System and method for protecting sensitive data
First Claim
1. A computer-implemented method of managing access to sensitive data in a database, comprising:
- receiving a query against the data in the database, the query comprising at least;
(i) a result field specification including a plurality of result fields characterizing which fields are to be returned in a result set for the query; and
(ii) a sorting instruction to sort the result set on the basis of a selected result field of the plurality of result fields;
retrieving the result set from the database in response to executing the query;
creating, prior to filtering the retrieved result set, a temporary data structure storing the retrieved result set;
filtering the retrieved result set on the basis of predefined filtering rules to remove selected data only from the selected result field of at least one data record included with the retrieved result set, while preserving data from each of the other remaining plurality of result fields of the at least one data record;
joining, after the filtering, the filtered result set to the retrieved result set stored in the temporary data structure to generate a joined result set;
rewriting the sorting instruction to generate a modified sorting instruction instructing to sort the joined result set for the query on the basis of the selected result field;
sorting the joined result set according to the modified sorting instruction to produce a sorted result set that includes the at least one data record, whereby the sorting is done independently of the removed selected data so that the sorted result set places the at least one data record at a position which is non-indicative of a value of the removed selected data; and
outputting a sorted filtered result set comprising one or more data records selected from the sorted result set.
5 Assignments
0 Petitions
Accused Products
Abstract
A method, system and article of manufacture for protecting sensitive data in databases and, more particularly, for managing access to sensitive data in a database. One embodiment comprises receiving a query against the data in the database comprising at least (i) a result field specification, and (ii) a sorting instruction. The method further comprises retrieving a result set from the database, and filtering the retrieved result set on the basis of predefined filtering rules to remove selected data from a selected result field of at least one data record included with the retrieved result set. The filtered result set is sorted according to the sorting instruction to produce the sorted result set, whereby the sorting is done independently of the removed selected data so that the sorted result set places the at least one data record at a position which is non-indicative of a value of the removed selected data.
-
Citations
14 Claims
-
1. A computer-implemented method of managing access to sensitive data in a database, comprising:
-
receiving a query against the data in the database, the query comprising at least; (i) a result field specification including a plurality of result fields characterizing which fields are to be returned in a result set for the query; and (ii) a sorting instruction to sort the result set on the basis of a selected result field of the plurality of result fields; retrieving the result set from the database in response to executing the query; creating, prior to filtering the retrieved result set, a temporary data structure storing the retrieved result set; filtering the retrieved result set on the basis of predefined filtering rules to remove selected data only from the selected result field of at least one data record included with the retrieved result set, while preserving data from each of the other remaining plurality of result fields of the at least one data record; joining, after the filtering, the filtered result set to the retrieved result set stored in the temporary data structure to generate a joined result set; rewriting the sorting instruction to generate a modified sorting instruction instructing to sort the joined result set for the query on the basis of the selected result field; sorting the joined result set according to the modified sorting instruction to produce a sorted result set that includes the at least one data record, whereby the sorting is done independently of the removed selected data so that the sorted result set places the at least one data record at a position which is non-indicative of a value of the removed selected data; and outputting a sorted filtered result set comprising one or more data records selected from the sorted result set. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable storage medium containing a program which, when executed by a computer processor, performs operations for managing access to sensitive data in a database, the operations comprising:
-
receiving a query against the data in the database, the query comprising at least; (i) a result field specification including a plurality of result fields characterizing which fields are to be returned in a result set for the query; and (ii) a sorting instruction to sort the result set on the basis of a selected result field of the plurality of result fields; retrieving the result set from the database in response to executing the query; creating, prior to filtering the retrieved result set, a temporary data structure storing the retrieved result set; filtering the retrieved result set on the basis of predefined filtering rules to remove selected data only from the selected result field of at least one data record included with the retrieved result set, while preserving data from each of the other remaining plurality of result fields of the at least one data record; joining, after the filtering, the filtered result set to the retrieved result set stored in the temporary data structure to generate a joined result set; rewriting the sorting instruction to generate a modified sorting instruction instructing to sort the joined result set for the query on the basis of the selected result field; sorting the joined result set according to the modified sorting instruction to produce a sorted result set that includes the at least one data record, whereby the sorting is done independently of the removed selected data so that the sorted result set places the at least one data record at a position which is non-indicative of a value of the removed selected data; and outputting a sorted filtered result set comprising one or more data records selected from the sorted result set. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification