×

System and methods for nonintrusive database security

  • US 7,437,362 B1
  • Filed: 11/26/2003
  • Issued: 10/14/2008
  • Est. Priority Date: 11/26/2003
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method of security enforcement for a persistent computer data repository comprising:

  • intercepting, in a nonintrusive manner, a data access transaction between a user application and a data repository having data items, the nonintrusive manner gathering the data access transaction from a stream of data between the application and the data repository;

    determining a correspondence of the intercepted data access transaction to a security policy, the security policy indicative of restricted data items in the data repository to which the user application is prohibited access; and

    selectively limiting, based on the determined correspondence to the security policy, the data access transaction by modifying the data access transaction such that data indications, in the data access transaction, corresponding to restricted data items are modified in a resulting data access transaction according to the security policy, limiting the data access transaction further including;

    receiving a set of packets, the packets encapsulating the data access transaction according to layered protocols;

    interrogating and modifying the packets in a nondestructive manner with respect to the application layered protocols, the nondestructive manner preserving an expected application layer protocol encapsulation;

    padding the packets to emulate packets having a corresponding length as the restricted data items to generate the resulting data access transaction in a manner preserving encapsulation according to expected application based layered protocols;

    identifying rows in the packets having restricted data items, andeliminating the identified rows from the data access transaction such that the resulting data access transaction is a modified query response including rows without restricted data items, the resulting data access transaction returned to a requestor without restricted data items.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×