Annotation security to prevent the divulgence of sensitive information

US 20050038788A1
Filed: 08/14/2003
Published: 02/17/2005
Est. Priority Date: 08/14/2003
Status: Abandoned Application

First Claim

Patent Images

1. A method of preventing sensitive information from being divulged in annotations, comprising:

receiving an annotation;

applying one or more security rules to detect sensitive information contained in the annotation; and

taking one or more security measures in response to detecting sensitive information contained in the annotation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and articles of manufacture that may be used to prevent sensitive information from being divulged in an annotation are provided. Upon creation, modification and/or retrieval of an annotation, a set of predefined security rules may be applied to the annotation, in an effort to detect sensitive information contained therein. Upon detecting sensitive information in an annotation, appropriate security measures may be taken, such as notifying a user creating, modifying, or retrieving the annotation (e.g., prompting the user to modify annotation to remove the sensitive information), preventing entry of the annotation, and/or notifying appropriate personnel in charge of security, such as a system administrator.

127 Citations

37 Claims

1. A method of preventing sensitive information from being divulged in annotations, comprising:
- receiving an annotation;
  
  applying one or more security rules to detect sensitive information contained in the annotation; and
  
  taking one or more security measures in response to detecting sensitive information contained in the annotation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein:
    - receiving the annotation comprises receiving the annotation from a user; and
      
      the one or more security rules applied are determined, at least in part, based on a credential of the user.
  - 3. The method of claim 1, wherein applying one or more security rules comprises:
    - obtaining a set of specified terms; and
      
      searching the annotation for one or more of the specified terms.
  - 4. The method of claim 1, wherein applying one or more security rules comprises:
    - obtaining a set of specified patterns; and
      
      searching the annotation for data matching one or more of the specified patterns.
  - 5. The method of claim 1, wherein applying one or more security rules comprises:
    - obtaining a set of specified fields;
      
      obtaining instance values of data contained in the specified fields; and
      
      searching the annotation for one or more of the instance values.
  - 6. The method of claim 5, wherein obtaining instance values of data contained in the specified fields comprises issuing queries against a database containing data described by the annotation.
  - 7. The method of claim 1, wherein:
    - the annotation describes a first portion of query results; and
      
      applying one or more security rules comprises searching the annotation for data contained in a second portion of the query results.
  - 8. The method of claim 7, wherein the first and second portions of the query results are contained in a common row of data.
  - 9. The method of claim 1, wherein taking one or more security measures comprises notifying a user sensitive information has been detected in the annotation.
  - 10. The method of claim 9, further comprising allowing the user to modify the annotation.
  - 11. The method of claim 9, further comprising allowing the user to store the annotation without modification.
  - 12. The method of claim 9, further comprising suggesting a modification to the annotation.
  - 13. The method of claim 1, wherein taking one or more security measures comprises notifying security personnel.

14. A method of monitoring information contained in annotations, comprising:
- providing security information identifying information considered sensitive; and
  
  monitoring the content of annotations for the information considered sensitive.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, wherein the security information comprises at least one of:
    - a set of prohibited terms, a set of prohibited patterns, and a set of prohibited fields.
  - 16. The method of claim 15, wherein monitoring the content of annotations for the information considered sensitive comprises at least two of:
    - monitoring the content of annotations for one or more of the prohibited terms;
      
      monitoring the content of annotations for data matching one or more of the prohibited patterns; and
      
      monitoring the content of annotations for one or more instance values of data contained in one or more of the prohibited fields.
  - 17. The method of claim 16, wherein monitoring the content of annotations for one or more instance values of data contained in one or more of the prohibited fields comprising querying a database containing the instance values and data described by the annotation.

18. A method of preventing the divulgence of sensitive information in displayed annotations, comprising:
- receiving a request from a user to view an annotation;
  
  retrieving the annotation;
  
  searching the annotation for information considered sensitive; and
  
  in response to detecting information considered sensitive in the annotation, taking one or more security measures.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18, wherein information considered sensitive is determined, at least in part, based on one or more credentials of the user.
  - 20. The method of claim 19, wherein, the user is not authorized to view the information considered sensitive.
  - 21. The method of claim 20, wherein taking one or more security measures comprises providing an indication the user is unauthorized to view information contained in the annotation.

22. A computer readable medium containing a program for monitoring information contained in annotations which, when executed, performs operations, comprising:
- applying one or more security rules to detect sensitive information contained in an annotation; and
  
  taking one or more security measures in response to detecting sensitive information contained in the annotation.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The computer readable medium of claim 22, wherein the operations further comprise providing one or more graphical user interface screens for generating the annotation.
  - 24. The computer readable medium of claim 22, wherein taking one or more security measures comprises providing one or more graphical user interface screens notifying a user sensitive information contained in the annotation has been detected.
  - 25. The computer readable medium of claim 24, wherein the one or more graphical user interface screens notifying the user sensitive information contained in the annotation has been detected provides an indication, to the user, of the sensitive information.
  - 26. The computer readable medium of claim 24, wherein the one or more graphical user interface screens notifying the user sensitive information contained in the annotation has been detected allows the user to modify the annotation.
  - 27. The computer readable medium of claim 24, wherein the one or more graphical user interface screens notifying the user sensitive information contained in the annotation has been detected provides one or more suggested modifications to the annotation.
  - 28. The computer readable medium of claim 22, wherein the one or more security rules are applied in response to the user submitting the annotation.
  - 29. The computer readable medium of claim 22, wherein applying one or more security rules to detect sensitive information contained in an annotation comprises at least one of:
    - searching the annotation for one or more prohibited terms;
      
      searching the annotation for data matching one or more prohibited patterns;
      
      searching the annotation for one or more instance values of data contained in one or more of the prohibited fields; and
      
      searching the annotation for one or more instance values of data contained in query results containing data described by the annotation.

30. An system for managing annotations for data manipulated by one or more type applications, comprising:
- one or more graphical user interface screens for generating annotations;
  
  a set of security information identifying information considered sensitive; and
  
  an annotation security component configured to monitor annotations for the information considered sensitive and, in response to detecting information considered sensitive in annotations, take one or more security measures.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37)
- - 31. The system of claim 30, further comprising a set of plug-in components, each for interfacing between one or more applications and the system.
  - 32. The system of claim 30, wherein:
    - the set of security information comprises a set of prohibited terms considered sensitive; and
      
      the annotation security component is configured to search annotations for the occurrence of the prohibited terms.
  - 33. The system of claim 30, wherein:
    - the set of security information comprises a set of prohibited fields associated with data considered sensitive; and
      
      the annotation security component is configured to query a database for instance values contained in the prohibited fields and search annotations for the instance values.
  - 34. The system of claim 30, wherein:
    - the set of security information comprises a set of prohibited patterns associated with data considered sensitive; and
      
      the annotation security component is configured to search annotations for data matching the prohibited patterns.
  - 35. The system of claim 30, wherein the annotation security component is configured to monitor annotations for different sets of information considered sensitive based, at least in part, on one or more credentials of an annotation author.
  - 36. The system of claim 30, wherein:
    - the one or more graphical user interface screens for generating annotations allow different types of annotations to be generated; and
      
      the annotation security component is configured to monitor annotations for different sets of information considered sensitive based, at least in part, on the different types of annotations.
  - 37. The system of claim 30, wherein the one or more security measures comprise at least one of:
    - notifying a user information considered sensitive has been detected in an annotation; and
      
      notifying security personnel information considered sensitive has been detected in an annotation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Dettinger, Richard D., Rath, Cale T., Stevens, Richard J.

Application Number

US10/640,814
Publication Number

US 20050038788A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6227 where protection concerns t...

Annotation security to prevent the divulgence of sensitive information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

127 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Annotation security to prevent the divulgence of sensitive information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links