×

Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior

  • US 10,552,622 B2
  • Filed: 12/09/2014
  • Issued: 02/04/2020
  • Est. Priority Date: 02/18/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method for controlling access to data in a database, the method comprising:

  • receiving a request for data residing in one or more data files within a file layer stored in a memory of a hardware database processing system;

    determining, by an application layer stored in the memory of the hardware database processing system, whether the received request comprises an unauthorized application layer access attempt using a policy enforcement server communicatively coupled to the application layer, the policy enforcement server configured to determine that the received request is unauthorized by querying an intrusion detection point to determine whether a threshold number of violation attempts has been reached, wherein the threshold number of violation attempts is based on a sensitivity of the requested one or more data files, and wherein the intrusion detection point tracks violation attempts by incrementing a value representative of the tracked violation attempts by a first amount in response to a successful attempt to access the requested data, and by incrementing the value representative of the tracked violation attempts by a second amount greater than the first amount in response to a failed attempt to access the requested data;

    in response to determining that the received request is not an unauthorized application layer access attempt, forwarding the received request from the application layer stored in the memory of the hardware database processing system to a table layer stored in the memory of the hardware database processing system;

    determining, by the table layer stored in the memory of the hardware database processing system, whether the received request comprises an unauthorized table layer access attempt using the policy enforcement server, the policy enforcement server communicatively coupled to the table layer; and

    in response to determining that the received request is not an unauthorized table layer access attempt, granting access to the requested data.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×