Reducing access to sensitive information

US 20050289340A1
Filed: 06/23/2004
Published: 12/29/2005
Est. Priority Date: 06/23/2004
Status: Active Grant

First Claim

Patent Images

1. A method for reducing access to sensitive information, comprising:

identifying processes and data associated with a computer system;

classifying each of said data as one of sensitive information and non-sensitive information;

wherein said sensitive information includes at least one of;

data that is personal to an individual;

confidential data; and

data that is subject to conditions of restricted use;

for each of said processes;

selecting said process and a sensitive data item;

modifying said sensitive data item; and

analyzing behavior of at least said selected process; and

preventing access of said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method, system, and storage medium for reducing or minimizing access to sensitive information. A method includes identifying processes and data associated with a computer system and classifying each of the data as one of either sensitive information or non-sensitive information. The sensitive information includes at least one of: data that is personal to an individual, confidential data, and data that is legally subject to conditions of restricted use. For each of the processes the method includes selecting a process and a sensitive data item, modifying the sensitive data item, analyzing the behavior of at least the selected process, and preventing access of the sensitive data item by the selected process if, as a result of the analyzing, the sensitive data item is determined not to be needed by the selected process.

23 Citations

View as Search Results

31 Claims

1. A method for reducing access to sensitive information, comprising:
- identifying processes and data associated with a computer system;
  
  classifying each of said data as one of sensitive information and non-sensitive information;
  
  wherein said sensitive information includes at least one of;
  
  data that is personal to an individual;
  
  confidential data; and
  
  data that is subject to conditions of restricted use;
  
  for each of said processes;
  
  selecting said process and a sensitive data item;
  
  modifying said sensitive data item; and
  
  analyzing behavior of at least said selected process; and
  
  preventing access of said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 29, 30)
- - 2. The method of claim 1, wherein said preventing access includes substituting a value of said sensitive data item with an alternate data value whenever said selected process requests access to said sensitive data item.
  - 3. The method of claim 2, wherein if said selected process does not have changeable code, said substituting a value of said sensitive data item with an alternate data value is performed by inserting a replacement layer between said sensitive data item and said selected process.
  - 4. The method of claim 2, wherein said substituting a value of said sensitive data item with an alternate data value is performed by:
    - generating an alternate data value; and
      
      modifying code of said selected process operable for directing said selected process to access said alternate data value in place of said sensitive data item.
  - 5. The method of claim 4, wherein if said selected process has changeable code, said substituting a value of said sensitive data item with an alternate data value is performed by inserting a replacement layer into said selected process.
  - 6. The method of claim 3, wherein said replacement layer is local to said selected process if said sensitive data item is not needed by said selected process, said local replacement layer being operable for preventing said selected process from accessing said sensitive data item.
  - 7. The method of claim 3, wherein said replacement layer is global to said selected process and at least one other of said processes if said sensitive data item is not needed by said selected process and at least one other of said processes, said global replacement layer being operable for permitting said selected process and said at least one other of said processes to access said sensitive data item.
  - 8. The method of claim 1, wherein said analyzing is performed using static analysis.
  - 9. The method of claim 1, wherein said analyzing is performed by executing said processes.
  - 10. The method of claim 3, wherein said substituting a value of said sensitive data item is performed by:
    - randomly generating said alternate data value;
      
      mapping said alternate data value to said sensitive data item; and
      
      storing mapped alternate data value and corresponding sensitive data item in a table within said replacement layer, said table being accessible to said selected process.
  - 11. The method of claim 10, further comprising reversing said substituting a value of said sensitive data item when said selected process has completed, said reversing being operable for returning said sensitive data item from said replacement layer to a database.
  - 12. The method of claim 3, wherein said substituting is performed using encryption;
    - wherein said sensitive data item is encrypted to a key that is not available to said selected process.
  - 13. The method of claim 1, further comprising:
    - shifting a function of a first selected process associated with said sensitive data item to a second selected process if, as a result of said analyzing, it is determined that said second selected process utilizes said sensitive data item more frequently than said first selected process.
  - 29. An article of manufacture comprising a computer usable medium having computer readable program code means embodied therein for causing reduction of access to sensitive information, the computer readable program code means in said article of manufacture comprising computer readable program code means for causing a computer to effect the steps of claim 1.
  - 30. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for reducing access to sensitive information, said method steps comprising the steps of claim 1.

14. A computer system for reducing access to sensitive information, comprising:
- a plurality of processes executable by said computer system;
  
  a database storing data items utilized by said at least one process;
  
  a replacement layer in communication with said at least one of said plurality of processes, said replacement layer operable for controlling access to said data items; and
  
  an access minimization system associated with said computer system, said access minimization system performing;
  
  identifying said plurality of processes and said data items associated with said computer system;
  
  classifying each of said data items as one of sensitive information and non-sensitive information;
  
  for each of said processes;
  
  selecting said process and a sensitive data item;
  
  modifying said sensitive data item; and
  
  analyzing behavior of at least said selected process; and
  
  preventing access of said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 15. The computer system of claim 14, wherein said sensitive information includes at least one of:
    - data that is personal to an individual;
      
      confidential data; and
      
      data that is legally subject to conditions of restricted use.
  - 16. The computer system of claim 14, wherein said preventing access includes substituting a value of said sensitive data item with an alternate data value whenever said selected process requests access to said sensitive data item.
  - 17. The computer system of claim 16, wherein if said selected process does not have changeable code, said substituting a value of said sensitive data item with an alternate data value is performed by inserting a replacement layer between said sensitive data item and said selected process.
  - 18. The computer system of claim 16, wherein said substituting a value of said sensitive data item with an alternate data value is performed by:
    - generating an alternate data value; and
      
      modifying code of said selected process operable for directing said selected process to access said alternate data value in place of said sensitive data item.
  - 19. The computer system of claim 18, wherein if said selected process has changeable code, said substituting a value of said sensitive data item with an alternate data value is performed by inserting a replacement layer into said selected process.
  - 20. The computer system of claim 17, wherein said replacement layer is local to said selected process if said sensitive data item is not needed by said selected process, said local replacement layer being operable for preventing said selected-process from accessing said sensitive data item.
  - 21. The computer system of claim 17, wherein said replacement layer is global to said selected process and at least one other of said processes, and if said sensitive data item is not needed by said selected process and at least one other of said processes, said global replacement layer being operable for permitting said selected process and said at least one other of said processes to access said sensitive data item.
  - 22. The computer system of claim 14, wherein said analyzing is performed using static analysis.
  - 23. The computer system of claim 14, wherein said analyzing is performed by executing said processes.
  - 24. The computer system of claim 17, wherein said substituting a value of said sensitive data item is performed by:
    - randomly generating said alternate data value;
      
      mapping said alternate data value to said sensitive data item; and
      
      storing mapped alternate data value and corresponding sensitive data item in a table within said replacement layer, said table being accessible to said selected process.
  - 25. The computer system of claim 24, further comprising reversing said substituting a value of said sensitive data item when said selected process has completed, said reversing being operable for returning said sensitive data item from said replacement layer to a database.
  - 26. The computer system of claim 17, wherein said substituting is performed using encryption;
    - wherein said sensitive data item is encrypted to a key that is not available to said selected process.
  - 27. The computer system of claim 14, further comprising:
    - shifting a function of a first selected process associated with said sensitive data item to a second selected process if, as a result of said analyzing, it is determined that said second selected process utilizes said sensitive data item more frequently than said first selected process.

28. A storage medium encoded with machine-readable computer program code for reducing access to sensitive information, said storage medium including instructions for causing a computer system to implement a method, comprising:
- identifying processes and data associated with a computer system;
  
  classifying each of said data as one of sensitive information and non-sensitive information;
  
  wherein said sensitive information includes at least one of;
  
  data that is personal to an individual;
  
  confidential data; and
  
  data that is legally subject to conditions of restricted use;
  
  for each of said processes;
  
  selecting said process and a sensitive data item;
  
  modifying said sensitive data item; and
  
  analyzing behavior of at least said selected process; and
  
  preventing access of said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process.

31. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing reduction of access to sensitive information, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect the functions of:
- a plurality of processes executable by said computer system;
  
  a database storing data items utilized by said at least one process;
  
  a replacement layer in communication with said at least one of said plurality of processes, said replacement layer operable for controlling access to said data items; and
  
  an access minimization system associated with said computer system, said access minimization system performing;
  
  identifying said plurality of processes and said data items associated with said computer system;
  
  <
  
  classifying each of said data items as one of sensitive information and non-sensitive information;
  
  for each of said processes;
  
  selecting said process and a sensitive data item;
  
  modifying said sensitive data item; and
  
  analyzing behavior of at least said selected process; and
  
  preventing access of said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Pfitzmann, Birgit M., Schunter, Matthias, Camenisch, Jan L., Waidner, Michael P.

Granted Patent

US 7,941,859 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/165
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

Reducing access to sensitive information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Reducing access to sensitive information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links