公开(公告)号：US20240241980A1

公开(公告)日：2024-07-18

申请号：US18428402

申请日：2024-01-31

Applicant: Microsoft Technology Licensing, LLC

Inventor： Yueren WANG ,  Elnata DEGEFA ,  Andreas WOLTER ,  Steven Richard GOTT ,  Nitish GUPTA ,  Raghav KAUSHIK ,  Rakesh KHANDUJA ,  Shafi AHMAD ,  Dilli Dorai Minnal ARUMUGAM ,  Pankaj Prabhakar NAIK ,  Nikolas Christopher OGG

IPC: G06F21/62 ,  G06F12/0875 ,  G06F15/173 ,  G06F16/957

CPC classification number: G06F21/6218 ,  G06F12/0875 ,  G06F15/17331 ,  G06F16/9574 ,  G06F2212/45

Abstract: Methods for centralized access control for cloud relational database management system resources are performed by systems and devices. The methods utilize a central policy storage, managed externally to database servers, which stores external policies for access to internal database resources at up to fine granularity. Database servers in the processing system each receive external access policies that correspond to users of the system by push or pull operations from the central policy storage, and store the external access policies in a cache of the database servers for databases. For resource access, access conditions are determined via policy engines of database servers based on an external access policy in the cache that corresponds to a user, responsive to a resource access request from a device of the user specifying the internal resource. Data associated with the resource is provided to the user based on the access condition being met.

公开(公告)号：US20230269088A1

公开(公告)日：2023-08-24

申请号：US18309352

申请日：2023-04-28

Applicant: Microsoft Technology Licensing, LLC

Inventor： Panagiotis ANTONOPOULOS ,  Jakub J. SZYMASZEK ,  Raghav KAUSHIK ,  Conor J. CUNNINGHAM

IPC: H04L9/32 ,  G06F16/23 ,  G06F16/28 ,  G06F16/22

CPC classification number: H04L9/3239 ,  G06F16/2379 ,  G06F16/284 ,  G06F16/2282 ,  H04L9/50

Abstract: Methods for asynchronously determining relational data integrity using cryptographic data structures are performed by systems and devices. Changes in current tables of relational databases are reflected in associated history tables. Cryptographic hybrid blockchain ledgers are updated with transaction records, for entry changes in current and history tables, including transaction information and hash values of corresponding entry changes. Hybrid blockchain ledgers also include root hash values of Merkle trees of transaction records in current blocks, and hash values of prior blocks. A current block receipt is asynchronously generated and provided as a single hash value from which the validity states of the tables and ledger are able to be verified. Cryptographic receipts of specific transactions reflected in table entry changes are generated and provide immutable evidence of specific transaction existence for users. Ledger-enabled tables are provided for mixed database operations with ledger-disabled tables, and temporal history table database operations are enabled.

公开(公告)号：US20220382892A1

公开(公告)日：2022-12-01

申请号：US17401165

申请日：2021-08-12

Applicant: Microsoft Technology Licensing, LLC

Inventor： Yueren WANG ,  Elnata DEGEFA ,  Andreas WOLTER ,  Steven Richard GOTT ,  Nitish GUPTA ,  Raghav KAUSHIK ,  Rakesh KHANDUJA ,  Shafi AHMAD ,  Dilli Dorai Minnal ARUMUGAM ,  Pankaj Prabhakar NAIK ,  Nikolas Christopher OGG

IPC: G06F21/62 ,  G06F12/0875 ,  G06F15/173 ,  G06F16/957

Abstract: Methods for centralized access control for cloud relational database management system resources are performed by systems and devices. The methods utilize a central policy storage, managed externally to database servers, which stores external policies for access to internal database resources at up to fine granularity. Database servers in the processing system each receive external access policies that correspond to users of the system by push or pull operations from the central policy storage, and store the external access policies in a cache of the database servers for databases. For resource access, access conditions are determined via policy engines of database servers based on an external access policy in the cache that corresponds to a user, responsive to a resource access request from a device of the user specifying the internal resource. Data associated with the resource is provided to the user based on the access condition being met.