Method and apparatus for searching a storage system for confidential data
First Claim
Patent Images
1. A method of searching a computer for confidential data related to a user, comprising:
- obtaining user information comprising the confidential data from a digital identity for the user;
wherein the digital identity comprises a managed digital identity, and wherein the step of obtaining comprises;
identifying an object maintained on the computer that is associated with the managed digital identity;
requesting a token from an identity provider representing the managed digital identity; and
extracting one or more claims comprising the user information from the token;
generating a rule that provides a secure representation of the user information; and
searching a storage system in the computer using the rule to detect one or more instances of the user information within at least one file.
2 Assignments
0 Petitions
Accused Products
Abstract
Method and apparatus for searching a storage system for confidential data is described. One aspect of the invention relates to searching a computer for confidential data related to user. User information comprising the confidential data is obtained from a digital identity for the user. A rule that provides a secure representation of the user information is generated. A storage system in the computer is searched using the rule to detect one or more instances of the user information within at least one file.
21 Citations
16 Claims
-
1. A method of searching a computer for confidential data related to a user, comprising:
-
obtaining user information comprising the confidential data from a digital identity for the user;
wherein the digital identity comprises a managed digital identity, and wherein the step of obtaining comprises;identifying an object maintained on the computer that is associated with the managed digital identity; requesting a token from an identity provider representing the managed digital identity; and extracting one or more claims comprising the user information from the token; generating a rule that provides a secure representation of the user information; and searching a storage system in the computer using the rule to detect one or more instances of the user information within at least one file. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus for searching a computer for confidential data related to a user, comprising:
-
means for obtaining user information comprising the confidential data from a digital identity for the user wherein the digital identity comprises a managed digital identity, and wherein the means for obtaining comprises; means for identifying an object maintained on the computer that is associated with the managed digital identity; means for requesting a token from an identity provider representing the managed digital identity; and means for extracting one or more claims comprising the user information from the token; means for generating a rule that provides a secure representation of the user information; and means for searching a storage system in the computer using the rule to detect one or more instances of the user information within at least one file. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer system, comprising:
-
a storage system configured to store files; an identity manager configured to manage a digital identity for a user; and a security agent configured to; obtain user information comprising confidential data from the digital identity, wherein the digital identity is a managed digital identity; generate a rule that provides a secure representation of the user information; search the storage system using the rule to detect one or more instances of the user information within at least one file; link the rule to the object; identify an object maintained on the computer that is associated with the managed digital identity; request a token from an identity provider representing the managed digital identity; and extract one or more claims comprising the user information from the token; and an identity store configured to store an object associated with the digital identity. - View Dependent Claims (14, 15, 16)
-
Specification