System and method for providing data security

US 20050188421A1
Filed: 02/24/2004
Published: 08/25/2005
Est. Priority Date: 02/24/2004
Status: Abandoned Application

First Claim

Patent Images

1. A data security system, comprising:

an implicit clearance system;

an explicit clearance system;

a field level clearance system; and

a data anonimization system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data security system, comprising: an implicit clearance system for requiring a user to meet any one of a set of implicit conditions in order access the set of data; an explicit clearance system for selectively requiring a user to have explicit permission in order to access a set of data; a field level clearance system for limiting access to data records by restricting the user to a predefined view, wherein the predefined view displays a predetermined set of data fields from the data records; and a data anonimazation system for replacing a data element in a data record with a unique identifier in order to keep the data record anonymous.

52 Citations

View as Search Results

21 Claims

1. A data security system, comprising:
- an implicit clearance system;
  
  an explicit clearance system;
  
  a field level clearance system; and
  
  a data anonimization system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The data security system of claim 1, wherein the implicit clearance system comprises a mechanism for setting up a plurality of filters for a set of data, and wherein a user is granted permission to the set of data if the user meets a condition of at least one filter.
  - 3. The data security system of claim 2, wherein the set of data is selected from the group consisting of:
    - a row of data, a data table, and a data field.
  - 4. The data security system of claim 1, wherein the implicit clearance system comprises a table for each filter, wherein each table lists all user ID'"'"'s that meet the condition of an associated filter.
  - 5. The data security system of claim 1, wherein the explicit clearance system comprises a mechanism for requiring explicit permission to an area of data, and wherein a user is granted permission to the area of data only if explicit permission has been granted.
  - 6. The data security system of claim 5, wherein the area of data is selected from the group consisting of:
    - a row of data, a data table and a data field.
  - 7. The data security system of claim 1, wherein the explicit clearance system comprises:
    - an explicit areas table that defines all areas of data that require explicit clearance; and
      
      a set of ID tables that define those users who have explicit clearance for each of the areas requiring explicit permission.
  - 8. The data security system of claim 1, wherein the field level clearance system controls access to data types by restricting a user to a predefined view, wherein the predefined view displays a predetermined set of data fields.
  - 9. The data security system of claim 8, wherein the field level clearance system includes a set of data type tables that dictates data types available to each of a plurality of users.
  - 10. The data security system of claim 1, wherein the anonimization system provides a mechanism for replacing a data element in a data record with a unique identifier in order to keep the data record anonymous.
  - 11. The data security system of claim 10, wherein the anonimization system includes:
    - a reference table for each data field that is to be kept anonymous, wherein each reference table includes a list of anonimized data elements and an associated unique identifier; and
      
      a mechanism for generating a new unique identifier for a data element that does not exist in the list of anonimized data elements.

12. A program product stored on a recordable medium for providing data security, the program product comprising:
- means for selectively requiring a user to have explicit permission in order to access a set of data;
  
  means for requiring the user to meet any one of a set of implicit conditions in order access the set of data;
  
  means for limiting access to data records by restricting the user to a predefined view, wherein the predefined view displays a predetermined set of data fields from the data records; and
  
  means for replacing a data element in a data record with a unique identifier in order to create an anonymous data record.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The program product of claim 12, wherein the means for selectively requiring a user to have explicit permission comprises:
    - means for defining all areas of data that require explicit clearance; and
      
      means for defining those users who have explicit clearance for each of the areas requiring explicit permission.
  - 14. The program product of claim 12, wherein the means for requiring the user to meet any one of a set of implicit conditions comprises means for storing a set of acceptable user ID'"'"'s for each of the implicit conditions.
  - 15. The program product of claim 12, wherein the means for limiting access to a data record includes means for associating each of a plurality of users with one of the predefined views.
  - 16. The program product of claim 12, wherein the means for replacing a data element in a data record with a unique identifier includes:
    - reference means for each data field that is to be kept anonymous, wherein said reference means includes a list of anonimized data elements and an associated unique identifier; and
      
      means for generating a new unique identifier for a data element that does not exist in the list of anonimized data elements.

17. A method for providing data security, comprising:
- selectively replacing data elements in data records with unique identifiers as the data records are being stored in a data warehouse in order to create anonymous data records;
  
  selectively requiring a user to have explicit permission in order to access a set of the data records;
  
  requiring the user to meet any one of a set of implicit conditions in order access the set of the data records if explicit clearance is not required; and
  
  limiting access to data records by restricting the user to a predefined view, wherein the predefined view displays a predetermined set of data fields from the data records.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17, wherein the step of selectively requiring a user to have explicit permission comprises:
    - defining all areas of data that require explicit clearance; and
      
      defining those users who have explicit clearance for each of the areas requiring explicit permission.
  - 19. The method of claim 17, wherein the step of requiring the user to meet any one of a set of implicit conditions includes the step of storing a set of acceptable user ID'"'"'s for each of the implicit conditions.
  - 20. The method of claim 17, wherein the step of limiting access to a data record includes the step of associating each of a plurality of users with one of the predefined views.
  - 21. The method of claim 17, wherein the step of replacing a data element in a data record with a unique identifier includes:
    - providing a reference table for each data field that is to be kept anonymous, wherein said reference table includes a list of anonimized data elements and an associated unique identifier; and
      
      generating a new unique identifier for a data element that does not exist in the list of anonimized data elements.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Arbajian, Pierre Elie

Application Number

US10/785,142
Publication Number

US 20050188421A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/6227 where protection concerns t...

G06F 21/6254 by anonymising data, e.g. d...

System and method for providing data security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing data security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links