Reducing access to sensitive information
First Claim
1. A method for reducing access to sensitive information, comprising:
- identifying processes and data associated with a computer system;
classifying each of said data as one of sensitive information and non-sensitive information;
wherein said sensitive information includes at least one of;
data that is personal to an individual;
confidential data; and
data that is subject to conditions of restricted use;
for each of said processes;
selecting said process and a sensitive data item;
modifying said sensitive data item; and
analyzing behavior of at least said selected process; and
preventing access of said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process.
1 Assignment
0 Petitions
Accused Products
Abstract
Method, system, and storage medium for reducing or minimizing access to sensitive information. A method includes identifying processes and data associated with a computer system and classifying each of the data as one of either sensitive information or non-sensitive information. The sensitive information includes at least one of: data that is personal to an individual, confidential data, and data that is legally subject to conditions of restricted use. For each of the processes the method includes selecting a process and a sensitive data item, modifying the sensitive data item, analyzing the behavior of at least the selected process, and preventing access of the sensitive data item by the selected process if, as a result of the analyzing, the sensitive data item is determined not to be needed by the selected process.
-
Citations
31 Claims
-
1. A method for reducing access to sensitive information, comprising:
-
identifying processes and data associated with a computer system;
classifying each of said data as one of sensitive information and non-sensitive information;
wherein said sensitive information includes at least one of;
data that is personal to an individual;
confidential data; and
data that is subject to conditions of restricted use;
for each of said processes;
selecting said process and a sensitive data item;
modifying said sensitive data item; and
analyzing behavior of at least said selected process; and
preventing access of said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 29, 30)
-
-
14. A computer system for reducing access to sensitive information, comprising:
-
a plurality of processes executable by said computer system;
a database storing data items utilized by said at least one process;
a replacement layer in communication with said at least one of said plurality of processes, said replacement layer operable for controlling access to said data items; and
an access minimization system associated with said computer system, said access minimization system performing;
identifying said plurality of processes and said data items associated with said computer system;
classifying each of said data items as one of sensitive information and non-sensitive information;
for each of said processes;
selecting said process and a sensitive data item;
modifying said sensitive data item; and
analyzing behavior of at least said selected process; and
preventing access of said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A storage medium encoded with machine-readable computer program code for reducing access to sensitive information, said storage medium including instructions for causing a computer system to implement a method, comprising:
-
identifying processes and data associated with a computer system;
classifying each of said data as one of sensitive information and non-sensitive information;
wherein said sensitive information includes at least one of;
data that is personal to an individual;
confidential data; and
data that is legally subject to conditions of restricted use;
for each of said processes;
selecting said process and a sensitive data item;
modifying said sensitive data item; and
analyzing behavior of at least said selected process; and
preventing access of said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process.
-
-
31. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing reduction of access to sensitive information, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of:
-
a plurality of processes executable by said computer system;
a database storing data items utilized by said at least one process;
a replacement layer in communication with said at least one of said plurality of processes, said replacement layer operable for controlling access to said data items; and
an access minimization system associated with said computer system, said access minimization system performing;
identifying said plurality of processes and said data items associated with said computer system;
<
classifying each of said data items as one of sensitive information and non-sensitive information;
for each of said processes;
selecting said process and a sensitive data item;
modifying said sensitive data item; and
analyzing behavior of at least said selected process; and
preventing access of said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process.
-
Specification