METHOD AND SYSTEM FOR PROVIDING MASKING SERVICES

US 20110321120A1
Filed: 10/11/2010
Published: 12/29/2011
Est. Priority Date: 06/24/2010
Status: Active Grant

First Claim

Patent Images

1. A method for providing application data to a user requesting an application hosted on a computing device, wherein the user is connected to the computing device through a communication network, the method comprising:

receiving application access request from the user;

validating credentials of the user requesting the application, wherein validation is performed to determine whether the user is authorized to access the requested application data;

determining type of user based on the user credentials;

fetching application data stored in a database utility and providing unmasked data to the user if the user is a privileged user;

transferring application data access request by the application to a subscribed data masking service, wherein the masking service fetches application data from the database utility, masks the data based on pre-configured masking rules and provides masked data to the application; and

providing masked application data to the user by the application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for presenting on-demand masking of data as a software service in a distributed environment is provided. An application hosted on a computing device receives request for access to application data from a user. Credentials of the user are first validated in order to determine whether the user is authorized to access the requested application data. For an authorized user, a category of the user is determined to ascertain whether the user is privileged to obtain full access. In case the user is a privileged user, unmasked application data is fetched from a database utility and provided to the user. In case the user is not a privileged user, application data access request is transferred to a data masking service. Application data is fetched from database utility, masked based on pre-defined masking rules and provided to the user.

30 Citations

View as Search Results

26 Claims

1. A method for providing application data to a user requesting an application hosted on a computing device, wherein the user is connected to the computing device through a communication network, the method comprising:
- receiving application access request from the user;
  
  validating credentials of the user requesting the application, wherein validation is performed to determine whether the user is authorized to access the requested application data;
  
  determining type of user based on the user credentials;
  
  fetching application data stored in a database utility and providing unmasked data to the user if the user is a privileged user;
  
  transferring application data access request by the application to a subscribed data masking service, wherein the masking service fetches application data from the database utility, masks the data based on pre-configured masking rules and provides masked data to the application; and
  
  providing masked application data to the user by the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein masking rules are configured by an application owner managing the application, further wherein configuration of masking rules is performed by integrating subscribed data masking service with the application after subscribing to the data masking service by the application owner.
  - 3. The method of claim 2, wherein configuring masking rules comprises specifying data masking options such as specifying data to be masked for an application and type of masking to be performed.
  - 4. The method of claim 2, wherein subscribing to data masking service comprises executing Software as a Service agreement between the application owner and the masking services provider.
  - 5. The method of claim 1, wherein the user comprises at least one of a human user, a software program and an automated machine.
  - 6. The method of claim 1 further comprises providing the user with limited access to application if user credentials are not validated.
  - 7. The method of claim 1, wherein application hosted by the application owner, masking service provided by the masking services provider and storage services provided by the database utility are implemented on independent software environments connected through one or more communication networks.

8. A method of providing data masking as a software service, the method comprising:
- receiving request for subscription to data masking service from an application owner hosting a software application;
  
  authenticating credentials of the application owner;
  
  facilitating configuration of one or more masking rules corresponding to the software application;
  
  receiving request for performing data masking on data associated with the software application; and
  
  executing one or more data masking algorithms for performing data masking according to the one or more masking rules.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein facilitating configuration of one or more masking rules comprises providing a set of user interfaces to the application owner for specifying options for configuring masking rules.
  - 10. The method of claim 8, wherein the one or more data masking algorithms comprises algorithms for masking at least one of alphabetical data, numerical data, data comprising combination of alphabets and numerals, data comprising unique codes or any combination thereof.
  - 11. The method of claim 8, wherein the masking service is implemented in the form of a source program.
  - 12. The method of claim 8, wherein the masking service is implemented in the form of an object program.

13. A system for provisioning application data in a secure form, the system comprising:
- a computing device being part of an organization providing one or more applications to requesting users and configured to host software application requested by a user, wherein the user is operationally connected to the computing device through a communication network;
  
  a credential check module configured to validate credentials of the user requesting application data;
  
  a subscription module configured to manage subscription of one or more applications requesting access to the one or more data masking services;
  
  a masking services provider operationally connected to the computing device and configured to perform masking of data and provide one or more data masking services, wherein the one or more data masking services are requested by the software application in order to provision application data to the user in a secure form; and
  
  a database utility operationally connected to the computing device and data masking services provider, and configured to store data associated with the software application.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The system of claim 13, wherein the computing device is part of a software vendor configured to provide one or more applications and to host the software application, further wherein the software vendor is internal or external to the organization.
  - 15. The system of claim 13, wherein the subscription module is incorporated as part of the masking services provider.
  - 16. The system of claim 13, wherein validating user credentials comprises determining whether a user is authorized to access the software application.
  - 17. The system of claim 13, wherein the credential check module is further configured to determine category of user.
  - 18. The system of claim 17, wherein the credential check module is further configured to transfer application data request to masking services provider, if the user is determined to be an unprivileged user.
  - 19. The system of claim 13, wherein the credential check module is further configured to fetch application data from the database utility and provide the application data to the software application, if the user is determined to be a privileged user.
  - 20. The system of claim 13, wherein the masking services provider comprises:
    - one or more application servers configured to execute multiple instances of data masking algorithms; and
      
      a rules engine configured to store software instructions for implementing data masking rules during execution of data masking process.
  - 21. The system of claim 20, wherein the masking services provider regularly updates masking rules based on requirements by application owners.

22. A computer product comprising a computer usable medium having a computer readable program code embodied therein for providing application data to a user requesting an application hosted on a computing device, wherein the user is connected to the computing device through a communication network, the computer program product comprising:
- program instruction means for receiving application access request from the user;
  
  program instruction means for validating credentials of the user requesting the application;
  
  program instruction means for determining type of user based on the user credentials;
  
  program instruction means for fetching application data stored in a database utility and providing unmasked data to the user if the user is a privileged user;
  
  program instruction means for transferring application data access request by the application to a subscribed data masking service, wherein the masking service fetches application data from the database utility, masks the data based on pre-configured masking rules and provides masked data to the application; and
  
  program instruction means for providing masked application data to the user by the application.
- View Dependent Claims (23, 24)
- - 23. The computer program product of claim 22, wherein the step of subscribing to data masking service comprises program instruction means for executing Software as a Service agreement between an application owner and a masking services provider.
  - 24. The computer program product of claim 22 further comprises providing the user with limited access to application if user credentials are not validated.

25. A computer product comprising a computer usable medium having a computer readable program code embodied therein for providing data masking as a software service, the computer program product comprising:
- program instruction means for receiving request for subscription to data masking service from an application owner hosting a software application;
  
  program instruction means for authenticating credentials of the application owner;
  
  program instruction means for facilitating configuration of one or more masking rules corresponding to the software application;
  
  program instruction means for receiving request for performing data masking on data associated with the software application; and
  
  program instruction means for executing one or more data masking algorithms for performing data masking according to the one or more masking rules.
- View Dependent Claims (26)
- - 26. The computer product of claim 25, wherein the step of facilitating configuration of one or more masking rules comprises program instruction means for providing a set of user interfaces to the application owner for specifying options for configuring masking rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infosys Limited
Original Assignee
Infosys Technologies Limited (Infosys Limited)
Inventors
SAXENA, Ashutosh, SAXENA, Vishal Krishna, SAXENA, Kaushal, KUMAR, Surni, PAUL, Mithun

Granted Patent

US 8,881,224 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/31   User authentication

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2107   File encryption

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

METHOD AND SYSTEM FOR PROVIDING MASKING SERVICES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR PROVIDING MASKING SERVICES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links