Method and system for protecting data from unauthorized disclosure
First Claim
Patent Images
1. A system for managing a plurality of data protection rules, comprising:
- a processor;
a database coupled to the processor, the database operable to receive and store the data protection rules and to receive and store a plurality of permissions generated by a data owner;
a memory coupled to the processor;
an authorization management tool residing in the memory and executable by the processor, the authorization management tool operable to;
accept a query from a data requester, the query related to a particular set of data;
access the database to validate that a permission exists for the data requester;
access the data protection rules in the database to validate that the particular set of data may be accessed by the data requester; and
generate a response to the query.
1 Assignment
0 Petitions
Accused Products
Abstract
According to one embodiment of the invention, a computerized method for managing a plurality of data protection rules includes receiving and storing the data protection rules in a database, receiving and storing a plurality of permissions generated by a data owner in the database, accepting a query from a data requester with respect to a particular set of data, accessing the database to validate that a permission exists for the data requester, accessing the database to validate that the particular set of data may be accessed by the data requester, and generating a response to the query.
194 Citations
115 Claims
-
1. A system for managing a plurality of data protection rules, comprising:
-
a processor;
a database coupled to the processor, the database operable to receive and store the data protection rules and to receive and store a plurality of permissions generated by a data owner;
a memory coupled to the processor;
an authorization management tool residing in the memory and executable by the processor, the authorization management tool operable to;
accept a query from a data requester, the query related to a particular set of data;
access the database to validate that a permission exists for the data requester;
access the data protection rules in the database to validate that the particular set of data may be accessed by the data requester; and
generate a response to the query. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computerized method for managing a plurality of data protection rules, comprising:
-
receiving and storing the data protection rules in a database;
receiving and storing a plurality of permissions generated by a data owner in the database;
accepting a query from a data requester, the query related to a particular set of data;
accessing the database to validate that a permission exists for the data requester;
accessing the database to validate that the particular set of data may be accessed by the data requester; and
generating a response to the query. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for managing a plurality of data protection rules, comprising:
-
a processor;
a database coupled to the processor, the database operable to receive and store the data protection rules and a plurality of corporate policies;
a memory coupled to the processor;
a user acceptance tool residing in the memory and executable by the processor, the user acceptance tool operable to;
query a user about a user preference with respect to one or more data protection rules stored in the database;
accept the user preference; and
store the user preference in the database. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
-
27. A computerized method for managing a plurality of data protection rules, comprising:
-
receiving and storing the data protection rules and a plurality of corporate policies in a database;
querying a user about a user preference with respect to one or more data protection rules stored in the database;
accepting the user preference; and
storing the user preference in the database. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
-
-
35. A system for managing a plurality of data protection rules, comprising:
-
a processor;
a database coupled to the processor, the database operable to receive and store a first set of data protection rules;
a memory coupled to the processor;
an impact analysis tool residing in the memory and executable by the processor, the impact analysis tool operable to;
receive a second set of data protection rules;
compare the second set of data protection rules to the first set of data protection rules to determine an impact on existing information;
notify a data owner of the impact; and
update the database with the second set of data protection rules. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A computerized method for managing a plurality of data protection rules, comprising:
-
receiving and storing a first set of data protection rules;
receiving a second set of data protection rules;
comparing the second set of data protection rules to the first set of data protection rules to determine an impact on existing information;
notifying a data owner of the impact; and
updating the database with the second set of data protection rules. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
-
-
57. A system for managing a plurality of data protection rules, comprising:
-
a processor;
a database coupled to the processor, the database operable to receive and store the data protection rules and to receive and store one or more states of an entity;
a memory coupled to the processor;
a state change tool residing in the memory and executable by the processor, the state change tool operable to;
receive a state change of the entity;
compare the state change to the data protection rules stored in the database;
determine whether the state change complies with the data protection rules; and
update the database with the state change. - View Dependent Claims (58, 59, 60, 61, 62, 63)
-
-
64. A computerized method for managing a plurality of data protection rules, comprising:
-
receiving and storing the data protection rules in a database;
receiving and storing one or more states of an entity in the database;
receiving a state change of the entity;
comparing the state change to the data protection rules stored in the database;
determining whether the state change complies with the data protection rules; and
updating the database with the state change. - View Dependent Claims (65, 66, 67, 68, 69, 70)
-
-
71. A system for managing a plurality of data protection rules, comprising:
-
a processor;
a data protection database coupled to the processor, the data protection database operable to receive and store a first set of data protection rules;
a managed system database coupled to the processor, the managed system database operable to receive and store managed system information;
a memory coupled to the processor;
an audit and compliance tool residing in the memory and executable by the processor, the audit and compliance tool operable to;
extract meta data from the managed system database and store the meta data in the data protection database, the meta data associated with the managed system information;
receive a second set of data protection rules;
compare, by utilizing the meta data, the second set of data protection rules to the managed system information to determine if the managed system information complies with the second set of data protection rules;
notify a data owner of one or more results of the comparison; and
update the data protection database with the second set of data protection rules. - View Dependent Claims (72, 73, 74, 75, 76, 77, 78, 79, 80, 81)
-
-
82. A computerized method for managing a plurality of data protection rules, comprising:
-
receiving and storing a first set of data protection rules in a data protection database;
receiving and storing managed system information in a managed system database;
extracting meta data from the managed system database and storing the meta data in the data protection database, the meta data associated with the managed system information;
receiving a second set of data protection rules;
comparing, by utilizing the meta data, the second set of data protection rules to the managed system information to determine if the managed system information complies with the second set of data protection rules;
notifying a data owner of one or more results of the comparison; and
updating the data protection database with the second set of data protection rules. - View Dependent Claims (83, 84, 85, 86, 87, 88, 89, 90, 91, 92)
-
-
93. A system for managing a plurality of data protection rules, comprising:
-
a processor;
a data protection database coupled to the processor, the data protection database operable to receive and store the data protection rules;
a managed system database coupled to the processor, the managed system database operable to receive and store a first set of managed system information;
a memory coupled to the processor;
an audit and compliance tool residing in the memory and executable by the processor, the audit and compliance tool operable to;
extract meta data from the managed system database and store the meta data in the data protection database, the meta data associated with the first set of managed system information;
receive a second set of managed system information;
compare, by utilizing the meta data, the data protection rules to the second set of managed system information to determine if the second set of managed system information complies with the data protection rules;
notify a data owner of one or more results of the comparison; and
update the managed system database with the second set of managed system information. - View Dependent Claims (94, 95, 96, 97, 98, 99, 100, 101, 102, 103)
-
-
104. A system for managing a plurality of data protection rules, comprising:
-
receiving and storing the data protection rules in a data protection database;
receiving and storing a first set of managed system information in a managed system database;
extracting meta data from the managed system database and storing the meta data in the data protection database, the meta data associated with the first set of managed system information;
receiving a second set of managed system information;
comparing, by utilizing the meta data, the data protection rules to the second set of managed system information to determine if the second set of managed system information complies with the data protection rules;
notifying a data owner of one or more results of the comparison; and
updating the managed system database with the second set of managed system information. - View Dependent Claims (105, 106, 107, 108, 109, 110, 111, 112, 113, 114)
-
-
115. A system for managing a plurality of data protection rules, comprising:
-
a processor;
a data protection database coupled to the processor, the data protection database operable to receive and store the data protection rules, a plurality of corporate policies, a plurality of permissions generated by a data owner, and one or more states of an entity;
a managed system database coupled to the processor, the managed system database operable to receive and store managed system information;
a memory coupled to the processor;
an authorization management tool residing in the memory and executable by the processor, the authorization management tool operable to;
accept a query from a data requester, the query related to a particular set of data;
access the managed system database to validate that a permission exists for the data requester;
access the data protection rules and the corporate policies in the data protection database to validate that the particular set of data may be accessed by the data requester; and
generate a response to the query;
a user acceptance tool residing in the memory and executable by the processor, the user acceptance tool operable to;
query a user about a user preference with respect to one or more data protection rules stored in the data protection database;
accept the user preference; and
store the user preference in the data protection database;
an impact analysis tool residing in the memory and executable by the processor, the impact analysis tool operable to;
receive a new set of data protection rules;
compare the new set of data protection rules to the data protection rules to determine an impact on existing information;
notify a data owner of the impact; and
update the data protection database with the new set of data protection rules;
a state change tool residing in the memory and executable by the processor, the state change tool operable to;
receive a state change of an entity;
compare the state change to the data protection rules stored in the data protection database;
determine whether the state change complies with the data protection rules; and
update the managed system database with the state change; and
an audit and compliance tool residing in the memory and executable by the processor, the audit and compliance tool operable to;
extract meta data from the managed system database and store the meta data in the data protection database, the meta data associated with the managed system information;
receive the new set of data protection rules;
compare, by utilizing the meta data, the new set of data protection rules to the managed system information to determine if the managed system information complies with the new set of data protection rules;
notify the data owner of one or more results of the comparison; and
update the data protection database with the new set of data protection rules.
-
Specification