Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-05-28
2004-09-14
Sheikh, Ayaz (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C707S793000, C707S793000
Reexamination Certificate
active
06792540
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to database systems and more particularly to data replication security.
BACKGROUND OF THE INVENTION
Under certain conditions, it is desirable to make copies of a particular body of data, such as a relational database table, at multiple sites. The mechanism for maintaining multiple copies of the same body of data at multiple sites is generally referred to as “data replication.” In a distributed database system using data replication, multiple replicas of data exist in more than one database in the distributed database system.
One kind of data replication employs snapshots. A snapshot is a body of data constructed of data from one or more “master” tables, views, or even other snapshots, any of which can be stored locally or remotely relative to the snapshot. The data contained within the snapshot is defined by a query that references one or more master tables (and/or other database objects) and reflects the state of its master tables at a particular point in time. To bring the snapshot up-to-date with respect to the master tables, the snapshot is refreshed upon request, e.g. at a user's command or automatically on a periodic, scheduled basis.
There are two basic approaches for refreshing a snapshot. “Complete refreshing” involves reissuing the defining query for the snapshot and replacing the previous snapshot with the results of the reissued query. “Incremental refresh” or “fast refresh” refers to identifying the changes that have happened to the master tables (typically, by examining a log file of the changes) and transferring only the data for the rows in the snapshot that have been affected by the master table changes. An “updatable snapshot” is a snapshot to which updates may be directly made, which are propagated from the snapshot back to the master table before refreshing.
Traditionally, snapshots have been implemented for high-end computer systems, which are characterized by the use of high performance computers that are interconnected to one another by highly reliable and high bandwidth network links. Typically, highly experienced database administrators manage these high-end systems. Due to the expense of these high-end computers, high-end distributed systems tend to involve a small number of networked sites, whose users can be trusted at least in part because of the physical security of the computers.
Recently, there has been much interest in the marketplace for applications for front office automation. One example is sales force automation, where hundreds, if not thousands, of sales representatives in a company are given laptops to improve their productivity. The laptops are loaded with applications, for example, to help a sales representative sell the company's products to a customer and take the customer's order. Therefore, the laptops include a data store to keep the customer and order information handy for use by a specific sales representative.
Front office automation, however, challenges the operating assumptions behind the high-end snapshot implementations. For example, replication in a front office automation environment must contend with the very real possibility that laptops get lost or stolen, for example, in airports. Although logins and passwords protect the connections between the laptop and the master site, this authentication mechanism cannot be fully trusted as secure because sales representatives often record their passwords near their laptops, for example, taped near the screen. The above-described high-end snapshot replication approach, however, relies on trusted snapshot users, granting them extensive privileges in support of the snapshot refreshes being driven from the client site. If such a high-end approach is implemented for laptops, a malicious person could easily steal a sales representative's laptop, connect to the master site using the password taped to the side of the laptop, and hack into the system, reading and destroying sensitive data.
SUMMARY OF THE INVENTION
There is a need for an implementation of snapshot replication that is secure in a front office automation environment without incurring the above-described and other disadvantages incumbent in a high-end implement of snapshot replication. This and other needs are addressed by the present invention in which a refresh program runs in the security domain of a trusted user. In common implementation environments, untrusted users are granted only connect privileges and the ability to run the refresh program, which first checks to see if the requesting user actually owns the snapshot. Thus, security is enhanced because knowing the password for a sales representative only gives an unauthorized user the ability to refresh the snapshot and little if nothing else. Furthermore, administration of security privileges is simplified because the privileges to access the master tables in refreshing the snapshot is not granted to the hundreds of untrusted users but once to the trusted user.
Accordingly, one aspect of the invention pertains to a computer-implemented method and a computer-readable medium bearing instructions for a method of secure replication, comprising the steps of: authenticating a first user; receiving a request from the first user to refresh a replica of a body of data; and, in response to receiving the request, refreshing the replica in a security domain of a trusted user. In one embodiment, the methodology also includes storing metadata about the replica of the body of data, which identifies the owner of the replica of the body of data, as well as accessing the metadata about the replica of the body of data to identity an owner of the replica of the body of data.
Another aspect of the invention involves a computer-implemented method and a computer-readable medium bearing instructions for a method of secure replication. In accordance with this methodology, metadata about a replica of a body of data is stored that identifies the owner of the replica of the body. An untrusted user is authenticated, as by login and password. When the untrusted user requests to refresh the replica, the identify of the untrusted user is compared with the owner of the replica according to the metadata. If the identity of the untrusted user and the owner of the replica of the body of data are the same, then refreshing the replica in a security domain of a trusted user.
Still other objects and advantages of the present invention will become readily apparent from the following detailed description, simply by way of illustration of the best mode contemplated of carrying out the invention. As will be realized, the invention is capable of other and different embodiments, and its several details are capable of modifications in various obvious respects, all without departing from the invention. Accordingly, the drawing and description are to be regarded as illustrative in nature, and not as restrictive.
REFERENCES:
patent: 4631673 (1986-12-01), Haas et al.
patent: 5261102 (1993-11-01), Hoffman
patent: 5379423 (1995-01-01), Mutoh et al.
patent: 5418966 (1995-05-01), Madduri
patent: 5440735 (1995-08-01), Goldring
patent: 5452448 (1995-09-01), Sakuraba et al.
patent: 5553279 (1996-09-01), Goldring
patent: 5613113 (1997-03-01), Goldring
patent: 5706509 (1998-01-01), Man-Hak Tso
patent: 5729734 (1998-03-01), Parker et al.
patent: 5737601 (1998-04-01), Jain et al.
patent: 5787427 (1998-07-01), Benantar et al.
patent: 5806075 (1998-09-01), Jain et al.
patent: 5870759 (1999-02-01), Bauer et al.
patent: 5870765 (1999-02-01), Bauer et al.
patent: 5926816 (1999-07-01), Bauer et al.
patent: 5963959 (1999-10-01), Sun et al.
patent: 5995980 (1999-11-01), Olson et al.
patent: 5999936 (1999-12-01), Pattison et al.
patent: 6006232 (1999-12-01), Lyons
patent: 6151602 (2000-11-01), Hejlsberg et al.
patent: 6205418 (2001-03-01), Li et al.
patent: 6272502 (2001-08-01), Lieuwen et al.
patent: 6289335 (2001-09-01), Downing et al.
patent: 6532479 (2003-03-01), Souder et al.
Feeney, “Security Issues and Features of Database Management Systems”, Jul. 1986,
Downing Alan Robert
Smith Wayne E.
Ditthavong & Carlson P.C.
Oracle International Corporation
Revak Christopher
Sheikh Ayaz
LandOfFree
Data replication security does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Data replication security, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Data replication security will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3197523