Schema signing

US 8,850,209 B2
Filed: 09/12/2006
Issued: 09/30/2014
Est. Priority Date: 09/12/2006
Status: Active Grant

First Claim

Patent Images

1. A method for preventing unauthorized use of a database, the method comprising:

verifying whether or not a digital signature associated with the at least one object defined in a database schema is valid;

determining that the at least one object defined in the database schema has been tampered with if the digital signature of the at least one object is determined to not be valid;

denying access to the at least one object based on a result of determination that the at least one object defined in the database schema has been tampered with;

verifying that a digital signature for the at least one object defined in a database schema is associated with at least one trusted entity comprising;

verifying that a digital signature for an object of the at least one object is associated with the at least one trusted entity;

permitting access to the at least one object only when the digital signature for the at least one object is verified to be associated with the at least one trusted entity comprising;

permitting access to the object of the at least one object only when the digital signature for the object of at least one object is verified to be associated with the at least one trusted entity; and

obtaining at least one public key of the at least one trusted entity from a well-protected container included in a processing system, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;

verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, an object in a database schema may be verified as having a valid digital signature associated with a trusted entity. An application may be permitted access to the object of the database schema only when the object of the database schema is verified to have a valid digital signature associated with the trusted entity. In another embodiment, an object in a database schema may be verified as having a digital signature associated with at least one trusted entity. An application may be permitted access to the object of the database schema only when the digital signature for the object is verified to be associated with the at least one trusted entity.

Citations

30 Claims

1. A method for preventing unauthorized use of a database, the method comprising:
- verifying whether or not a digital signature associated with the at least one object defined in a database schema is valid;
  
  determining that the at least one object defined in the database schema has been tampered with if the digital signature of the at least one object is determined to not be valid;
  
  denying access to the at least one object based on a result of determination that the at least one object defined in the database schema has been tampered with;
  
  verifying that a digital signature for the at least one object defined in a database schema is associated with at least one trusted entity comprising;
  
  verifying that a digital signature for an object of the at least one object is associated with the at least one trusted entity;
  
  permitting access to the at least one object only when the digital signature for the at least one object is verified to be associated with the at least one trusted entity comprising;
  
  permitting access to the object of the at least one object only when the digital signature for the object of at least one object is verified to be associated with the at least one trusted entity; and
  
  obtaining at least one public key of the at least one trusted entity from a well-protected container included in a processing system, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
  
  verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising:
    - obtaining at least one public key of the at least one trusted entity from a well-protected container in a processing system, the well-protected container having a digital certificate signed by a trusted authority, whereinthe verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 3. The method of claim 1, further comprising:
    - obtaining at least one public key of the at least one trusted entity from an attesting dynamic linked library, whereinthe verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 4. The method of claim 1, further comprising:
    - obtaining at least one public key of the at least one trusted entity from an eXtensible Markup Language file having a digital certificate signed by a trusted authority, whereinthe verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 5. The method of claim 1, wherein:
    - the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity occurs at a database startup time, andthe method further comprises;
      
      failing to start the database at the database startup time when the digital signature for the at least one object is not associated with any of the at least one trusted entity.

6. A method for preventing unauthorized use of a database, the method comprising:
- verifying whether or not a digital signature associated with the at least one object defined in a database schema is valid;
  
  determining that the at least one object defined in the database schema has been tampered with if the digital signature of the at least one object is determined to not be valid;
  
  denying access to the at least one object based on a result of determination that the at least one object defined in the database schema has been tampered with;
  
  verifying that a digital signature for the at least one object defined in a database schema is associated with at least one trusted entity comprising;
  
  verifying that a digital signature for an object of the at least one object is associated with the at least one trusted entity; and
  
  permitting access to the at least one object only when the digital signature for the at least one object is verified to be associated with the at least one trusted entity comprising;
  
  permitting access to the object of the at least one object only when the digital signature for the object of at least one object is verified to be associated with the at least one trusted entity; and
  
  failing to permit access to the at least one object when the digital signature for the at least one object is not associated with any of the at least one trusted entity, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity is performed when an attempt is made to access a database.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising:
    - obtaining at least one public key of the at least one trusted entity from a well-protected container in a processing system, the well-protected container having a digital certificate signed by a trusted authority, whereinthe verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 8. The method of claim 6, further comprising:
    - obtaining at least one public key of the at least one trusted entity from an attesting dynamic linked library, whereinthe verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 9. The method of claim 6, further comprising:
    - obtaining at least one public key of the at least one trusted entity from an eXtensible Markup Language file having a digital certificate signed by a trusted authority, whereinthe verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 10. The method of claim 6, wherein:
    - the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity occurs at a database startup time, andthe method further comprises;
      
      failing to start the database at the database startup time when the digital signature for the at least one object is not associated with any of the at least one trusted entity.

11. A machine-readable medium having instructions stored thereon for at least one processor, the machine-readable medium comprising:
- instructions for verifying whether or not a digital signature associated with the at least one object defined in a database schema is valid;
  
  instructions for determining that the at least one object defined in the database schema has been tampered with if the digital signature of the at least one object is determined to not be valid;
  
  instructions for denying access to the at least one object based on a result of determination that the at least one object defined in the database schema has been tampered with;
  
  instructions for verifying that a digital signature for the at least one object defined in a database schema is associated with at least one trusted entity comprising;
  
  instructions for verifying that a digital signature for an object of the at least one object is associated with the at least one trusted entity;
  
  instructions for permitting access to the at least one object only when the digital signature for the at least one object is verified to be associated with the at least one trusted entity comprising;
  
  permitting access to the object of the at least one object only when the digital signature for the object of at least one object is verified to be associated with the at least one trusted entity; and
  
  instructions for obtaining at least one public key of the at least one trusted entity from a well-protected container included in a processing system, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
  
  verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity,the machine-readable medium is an item from a group of items consisting of a memory, a magnetic disk and an optical disk.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The machine-readable medium of claim 11, further comprising:
    - instructions for obtaining at least one public key of the at least one trusted entity from a well-protected container in a processing system, the well-protected container having a digital certificate signed by a trusted authority, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 13. The machine-readable medium of claim 11, further comprising:
    - instructions for obtaining at least one public key of the at least one trusted entity from an attesting dynamic linked library, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 14. The machine-readable medium of claim 11, further comprising:
    - instructions for obtaining at least one public key of the at least one trusted entity from an eXtensible Markup Language file having a digital certificate signed by a trusted authority, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 15. The machine-readable medium of claim 11, wherein:
    - the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity occurs at a database startup time, andthe machine-readable medium further comprises;
      
      instructions for failing to start the database at the database startup time when the digital signature for the at least one object is not associated with any of the at least one trusted entity.

16. A machine-readable medium having instructions stored thereon for at least one processor, the machine-readable medium comprising:
- instructions for verifying whether or not a digital signature associated with the at least one object defined in a database schema is valid;
  
  instructions for determining that the at least one object defined in the database schema has been tampered with if the digital signature of the at least one object is determined to not be valid;
  
  instructions for denying access to the at least one object based on a result of determination that the at least one object defined in the database schema has been tampered with;
  
  instructions for verifying that a digital signature for the at least one object defined in a database schema is associated with at least one trusted entity comprising;
  
  instructions for verifying that a digital signature for an object of the at least one object is associated with the at least one trusted entity;
  
  instructions for permitting access to the at least one object only when the digital signature for the at least one object is verified to be associated with the at least one trusted entity comprising;
  
  permitting access to the object of the at least one object only when the digital signature for the object of at least one object is verified to be associated with the at least one trusted entity; and
  
  instructions for failing to permit access to the at least one object when the digital signature for the at least one object is not associated with any of the at least one trusted entity,wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity is performed when an attempt is made to access a database,the machine-readable medium is an item from a group of items consisting of a memory, a magnetic disk and an optical disk.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The machine-readable medium of claim 16, further comprising:
    - instructions for obtaining at least one public key of the at least one trusted entity from a well-protected container in a processing system, the well-protected container having a digital certificate signed by a trusted authority, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 18. The machine-readable medium of claim 16, further comprising:
    - instructions for obtaining at least one public key of the at least one trusted entity from an attesting dynamic linked library, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 19. The machine-readable medium of claim 16, further comprising:
    - instructions for obtaining at least one public key of the at least one trusted entity from an eXtensible Markup Language file having a digital certificate signed by a trusted authority, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 20. The machine-readable medium of claim 16, wherein:
    - the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity occurs at a database startup time, andthe machine-readable medium further comprises;
      
      instructions failing to start the database at the database startup time when the digital signature for the at least one object is not associated with any of the at least one trusted entity.

21. A computer-implemented system comprising:
- a processor coupled to a memory, the memory storing instructions which when executed cause the processor to perform the acts of;
  
  verifying whether or not a digital signature associated with the at least one object defined in a database schema is valid;
  
  determining that the at least one object defined in the database schema has been tampered with if the digital signature of the at least one object is determined to not be valid;
  
  denying access to the at least one object based on a result of determination that the at least one object defined in the database schema has been tampered with;
  
  verifying that a digital signature for the at least one object defined in a database schema is associated with at least one trusted entity comprising;
  
  verifying that a digital signature for an object of the at least one object is associated with the at least one trusted entity;
  
  permitting access to the at least one object only when the digital signature for the at least one object is verified to be associated with the at least one trusted entity comprising;
  
  permitting access to the object of the at least one object only when the digital signature for the object of at least one object is verified to be associated with the at least one trusted entity; and
  
  obtaining at least one public key of the at least one trusted entity from a well-protected container included in a processing system, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
  
  verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The computer-implemented system of claim 21, the memory further storing instructions which when executed cause the processor to perform the act of:
    - obtaining at least one public key of the at least one trusted entity from a well-protected container in a processing system, the well-protected container having a digital certificate signed by a trusted authority, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 23. The computer-implemented system of claim 21, the memory further storing instructions which when executed cause the processor to perform the act of:
    - obtaining at least one public key of the at least one trusted entity from an attesting dynamic linked library, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 24. The computer-implemented system of claim 21, the memory further storing instructions which when executed cause the processor to perform the act of:
    - obtaining at least one public key of the at least one trusted entity from an eXtensible Markup Language file having a digital certificate signed by a trusted authority, whereinthe verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 25. The computer-implemented system of claim 21, wherein:
    - the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity occurs at a database startup time, andthe memory further storing instructions which when executed cause the processor to perform the act of;
      
      failing to start the database at the database startup time when the digital signature for the at least one object is not associated with any of the at least one trusted entity.

26. A computer-implemented system comprising:
- a processor coupled to a memory, the memory storing instructions which when executed cause the processor to perform the acts of;
  
  verifying whether or not a digital signature associated with the at least one object defined in a database schema is valid;
  
  determining that the at least one object defined in the database schema has been tampered with if the digital signature of the at least one object is determined to not be valid;
  
  denying access to the at least one object based on a result of determination that the at least one object defined in the database schema has been tampered with;
  
  verifying that a digital signature for the at least one object defined in a database schema is associated with at least one trusted entity comprising;
  
  verifying that a digital signature for an object of the at least one object is associated with the at least one trusted entity;
  
  permitting access to the at least one object only when the digital signature for the at least one object is verified to be associated with the at least one trusted entity comprising;
  
  permitting access to the object of the at least one object only when the digital signature for the object of at least one object is verified to be associated with the at least one trusted entity; and
  
  failing to permit access to the at least one object when the digital signature for the at least one object is not associated with any of the at least one trusted entity,wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity is performed when an attempt is made to access a database.
- View Dependent Claims (27, 28, 29, 30)
- - 27. The computer-implemented system of claim 26, the memory further storing instructions which when executed cause the processor to perform the act of:
    - obtaining at least one public key of the at least one trusted entity from a well-protected container in a processing system, the well-protected container having a digital certificate signed by a trusted authority, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 28. The computer-implemented system of claim 26, the memory further storing instructions which when executed cause the processor to perform the act of:
    - obtaining at least one public key of the at least one trusted entity from an attesting dynamic linked library, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 29. The computer-implemented system of claim 26, the memory further storing instructions which when executed cause the processor to perform the act of:
    - obtaining at least one public key of the at least one trusted entity from an eXtensible Markup Language file having a digital certificate signed by a trusted authority, wherein the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity further comprises;
      
      verifying that the digital signature for the at least one object is signed by a private key corresponding to one of the at least one public key of the at least one trusted entity.
  - 30. The computer-implemented system of claim 26, wherein:
    - the verifying that a digital signature for at least one object defined in a database schema is associated with at least one trusted entity occurs at a database startup time, andthe memory further storing instructions which when executed cause the processor to perform the act of;
      
      failing to start the database at the database startup time when the digital signature for the at least one object is not associated with any of the at least one trusted entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dutta, Tanmoy, Garcia, Raul, Gott, Steven Richard, Ovechkin, Ruslan Pavlovich, Wolter, Roger Lynn
Primary Examiner(s)
Mehedi, Morshed

Application Number

US11/519,274
Publication Number

US 20080065893A1
Time in Patent Office

2,940 Days
Field of Search

713/176
US Class Current

713/176
CPC Class Codes

H04L 2209/80   Wireless

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

Schema signing

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Schema signing

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links