System and method for protecting sensitive data

US 20070083514A1
Filed: 10/07/2005
Published: 04/12/2007
Est. Priority Date: 10/07/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of managing access to sensitive data in a database, comprising:

receiving a query against the data in the database, the query comprising at least;

(i) a result field specification including one or more result fields characterizing which fields are to be returned in a result set for the query; and

(ii) a sorting instruction to sort the result set on the basis of a selected result field to produce a sorted result set;

retrieving the result set from the database;

filtering the retrieved result set on the basis of predefined filtering rules to remove selected data from the selected result field of at least one data record included with the retrieved result set; and

sorting the filtered result set according to the sorting instruction to produce the sorted result set, whereby the sorting is done independently of the removed selected data so that the sorted result set places the at least one data record at a position which is non-indicative of a value of the removed selected data.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and article of manufacture for protecting sensitive data in databases and, more particularly, for managing access to sensitive data in a database. One embodiment comprises receiving a query against the data in the database comprising at least (i) a result field specification, and (ii) a sorting instruction. The method further comprises retrieving a result set from the database, and filtering the retrieved result set on the basis of predefined filtering rules to remove selected data from a selected result field of at least one data record included with the retrieved result set. The filtered result set is sorted according to the sorting instruction to produce the sorted result set, whereby the sorting is done independently of the removed selected data so that the sorted result set places the at least one data record at a position which is non-indicative of a value of the removed selected data.

Citations

20 Claims

1. A computer-implemented method of managing access to sensitive data in a database, comprising:
- receiving a query against the data in the database, the query comprising at least;
  
  (i) a result field specification including one or more result fields characterizing which fields are to be returned in a result set for the query; and
  
  (ii) a sorting instruction to sort the result set on the basis of a selected result field to produce a sorted result set;
  
  retrieving the result set from the database;
  
  filtering the retrieved result set on the basis of predefined filtering rules to remove selected data from the selected result field of at least one data record included with the retrieved result set; and
  
  sorting the filtered result set according to the sorting instruction to produce the sorted result set, whereby the sorting is done independently of the removed selected data so that the sorted result set places the at least one data record at a position which is non-indicative of a value of the removed selected data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein retrieving the result set comprises:
    - removing the sorting instruction from the query, whereby a modified query is generated; and
      
      executing the modified query against the database.
  - 3. The method of claim 1, wherein filtering the retrieved result set comprises for each data record included with the retrieved result set:
    - determining whether the selected result field of the data record comprises sensitive data; and
      
      if so, replacing the sensitive data with a replacement value.
  - 4. The method of claim 1, further comprising:
    - creating, prior to filtering the retrieved result set, a temporary data structure storing the retrieved result set; and
      
      joining, after the filtering, the filtered result set to the retrieved result set in the temporary data structure, whereby a joined result set is generated.
  - 5. The method of claim 4, further comprising:
    - rewriting the sorting instruction to generate a modified sorting instruction instructing to sort the joined result set for the query on the basis of the selected result field.
  - 6. The method of claim 5, wherein sorting the filtered result set according to the sorting instruction comprises:
    - sorting the joined result set according to the modified sorting instruction.
  - 7. The method of claim 6, further comprising:
    - selecting, from the sorted joined result set, all data records belonging to the filtered result set; and
      
      outputting the selected data records in a sorted list.
  - 8. The method of claim 6, further comprising:
    - selecting, from the sorted joined result set, all data records belonging to the retrieved result set;
      
      filtering all selected data records on the basis of the predefined filtering rules to remove sensitive data from the selected result field of at least one of the selected data records; and
      
      outputting the filtered selected data records in a sorted list.
  - 9. The method of claim 1, wherein each result field of the query is a logical field of a data abstraction model abstractly describing the data in the database;
    - whereby the query defines an abstract query, and wherein the data abstraction model is adapted for transforming the one or more logical fields of the abstract query into a form consistent with a physical representation of the data in the database.
  - 10. The method of claim 1, wherein the query is one of a SQL query or an XML query.

11. A computer-readable medium containing a program which, when executed by a processor, performs operations for managing access to sensitive data in a database, the operations comprising:
- receiving a query against the data in the database, the query comprising at least;
  
  (i) a result field specification including one or more result fields characterizing which fields are to be returned in a result set for the query; and
  
  (ii) a sorting instruction to sort the result set on the basis of a selected result field to produce a sorted result set;
  
  retrieving the result set from the database;
  
  filtering the retrieved result set on the basis of predefined filtering rules to remove selected data from the selected result field of at least one data record included with the retrieved result set; and
  
  sorting the filtered result set according to the sorting instruction to produce the sorted result set, whereby the sorting is done independently of the removed selected data so that the sorted result set places the at least one data record at a position which is non-indicative of a value of the removed selected data.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer-readable medium of claim 11, wherein retrieving the result set comprises:
    - removing the sorting instruction from the query, whereby a modified query is generated; and
      
      executing the modified query against the database.
  - 13. The computer-readable medium of claim 11, wherein filtering the retrieved result set comprises for each data record included with the retrieved result set:
    - determining whether the selected result field of the data record comprises sensitive data; and
      
      if so, replacing the sensitive data with a replacement value.
  - 14. The computer-readable medium of claim 11, wherein the operations further comprise:
    - creating, prior to filtering the retrieved result set, a temporary data structure storing the retrieved result set; and
      
      joining, after the filtering, the filtered result set to the retrieved result set in the temporary data structure, whereby a joined result set is generated.
  - 15. The computer-readable medium of claim 14, wherein the operations further comprise:
    - rewriting the sorting instruction to generate a modified sorting instruction instructing to sort the joined result set for the query on the basis of the selected result field.
  - 16. The computer-readable medium of claim 15, wherein sorting the filtered result set according to the sorting instruction comprises:
    - sorting the joined result set according to the modified sorting instruction.
  - 17. The computer-readable medium of claim 16, wherein the operations further comprise:
    - selecting, from the sorted joined result set, all data records belonging to the filtered result set; and
      
      outputting the selected data records in a sorted list.
  - 18. The computer-readable medium of claim 16, wherein the operations further comprise:
    - selecting, from the sorted joined result set, all data records belonging to the retrieved result set;
      
      filtering all selected data records on the basis of the predefined filtering rules to remove sensitive data from the selected result field of at least one of the selected data records; and
      
      outputting the filtered selected data records in a sorted list.
  - 19. The computer-readable medium of claim 11, wherein each result field of the query is a logical field of a data abstraction model abstractly describing the data in the database;
    - whereby the query defines an abstract query, and wherein the data abstraction model is adapted for transforming the one or more logical fields of the abstract query into a form consistent with a physical representation of the data in the database.
  - 20. The computer-readable medium of claim 11, wherein the query is one of a SQL query or an XML query.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Twitter Inc (X Holdings Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Dettinger, Richard, Glowacki, Janice, Rao, Padma, Wenzel, Shannon, Sperber, Marci, Kolz, Daniel

Granted Patent

US 7,752,215 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/24578   using ranking

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

System and method for protecting sensitive data

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting sensitive data

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links