Schema signing

US 20080065893A1
Filed: 09/12/2006
Published: 03/13/2008
Est. Priority Date: 09/12/2006
Status: Active Grant

First Claim

Patent Images

1. A method for verifying trust of at least one object in a database schema before permitting access to the at least one object, the method comprising:

verifying that a digital signature for the at least one object is associated with a trusted entity;

verifying a validity of the digital signature of the at least one object; and

permitting access to the at least one object only when the at least one object is verified to be trusted, the at least one object being verified to be trusted only when the digital signature of the at least one object is verified to be associated with the trusted entity and the digital signature of the at least one object is verified to be valid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, an object in a database schema may be verified as having a valid digital signature associated with a trusted entity. An application may be permitted access to the object of the database schema only when the object of the database schema is verified to have a valid digital signature associated with the trusted entity. In another embodiment, an object in a database schema may be verified as having a digital signature associated with at least one trusted entity. An application may be permitted access to the object of the database schema only when the digital signature for the object is verified to be associated with the at least one trusted entity.

Citations

40 Claims

1. A method for verifying trust of at least one object in a database schema before permitting access to the at least one object, the method comprising:
- verifying that a digital signature for the at least one object is associated with a trusted entity;
  
  verifying a validity of the digital signature of the at least one object; and
  
  permitting access to the at least one object only when the at least one object is verified to be trusted, the at least one object being verified to be trusted only when the digital signature of the at least one object is verified to be associated with the trusted entity and the digital signature of the at least one object is verified to be valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein:
    - the digital signature is created using a private key associated with a public key, andthe verifying a validity of the digital signature of the at least one object further comprises;
      
      calculating a first object hash of the at least one object,applying a public key to a previously computed digital signature for the at least one object to obtain a second object hash, andcomparing the first object hash with the second object hash, the validity of the digital signature of the at least one object being verified when the comparing determines that the first object hash and the second object hash are equal.
  - 3. The method of claim 1, wherein:
    - the verifying of a validity of the digital signature of the at least one object further comprises verifying the validity of a digital signature of each object of the at least one object, andthe permitting access to the at least one object further comprises permitting access only to each object of the at least one object having a verified valid digital signature.
  - 4. The method of claim 1, wherein:
    - the verifying that a digital signature for the at least one object is associated with a trusted entity further comprises;
      
      comparing a public key associated with the digital signature for the at least one object with a provided public key of the trusted entity, the public key associated with the digital signature of the at least one object being verified as associated with the trusted entity when the comparing indicates that the public key associated with the digital signature for the at least one object is equal to the provided public key of the trusted entity.
  - 5. The method of claim 1, wherein:
    - the verifying that a digital signature for at least one object is associated with a trusted entity further comprises;
      
      comparing a public key associated with the digital signature for the at least one object with a public key of the trusted entity provided in a database or a well-protected container of an operating system, the public key associated with the digital signature for the at least one object being verified as associated with the trusted entity when the comparing indicates that the public key associated with the digital signature for the at least one object is equal to the public key of the trusted entity.
  - 6. The method of claim 1, wherein:
    - the verifying that a digital signature for the at least one object is associated with a trusted entity further comprises;
      
      comparing a public key associated with the digital signature for the at least one object with a public key of the trusted entity provided by an application preparing to use the database, the public key associated with the digital signature for the at least one object being verified as associated with the trusted entity when the comparing indicates that the public key associated with the digital signature for the at least one object is equal to the provided public key of the trusted entity.
  - 7. The method of claim 1, wherein:
    - each of the at least one object is one of a data object, a table object, a procedure object, a function object, a trigger object, a view object, or a binary code object, andthe verifying a validity of a digital signature of the at least one object further comprises;
      
      calculating a first object hash for the at least one object,applying a public key of a previously computed digital signature for the at least one object to the previously computed digital signature for the at least one object to obtain a second object hash, andcomparing the first object hash with the second object hash, the validity of the digital signature of the at least one object being verified when the comparing determines that the first object hash and the second object hash are equal.

8. A machine-readable medium having instructions stored thereon for at least one processor, the machine-readable medium comprising:
- instructions for verifying that a respective digital signature for each of a plurality of objects defined in a database schema is associated with at least one trusted entity;
  
  instructions for verifying that each of the respective digital signatures is valid; and
  
  instructions for permitting access to an object of the plurality of objects only when the respective digital signature of the object of the plurality of objects is verified to be associated with the at least one trusted entity and the respective digital signature for the object of the plurality of objects is verified to be valid.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The machine-readable medium of claim 8, further comprising:
    - instructions for accessing the database schema, whereinthe instructions for accessing the database schema comprise;
      
      the instructions for verifying that a respective digital signature for each of a plurality of objects defined in a database schema is associated with at least one trusted entity, andthe instructions for verifying that each of the respective digital signatures is valid.
  - 10. The machine-readable medium of claim 8, further comprising:
    - instructions for starting a database system, whereinthe instructions for starting the database system comprise;
      
      the instructions for verifying that a respective digital signature for each of a plurality of objects defined in a database schema is associated with at least one trusted entity, andthe instructions for verifying that each of the respective digital signatures is valid, whereinthe instructions for starting a database system include instructions for failing the starting of the database system when the respective digital signature for any of the plurality of objects defined in the database schema is not associated with the at least one trusted entity or when any of the respective digital signatures of any of the plurality of objects defined in the database schema is not valid.
  - 11. The machine-readable medium of claim 8, wherein the instructions for permitting access to an object of the plurality of objects operate in a same manner for all users and applications requesting access to the object of the plurality of objects.
  - 12. The machine-readable medium of claim 8, wherein the instructions for verifying that a respective digital signature for each of a plurality of objects defined in a database schema is associated with at least one trusted entity further comprise:
    - instructions for obtaining a public key from an application preparing to access the database schema, the public key from the application being associated with the at least one trusted entity, andinstructions for verifying that a public key associated with the respective digital signature for each of the plurality of objects defined in a database schema is equal to the public key obtained from the application.
  - 13. The machine-readable medium of claim 8, wherein the instructions for verifying that a respective digital signature for each of a plurality of objects defined in a database schema is associated with at least one trusted entity further comprise:
    - instructions for obtaining at least one public key from a well-protected container, each of the at least one public key from the well-protected container being associated with one of the at least one trusted entity, andinstructions for verifying that a public key associated with the respective digital signature for each of a plurality of objects defined in a database schema is equal to one of the at least one public key from the well-protected container.
  - 14. The machine-readable medium of claim 8, wherein the instructions for verifying that a respective digital signature for each of a plurality of objects defined in a database schema is associated with at least one trusted entity further comprise:
    - instructions for obtaining at least one public key from a well-protected container, each of the at least one public key from the well-protected container being associated with one of the at least one trusted entity, andinstructions for verifying that a public key associated with the respective digital signature for each of a plurality of objects defined in a database schema is equal to one of the at least one public key from the well-protected container, and whereinthe well-protected container is included in an attesting dynamic link library having a digital certificate of a trusted authority.
  - 15. The machine-readable medium of claim 8, wherein the instructions for verifying that a respective digital signature for each of a plurality of objects defined in a database schema is associated with at least one trusted entity further comprise:
    - instructions for obtaining at least one public key from a well-protected container, each of the at least one public key from the well-protected container being associated with one of the at least one trusted entity, andinstructions for verifying that a public key associated with the respective digital signature for each of a plurality of objects defined in a database schema is equal to one of the at least one public key from the well-protected container, and whereinthe well-protected container is included in an extensible Markup Language file having a digital certificate of a trusted authority.

16. A method for providing access to at least one object in a database schema, the method comprising:
- receiving a request for access to the at least one object in the database schema from a remote processing device;
  
  obtaining at least one public key of at least one trusted entity;
  
  verifying that a public key associated with a respective digital signature of each of the at least one object in the database schema is equal to one of the at least one public key of the at least one trusted entity;
  
  verifying that each of the respective digital signatures of each of the at least one object is valid; and
  
  permitting access to one of the at least one object from the remote processing device only when the respective digital signature of the one of the at least one object is verified to be trusted, the at least one object being verified to be trusted when the digital signature for the one of the at least one object is verified to be signed by a private key corresponding to one of the at least one public key of the at least one trusted entity and the digital signature of the one of the at least one object is verified to be valid.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising obtaining the at least one public key of the at least one trusted entity from an application of the remote processing device preparing to access a database including the database schema.
  - 18. The method of claim 16, further comprising obtaining the at least one public key of the at least one trusted entity from a database system, or a well-protected container, wherein the database system or the well-protected container includes a certificate from a trusted authority with respect to the at least one public key of the at least one trusted entity.
  - 19. The method of claim 16, further comprising obtaining the least one public key of the at least one trusted entity from a well-protected container.
  - 20. The method of claim 16, further comprising denying access to the one of the at least one object from the remote processing devices when the digital signature of the one of the at least one object is verified to be not trusted, or the digital signature of the one of the at least one object is verified to be invalid.

21. A method for preventing unauthorized use of a database, the method comprising:
- verifying that a digital signature for at least one object in a database schema is associated with at least one trusted entity; and
  
  permitting access to the at least one object only when the digital signature for the at least one object is verified to be associated with the at least one trusted entity.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28)
- - 22. The method of claim 21, wherein:
    - the verifying that a digital signature for at least one object in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that a digital signature for an object of the at least one object is associated with the at least one trusted entity; and
      
      the permitting access to the at least one object only when the digital signature for the at least one object is verified to be associated with the at least one trusted entity further comprises;
      
      permitting access to the object of the at least one object only when the digital signature for the object of at least one object is verified to be associated with the at least one trusted entity.
  - 23. The method of claim 21, further comprising:
    - obtaining at least one public key of the at least one trusted entity from a well-protected container included in a processing system, whereinthe verifying that a digital signature for at least one object in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 24. The method of claim 21, further comprising:
    - obtaining at least one public key of the at least one trusted entity from a well-protected container in a processing system, the well-protected container having a digital certificate signed by a trusted authority, whereinthe verifying that a digital signature for at least one object in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 25. The method of claim 21, further comprising:
    - obtaining at least one public key of the at least one trusted entity from an attesting dynamic linked library, whereinthe verifying that a digital signature for at least one object in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 26. The method of claim 21, further comprising:
    - obtaining at least one public key of the at least one trusted entity from an extensible Markup Language file having a digital certificate signed by a trusted authority, whereinthe verifying that a digital signature for at least one object in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 27. The method of claim 21, wherein:
    - the verifying that a digital signature for at least one object in a database schema is associated with at least one trusted entity occurs at a database startup time, andthe method further comprises;
      
      failing to start the database at the database startup time when the digital signature for the at least one object is not associated with any of the at least one trusted entity.
  - 28. The method of claim 21, wherein:
    - the verifying that a digital signature for at least one object in a database schema is associated with at least one trusted entity is performed when an attempt is made to access a database, andthe method further comprises;
      
      failing to permit access to the at least one object when the digital signature for the at least one object is not associated with any of the at least one trusted entity.

29. A machine-readable medium having instructions stored thereon for at least one processor, the machine-readable medium comprising:
- instructions for verifying that a respective digital signature for each of a plurality of objects defined in a database schema is associated with at least one trusted entity; and
  
  instructions for permitting access to an object of the plurality of objects only when the respective digital signature of the object of the plurality of objects is verified to be associated with the at least one trusted entity.
- View Dependent Claims (30, 31, 32, 33, 34, 35)
- - 30. The machine-readable medium of claim 29, further comprising:
    - instructions for attempting to access an object of the plurality of objects, wherein the instructions for attempting to access an object of the plurality of objects further comprise;
      
      the instructions for verifying that a respective digital signature for an object of the plurality of objects defined in a database schema is associated with at least one trusted entity, andinstructions for denying access to the object of the plurality of objects when the respective digital signature for the object of the plurality of objects is verified to be not associated with any of the at least one trusted entity.
  - 31. The machine-readable medium of claim 29, further comprising:
    - instructions for starting up a database system, wherein the instructions for starting up the database system further comprise;
      
      the instructions for verifying that a respective digital signature for each of a plurality of objects defined in a database schema is associated with at least one trusted entity, andinstructions for failing the starting up of the database system when the respective digital signature for any of the plurality of objects is verified to be not associated with any of the at least one trusted entity.
  - 32. The machine-readable medium of claim 29, wherein the instructions for permitting access to an object of the plurality of objects, when executed, permit access to the object of the plurality of objects in a same manner for all users and applications requesting access to the object of the plurality of objects.
  - 33. The machine-readable medium of claim 29, wherein the instructions for verifying that a respective digital signature for each of a plurality of objects defined in a database schema is associated with at least one trusted entity further comprise:
    - instructions for obtaining at least one public key from a well-protected container, each of the at least one public key from the well-protected container being associated with one of the at least one trusted entity, andinstructions for determining whether the respective digital signature for each of the plurality of objects defined in the database schema is signed by a private key corresponding to one of the at least one public key from the well-protected container.
  - 34. The machine-readable medium of claim 29, each of the plurality of objects of the database schema is one of a data object, a table object, a procedure object, a function object, a trigger object, a view object, or a binary code object.
  - 35. The machine-readable medium of claim 29, wherein the instructions for verifying that a respective digital signature for each of a plurality of objects defined in a database schema is associated with at least one trusted entity further comprise:
    - instructions for obtaining at least one public key from an attesting dynamic link library or an extensible Markup Language file with a digital certificate from a trusted authority, each of the at least one public key from the attesting dynamic link library or the extensible Markup Language file being associated with one of the at least one trusted entity; and
      
      instructions for determining whether the respective digital signature for each of the plurality of objects defined in the database schema is signed by a private key corresponding to one of the at least one public key from the attesting dynamic link library or the extensible Markup Language file.

36. A method for providing access to at least one object in a database schema, the method comprising:
- receiving a request for access to the at least one object in the database schema from a remote processing device;
  
  obtaining at least one public key of at least one trusted entity from a well-protected container,verifying that a public key associated with a respective digital signature of each object of the at least one object in a database schema is equal to one of the at least one public key of the at least one trusted entity, andpermitting access to one of the at least one object from the remote processing device only when the public key associated with the respective digital signature of the one of the at least one object is verified to be equal to the one of the at least one public key of the at least one trusted entity.
- View Dependent Claims (37, 38, 39, 40)
- - 37. The method of claim 36, wherein the well-protected container includes a digital certificate of a trusted authority.
  - 38. The method of claim 36, wherein the well-protected container is an attesting dynamic link library.
  - 39. The method of claim 36, wherein the well-protected container includes at least one extensible Markup Language file, each of the at least one extensible Markup Language file having a digital certificate of a trusted authority.
  - 40. The method of claim 36, wherein the well-protected container is included in the database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Wolter, Roger Lynn, Ovechkin, Ruslan Pavlovich, Dutta, Tanmoy, Garcia, Raul, Gott, Steven Richard

Granted Patent

US 8,850,209 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 2209/80   Wireless

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

Schema signing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Schema signing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links