Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
First Claim
Patent Images
1. A method for controlling data access in a data-at-rest system, the method comprising:
- executing a link intrusion prevention analysis between multiple layers of the data-at-rest system;
introducing a privacy policy at enforcement points that span multiple system layers; and
dynamically altering the privacy policy.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for controlling data access in a data-at-rest system includes executing a link intrusion prevention analysis between multiple layers of the data-at-rest system, introducing a privacy policy at enforcement points that span multiple system layers, and dynamically altering the privacy policy.
-
Citations
20 Claims
-
1. A method for controlling data access in a data-at-rest system, the method comprising:
-
executing a link intrusion prevention analysis between multiple layers of the data-at-rest system;
introducing a privacy policy at enforcement points that span multiple system layers; and
dynamically altering the privacy policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for controlling access to a database system, the method comprising:
-
assigning a first access criterion and a second access criterion to a user role;
receiving a query from a user, the user having an access history;
determining that the user matches the user role;
comparing, in a first system layer, the access history to the first access criterion; and
comparing, in a second system layer that differs from the first system layer, the access history to the second access criterion. - View Dependent Claims (10, 11, 12, 13, 14, 16, 17, 18, 19, 20)
-
-
15. A method for accessing data, the method comprising:
-
in a first system layer, receiving a first request from a user, the user having an access history, the access history including a counter;
in the first system layer, comparing the counter to a first threshold; and
transmitting a second request to a second system layer, the second request being based on the first request.
-
Specification