Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
2001-05-11
2004-09-14
Channavajjala, Srirama (Department: 2177)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000, C707S793000, C707S793000, C713S151000, C713S153000, C705S064000, C705S070000
Reexamination Certificate
active
06792425
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a multi-database system where databases are present in a distributed form. Among others, the present invention relates to security for the disclosure of information of the multi-database system. The present invention, more particularly, relates to a secure multi-database system in which a plurality of databases are operated in an federating manner and security for individual databases is ensured, and an information mediation system on a network to which such a system is applied.
2. Description of the Related Art
Currently, as a technique for getting access to a multi-database (MDB) system, there has been known a technique which gets access to a table (an external table) of an external database (external DB) through an external data wrapper. In this technique, a user declares an access method to the external DB or the configuration of the external table to the MDB system. In the MDB system, the external table is handled in the same manner as a usual view table and it is possible for the user to declare a view table which combines external tables together or a view table which combines the external table with a table inside the MDB system (an internal table).
ISO/IEC standardizes the architecture and a database language of this MDB system as “Database Language SQL-Part 9: Management of External Data (SQL/MED)” which is a database language SQL having a specification Part 9 for a next generation known as SQL3 or SQL-Part 99. With respect to SQL/MED, a draft of ISO/IEC is laid open to the public and as an article which interprets ISO/IEC, ACM SIGMOD Record, Vol.29, No.1, March 2000, pp63-67, “SQL Standardization: The Next Steps” is available.
Conventionally, as security for DB, a method which sets an access authority to the data to individual users and controls access to the DB based on such access authority “access control” has been dominantly used. The same goes for the MDB.
Recently, along with the popularization of the Internet, the Intranet and the Extranet, the chances that the user gets access to the DB through the network have been increased. In this case, to protect the query messages and data being transmitted through the network from improper access, there has been proposed a method which transmits the query messages and data after encrypting the query messages and data. As a method for encrypting the query messages, U.S. Pat. No. 5,713,018 discloses “SYSTEM AND METHOD FOR PROVIDING SAFE SQL-LEVEL ACCESS TO A DATABASE”. Further, as a method for processing data by encrypting the data on a DBMS, U.S. Pat. No. 5,963,642 discloses “METHOD AND APPARATUS FOR SECURE STORAGE OF DATA”.
Further, as an example which adopts a multi-database system as an information mediation business on the Internet, “Yodlee.com” is known. This business is a service which provides the service details which individual service providers provide in a form that the service details are integrated into one. The user can get the reference of all of the service details by merely getting access to Yodlee.com and hence, it is unnecessary for the user to get access to individual service providers. Yodlee.com regards individual service providers as information sources and performs inquiries of the service details to the service providers while setting respective users as keys and integrates and provides the results of inquiries to the users. Here, although the acquired service details are cached in an internal DB, security is ensured by encrypting the data of this internal DB.
SUMMARY
First of all, problems on techniques to realize the information mediation business on a network which are analyzed by inventors of the present invention are explained in conjunction with FIG.
17
. Then, taking this business as an example, tasks to be solved by the present invention are specifically explained.
The information mediation business is a service business which virtually integrates information sources distributed on the network and provides an integrated access path to users. When viewed from the stand point of users, since destinations to which inquiries are made are integrated into one, the availability is increased. The previously mentioned Yodlee.com is also a kind of information mediation business and intermediates enterprises and personal users. This mode is a so-called “B2C type”. Besides this B2C type, there exists a mode of B2B type which intermediates enterprises and enterprise users and
FIG. 17
shows such an example.
In
FIG. 17
, a mediator
301
provides an access path for an A sales company
304
a
, a B sales company
304
b
and a C sales company
304
c
to an aaa company
303
a
, a bbb company
303
b
and a ccc company
303
c
which constitute client enterprises as virtual detailed statement slips
302
a
-
302
c
. The substance of the virtual detailed statement slips is a view table and respectively declares transaction information
45
a
,
45
b
and
45
c
as external tables in a multi-database server
1
and merges them using respective client enterprises as keys. Inquiries from clients
3
a
,
3
b
and
3
c
are transmitted to respective DB
45
a
-
45
c
through the multi-database server
1
and tables on query results (result tables) are integrated and returned to respective clients. In this specification, “declaration” or “to declare” means “to designate”.
With respect to this business, in the multi-database server
1
, a system to ensure the security for virtual detailed statement slips of clients becomes far more important than a conventional case. This is because that to consider the business from a viewpoint of security, although the transaction information is distributed to the database of respective sales companies so that the risk brought about by improper access becomes inevitably distributed, since the transaction information are merged through virtual detailed statement slips so that damages when the improper access happens are increased. Particularly, if it is possible to provide a system in which even if the mediator
301
is an administrator of the multi-database server
1
, he cannot observe the contents of the mediation information so that the reliability of the mediator from not only the users but also the information provider side can be increased.
Subsequently, tasks of conventional techniques to satisfy this requisite are explained.
First of all, in an access control, although an unauthorized user is prevented from getting access to the virtual detailed statement slips, the administrator can easily get access to the virtual detailed statement slips and hence, the above-mentioned requisite cannot be satisfied. Eventually, it is difficult for the mediator to acquire the reliability from the users and the information providers so that it is difficult to establish the information mediation business.
Although the method which encrypts query messages and result tables which are transmitted through the network can prevent these information from being improperly stolen or forged, the method is only applicable to a case where a client and a database correspond to each other on a one to one basis. That is, there has been a problem that it is difficult to directly apply this method to a multi-database.
Although the previously mentioned Yodlee.com method encrypts data to be stored in an inner DB so that it provides a system in which even an administrator can not easily refer to data of the inner DB, the administrator can refer to data before the data is encrypted in a multi-database server in principle so that it is difficult to completely satisfy the above-mentioned requisite. Further, a man who sets and executes the encryption is the administrator himself so that it is difficult for users and information providers to totally rely on the mediator.
Accordingly, it is a first object of the present invention to provide a secure multi-database system in which it is difficult even for an administrator to observe contents of data transacted between clients and external database.
Further, it is a second object
Hayashi Shigetoshi
Maeda Akira
Yagawa Yuichi
Yoshimura Mitsuhiko
Channavajjala Srirama
Pham Khanh
LandOfFree
Secure multi database system including a client, multi... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure multi database system including a client, multi..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure multi database system including a client, multi... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3262071