Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior

US 20060259950A1
Filed: 02/17/2006
Published: 11/16/2006
Est. Priority Date: 02/18/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for controlling data access in a data-at-rest system, the method comprising:

executing a link intrusion prevention analysis between multiple layers of the data-at-rest system;

introducing a privacy policy at enforcement points that span multiple system layers; and

dynamically altering the privacy policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for controlling data access in a data-at-rest system includes executing a link intrusion prevention analysis between multiple layers of the data-at-rest system, introducing a privacy policy at enforcement points that span multiple system layers, and dynamically altering the privacy policy.

Citations

20 Claims

1. A method for controlling data access in a data-at-rest system, the method comprising:
- executing a link intrusion prevention analysis between multiple layers of the data-at-rest system;
  
  introducing a privacy policy at enforcement points that span multiple system layers; and
  
  dynamically altering the privacy policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the data-at-rest system is a database system.
  - 3. The method of claim 1, further comprising modifying the protection of data at one of the multiple system layers.
  - 4. The method of claim 3, wherein the step of modifying is performed based on a result of the link intrusion prevention analysis.
  - 5. The method of claim 1, wherein the privacy policy comprises access control information.
  - 6. The method of claim 1, wherein the privacy policy comprises intrusion detection information.
  - 7. The method of claim 1, wherein the privacy policy comprises cryptographic information.
  - 8. A computer-readable medium containing instructions for causing a computer to perform the method of claim 1.

9. A method for controlling access to a database system, the method comprising:
- assigning a first access criterion and a second access criterion to a user role;
  
  receiving a query from a user, the user having an access history;
  
  determining that the user matches the user role;
  
  comparing, in a first system layer, the access history to the first access criterion; and
  
  comparing, in a second system layer that differs from the first system layer, the access history to the second access criterion.
- View Dependent Claims (10, 11, 12, 13, 14, 16, 17, 18, 19, 20)
- - 10. The method of claim 9, wherein the first access criterion comprises a privacy policy.
  - 11. The method of claim 9, further comprising learning a value for the first access criterion.
  - 12. The method of claim 9, further comprising selecting a response to the query, wherein the response is selected from the group consisting of blocking the query, alerting a system administrator and allowing the query, and allowing the query.
  - 13. The method of claim 12, wherein selecting a response to the query comprises selecting a response to the query based on a result of the step of comparing in a first system layer.
  - 14. A computer-readable medium containing instructions for causing a computer to perform the method of claim 9.
  - 16. The method of claim 14, further comprising comparing the counter to a second threshold.
  - 17. The method of claim 14, wherein the counter comprises a scorecard.
  - 18. The method of claim 14, further comprising:
    - determining that the counter exceeds a third threshold; and
      
      alerting a system administrator.
  - 19. The method of claim 14, further comprising:
    - in the first system layer, transmitting a notification to the second system layer to deny the second request.
  - 20. A system comprising:
    - a computer-readable medium as recited in claim 14;
      
      and a computer in data communication with the computer-readable medium.

15. A method for accessing data, the method comprising:
- in a first system layer, receiving a first request from a user, the user having an access history, the access history including a counter;
  
  in the first system layer, comparing the counter to a first threshold; and
  
  transmitting a second request to a second system layer, the second request being based on the first request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Original Assignee
Protegrity USA, Inc. (Xcelera Inc.)
Inventors
Mattsson, Ulf

Application Number

US11/357,741
Publication Number

US 20060259950A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/604   Tools and structures for ma...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/1433   Vulnerability analysis

Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links