Maintaining Data Privacy in a Shared Data Storage System

US 20150235049A1
Filed: 02/20/2014
Published: 08/20/2015
Est. Priority Date: 02/20/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method for sanitizing data, the method comprising:

in response to receiving a data request from a user, determining whether the data request is submitted by an authorized user,wherein the data request is for accessing first data stored on a data storage system;

in response to determining that the data request is submitted by an authorized user, analyzing data access history by the user to the data storage system;

in response to determining that the user has previously accessed data on the data storage system that in light of the first data reveal confidential information which the user is not authorized to access, restricting user'"'"'s access to the confidential information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Machines, systems and methods for sanitizing data are provided. The method comprises determining whether a data request is submitted by an authorized user, in response to receiving the data request, wherein the data request is for accessing first data stored on a data storage system; in response to determining that the data request is submitted by an authorized user, analyzing data access history by the user to the data storage system; in response to determining that the user has previously accessed data on the data storage system that in light of the first data reveal confidential information which the user is not authorized to access, restricting user'"'"'s access to the confidential information.

Citations

20 Claims

1. A method for sanitizing data, the method comprising:
- in response to receiving a data request from a user, determining whether the data request is submitted by an authorized user,wherein the data request is for accessing first data stored on a data storage system;
  
  in response to determining that the data request is submitted by an authorized user, analyzing data access history by the user to the data storage system;
  
  in response to determining that the user has previously accessed data on the data storage system that in light of the first data reveal confidential information which the user is not authorized to access, restricting user'"'"'s access to the confidential information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein restricting user'"'"'s access to the confidential information comprises removing the confidential information from the first data before transferring the first data to the user.
  - 3. The method of claim 1, wherein restricting user'"'"'s access to the confidential information comprises including the confidential information in the first data but blocking the confidential information from view before transferring the first data to the user.
  - 4. The method of claim 1, wherein restricting user'"'"'s access to the confidential information comprises anonymizing the confidential information in the first data before transferring the first data to the user.
  - 5. The method of claim 1, wherein a storlet running on the data storage system performs authentication of the request to determine whether the request is submitted by the authorized user.
  - 6. The method of claim 1, wherein a storlet running on the data storage system performs the data access history analysis to determine whether first data for which the data request is submitted in view of the previously accessed data by the user may reveal confidential information to the user.
  - 7. The method of claim 1, wherein a storlet running on the data storage system restricts user'"'"'s access to the confidential information by updating content of a copy of the first data that is to be transferred to the user.
  - 8. The method of claim 7, wherein the storlet masks the confidential information in the copy of the first data.
  - 9. The method of claim 7, wherein the storlet deletes the confidential information in the copy of the first data.
  - 10. The method of claim 7, wherein the storlet removes information included in the copy of the first data that if analyzed against data previously accessed by the user would reveal confidential information.

11. A system for sanitizing data, the system comprising:
- a logic unit for determining whether a data request is submitted by an authorized user, in response to receiving the data request,wherein the data request is for accessing first data stored on a data storage system,wherein in response to determining that the data request is submitted by an authorized user, data access history is analyzed by the user to the data storage system,wherein in response to determining that the user has previously accessed data on the data storage system that in light of the first data reveal confidential information which the user is not authorized to access, user'"'"'s access to the confidential information is restricted.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein restricting user'"'"'s access to the confidential information comprises removing the confidential information from the first data before transferring the first data to the user.
  - 13. The system of claim 11, wherein restricting user'"'"'s access to the confidential information comprises including the confidential information in the first data but blocking the confidential information from view before transferring the first data to the user.
  - 14. The system of claim 11, wherein restricting user'"'"'s access to the confidential information comprises anonymizing the confidential information in the first data before transferring the first data to the user.
  - 15. The system of claim 11, wherein a storlet running on the data storage system performs authentication of the request to determine whether the request is submitted by the authorized user.

16. A computer program product comprising a non-transitory computer readable storage medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- determine whether a data request is submitted by an authorized user, in response to receiving the data request,wherein the data request is for accessing first data stored on a data storage system,wherein in response to determining that the data request is submitted by an authorized user, data access history is analyzed by the user to the data storage system,wherein in response to determining that the user has previously accessed data on the data storage system that in light of the first data reveal confidential information which the user is not authorized to access, user'"'"'s access to the confidential information is restricted.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer program product of claim 16, wherein restricting user'"'"'s access to the confidential information comprises removing the confidential information from the first data before transferring the first data to the user.
  - 18. The computer program product of claim 16, wherein restricting user'"'"'s access to the confidential information comprises including the confidential information in the first data but blocking the confidential information from view before transferring the first data to the user.
  - 19. The computer program product of claim 16, wherein restricting user'"'"'s access to the confidential information comprises anonymizing the confidential information in the first data before transferring the first data to the user.
  - 20. The computer program product of claim 16, wherein a storlet running on the data storage system performs authentication of the request to determine whether the request is submitted by the authorized user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Cohen, Simona, Hartman, Alan, Marberg, John Michael, Nagin, Kenneth, Moffie, Micha Gideon

Application Number

US14/184,718
Publication Number

US 20150235049A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

G06F 21/6254 by anonymising data, e.g. d...

Maintaining Data Privacy in a Shared Data Storage System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Maintaining Data Privacy in a Shared Data Storage System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links