Method and System for Masking Data in a Consistent Manner Across Multiple Data Sources

US 20090204631A1
Filed: 02/13/2008
Published: 08/13/2009
Est. Priority Date: 02/13/2008
Status: Active Grant

First Claim

Patent Images

1. A method for data masking at least one data field of at least one data record in a primary database and at least one data field of at least one data record in a secondary database that has a key field having a correspondence with a key field in the at least one data record in the primary database, using a table of translation matrix records comprising an unmasked key field and at least one masked data field corresponding to the at least one data field of the at least one data record, the method comprising:

in respect of the primary database;

comparing the key field of the at least one data record in the corresponding database against the unmasked key field of each of the translation matrix records;

populating a first sub-table record, if the unmasked key field of a translation matrix record matches the key field of the at least one data record, the first sub-table record comprising an unmasked key field and at least one masked data field corresponding to the at least one data field of the at least one data record, using the unmasked key field and the at least one masked data field of the matching translation matrix record;

populating a second sub-table record, if no unmasked key field of any translation matrix record matches the key field of the at least one data record, the second sub-table record comprising a key field and at least one data field corresponding to the at least one data field of the at least one data record, using the corresponding key field and the at least one data field of the at least one data record;

masking the at least one data field of the second sub-table record;

adding the first sub-table record or the masked second sub-table record as a masked record in a masked copy of the corresponding database; and

if the masked second sub-table record was created, populating a translation matrix record corresponding thereto using the key field and the at least one data field for the unmasked key field and the at least one masked data field;

repeating the method with respect to the secondary database;

whereby at least one data field of the at least one data record of the primary database and the at least one data field of the at least one data record of the secondary database may be masked in a consistent manner.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for data masking a series of interrelated data records is disclosed. A lockable translation matrix repository resource is provided to contain both masked data as well as appropriate key information that provides links between respective copies of respective interlinked databases and maintains the data integrity of masking data inserted therein. Records are masked on a column by column or table by table basis. Records for which masking data is already in the repository are masked by making use of such data, while remaining records are segregated, masked and the masking data updated to the repository. Preferably a backup copy of the masked data records is stored in the repository to permit de-masking of the data records at a later stage. Pivot tables are applied where keys do not match exactly but still exhibit a one-to-one relationship.

87 Citations

View as Search Results

18 Claims

1. A method for data masking at least one data field of at least one data record in a primary database and at least one data field of at least one data record in a secondary database that has a key field having a correspondence with a key field in the at least one data record in the primary database, using a table of translation matrix records comprising an unmasked key field and at least one masked data field corresponding to the at least one data field of the at least one data record, the method comprising:
- in respect of the primary database;
  
  comparing the key field of the at least one data record in the corresponding database against the unmasked key field of each of the translation matrix records;
  
  populating a first sub-table record, if the unmasked key field of a translation matrix record matches the key field of the at least one data record, the first sub-table record comprising an unmasked key field and at least one masked data field corresponding to the at least one data field of the at least one data record, using the unmasked key field and the at least one masked data field of the matching translation matrix record;
  
  populating a second sub-table record, if no unmasked key field of any translation matrix record matches the key field of the at least one data record, the second sub-table record comprising a key field and at least one data field corresponding to the at least one data field of the at least one data record, using the corresponding key field and the at least one data field of the at least one data record;
  
  masking the at least one data field of the second sub-table record;
  
  adding the first sub-table record or the masked second sub-table record as a masked record in a masked copy of the corresponding database; and
  
  if the masked second sub-table record was created, populating a translation matrix record corresponding thereto using the key field and the at least one data field for the unmasked key field and the at least one masked data field;
  
  repeating the method with respect to the secondary database;
  
  whereby at least one data field of the at least one data record of the primary database and the at least one data field of the at least one data record of the secondary database may be masked in a consistent manner.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method according to claim 1, wherein a value of the key field in the at least one data record in the primary database and of the key field in the at least one data record in the second database are the same.
  - 3. The method according to claim 1, wherein:
    - the key field in the at least one data record in the primary database and the key field in the at least one data record in the secondary database are different and the correspondence therebetween is set out in a pivot table including both of the key fields; and
      
      comparing the key field of the at least one data record in the corresponding database against the unmasked key field of each of the translation matrix records further comprises looking up the at least one key field of the at least one data record in the corresponding database in the corresponding key field of the pivot table and comparing the other key field thereof against the unmasked key field of each of the translation matrix records.
  - 4. The method according to claim 1, wherein the at least one data field to be masked includes the key field.
  - 5. The method according to claim 1, wherein the masked copies of the primary and secondary databases retain the behavior of the primary and secondary databases respectively.
  - 6. The method according to claim 5, wherein the behavior of the masked copies of the primary and secondary databases includes the relational integrity in at least one of the database level and the application level.
  - 7. The method according to claim 1, wherein masking the at least one data field of the second sub-table record further comprises performing at least one data transformation on the at least one data field of the second sub-table entry.
  - 8. The method according to claim 7, wherein the data transformation is pre-selected before commencing the method.
  - 9. The method according to claim 1, further comprising:
    - before performing the method with respect to the primary or secondary databases;
      
      ensuring that the table of translation matrix records is not being accessed; and
      
      reserving exclusive access to the table of translation matrix records until released;
      
      before repeating the method with respect to the secondary database, releasing exclusive access to the table of translation matrix records; and
      
      whereby operations involving the table of translation matrix records remain uninterrupted.
  - 10. The method according to claim 9, comprising:
    - after reserving exclusive access to the table of translation matrix records until released, copying the table of translation matrix records from a secure repository; and
      
      before releasing exclusive access to the table of translation matrix records, replacing the table of translation matrix records into the secure repository.
  - 11. The method according to claim 10, further comprising removing and replacing a pivot table comprising the two key fields and establishing a one to one correspondence therebetween.
  - 12. The method according to claim 10, wherein replacing the table of translation matrix records into the secure repository further comprises replacing a backup record comprising the key field and the at least one data field of the at least one data record to be masked into the secure repository.
  - 13. The method according to claim 12, comprising adding a masked key field to the backup record containing the masked value of the key field of the at least one data record.
  - 14. The method according to claim 1, wherein the at least one data field is a confidential data field.
  - 15. A method for de-masking the at least one data record in at least one of the primary database and the secondary database that has been masked according to the method of claim 13, comprising:
    - reserving exclusive access to the table of translation matrix records until released;
      
      removing at least one of the backup record stored in the repository from the secure repository;
      
      reviewing the table of translation matrix records to determine if the key field of the at least one data record has been masked;
      
      if the key field of the at least one data record has been masked;
      
      comparing the key field of the at least one data record against the masked key field of each of the backup records; and
      
      populating a de-masked data record comprising the key field optionally corresponding to the at least one data field of the at least one data record, using the masked key field and optionally the at least one data field of the backup record;
      
      if the key field of the at least one data record has not been masked;
      
      comparing the key field of the at least one data record against the key field of each of the backup records; and
      
      populating a de-masked data record comprising the key field and at least one de-masked data field corresponding to the at least one data field of the at least one data record, using the key field and the at least one data field of the back up table; and
      
      releasing exclusive access to the table of translation matrix records.

16. A system for data masking at least one data field of at least one data record in a primary database and at least one data field of at least one data record in a secondary database that has a key field having a correspondence with a key field in the at least one data record in the primary database, the system comprising:
- a memory for storing data records, including a table of translation matrix records comprising an unmasked key field and at least one masked data field corresponding to the at least one data field of the at least one data record;
  
  a processor coupled to the memory for;
  
  in respect of the primary database;
  
  comparing the key field of the at least one data record in the corresponding database against the unmasked key field of each of the translation matrix records;
  
  populating a first sub-table record, if the unmasked key field of a translation matrix record matches the key field of the at least one data record, the first sub-table record comprising an unmasked key field and at least one masked data field corresponding to the at least one data field of the at least one data record, using the unmasked key field and the at least one masked data field of the matching translation matrix record;
  
  populating a second sub-table record, if no unmasked key field of any translation matrix record matches the key field of the at least one data record, the second sub-table record comprising a key field and at least one data field corresponding to the at least one data field of the at least one data record, using the corresponding key field and the at least one data field of the at least one data record;
  
  masking the at least one data field of the second sub-table record;
  
  adding the first sub-table record or the masked second sub-table record as a masked record in a masked copy of the corresponding database;
  
  if the masked second sub-table record was created, populating a translation matrix record corresponding thereto using the key field and the at least one data field for the unmasked key field and the at least one masked data field; and
  
  repeating the method with respect to the secondary database;
  
  whereby at least one data field of the at least one data record of the primary database and the at least one data field of the at least one data record of the secondary database may be masked in a consistent manner.

17. A processor in a system for data masking at least one data field of at least one data record in a primary database and at least one data field of at least one data record in a secondary database that has a key field having a correspondence with a key field in the at least one data record in the primary database, the processor being operatively coupled to a memory for storing data records including a table of translation matrix records comprising an unmasked key field and at least one masked data field corresponding to at least one data field of the at least one data record for:
- in respect of the primary database;
  
  comparing the key field of the at least one data record in the corresponding database against the unmasked key field of each of the translation matrix records;
  
  populating a first sub-table record, if the unmasked key field of a translation matrix record matches the key field of the at least one data record, the first sub-table record comprising an unmasked key field and at least one masked data field corresponding to the at least one data field of the at least one data record, using the unmasked key field and the at least one masked data field of the matching translation matrix record;
  
  populating a second sub-table record, if no unmasked key field of any translation matrix record matches the key field of the at least one data record, the second sub-table record comprising a key field and at least one data field corresponding to the at least one data field of the at least one data record, using the corresponding key field and the at least one data field of the at least one data record;
  
  masking the at least one data field of the second sub-table record;
  
  adding the first sub-table record or the masked second sub-table record as a masked record in a masked copy of the corresponding database;
  
  if the masked second sub-table record was created, populating a translation matrix record corresponding thereto using the key field and the at least one data field for the unmasked key field and the at least one masked data field; and
  
  repeating the method with respect to the secondary database;
  
  whereby at least one data field of the at least one data record of the primary database and the at least one data field of the at least one data record of the secondary database may be masked in a consistent manner.

18. A computer-readable medium coupled to a processor, in a system for data masking at least one data field of at least one data record in a primary database and at least one data field of at least one data record in a secondary database that has a key field having a one to one correspondence with a key field in the at least one data record in the primary database, the medium for storing data records including a table of translation matrix records comprising an unmasked key field and at least one masked data field corresponding to at least one data field of the at least one data record, and having stored thereon, computer-readable and computer-executable instructions which, when executed by the processor, cause the processor to:
- in respect of the primary database;
  
  compare the key field of the at least one data record in the corresponding database against the unmasked key field of each of the translation matrix records;
  
  populate a first sub-table record, if the unmasked key field of a translation matrix record matches the key field of the at least one data record, the first sub-table record comprising an unmasked key field and at least one masked data field corresponding to the at least one data field of the at least one data record, using the unmasked key field and the at least one masked data field of the matching translation matrix record;
  
  populate a second sub-table record, if no unmasked key field of any translation matrix record matches the key field of the at least one data record, the second sub-table record comprising a key field and at least one data field corresponding to the at least one data field of the at least one data record, using the corresponding key field and the at least one data field of the at least one data record;
  
  mask the at least one data field of the second sub-table record;
  
  add the first sub-table record or the masked second sub-table record as a masked record in a masked copy of the corresponding database;
  
  if the masked second sub-table record was created, populate a translation matrix record corresponding thereto using the key field and the at least one data field for the unmasked key field and the at least one masked data field; and
  
  repeat the method with respect to the secondary database;
  
  whereby at least one data field of the at least one data record of the primary database and the at least one data field of the at least one data record of the secondary database may be masked in a consistent manner.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Imperva Incorporated (Thales SA)
Original Assignee
Camouflage Software, Inc. (Thales SA)
Inventors
Spearns, Michael Paul, Pomroy, Steven Patrick, Morgan, David Isaac, Lake, Robert Raymond

Granted Patent

US 8,055,668 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6227 where protection concerns t...

Method and System for Masking Data in a Consistent Manner Across Multiple Data Sources

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Method and System for Masking Data in a Consistent Manner Across Multiple Data Sources

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others