Masking object data based on user authorization

US 7,693,849 B2
Filed: 05/19/2005
Issued: 04/06/2010
Est. Priority Date: 05/19/2005
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

processing an object in response to a user control of an application, wherein the object is maintained in a format that is not self-describing;

accessing, by using a computer, layout information for a requested object, wherein the layout information delineates fields in the object;

determining from access control information whether a user is authorized to access the fields indicated in the layout information;

in response to determining that the user is not authorized to access at least one of the fields, processing data in the at least one field which the user is not authorized to access to generate at least one code used to determine the data that was in the at least one field;

generating the fields from the object into a formatted object formatted according to the layout information;

generating data from the object in fields that the user is determined to have authority to access into the formatted object; and

including the at least one code generated for the at least one field the user is not authorized access into the at least one field in the formatted object indicated in the layout information, wherein the data from the object for the at least one field for which the code is generated is not included in the formatted object, and wherein the at least one code included in the formatted object is enabled to be used by an authorized user subsequent to including the at least one code in the field in the formatted object to access from the object the data for the at least one field the user is not authorized to access.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are a method, system, and program for processing a request for an object from a user. Layout information for the requested object is accessed, wherein the layout information delineates fields in the object. A determination is made from access control information as to whether the user is authorized to access the fields indicated in the layout information. The data from the object in one field which the user is not authorized to access is masked. The fields from the object are generated into a formatted object formatted according to the layout information, wherein the masked data is presented unintelligible to the user.

Citations

17 Claims

1. A method, comprising:
- processing an object in response to a user control of an application, wherein the object is maintained in a format that is not self-describing;
  
  accessing, by using a computer, layout information for a requested object, wherein the layout information delineates fields in the object;
  
  determining from access control information whether a user is authorized to access the fields indicated in the layout information;
  
  in response to determining that the user is not authorized to access at least one of the fields, processing data in the at least one field which the user is not authorized to access to generate at least one code used to determine the data that was in the at least one field;
  
  generating the fields from the object into a formatted object formatted according to the layout information;
  
  generating data from the object in fields that the user is determined to have authority to access into the formatted object; and
  
  including the at least one code generated for the at least one field the user is not authorized access into the at least one field in the formatted object indicated in the layout information, wherein the data from the object for the at least one field for which the code is generated is not included in the formatted object, and wherein the at least one code included in the formatted object is enabled to be used by an authorized user subsequent to including the at least one code in the field in the formatted object to access from the object the data for the at least one field the user is not authorized to access.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the layout information includes field information for each field, wherein generating the data from fields that the user is determined to have authority to access further comprises performing for each field indicated in the layout information:
    - determining data in the requested object for the field from the field information; and
      
      formatting the determined data according to the field information to present the data in the formatted field according to the layout information in response to determining that the user is authorized to access data in the field.
  - 3. The method of claim 1, wherein the request for the data is made through a file utility.
  - 4. The method of claim 1, wherein the access control information provides authorization access for different users for each field indicated in the layout information for the data.
  - 5. The method of claim 1, wherein the code represents an index value addressing the data in the object the user is not authorized to access, and wherein the code is processed to determine the index value.

6. A method, comprising:
- initiating a dump operation for an object in memory being accessed by a user invoked application in response to a failure effecting an application operation, wherein the object is maintained in a format that is not self-describing;
  
  accessing, by using a computer, layout information for the object subject to the dump operation, wherein the layout information delineates fields in the object;
  
  determining from access control information whether the user is authorized to access the fields indicated in the layout information;
  
  in response to determining that the user is not authorized to access at least one of the fields, processing data in the at least one field which the user is not authorized to access to generate at least one code used to determine the data that was in the at least one field;
  
  masking data from the object in the at least one field which the user is not authorized to access by adding the generated at least one code to the at least one field, wherein the at least one code is used to access from the object the data for the at least one field the user is not authorized to access;
  
  generating the fields from the object into a formatted object formatted according to the layout information including any masked data for the at least one field of the object the user is not authorized to access, wherein the masked data is presented unintelligible to the user;
  
  generating data from the object in fields that the user is determined to have authority to access into the formatted object; and
  
  outputting the formatted object to a dump location.
- View Dependent Claims (7)
- - 7. The method of claim 6, further comprising:
    - reviewing the data at the dump location; and
      
      using the code to determine from the object the data that was in the field.

8. A system, comprising:
- a processor;
  
  a computer readable storage medium including code executed to perform operations, the operations comprising;
  
  an application;
  
  an access control module that is executed to perform operations, the operations comprising;
  
  processing an object in response to a user control of the application, wherein the object is maintained in a format that is not self-describing;
  
  accessing layout information for a requested object, wherein the layout information delineates fields in the object;
  
  determining from access control information whether a user is authorized to access the fields indicated in the layout information;
  
  in response to determining that the user is not authorized to access at least one of the fields, processing data in the at least one field which the user is not authorized to access to generate at least one code used to determine the data that was in the at least one field;
  
  generating the fields from the object into a formatted object formatted according to the layout information;
  
  generating data from the object in fields that the user is determined to have authority to access into the formatted object; and
  
  including the at least one code generated for the at least one field the user is not authorized access into the at least one field in the formatted object indicated in the layout information, wherein the data from the object for the at least one field for which the at least one code is generated is not included in the formatted object, and wherein the at least one code included in the formatted object is enabled to be used by an authorized user subsequent to including the at least one code in the field in the formatted object to access from the object the data for the at least one field the user is not authorized to access.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system of claim 8, wherein the layout information includes field information for each field, wherein generating the data from fields that the user is determined to have authority to access further comprises performing for each field indicated in the layout information:
    - determining data in the requested object for the field from the field information; and
      
      formatting the determined data according to the field information to present the data in the formatted field according to the layout information in response to determining that the user is authorized to access data in the field.
  - 10. The system of claim 8, wherein the request for the data is made through a file utility.
  - 11. The system of claim 8, wherein the access control information provides authorization access for different users for each field indicated in the layout information for the data.
  - 12. The system of claim 8, wherein the code represents an index value addressing the data in the object the user is not authorized to access, and wherein the code is processed to determine the index value.

13. An article of manufacture comprising a computer readable storage medium including code executed by a processor to communicate with an application and cause operations to be performed, the operations comprising:
- processing an object in response to a user control of the application, wherein the object is maintained in a format that is not self-describing;
  
  accessing layout information for a requested object, wherein the layout information delineates fields in the object;
  
  determining from access control information whether a user is authorized to access the fields indicated in the layout information;
  
  in response to determining that the user is not authorized to access at least one of the fields, processing data in the at least one field which the user is not authorized to access to generate at least one code used to determine the data that was in the at least one field;
  
  generating the fields from the object into a formatted object formatted according to the layout information;
  
  generating data from the object in fields that the user is determined to have authority to access into the formatted object; and
  
  including the at least one code generated for the at least one field the user is not authorized access into the at least one field in the formatted object indicated in the layout information, wherein the data from the object for the at least one field for which the at least one code is generated is not included in the formatted object, and wherein the at least one code included in the formatted object is enabled to be used by an authorized user subsequent to including the at least one code in the field in the formatted object to access from the object the data for the at least one field the user is not authorized to access.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The article of manufacture of claim 13, wherein the layout information includes field information for each field, wherein generating the data from fields that the user is determined to have authority to access further comprises performing for each field indicated in the layout information:
    - determining data in the requested object for the field from the field information; and
      
      formatting the determined data according to the field information to present the data in the formatted field according to the layout information in response to determining that the user is authorized to access data in the field.
  - 15. The article of manufacture of claim 13, wherein the request for the data is made through a file utility.
  - 16. The article of manufacture of claim 13, wherein the access control information provides authorization access for different users for each field indicated in the layout information for the data.
  - 17. The article of manufacture of claim 13, wherein the code represents an index value addressing the data in the object the user is not authorized to access, and wherein the code is processed to determine the index value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Twitter Inc (X Holdings Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Hess, Howard M.
Primary Examiner(s)
Truong; Cam Y
Assistant Examiner(s)
VO, CECILE H

Application Number

US11/134,651
Publication Number

US 20060265375A1
Time in Patent Office

1,783 Days
Field of Search

707 1- 10, 707100-102, 705/2, 705/35, 705/36, 705/36.R, 713/165, 711/167, 709/205, 717125-172
US Class Current

1/1
CPC Class Codes

G06F 21/6209 to a single file or object,...

G06F 21/6227 where protection concerns t...

Masking object data based on user authorization

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Masking object data based on user authorization

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links