System and method for dynamic data redaction
First Claim
Patent Images
1. A computer-implemented method for securing access to data, comprising:
- providing a computer including a processor, storage medium, and security service module operating thereon;
receiving, at the security service module, a request from a requestor to access one or more resources;
accessing the one or more resources on behalf of the requestor;
receiving, at the security service module, responses from the one or more resources, and aggregating a result set wherein the aggregated result set includes several portions of disparate resource data;
determining current access policies for the requestor corresponding to each of said several portions of disparate resource data;
redacting from the aggregated result set a portion of said disparate resource data that the requestor is not permitted to receive, based on said current access policies, to create a redacted result set from said aggregated result set when said aggregated result set exceeds the requestor'"'"'s authorization while each of said disparate resources the requestor is authorized to access; and
providing the redacted result set to the requestor.
2 Assignments
0 Petitions
Accused Products
Abstract
A system, method and media for dynamically redacting data based on the evaluation of one or more policies. In one embodiment, the method comprises receiving a request to access one or more resources, receiving responses from the one or more resources and assembling a result set which includes several portions of data, determining current access policies for the requestor to the one or more resources, and redacting from the result set a portion of the data that the requestor is not permitted to receive, based on the current access policies.
166 Citations
18 Claims
-
1. A computer-implemented method for securing access to data, comprising:
-
providing a computer including a processor, storage medium, and security service module operating thereon; receiving, at the security service module, a request from a requestor to access one or more resources; accessing the one or more resources on behalf of the requestor; receiving, at the security service module, responses from the one or more resources, and aggregating a result set wherein the aggregated result set includes several portions of disparate resource data; determining current access policies for the requestor corresponding to each of said several portions of disparate resource data; redacting from the aggregated result set a portion of said disparate resource data that the requestor is not permitted to receive, based on said current access policies, to create a redacted result set from said aggregated result set when said aggregated result set exceeds the requestor'"'"'s authorization while each of said disparate resources the requestor is authorized to access; and providing the redacted result set to the requestor. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A machine readable storage medium having instructions embedded thereon and performing the following functions when executed by a processor:
-
receive, at a security service module, a request from a requester to access one or more resources; access the one or more resources on behalf of the requester; receive, at the security service module, responses from the one or more resources, and aggregating a result set wherein the aggregated result set includes several portions of disparate resource data; determine current access policies for the requester corresponding to each of said several portions of disparate resource data; redact from the aggregated result set a portion of said disparate resource data that the requester is not permitted to receive, based on the current access policies, to create a redacted result set from said aggregated result set when said aggregated result set exceeds the requestor'"'"'s authorization while each of said disparate resources the requestor is authorized to access; and provide the redacted result set to the requester. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for securing access to data, said system comprising:
-
a computer including a processor, storage medium, and security service module operating thereon, wherein the security service module is configured to perform steps comprising; receiving, at the security service module, a request from a requester to access one or more resources; accessing the one or more resources on behalf of the requester; receiving, at the security service module, responses from the one or more resources, and aggregating a result set wherein the aggregated result set includes several portions of disparate resource data; determining current access policies for the requester corresponding to each of said several portions of disparate resource data; redacting from the aggregated result set a portion of said disparate resource data that the requester is not permitted to receive, based on the current access policies, to create a redacted result set from said aggregated result set when said aggregated result set exceeds the requestor'"'"'s authorization while each of said disparate resources the requestor is authorized to access; and providing the redacted result set to the requester. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification