Proactive Information Security Management
First Claim
1. A computer-implemented method for controlling access to sensitive information, the method comprising:
- maintaining access constraint data that can be used to control access to said sensitive information, wherein said access constraint data comprises match pattern data and apply pattern data;
receiving a semantic query from a querier requesting access to said sensitive information;
based on said match pattern data, determining whether said semantic query should be constrained according to said apply pattern data;
where said semantic query should be constrained according to said apply pattern data, rewriting said semantic query according to said apply pattern data to produce a rewritten query;
executing said rewritten query against a database that contains said sensitive information; and
returning any results of executing said rewritten query.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for proactive information security management is described. In one embodiment, for example, a computer-implemented method for controlling access to sensitive information, the method comprising: maintaining access constraint data that can be used to control access to the sensitive information, wherein the access constraint data includes match pattern data and apply pattern data; receiving a semantic query from a querier requesting access to the sensitive information; based on the match pattern data, determining whether the semantic query should be constrained according to the apply pattern data; where said semantic query should be constrained according to the apply pattern data, rewriting the semantic query according to the apply pattern data to produce a rewritten query; executing the rewritten query against a database that contains the sensitive information; and returning any results of executing the rewritten query.
115 Citations
27 Claims
-
1. A computer-implemented method for controlling access to sensitive information, the method comprising:
-
maintaining access constraint data that can be used to control access to said sensitive information, wherein said access constraint data comprises match pattern data and apply pattern data; receiving a semantic query from a querier requesting access to said sensitive information; based on said match pattern data, determining whether said semantic query should be constrained according to said apply pattern data; where said semantic query should be constrained according to said apply pattern data, rewriting said semantic query according to said apply pattern data to produce a rewritten query; executing said rewritten query against a database that contains said sensitive information; and returning any results of executing said rewritten query. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for controlling access to sensitive information, the system comprising:
-
a processor; a memory coupled to the processor; and logic encoded in one or more computer readable media for; maintaining access constraint data that can be used to control access to said sensitive information, wherein said access constraint data comprises match pattern data and apply pattern data; receiving a semantic query from a querier requesting said sensitive information; determining, based on said match pattern data, whether said semantic query should be constrained according to said apply pattern data; where said semantic query should be constrained according to said apply pattern data, rewriting said semantic query according to said apply pattern data to produce a rewritten query; executing said rewritten query against a database that contains said sensitive information; and returning any results of executing said rewritten query. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
Specification