Remote container

US 8,688,585 B2
Filed: 08/13/2010
Issued: 04/01/2014
Est. Priority Date: 08/13/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a computer, data to be inserted into a container data field of a relational database, the data including content being associated with a first access privilege;

encrypting, by the computer, the data using an encryption key that is specific to the container data field;

storing, by the computer, the encrypted data in a database file on a file system specified for the container data field, the database file being external to other database files storing data of other data fields of the relational database, the file system being associated with a second access privilege, wherein storing the encrypted data comprises;

identifying existing data that are stored in an existing database file, the existing database file referenced by an existing remote container;

determining that the existing data are identical to the received data; and

upon the determining, incrementing a reference count of the existing remote container;

storing, by the computer, a reference to the database file and the encryption key in a remote container; and

associating, by the computer, the existing remote container with the container data field, wherein a user'"'"'s access to content in the data is limited based on association of the existing remote container and the container data field.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, program products, and systems implementing remote container techniques are disclosed. A relational database can include a container data field, which can be a data field for storing multimedia data. In one aspect, when the multimedia data are inserted into the container field, the multimedia data can be stored in one or more remote database files. The remote database files can be located separately from other data of the relational database and remotely from a client computer accessing the relational database. Corresponding data structures, or remote containers, can be configured to store metadata of the database files. References to the remote containers can be stored as values of the container data field. Using various encryption techniques, the remote database files can be given same access restrictions as access restrictions of the container data field, even when the remote database files are stored as flat files.

17 Citations

View as Search Results

29 Claims

1. A method comprising:
- receiving, by a computer, data to be inserted into a container data field of a relational database, the data including content being associated with a first access privilege;
  
  encrypting, by the computer, the data using an encryption key that is specific to the container data field;
  
  storing, by the computer, the encrypted data in a database file on a file system specified for the container data field, the database file being external to other database files storing data of other data fields of the relational database, the file system being associated with a second access privilege, wherein storing the encrypted data comprises;
  
  identifying existing data that are stored in an existing database file, the existing database file referenced by an existing remote container;
  
  determining that the existing data are identical to the received data; and
  
  upon the determining, incrementing a reference count of the existing remote container;
  
  storing, by the computer, a reference to the database file and the encryption key in a remote container; and
  
  associating, by the computer, the existing remote container with the container data field, wherein a user'"'"'s access to content in the data is limited based on association of the existing remote container and the container data field.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the content includes at least one of a data stream, a binary object, or a file.
  - 3. The method of claim 1, wherein:
    - the remote container includes a data structure configured to store information, including access restrictions information, of the database file; and
      
      associating the remote container with the container data field includes storing a reference to the remote container in the container data field.
  - 4. The method of claim 1, wherein storing the encrypted data in the database file comprises:
    - generating a hash of the content;
      
      creating a directory on the file system, the directory being named using a first portion of the hash;
      
      creating a subdirectory of the directory, the subdirectory being named using a second portion of the hash; and
      
      storing the encrypted data in the database file in the subdirectory.
  - 5. The method of claim 4, wherein a size of each of the first portion and second portion of the hash is determined based on performance characteristics of the file system.
  - 6. The method of claim 1, further comprising:
    - receiving first new data and second new data, in that order, to be inserted into the container data field to replace the stored data;
      
      creating a first temporary remote container that corresponds to the first new data, and a second temporary remote container that corresponds to the second new data;
      
      receiving a transactional input, the transactional input including one of a commit input, an undo input, or a revert input;
      
      associating the second temporary remote container with the container data field when the transactional input is a commit input;
      
      associating the first temporary remote container with the container data field when the transactional input is an undo input; and
      
      clearing the first temporary remote container and second temporary remote container when the transactional input is a revert input.
  - 7. The method of claim 1, wherein:
    - when a user is permitted to access the file system according to the second access privilege, accessing, by the user, to content in the data is limited by the encryption key according to the first access privilege.
  - 8. The method of claim 7, wherein determining that the existing data are identical to the received data includes:
    - calculating a hash value of the existing data;
      
      calculating a hash value of the received data; and
      
      determining that the existing data are identical to the received data when the hash value of the existing data is equal to the hash value of the received data.
  - 9. The method of claim 1, further comprising determining that the database file is modified external to a transaction of the relational database, including:
    - calculating an original hash value of the data;
      
      storing the original hash value of the data in a third portion of the remote container; and
      
      when the container data field is accessed;
      
      determining that the data are not currently stored in a cache;
      
      reading the data into the cache;
      
      calculating a new hash value of the data read into the cache; and
      
      determining that the database file is modified external to a transaction of the relational database when the original hash value and the new hash value do not match.
  - 10. The method of claim 1, further comprising:
    - storing the remote container in a container repository together with an embedded container; and
      
      storing an identifier of the remote container as a value of the container data field.
  - 11. The method of claim 1, further comprising storing an original file name of the data in the remote container.
  - 12. The method of claim 1, further comprising storing a location specified for the container data field in the remote container.

13. A system comprising:
- one or more processors; and
  
  a non-transitory storage device storing a computer program product, the computer program product being executed to cause the one or more processors to perform operations comprising;
  
  receiving data to be inserted into a container data field of a relational database, the data including content being associated with a first access privilege;
  
  encrypting the data using an encryption key that is specific to the container data field;
  
  storing the encrypted data in a database file on a file system specified for the container data field, the database file being external to other database files storing data of other data fields of the relational database, the file system being associated with a second access privilege;
  
  storing a reference to the database file and the encryption key in a remote container;
  
  associating the remote container with the container data field;
  
  storing the remote container in a container repository together with an embedded container; and
  
  storing an identifier of the remote container as a value of the container data field, wherein a user'"'"'s access to content in the data is limited based on association of the remote container and the container data field.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, wherein storing the encrypted data in the database file comprises:
    - generating a hash of the content;
      
      creating a directory on the file system, the directory being named using a first portion of the hash;
      
      creating a subdirectory of the directory, the subdirectory being named using a second portion of the hash; and
      
      storing the encrypted data in the database file in the subdirectory.
  - 15. The system of claim 13, wherein, when a user is permitted to access the file system according to the second access privilege, accessing, by the user, to content in the data is limited by the encryption key according to the first access privilege.
  - 16. The system of claim 13, wherein storing the encrypted data in the database file comprises:
    - generating a hash of the content;
      
      creating a directory on the file system, the directory being named using a first portion of the hash;
      
      creating a subdirectory of the directory, the subdirectory being named using a second portion of the hash; and
      
      storing the encrypted data in the database file in the subdirectory.
  - 17. The system of claim 13, the operations further comprising storing an original file name of the data in the remote container.
  - 18. The system of claim 13, the operations further comprising storing a location specified for the container data field in the remote container.
  - 19. The system of claim 13, wherein:
    - the remote container includes a data structure configured to store information, including access restrictions information, of the database file; and
      
      associating the remote container with the container data field includes storing a reference to the remote container in the container data field.

20. A non-transitory storage device storing a computer program product stored on a storage device, the computer program product being executed operable to cause one or more processors that are in communication with the non-transitory storage device to perform operations comprising:
- a. receiving data to be inserted into a container data field of a relational database, the data including content being associated with a first access privilege;
  
  b. encrypting the data using an encryption key that is specific to the container data field;
  
  c. storing the encrypted data in a database file on a file system specified for the container data field, the database file being external to other database files storing data of other data fields of the relational database, the file system being associated with a second access privilege, wherein storing the encrypted data comprises;
  
  i. creating a subdirectory on the file system specified for the container data field according to a random distribution calculated base at least in part on the data; and
  
  storing the database file in the subdirectory;
  
  ii. storing a reference to the database file and the encryption key in a remote container; and
  
  iii. associating the remote container with the container data field, wherein a user'"'"'s access to content in the data is limited based on association of the existing remote container and the container data field.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 21. The product non-transitory storage device of claim 20, wherein the container data field is configured to store multimedia content.
  - 22. The non-transitory storage device product of claim 20, wherein:
    - A. the remote container includes a data structure configured to store metadata of the database file; and
      
      B. associating the remote container with the container data field includes storing a reference to the remote container in the container data field.
  - 23. The product non-transitory storage device of claim 20, wherein, when a user is permitted to access the file system according to the second access privilege, accessing, by the user, to content in the data is limited by the encryption key according to the first access privilege.
  - 24. The non-transitory storage device product of claim 20, wherein creating the subdirectory on the file system according to the random distribution includes:
    - A. calculating a hash value of at least one of the database file or metadata of the database file;
      
      B. creating the subdirectory on the file system specified for the container data field based on a partition of the hash value; and
      
      assigning a portion of the hash value as a name of the subdirectory.
  - 25. The non-transitory storage device product of claim 24, wherein creating the subdirectory based on the partitioning of the hash value includes:
    - A. identifying a first portion and a second portion of the hash value, the second portion of the hash value being different from the first portion of the hash value;
      
      B. creating a first level subdirectory according to the first portion of the hash value; and
      
      creating a second level subdirectory according to a second portion of the hash, wherein the second level subdirectory is a subdirectory of the first level subdirectory.
  - 26. The non-transitory storage device product of claim 25, wherein each of the first portion and second portion of the hash value includes two hexadecimal characters limiting a number of first level subdirectories and a number of second level subdirectories to 256 each.
  - 27. The non-transitory storage device product of claim 20, wherein storing the encrypted data in the database file includes storing the database file in a directory, the directory including a relative path determined according to a calculation formula.
  - 28. The non-transitory storage device product of claim 20, wherein storing the encrypted data in the database file includes:
    - resolving the calculation formula using inputs including at least one of a system variable or a value of another data field of the relational database; and
      
      storing the resolved formula in a fourth portion of the remote container.
  - 29. The non-transitory storage device product of claim 20, wherein:
    - A. storing the encrypted data in the database file includes creating a file name of the database file that is unique at a location on the file system specified for the container data field; and
      
      B. storing the reference to the database file includes storing the unique file name in the remote container.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Zaydman, Oleg, Maeckel, Clay, Crumly, Lyndley
Primary Examiner(s)
AUGUSTIN, EVENS J

Application Number

US12/856,497
Publication Number

US 20120042174A1
Time in Patent Office

1,327 Days
Field of Search

707/609
US Class Current

705/52
CPC Class Codes

G06F 16/20 of structured data, e.g. re...

Remote container

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Remote container

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links