System and method for restricting access to a data table within a database

US 6,336,114 B1
Filed: 09/03/1998
Issued: 01/01/2002
Est. Priority Date: 09/03/1998
Status: Expired due to Term

First Claim

Patent Images

1. A system for preventing unauthorized access of database systems, comprising:

a client computer configured to transmit a request for data;

a server computer configured to receive said request for data, to retrieve data from a column within a table of a database in response to said request for data, to transmit a portion of said retrieved data associated with information stored within a row of said column in response to a determination that a user of said client computer is authorized to access said row, and to discard a portion of said retrieved data associated with information stored within another row of said column in response to a determination that said user is unauthorized to access said other row.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The system and associated method utilizes a client computer (client), a server computer (server), and a database system. The client establishes communication with the server and submits a request for data to the server. The server receives the request and retrieves data from a column within a table of the database system in response to the request. The server then determines which rows within the column can be accessed by a user of the client. In this regard, the server includes a security information table having predefined values that indicate which rows of information within the database system are accessible to the user. The server analyzes these values in order to determine whether the user is authorized to access a particular row. The server then discards data associated with rows that the user is not authorized to access and transmits the remaining data to the client.

273 Citations

18 Claims

1. A system for preventing unauthorized access of database systems, comprising:
- a client computer configured to transmit a request for data;
  
  a server computer configured to receive said request for data, to retrieve data from a column within a table of a database in response to said request for data, to transmit a portion of said retrieved data associated with information stored within a row of said column in response to a determination that a user of said client computer is authorized to access said row, and to discard a portion of said retrieved data associated with information stored within another row of said column in response to a determination that said user is unauthorized to access said other row.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein said server computer is further configured to determine whether said user is authorized to access each row within said column.
  - 3. The system of claim 1, further comprising a security information table, said security information table including a plurality of values indicating whether said user is authorized to access said rows of said column.
  - 4. The system of claim 3, wherein said client computer is remotely located from said server computer.

5. A system for preventing unauthorized access of databases, comprising:
- a client computer associated with a user;
  
  a database configured to receive a query, to retrieve data stored in a column of a data table in said database based on said query, and to transmit said data; and
  
  a server computer configured to receive said data, to determine whether said data is accessible to said user based on predefined security information stored in said server, to discard a portion of said data inaccessible to said user, and to transmit a remaining portion of said data to said client computer.
- View Dependent Claims (6, 7, 8)
- - 6. The system of claim 5, wherein said portion discarded by said server computer includes a row of said column.
  - 7. The system of claim 6, wherein said remaining portion transmitted by said server computer includes another row of said column.
  - 8. The system of claim 7, wherein said database is located at a premises of said server computer and said client computer is located remotely from said server computer.

9. A system for preventing unauthorized access of databases, comprising:
- a client computer associated with a user;
  
  a database configured to receive a query, to retrieve data stored in a column of a data table in said database based on said query, and to transmit said data; and
  
  a server computer configured to receive a request for data from said client computer and to receive said data, to determine whether said user is authorized to retrieve information within a first row and a second row within said column of said data table, to transmit said query to said database, and to restrict said query so that said server receives said information with said first row but does not receive said information within said second row in response to said query.
- View Dependent Claims (10)
- - 10. The system of claim 9, wherein said database is located at a premises of said server computer and said client computer is located remotely from said server computer.

11. A system for preventing unauthorized access of database systems, comprising:
- means for receiving a request for data from a client computer associated with a user;
  
  means for retrieving data from a column within a table of a database in response to said request for data;
  
  means for determining that said user is authorized to access information stored within a first row of said column and that said user is unauthorized to access information stored within a second row of said column;
  
  means for transmitting a first portion of said retrieved data to said client computer in response to a determination by said determining means that said user is authorized to access information stored within said first row of said column, said first portion retrieved from said first row; and
  
  means for discarding a second portion of said retrieved data in response to a determination by said determining means that said user is unauthorized to access information stored within said second row of said column, said second portion retrieved from said second row.
- View Dependent Claims (12, 13, 14)
- - 12. The system of claim 11, wherein said transmitting means and said discarding means are based on said determining means.
  - 13. The system of claim 11, further comprising a means for determining whether said user is authorized to access information stored within each row of said column in response to said request for data.
  - 14. The system of claim 11, wherein said determining means includes a means for analyzing a first value corresponding with said first row and a second value corresponding with said second row, wherein said first value indicates whether said user is authorized to access said first row and said second value indicates whether said user is authorized to access said second row.

15. A method for preventing unauthorized access of database systems, comprising thesteps of:
- receiving a request for data from a client computer associated with a user;
  
  retrieving data from a column within a table of a database in response to said request for data;
  
  determining that said user is authorized to access information stored within a first row of said column;
  
  determining that said user is unauthorized to access information stored within a second row of said column;
  
  transmitting a first portion of said retrieved data to said client computer in response to a determination that said user is authorized to access information stored within said first row of said column, said first portion retrieved from said first row; and
  
  discarding a second portion of said retrieved data in response to a determination that said user is unauthorized to access information stored within said second row of said column, said second portion retrieved from said second row.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, wherein said transmitting and discarding steps are based on said determining steps.
  - 17. The method of claim 15, further comprising the step of determining whether said user is authorized to access information stored within each row of said column in response to said request for data.
  - 18. The method of claim 15, wherein said determining steps includes the step of analyzing a first value corresponding with said first row and a second value corresponding with said second row, wherein said first value indicates whether said user is authorized to access said first row and said second value indicates whether said user is authorized to access said second row.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Liberty Peak Ventures, LLC (Dominion Harbor Enterprises, LLC)
Original Assignee
Westcorp Software Systems Incorporated
Inventors
Garrison, Greg B.
Primary Examiner(s)
MIZRAHI, DIANE D

Application Number

US09/146,404
Time in Patent Office

1,216 Days
Field of Search

707/8, 707/9, 707/10, 707/6, 709/216, 709/217, 709/218, 709/219, 709/229, 713/160, 713/200, 713/201, 713/202, 713/203, 713/150, 713/155, 713/167, 713/161, 713/166, 714/784
US Class Current

1/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2211/007   Encryption, En-/decode, En-...

Y10S 707/99939   Privileged access

System and method for restricting access to a data table within a database

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

273 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for restricting access to a data table within a database

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

273 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links