Method and apparatus for rule-based masking of data
First Claim
Patent Images
1. A method comprising;
- authenticating a user against an enterprise wide system;
retrieving content from a data source in response to a request, wherein the request is submitted from a browser application;
determining if a policy associated with the user exists locally;
if the policy does not exist locally, setting a dummy time stamp and comparing the dummy time stamp to a time stamp of the policy within a policy store if the policy exists within the policy store;
or, if the policy does exist locally, determining a time stamp of the existing policy and comparing the time stamp of the existing local policy to the time stamp of the policy within a policy store if the policy exists within the policy store,the policy including one or more rules for masking data;
if the policy exists in the policy store, determining whether the either the dummy time stamp or the time stamp of the existing local policy is identical to the time stamp of the policy in the policy store;
if the time stamps are not identical, retrieving the latest policy from the policy store;
otherwise using the existing policy;
searching, within the content, data in accordance with the latest policy, wherein the data satisfy the one or more rules;
determining whether the user is white-listed;
if the user is not white-listed, masking the data that satisfy the one or more rules;
modifying the content with the masked data; and
if no policy exists in the policy store, or if the user is white-listed, sending the retrieved content from the data source to the browser application without masking the data.
3 Assignments
0 Petitions
Accused Products
Abstract
An approach is provided for de-personalizing data. Content from a data source is retrieved in response to a request by a user. A rule for masking data (e.g., web data) is determined, wherein the rule is specified in a policy associated with the user. A search, within the content, for data that satisfy the rule is performed. The data that satisfy the rule is masked. The content is then modified with the masked data for delivery to the user.
26 Citations
26 Claims
-
1. A method comprising;
-
authenticating a user against an enterprise wide system; retrieving content from a data source in response to a request, wherein the request is submitted from a browser application; determining if a policy associated with the user exists locally; if the policy does not exist locally, setting a dummy time stamp and comparing the dummy time stamp to a time stamp of the policy within a policy store if the policy exists within the policy store;
or, if the policy does exist locally, determining a time stamp of the existing policy and comparing the time stamp of the existing local policy to the time stamp of the policy within a policy store if the policy exists within the policy store,the policy including one or more rules for masking data; if the policy exists in the policy store, determining whether the either the dummy time stamp or the time stamp of the existing local policy is identical to the time stamp of the policy in the policy store; if the time stamps are not identical, retrieving the latest policy from the policy store; otherwise using the existing policy; searching, within the content, data in accordance with the latest policy, wherein the data satisfy the one or more rules; determining whether the user is white-listed; if the user is not white-listed, masking the data that satisfy the one or more rules; modifying the content with the masked data; and if no policy exists in the policy store, or if the user is white-listed, sending the retrieved content from the data source to the browser application without masking the data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
a processor to authenticate a user against an enterprise wide system; a request listener configured to receive a request for retrieval of content from a data source, wherein the request is submitted from a browser application; a policy configuration engine to create a new policy; a rule processing engine configured to verify a search result for a latest policy associated with the user based on a time stamp value of the policy and configured to determine whether the user is white-listed, the policy includes one or more rules for masking data, the rule processing engine being further configured to search, within the content, data in accordance with the latest policy, wherein the data satisfy the one or more rules;
if no policy exists, sending the retrieved content from the data source to the user without masking any content data;a masking engine configured to mask the data that satisfy the one or more rules; and a response broker configured to modify the content with the masked data. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
an authentication system to authenticate a user against an enterprise wide system; a policy store configured to store a policy of the user, the policy relating to data masking; and a web proxy including, a request listener configured to receive a request for retrieval of content from a data source, wherein the request is submitted from a browser application; a policy configuration engine to create a new policy, a rule processing engine configured to verify a search result for a latest policy associated with a user based on a time stamp value of the policy and configured to determine whether the user is white-listed, the policy including one or more rules for masking data;
if no policy exists, sending the retrieved content from the data source to the user without masking any content data;the rule processing engine being further configured to search, within the content, data in accordance with the latest policy, wherein the data satisfy the one or more rules; a masking engine configured to mask the data that satisfy the one or more rules; and a response broker configured to modify the content with the masked data. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
Specification