-
公开(公告)号:US08522040B2
公开(公告)日:2013-08-27
申请号:US12909302
申请日:2010-10-21
IPC分类号: H04L29/06
CPC分类号: G06F21/6263 , G06F21/6227 , G06F21/6254 , G06F2221/2107 , H04L9/3221 , H04L2209/42 , H04L2209/50
摘要: A protocol for anonymous access to a database where the different records have different access control permissions is described. The permissions can be attributes, roles or rights that an authorized user needs to have to access the record. The database provider does not learn which record the user accesses and which attributes or roles the user has when she accesses the database. The database provider publishes the encrypted database where each record is encrypted with a key that is derived from at least the index of the record, its access control attributes and a secret key of the database provider. The user obtains a credential from an issuer for each access control attribute (ACL) that is associated with the user. Then the user retrieves the key for a particular record from the database provider and uses this key to decrypt the encrypted record.
摘要翻译: 描述了匿名访问数据库的协议,其中不同的记录具有不同的访问控制权限。 权限可以是授权用户需要访问该记录的属性,角色或权限。 数据库提供程序不会学习用户访问的记录,以及用户在访问数据库时具有哪些属性或角色。 数据库提供者使用至少从记录的索引,其访问控制属性和数据库提供者的密钥导出的密钥来发布加密数据库,其中每个记录被加密。 用户从与用户相关联的每个访问控制属性(ACL)的颁发者处获得凭证。 然后,用户从数据库提供者检索特定记录的密钥,并使用该密钥解密加密记录。
-
公开(公告)号:US08577029B2
公开(公告)日:2013-11-05
申请号:US13228574
申请日:2011-09-09
IPC分类号: H04L9/00
CPC分类号: G06F21/6227 , H04L9/0861 , H04L9/3073 , H04L9/3218 , H04L2209/50
摘要: A method, apparatus, and a computer readable storage medium having computer readable instructions to carry out the steps of the method for anonymous access to a database. Each record of the database has different access control permissions (e.g. attributes, roles, or rights). The method allows users to access the database record while the database does not learn who queries a record. The database does not know which record is being queried: (i) the access control list of that record or (ii) whether a user's attempt to access a record had been successful. The user can only obtain a single record per query and only those records for which he has the correct permissions. The user does not learn any other information about the database structure and the access control lists other than whether he was granted access to the queried record, and if so, the content of the record.
-
公开(公告)号:US20120296829A1
公开(公告)日:2012-11-22
申请号:US13574086
申请日:2010-11-12
申请人: Jan Camenisch , Maria Dubovitskaya , Gregory Neven
发明人: Jan Camenisch , Maria Dubovitskaya , Gregory Neven
CPC分类号: G06Q20/401 , G06Q20/367 , G06Q20/38 , G06Q30/0603 , G06Q2220/00
摘要: A protocol that allows customers to buy database records while remaining fully anonymous, i.e. the database server does not learn who purchases a record, and cannot link purchases by the same customer; the database server does not learn which record is being purchased, nor the price of the record that is being purchased; the customer can only obtain a single record per purchase, and cannot spend more than his account balance; the database server does not learn the customer's remaining balance. In the protocol customers keep track of their own balances, rather than leaving this to the database server. The protocol allows customers to anonymously recharge their balances.
摘要翻译: 一种协议,允许客户在完全匿名的情况下购买数据库记录,即数据库服务器不会了解谁购买记录,并且无法链接同一客户的购买; 数据库服务器不了解正在购买哪个记录,也不知道正在购买的记录的价格; 客户只能获得每次购买的单个记录,不能超过其账户余额; 数据库服务器不会了解客户的余额。 在协议中,客户跟踪自己的余额,而不是将其留给数据库服务器。 该协议允许客户匿名补充余额。
-
公开(公告)号:US20120063593A1
公开(公告)日:2012-03-15
申请号:US13228574
申请日:2011-09-09
IPC分类号: H04L9/22
CPC分类号: G06F21/6227 , H04L9/0861 , H04L9/3073 , H04L9/3218 , H04L2209/50
摘要: A method, apparatus, and a computer readable storage medium having computer readable instructions to carry out the steps of the method for anonymous access to a database. Each record of the database has different access control permissions (e.g. attributes, roles, or rights). The method allows users to access the database record while the database does not learn who queries a record. The database does not know which record is being queried: (i) the access control list of that record or (ii) whether a user's attempt to access a record had been successful. The user can only obtain a single record per query and only those records for which he has the correct permissions. The user does not learn any other information about the database structure and the access control lists other than whether he was granted access to the queried record, and if so, the content of the record.
摘要翻译: 一种具有计算机可读指令的方法,装置和计算机可读存储介质,用于执行用于匿名访问数据库的方法的步骤。 数据库的每个记录具有不同的访问控制权限(例如属性,角色或权限)。 该方法允许用户访问数据库记录,而数据库不知道谁查询记录。 数据库不知道正在查询哪个记录:(i)该记录的访问控制列表,或(ii)用户访问记录的尝试是否成功。 用户只能获得每个查询的单个记录,并且只能获得他具有正确权限的记录。 用户不会学习关于数据库结构和访问控制列表的任何其他信息,而不管他是否被授权访问查询记录,如果是,则记录该记录的内容。
-
公开(公告)号:US20110145589A1
公开(公告)日:2011-06-16
申请号:US12909302
申请日:2010-10-21
IPC分类号: G06F12/14
CPC分类号: G06F21/6263 , G06F21/6227 , G06F21/6254 , G06F2221/2107 , H04L9/3221 , H04L2209/42 , H04L2209/50
摘要: A protocol for anonymous access to a database where the different records have different access control permissions is described. The permissions can be attributes, roles or rights that an authorized user needs to have to access the record. The database provider does not learn which record the user accesses and which attributes or roles the user has when she accesses the database. The database provider publishes the encrypted database where each record is encrypted with a key that is derived from at least the index of the record, its access control attributes and a secret key of the database provider. The user obtains a credential from an issuer for each access control attribute (ACL) that is associated with the user. Then the user retrieves the key for a particular record from the database provider and uses this key to decrypt the encrypted record.
摘要翻译: 描述了匿名访问数据库的协议,其中不同的记录具有不同的访问控制权限。 权限可以是授权用户需要访问该记录的属性,角色或权限。 数据库提供程序不会学习用户访问的记录,以及用户在访问数据库时具有哪些属性或角色。 数据库提供者使用至少从记录的索引,其访问控制属性和数据库提供者的密钥导出的密钥来发布加密数据库,其中每个记录被加密。 用户从与用户相关联的每个访问控制属性(ACL)的颁发者处获得凭证。 然后,用户从数据库提供者检索特定记录的密钥,并使用该密钥解密加密记录。
-
-
-
-
搜索结果
5 条记录 (耗时 0.011 秒)
