System and method for protecting sensitive data

US 7,752,215 B2
Filed: 10/07/2005
Issued: 07/06/2010
Est. Priority Date: 10/07/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of managing access to sensitive data in a database, comprising:

receiving a query against the data in the database, the query comprising at least;

(i) a result field specification including a plurality of result fields characterizing which fields are to be returned in a result set for the query; and

(ii) a sorting instruction to sort the result set on the basis of a selected result field of the plurality of result fields;

retrieving the result set from the database in response to executing the query;

creating, prior to filtering the retrieved result set, a temporary data structure storing the retrieved result set;

filtering the retrieved result set on the basis of predefined filtering rules to remove selected data only from the selected result field of at least one data record included with the retrieved result set, while preserving data from each of the other remaining plurality of result fields of the at least one data record;

joining, after the filtering, the filtered result set to the retrieved result set stored in the temporary data structure to generate a joined result set;

rewriting the sorting instruction to generate a modified sorting instruction instructing to sort the joined result set for the query on the basis of the selected result field;

sorting the joined result set according to the modified sorting instruction to produce a sorted result set that includes the at least one data record, whereby the sorting is done independently of the removed selected data so that the sorted result set places the at least one data record at a position which is non-indicative of a value of the removed selected data; and

outputting a sorted filtered result set comprising one or more data records selected from the sorted result set.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system and article of manufacture for protecting sensitive data in databases and, more particularly, for managing access to sensitive data in a database. One embodiment comprises receiving a query against the data in the database comprising at least (i) a result field specification, and (ii) a sorting instruction. The method further comprises retrieving a result set from the database, and filtering the retrieved result set on the basis of predefined filtering rules to remove selected data from a selected result field of at least one data record included with the retrieved result set. The filtered result set is sorted according to the sorting instruction to produce the sorted result set, whereby the sorting is done independently of the removed selected data so that the sorted result set places the at least one data record at a position which is non-indicative of a value of the removed selected data.

Citations

14 Claims

1. A computer-implemented method of managing access to sensitive data in a database, comprising:
- receiving a query against the data in the database, the query comprising at least;
  
  (i) a result field specification including a plurality of result fields characterizing which fields are to be returned in a result set for the query; and
  
  (ii) a sorting instruction to sort the result set on the basis of a selected result field of the plurality of result fields;
  
  retrieving the result set from the database in response to executing the query;
  
  creating, prior to filtering the retrieved result set, a temporary data structure storing the retrieved result set;
  
  filtering the retrieved result set on the basis of predefined filtering rules to remove selected data only from the selected result field of at least one data record included with the retrieved result set, while preserving data from each of the other remaining plurality of result fields of the at least one data record;
  
  joining, after the filtering, the filtered result set to the retrieved result set stored in the temporary data structure to generate a joined result set;
  
  rewriting the sorting instruction to generate a modified sorting instruction instructing to sort the joined result set for the query on the basis of the selected result field;
  
  sorting the joined result set according to the modified sorting instruction to produce a sorted result set that includes the at least one data record, whereby the sorting is done independently of the removed selected data so that the sorted result set places the at least one data record at a position which is non-indicative of a value of the removed selected data; and
  
  outputting a sorted filtered result set comprising one or more data records selected from the sorted result set.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein retrieving the result set comprises:
    - removing the sorting instruction from the query, whereby a modified query is generated; and
      
      executing the modified query against the database.
  - 3. The method of claim 1, wherein filtering the retrieved result set comprises for each data record included with the retrieved result set:
    - determining whether the selected result field of the data record comprises sensitive data; and
      
      if so, replacing the sensitive data with a replacement value.
  - 4. The method of claim 1, further comprising:
    - selecting, from the sorted result set, all data records belonging to the filtered result set; and
      
      wherein the selected data records are output in a sorted list.
  - 5. The method of claim 1, further comprising:
    - selecting, from the sorted joined result set, all data records belonging to the retrieved result set;
      
      filtering all selected data records on the basis of the predefined filtering rules to remove sensitive data from the selected result field of at least one of the selected data records; and
      
      wherein the filtered selected data records are output in a sorted list.
  - 6. The method of claim 1, wherein each result field of the query is a logical field of a data abstraction model abstractly describing the data in the database;
    - whereby the query defines an abstract query, and wherein the data abstraction model is adapted for transforming the one or more logical fields of the abstract query into a form consistent with a physical representation of the data in the database.
  - 7. The method of claim 1, wherein the query is one of a SQL query or an XML query.

8. A computer-readable storage medium containing a program which, when executed by a computer processor, performs operations for managing access to sensitive data in a database, the operations comprising:
- receiving a query against the data in the database, the query comprising at least;
  
  (i) a result field specification including a plurality of result fields characterizing which fields are to be returned in a result set for the query; and
  
  (ii) a sorting instruction to sort the result set on the basis of a selected result field of the plurality of result fields;
  
  retrieving the result set from the database in response to executing the query;
  
  creating, prior to filtering the retrieved result set, a temporary data structure storing the retrieved result set;
  
  filtering the retrieved result set on the basis of predefined filtering rules to remove selected data only from the selected result field of at least one data record included with the retrieved result set, while preserving data from each of the other remaining plurality of result fields of the at least one data record;
  
  joining, after the filtering, the filtered result set to the retrieved result set stored in the temporary data structure to generate a joined result set;
  
  rewriting the sorting instruction to generate a modified sorting instruction instructing to sort the joined result set for the query on the basis of the selected result field;
  
  sorting the joined result set according to the modified sorting instruction to produce a sorted result set that includes the at least one data record, whereby the sorting is done independently of the removed selected data so that the sorted result set places the at least one data record at a position which is non-indicative of a value of the removed selected data; and
  
  outputting a sorted filtered result set comprising one or more data records selected from the sorted result set.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer-readable storage medium of claim 8, wherein retrieving the result set comprises:
    - removing the sorting instruction from the query, whereby a modified query is generated; and
      
      executing the modified query against the database.
  - 10. The computer-readable storage medium of claim 8, wherein filtering the retrieved result set comprises for each data record included with the retrieved result set:
    - determining whether the selected result field of the data record comprises sensitive data; and
      
      if so, replacing the sensitive data with a replacement value.
  - 11. The computer-readable storage medium of claim 8, wherein the operations further comprise:
    - selecting, from the sorted result set, all data records belonging to the filtered result set; and
      
      wherein the selected data records are output in a sorted list.
  - 12. The computer-readable storage medium of claim 8, wherein the operations further comprise:
    - selecting, from the sorted joined result set, all data records belonging to the retrieved result set;
      
      filtering all selected data records on the basis of the predefined filtering rules to remove sensitive data from the selected result field of at least one of the selected data records; and
      
      wherein the filtered selected data records are output in a sorted list.
  - 13. The computer-readable storage medium of claim 8, wherein each result field of the query is a logical field of a data abstraction model abstractly describing the data in the database;
    - whereby the query defines an abstract query, and wherein the data abstraction model is adapted for transforming the one or more logical fields of the abstract query into a form consistent with a physical representation of the data in the database.
  - 14. The computer-readable storage medium of claim 8, wherein the query is one of a SQL query or an XML query.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Twitter Inc (X Holdings Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Rao, Padma S., Sperber, Marci L., Kolz, Daniel P., Dettinger, Richard D., Wenzel, Shannon E., Glowacki, Janice R.
Primary Examiner(s)
Wu; Yicun
Assistant Examiner(s)
Zhao; Yu

Application Number

US11/246,792
Publication Number

US 20070083514A1
Time in Patent Office

1,733 Days
Field of Search

707 2- 6, 707/9, 707/10, 707/103, 707/104.1, 705/1, 705/2, 705/14, 705/25, 709/207, 709/218, 709/224, 715/738, 715/751
US Class Current

707/757
CPC Class Codes

G06F 16/24578   using ranking

G06F 21/6227   where protection concerns t...

G06F 21/6245   Protecting personal data, e...

System and method for protecting sensitive data

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for protecting sensitive data

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links