Method and apparatus for rule-based masking of data

US 8,341,104 B2
Filed: 08/16/2007
Issued: 12/25/2012
Est. Priority Date: 08/16/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising;

authenticating a user against an enterprise wide system;

retrieving content from a data source in response to a request, wherein the request is submitted from a browser application;

determining if a policy associated with the user exists locally;

if the policy does not exist locally, setting a dummy time stamp and comparing the dummy time stamp to a time stamp of the policy within a policy store if the policy exists within the policy store;

or, if the policy does exist locally, determining a time stamp of the existing policy and comparing the time stamp of the existing local policy to the time stamp of the policy within a policy store if the policy exists within the policy store,the policy including one or more rules for masking data;

if the policy exists in the policy store, determining whether the either the dummy time stamp or the time stamp of the existing local policy is identical to the time stamp of the policy in the policy store;

if the time stamps are not identical, retrieving the latest policy from the policy store;

otherwise using the existing policy;

searching, within the content, data in accordance with the latest policy, wherein the data satisfy the one or more rules;

determining whether the user is white-listed;

if the user is not white-listed, masking the data that satisfy the one or more rules;

modifying the content with the masked data; and

if no policy exists in the policy store, or if the user is white-listed, sending the retrieved content from the data source to the browser application without masking the data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An approach is provided for de-personalizing data. Content from a data source is retrieved in response to a request by a user. A rule for masking data (e.g., web data) is determined, wherein the rule is specified in a policy associated with the user. A search, within the content, for data that satisfy the rule is performed. The data that satisfy the rule is masked. The content is then modified with the masked data for delivery to the user.

26 Citations

View as Search Results

26 Claims

1. A method comprising;
- authenticating a user against an enterprise wide system;
  
  retrieving content from a data source in response to a request, wherein the request is submitted from a browser application;
  
  determining if a policy associated with the user exists locally;
  
  if the policy does not exist locally, setting a dummy time stamp and comparing the dummy time stamp to a time stamp of the policy within a policy store if the policy exists within the policy store;
  
  or, if the policy does exist locally, determining a time stamp of the existing policy and comparing the time stamp of the existing local policy to the time stamp of the policy within a policy store if the policy exists within the policy store,the policy including one or more rules for masking data;
  
  if the policy exists in the policy store, determining whether the either the dummy time stamp or the time stamp of the existing local policy is identical to the time stamp of the policy in the policy store;
  
  if the time stamps are not identical, retrieving the latest policy from the policy store;
  
  otherwise using the existing policy;
  
  searching, within the content, data in accordance with the latest policy, wherein the data satisfy the one or more rules;
  
  determining whether the user is white-listed;
  
  if the user is not white-listed, masking the data that satisfy the one or more rules;
  
  modifying the content with the masked data; and
  
  if no policy exists in the policy store, or if the user is white-listed, sending the retrieved content from the data source to the browser application without masking the data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A method as recited in claim 1, further comprising:
    - determining scope of the one or more rules as specified in the policy, the one or more rules being applied to the content based on the determined scope.
  - 3. A method as recited in claim 2, wherein the data source is a website and the content represents a web page, the scope being either limited to the web page or being global to the website.
  - 4. A method as recited in claim 1, wherein the one or more rules specify at least one of a string token-based rule, a hyperlink-based rule, a pattern value-based rule, a pattern key-based rule, and a table column-based rule.
  - 5. A method as recited in claim 1, wherein the content is formatted according to a HyperText Markup Language (HTML), and the request is submitted from a browser application.
  - 6. A method as recited in claim 5, wherein the data source is web server, the method further comprising:
    - intercepting the request destined for the web server.
  - 7. A method according to claim 1, wherein the user modifies the one or more rules or the policy via a policy configuration engine.
  - 8. A method as recited in claim 1, wherein the content is formatted according to an extended markup language (XML), and the request is submitted from a browser application.
  - 9. A method as recited in claim 1, further comprising:
    - delivering the modified content with the masked data directly to the user.

10. An apparatus comprising:
- a processor to authenticate a user against an enterprise wide system;
  
  a request listener configured to receive a request for retrieval of content from a data source, wherein the request is submitted from a browser application;
  
  a policy configuration engine to create a new policy;
  
  a rule processing engine configured to verify a search result for a latest policy associated with the user based on a time stamp value of the policy and configured to determine whether the user is white-listed, the policy includes one or more rules for masking data, the rule processing engine being further configured to search, within the content, data in accordance with the latest policy, wherein the data satisfy the one or more rules;
  
  if no policy exists, sending the retrieved content from the data source to the user without masking any content data;
  
  a masking engine configured to mask the data that satisfy the one or more rules; and
  
  a response broker configured to modify the content with the masked data.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. An apparatus as recited in claim 10, wherein the rule processing engine is further configured to determine scope of the one or more rules as specified in the policy, the one or more rules being applied to the content based on the determined scope.
  - 12. An apparatus as recited in claim 11, wherein the data source is a website and the content represents a web page, the scope being either limited to the web page or being global to the website.
  - 13. An apparatus as recited in claim 10, wherein the one or more rules specify at least one of a string token-based rule, a hyperlink-based rule, a pattern value-based rule, a pattern key-based rule, and a table column-based rule.
  - 14. An apparatus as recited in claim 10, wherein the content is formatted according to a HyperText Markup Language (HTML), and the request is submitted from a browser application.
  - 15. An apparatus as recited in claim 14, wherein the data source is web server, and the request listener is further configured to intercept the request destined for the web server.
  - 16. An apparatus according to claim 10, wherein the user modifies the one or more rules or the policy via a policy configuration engine.
  - 17. An apparatus according to claim 10, wherein the content is formatted according to an extended markup language (XML), and the request is submitted from a browser application.
  - 18. An apparatus as recited in claim 10, wherein the response broker is further configured to deliver the modified content with the masked data directly to the user.

19. A system comprising:
- an authentication system to authenticate a user against an enterprise wide system;
  
  a policy store configured to store a policy of the user, the policy relating to data masking; and
  
  a web proxy including,a request listener configured to receive a request for retrieval of content from a data source, wherein the request is submitted from a browser application;
  
  a policy configuration engine to create a new policy,a rule processing engine configured to verify a search result for a latest policy associated with a user based on a time stamp value of the policy and configured to determine whether the user is white-listed, the policy including one or more rules for masking data;
  
  if no policy exists, sending the retrieved content from the data source to the user without masking any content data;
  
  the rule processing engine being further configured to search, within the content, data in accordance with the latest policy, wherein the data satisfy the one or more rules;
  
  a masking engine configured to mask the data that satisfy the one or more rules; and
  
  a response broker configured to modify the content with the masked data.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. A system as recited in claim 19, wherein the rule processing engine is further configured to determine scope of the one or more rules as specified in the policy, the one or more rules being applied to the content based on the determined scope.
  - 21. A system as recited in claim 20, wherein the data source is a website and the content represents a web page, the scope being either limited to the web page or being global to the website.
  - 22. A system as recited in claim 19, wherein the one or more rules specify at least one of a string token-based rule, a hyperlink-based rule, a pattern value-based rule, a pattern key-based rule, and a table column-based rule.
  - 23. A system as recited in claim 19, wherein the content is formatted according to a HyperText Markup Language (HTML), and the request is submitted from a browser application.
  - 24. A system as recited in claim 23, wherein the data source is web server, and the request listener is further configured to intercept the request destined for the web server.
  - 25. A system according to claim 19, further comprising:
    - a policy configuration engine coupled to the policy store and configured to permit the user to modify the one or more rules or the policy.
  - 26. A system as recited in claim 19, wherein the response broker is further configured to deliver the modified content with the masked data directly to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Original Assignee
Verizon Patent and Licensing Incorporated (Verizon Communications Inc.)
Inventors
Manickam, S. A. Vetha, Padegal, S. Ramanjaneyulu
Primary Examiner(s)
Chaki, Kakali
Assistant Examiner(s)
Gonzales, Vincent

Application Number

US11/839,802
Publication Number

US 20090048997A1
Time in Patent Office

1,958 Days
Field of Search

706/47, 707/757
US Class Current

706/47
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/0407   wherein the identity of one...

H04L 67/306   User profiles

Method and apparatus for rule-based masking of data

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for rule-based masking of data

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links