repository does not contain any stale keys associated with expired encrypted-data.Type: ApplicationFiled: March 17, 2005Publication date: September 21, 2006Inventors: Min-Hank Ho, Daniel Wong, Chon Lei, Thomas Keefe
-
Publication number: 20060047625Abstract: Methods, systems, and machine-readable mediums are disclosed for administering secure stores using a database management system (DBMS). In one embodiment, the method comprises receiving, at a DBMS, a command to access a secure store. In response to the command, at least a portion of the contents are loaded into a memory structure.Type: ApplicationFiled: August 16, 2004Publication date: March 2, 2006Applicant: Oracle International CorporationInventors: Min-Hank Ho, Daniel Wong, Thomas Keefe, Rama Vissapragada
-
Publication number: 20050234932Abstract: One embodiment of the present invention provides a system that facilitates configuring a database. During operation, the system requests database configuration information from a directory server that stores configuration information for a plurality of database instances. In response to this request, the system receives the database configuration information, and configures the database in accordance with the database configuration information received from the directory server. This enables the database server to be configured without requiring manual configuration operations by a database administrator.Type: ApplicationFiled: April 8, 2004Publication date: October 20, 2005Inventors: Daniel Wong, Min-Hank Ho