Method and a system for preventing impersonation of a database user

US 20070067637A1
Filed: 03/13/2006
Published: 03/22/2007
Est. Priority Date: 11/29/2000
Status: Abandoned Application

First Claim

Patent Images

1. A method of controlling access to information, the method comprising:

receiving a request to decrypt information stored in a database;

retrieving, from a first storage location, a first hash value representative of a user password;

retrieving, from a second storage location, a second hash value representative of the user password; and

in response to detecting that the first hash value differs from the second hash value, denying a request to decrypt the information.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for preventing an administrator impersonating a user of a relational database, which database at least comprises a table with at least a user password, wherein said password is stored as a hash value. The method comprises the steps of: adding a trigger to said table, said trigger at least triggering an action when an administrator alters said table through the database management system (DBMS) of said database; calculating a new password hash value differing from said stored password hash value when said trigger is triggered; and replacing said stored password hash value with said new password hash value.

105 Citations

View as Search Results

14 Claims

1. A method of controlling access to information, the method comprising:
- receiving a request to decrypt information stored in a database;
  
  retrieving, from a first storage location, a first hash value representative of a user password;
  
  retrieving, from a second storage location, a second hash value representative of the user password; and
  
  in response to detecting that the first hash value differs from the second hash value, denying a request to decrypt the information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising adding a trigger to the security table, the trigger triggering an action when a predefined event occurs.
  - 3. A method according to claim 2, comprising the further steps of:
    - calculating a check value of the trigger; and
      
      comparing the check value at the startup and at regular intervals with a recalculated check value.
  - 4. The method of claim 3, wherein the check value is a hash value.
  - 5. A method according to claim 2, wherein the trigger comprises means for reading a log of actions on the database, means for identifying commands for altering user passwords in the log, and means for identifying which user passwords have been changed.
  - 6. The method of claim 2, wherein the predefined event comprises modifying the security table.
  - 7. The method of claim 2, wherein the predefined event comprises a user logging in.
  - 8. A method according to claim 1, comprising the further step of comparing, for each active user having access to the information, the hash value stored in the access control system with the hash value stored in the security table.
  - 9. A method according to claim 8, wherein the further step of comparing is performed when the user changes the database.
  - 10. The method of claim 1, wherein the first storage location comprises an access control system.
  - 11. The method of claim 1, wherein the first storage location comprises a security table.
  - 12. The method of claim 1, wherein the first storage location comprises an access control system and the second storage location comprises a security table.
  - 13. A computer-readable medium comprising computer readable instructions to execute the method of claim 1.
  - 14. A system comprising:
    - a computer-readable medium as recited in claim 1;
      
      and a computer in data communication with the computer-readable medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf, Das, Tamojit

Application Number

US11/374,341
Publication Number

US 20070067637A1
Time in Patent Office

Days
Field of Search
US Class Current

713/181
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

G06F 21/6227 where protection concerns t...

Method and a system for preventing impersonation of a database user

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

105 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Method and a system for preventing impersonation of a database user

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

105 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links