Reducing access to sensitive information
First Claim
Patent Images
1. A method for reducing access to sensitive information, comprising:
- identifying processes and data associated with a computer system;
classifying each of said data as one of sensitive information and non-sensitive information;
wherein said sensitive information includes at least one of;
data that is personal to an individual;
confidential data; and
data that is subject to conditions of restricted use;
for each of said processes;
selecting a process and a sensitive data item;
modifying said sensitive data item to form a modified data item each time the selected process accesses the sensitive data;
analyzing behavior of at least said selected process;
preventing access to said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process, wherein said preventing access includes substituting a value of said sensitive data item with an alternate data value whenever said selected process requests access to said sensitive data item, and wherein if said selected process does not have changeable code, said substituting a value of said sensitive data item with an alternate data value is performed by inserting a replacement layer between said sensitive data item and said selected process,wherein said substituting a value of said sensitive date item is performed by;
randomly generating said alternate data value;
mapping said alternate data value to said sensitive data item; and
storing mapped alternate data value and corresponding sensitive data item in a table within said replacement layer, said table being accessible to saidselected process; and
minimizing access to sensitive information by transforming a process P into a process P′
such that P′
is limited to receiving less personal information than P when it has been determined that P does not require extensive personal information.
1 Assignment
0 Petitions
Accused Products
Abstract
Method, system, and storage medium for reducing or minimizing access to sensitive information. A method includes identifying processes and data associated with a computer system and classifying each of the data as one of either sensitive information or non-sensitive information. The sensitive information includes at least one of: data that is personal to an individual, confidential data, and data that is legally subject to conditions of restricted use. For each of the processes the method includes selecting a process and a sensitive data item, modifying the sensitive data item, analyzing the behavior of at least the selected process, and preventing access of the sensitive data item by the selected process if, as a result of the analyzing, the sensitive data item is determined not to be needed by the selected process.
-
Citations
23 Claims
-
1. A method for reducing access to sensitive information, comprising:
-
identifying processes and data associated with a computer system; classifying each of said data as one of sensitive information and non-sensitive information; wherein said sensitive information includes at least one of; data that is personal to an individual; confidential data; and data that is subject to conditions of restricted use; for each of said processes; selecting a process and a sensitive data item; modifying said sensitive data item to form a modified data item each time the selected process accesses the sensitive data; analyzing behavior of at least said selected process; preventing access to said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process, wherein said preventing access includes substituting a value of said sensitive data item with an alternate data value whenever said selected process requests access to said sensitive data item, and wherein if said selected process does not have changeable code, said substituting a value of said sensitive data item with an alternate data value is performed by inserting a replacement layer between said sensitive data item and said selected process, wherein said substituting a value of said sensitive date item is performed by; randomly generating said alternate data value; mapping said alternate data value to said sensitive data item; and storing mapped alternate data value and corresponding sensitive data item in a table within said replacement layer, said table being accessible to said selected process; and minimizing access to sensitive information by transforming a process P into a process P′
such that P′
is limited to receiving less personal information than P when it has been determined that P does not require extensive personal information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for reducing access to sensitive information, comprising:
-
identifying processes and data associated with a computer system; classifying each of said data as one of sensitive information and non-sensitive information; wherein said sensitive information includes at least one of; data that is personal to an individual; confidential data; and data that is subject to conditions of restricted use; for each of said processes; selecting a process and a sensitive data item; modifying said sensitive data item to form a modified data item each time the selected process accesses the sensitive data; analyzing behavior of at least said selected process; preventing access to said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process, wherein said preventing access includes substituting a value of said sensitive data item with an alternate data value whenever said selected process requests access to said sensitive data item and wherein if said selected process does not have changeable code, said substituting a value of said sensitive data item with an alternate data value is performed by inserting a replacement layer between said sensitive data item and said selected process, wherein said substituting a value of said sensitive date item is performed by; randomly generating said alternate data value; mapping said alternate data value to said sensitive data item; and storing mapped alternate data value and corresponding sensitive data item in a table within said replacement layer, said table being accessible to said selected process; shifting a function of a first selected process associated with said sensitive data item to a second selected process if, as a result of said analyzing, it is determined that said second selected process utilizes said sensitive data item more frequently than said first selected process; and minimizing access to sensitive information by transforming a process P into a process P′
such that P′
is limited to receiving less personal information than P when it has been determined that P does not require extensive personal information.
-
-
13. A computer system for reducing access to sensitive information, comprising
a processor; -
a plurality of processes executable by said computer system; a database storing data items utilized by said at least one process; a replacement layer in communication with said at least one of said plurality of processes, said replacement layer operable for controlling access to said data items; and an access minimization system associated with said computer system, said access minimization system performing; identifying said plurality of processes and said data items associated with said computer system; classifying each of said data items as one of sensitive information and non-sensitive information; for each of said processes; selecting a process and a sensitive data item; modifying said sensitive data item; analyzing behavior of at least said selected process; and
preventing access of said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process, wherein said preventing access includes substituting a value of said sensitive data item with an alternate data value whenever said selected process requests access to said sensitive data item, and wherein if said selected process does not have changeable code, said substituting a value of said sensitive data item with an alternate data value is performed by inserting a replacement layer between said sensitive data item and said selected process,wherein said substituting a value of said sensitive date item is performed by; randomly generating said alternate data value; mapping said alternate data value to said sensitive data item; and storing mapped alternate data value and corresponding sensitive data item in a table within said replacement layer, said table being accessible to said selected process; and minimizing access to sensitive information by transforming a process P into a process P′
such that P′
is limited to receiving less personal information than P when it has been determined that P does not require extensive personal information. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A non-transitory computer readable storage medium storing machine-readable computer program code for reducing access to sensitive information, said storage medium including instructions for causing a computer system to implement a method, comprising:
-
identifying processes and data associated with a computer system; classifying each of said data as one of sensitive information and non-sensitive information; wherein said sensitive information includes at least one of; data that is personal to an individual; confidential data; and data that is legally subject to conditions of restricted use;
for each of said processes;selecting said process and a sensitive data item; modifying said sensitive data item; analyzing behavior of at least said selected process; and
preventing access of said sensitive data item by said selected process if, as a result of said analyzing, said sensitive data item is determined not to be needed by said selected process, wherein said preventing access includes substituting a value of said sensitive data item with an alternate data value whenever said selected process requests access to said sensitive data item, and wherein if said selected process does not have changeable code, said substituting a value of said sensitive data item with an alternate data value is performed by inserting a replacement layer between said sensitive data item and said selected process,wherein said substituting a value of said sensitive date item is performed by; randomly generating said alternate data value; mapping said alternate data value to said sensitive data item; and storing mapped alternate data value and corresponding sensitive data item in a table within said replacement layer, said table being accessible to said selected process; and minimizing access to sensitive information by transforming a process P into a process P′
such that P′
is limited to receiving less personal information than P when it has been determined that P does not require extensive personal information.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsPfitzmann, Birgit M., Schunter, Matthias, Camenisch, Jan L., Waidner, Michael P.
-
Primary Examiner(s)Moazzami; Nasser
-
Assistant Examiner(s)Traore; Fatoumata
-
Application NumberUS10/874,421Publication NumberTime in Patent Office2,512 DaysField of Search726 2- 5, 726 26- 27US Class Current726/27CPC Class CodesG06F 21/6245 Protecting personal data, e...
