Separation of duties in a data audit system

US 20070005665A1
Filed: 06/30/2005
Published: 01/04/2007
Est. Priority Date: 06/30/2005
Status: Abandoned Application

First Claim

Patent Images

1. A database audit system comprising:

a target database to be monitored, the target database being accessed through an authentication process;

an agent that monitors the internal database activity of the target database according to a set of configuration parameters, operation of the agent being independent of access to the target database through the authentication process; and

a configuration manager that stores configuration parameters for access and use by the agent, the configuration manager being accessed through an authentication process independent of the target database authentication process.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A database audit system monitors database activity, providing a complete record of access to data and database structure. A database audit may be performed by collecting data from database transaction logs and traces, exporting the collected data into a repository, and analyzing the data in the repository to create data audit reports and to provide data audit browsing capabilities. A separation between audit side and audited data side is maintained through limited access permissions.

48 Citations

View as Search Results

24 Claims

1. A database audit system comprising:
- a target database to be monitored, the target database being accessed through an authentication process;
  
  an agent that monitors the internal database activity of the target database according to a set of configuration parameters, operation of the agent being independent of access to the target database through the authentication process; and
  
  a configuration manager that stores configuration parameters for access and use by the agent, the configuration manager being accessed through an authentication process independent of the target database authentication process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A database audit system as claimed in claim 1 wherein the agent has limited privileges in the target database.
  - 3. A database audit system as claimed in claim 2 wherein the privileges are limited to read only.
  - 4. A database audit system as claimed in claim 1 wherein the authentication process of the target database is independent of the authentication process of the configuration manager.
  - 5. A database audit system as claimed in claim 4 wherein a target database administrator has limited privileges in the configuration manager.
  - 6. A database system as claimed in claim 1, further comprising:
    - data stored temporarily by the agent in a data storage separate from the target database.
  - 7. A database system as claimed in claim 1, further comprising:
    - an audit repository database storing information collected by the agent.
  - 8. A database system as claimed in claim 7 wherein the audit repository is accessed through an authentication process independent of the target authentication process.
  - 9. A database system as claimed in claim 7 wherein data is transferred from the agent to the audit repository in an encrypted format.
  - 10. A database system as claimed in claim 7 wherein the agent internally queues collected data in case of unavailability of the audit repository database.
  - 11. A database system as claimed in claim 1 further comprising:
    - agent configuration data stored in the agent.
  - 12. A database system as claimed in claim 1 further comprising:
    - a first computer readable medium storing instructions for installing the agent; and
      
      a second computer readable medium storing instructions for installing the configuration manager.
  - 13. A database system as claimed in claim 1, wherein the internal database activity is recorded in a transaction log and a trace of database activities including session activities after session establishment.

14. A computer-implemented database audit process for a target database having an associated authentication process, said audit process comprising:
- maintaining a record of the target database internal activity;
  
  collecting the record of the target database internal activity by an agent, the operating of the agent being independent of access to the target database through the authentication process; and
  
  storing configuration parameters for access and use by the agent at a configuration manager, the configuration manager being accessed through an authentication process independent of the target database authentication process.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. A computer-implemented database audit process of claim 14 wherein the authentication process of the target database is independent of the authentication process of the configuration manager.
  - 16. A computer-implemented database audit process of claim 14 further comprising:
    - limiting privileges of the agent on the target database.
  - 17. A computer-implemented database audit process of claim 16 further comprising:
    - limiting the privileges of the agent on the target database to read only permissions.
  - 18. A computer-implemented database audit process of claim 14 further comprising:
    - transmitting data collected by the collection agent to an audit repository.
  - 19. A computer-implemented database audit process of claim 18 further comprising:
    - encrypting the data collected by the collection agent before transmitting it to the audit repository.
  - 20. A computer-implemented database audit process of claim 18 further comprising:
    - queuing the data collected by the collection agent in the collection agent if the audit repository is unavailable.
  - 21. A computer-implemented database audit process of claim 14 further comprising:
    - requesting, by the agent, a new set of configuration parameters from the configuration manager.
  - 22. A computer-implemented database audit process of claim 14 further comprising:
    - notifying, by the configuration manager, the agent of a new set of configuration parameters.

23. A computer-readable medium storing instructions for auditing a target database having an associated authentication process, said instructions comprising:
- instructions for maintaining a record of the target database internal activity;
  
  instructions for collecting the record of the target database internal activity by an agent, the operating of the agent being independent of access to the target database through the authentication process; and
  
  instructions for storing configuration parameters for access and use by the agent at a configuration manager, the configuration manager being accessed through an authentication process independent of the target database authentication process.
- View Dependent Claims (24)
- - 24. A computer-readable medium of claim 23 wherein the instructions for auditing the target database further comprise:
    - instructions for enforcing authentication process for write access to the target database independently of the authentication process of the configuration manager.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lumigent Technologies, Inc. (BeyondTrust Corp.)
Original Assignee
Lumigent Technologies, Inc. (BeyondTrust Corp.)
Inventors
George, Gregory, Jesse, Jonathan, Vaitzblit, Lev

Application Number

US11/174,294
Publication Number

US 20070005665A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/20 of structured data, e.g. re...

G06Q 10/06 Resources, workflows, human...

Separation of duties in a data audit system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Separation of duties in a data audit system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links