PATTERN DRIVEN DATA PRIVACY MANAGEMENT

US 20160180104A1
Filed: 12/19/2014
Published: 06/23/2016
Est. Priority Date: 12/19/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method for pattern driven data privacy management, the method comprising:

monitoring different attempts by one or more end users to access data in a database and a context in which each of the different attempts occur;

computing different patterns of access to the data according to different contexts in which the different attempts occur;

mapping the computed different patterns to a respective portion of the data for which a mapped one of the patterns is computed; and

,responsive to a contemporaneous attempt to access a particular portion of the data, determining a contemporaneous context for the contemporaneous attempt, locating in the mapping a computed pattern for the particular portion of the data, comparing the contemporaneous context to the computed pattern of access for the particular portion of the data, and if the contemporaneous context deviates from a computed pattern of access for the particular portion of the data, enforcing a data privacy rule in respect to the particular portion of the data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide a method, system and computer program product for pattern driven data privacy management. A method for pattern driven data privacy management includes monitoring different attempts by one or more end users to access data in a database and a context in which each of the different attempts occur. The method additionally includes computing different patterns of access to the data according to different contexts in which the different attempts occur. Finally, the method includes responding to a contemporaneous attempt to access a portion of the data, by determining a contemporaneous context for the contemporaneous attempt, by comparing the contemporaneous context to a computed pattern of access for the portion of the data, and if the contemporaneous context deviates from a computed pattern of access for the portion of the data, by enforcing a data privacy rule in respect to the portion of the data.

Citations

20 Claims

1. A method for pattern driven data privacy management, the method comprising:
- monitoring different attempts by one or more end users to access data in a database and a context in which each of the different attempts occur;
  
  computing different patterns of access to the data according to different contexts in which the different attempts occur;
  
  mapping the computed different patterns to a respective portion of the data for which a mapped one of the patterns is computed; and
  
  ,responsive to a contemporaneous attempt to access a particular portion of the data, determining a contemporaneous context for the contemporaneous attempt, locating in the mapping a computed pattern for the particular portion of the data, comparing the contemporaneous context to the computed pattern of access for the particular portion of the data, and if the contemporaneous context deviates from a computed pattern of access for the particular portion of the data, enforcing a data privacy rule in respect to the particular portion of the data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the attempts by the one or more end users to access the data occur in respect to utilization by the one or more end users of a corresponding application programmed to access the data in the database.
  - 3. The method of claim 1, wherein the one or more end users are classified according to role and the computed different patterns of access are computed with respect to each of different role of a corresponding one of the one or more end users.
  - 4. The method of claim 1, wherein the contemporaneous context is a time of day during which an attempt to access the particular portion of the data occurs and wherein a corresponding computed one of the different patterns is a time of day during which attempts to access the particular portion of the data previously occurred.
  - 5. The method of claim 1, wherein the contemporaneous context is a geographical location at which an attempt to access the particular portion of the data occurs and wherein a corresponding computed one of the different patterns is a geographical location at which attempts to access the particular portion of the data previously occurred.
  - 6. The method of claim 1, wherein the privacy rule is to visually obscure the particular portion of the data.
  - 7. The method of claim 1, wherein the privacy rule is to block access to the particular portion of the data.

8. A data processing system configured for pattern driven data privacy management, the system comprising:
- a host computing system comprising one or more computers, each with memory and at least one processor;
  
  a database coupled to the host computing system and storing data in the database;
  
  an application executing in the memory of the host computing system, the application including program code configured to request access to the data in the database in response to utilization by an end user of the application; and
  
  ,a pattern driven data privacy management module comprising program code enabled upon execution in the memory of the computer to monitor different attempts by the end user to access data in the database and a context in which each of the different attempts occur, to compute different patterns of access to the data according to different contexts in which the different attempts occur, to map each of the computed different patterns to a respective portion of the data for which a mapped one of the patterns is computed, and to respond to a contemporaneous attempt to access a particular portion of the data by determining a contemporaneous context for the contemporaneous attempt, by locating in the map a computed pattern for the particular portion of the data, by comparing the contemporaneous context to the computed pattern of access for the particular portion of the data, and if the contemporaneous context deviates from a computed pattern of access for the particular portion of the data, by enforcing a data privacy rule in respect to the particular portion of the data.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system of claim 8, wherein the contemporaneous context is a time of day during which an attempt to access the particular portion of the data occurs and wherein a corresponding computed one of the different patterns is a time of day during which attempts to access the particular portion of the data previously occurred.
  - 10. The system of claim 8, wherein the contemporaneous context is a geographical location at which an attempt to access the particular portion of the data occurs and wherein a corresponding computed one of the different patterns is a geographical location at which attempts to access the particular portion of the data previously occurred.
  - 11. The system of claim 8, wherein the privacy rule is to visually obscure the particular portion of the data.
  - 12. The system of claim 8, wherein the privacy rule is to block access to the particular portion of the data.

13. A computer program product for pattern driven data privacy management, the computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a device to cause the device to perform a method comprising:
- monitoring different attempts by one or more end users to access data in a database and a context in which each of the different attempts occur;
  
  computing different patterns of access to the data according to different contexts in which the different attempts occur;
  
  mapping the computed different patterns to a respective portion of the data for which a mapped one of the patterns is computed; and
  
  ,responsive to a contemporaneous attempt to access a particular portion of the data, determining a contemporaneous context for the contemporaneous attempt, locating in the mapping a computed pattern for the particular portion of the data, comparing the contemporaneous context to the computed pattern of access for the particular portion of the data, and if the contemporaneous context deviates from a computed pattern of access for the particular portion of the data, enforcing a data privacy rule in respect to the particular portion of the data.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computer program product of claim 13, wherein the attempts by the one or more end users to access the data occur in respect to utilization by the end users of a corresponding application programmed to access the data in the database.
  - 15. The computer program product of claim 13, wherein the one or more end users are classified according to role and the computed different patterns of access are computed with respect to each of different role of a corresponding one of the one or more end users.
  - 16. The computer program product of claim 13, wherein the contemporaneous context is a time of day during which an attempt to access the particular portion of the data occurs and wherein a corresponding computed one of the different patterns is a time of day during which attempts to access the particular portion of the data previously occurred.
  - 17. The computer program product of claim 13, wherein the contemporaneous context is a geographical location at which an attempt to access the particular portion of the data occurs and wherein a corresponding computed one of the different patterns is a geographical location at which attempts to access the particular portion of the data previously occurred.
  - 18. The computer program product of claim 13, wherein the privacy rule is to visually obscure the particular portion of the data.
  - 19. The computer program product of claim 13, wherein the privacy rule is to block access to the particular portion of the data.
  - 20. The computer program product of claim 13, wherein the contemporaneous context is a device identity from which an attempt to access the particular portion of the data occurs and wherein a corresponding computed one of the different patterns is a device identity from which attempts to access the particular portion of the data previously occurred.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sugarcrm Incorporated
Original Assignee
Sugarcrm Incorporated
Inventors
Asfour, Logain

Application Number

US14/576,445
Publication Number

US 20160180104A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6245 Protecting personal data, e...

PATTERN DRIVEN DATA PRIVACY MANAGEMENT

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PATTERN DRIVEN DATA PRIVACY MANAGEMENT

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links