Data security system for a database
DC CAFCFirst Claim
1. A computer-implemented data processing method comprising:
- maintaining a database comprising a plurality of data portions;
maintaining a separate data protection table comprising, for each of one or more data portions, a plurality of data processing rules associated with the data portion that must each be satisfied before the data portion can be accessed;
receiving a request to access a data portion;
determining whether each of the one or more data processing rules associated with the requested data portion are satisfied; and
granting access to the requested data portion responsive to each of the one or more data processing rules associated with the requested data portion being satisfied.
0 Assignments
Litigations
5 Petitions
Accused Products
Abstract
A method and an apparatus for processing data provides protection for the data. The data is stored as encrypted data element values (DV) in records (P) in a first database (0-DB), each data element value being linked to a corresponding data element type (DT). In a second database (IAM-DB), a data element protection catalogue (DC) is stored, which for each individual data element type (DT) contains one or more protection attributes stating processing rules for data element values (DV), which in the first database (0-DB) are linked to the individual data element type (DT). In each user-initiated measure which aims at processing a given data element value (DV) in the first database (0-DB), a calling is initially sent to the data element protection catalogue for collecting the protection attribute/attributes associated with the corresponding data element types. The user'"'"'s processing of the given data element value is controlled in conformity with the collected protection attribute/attributes.
90 Citations
60 Claims
-
1. A computer-implemented data processing method comprising:
-
maintaining a database comprising a plurality of data portions; maintaining a separate data protection table comprising, for each of one or more data portions, a plurality of data processing rules associated with the data portion that must each be satisfied before the data portion can be accessed; receiving a request to access a data portion; determining whether each of the one or more data processing rules associated with the requested data portion are satisfied; and granting access to the requested data portion responsive to each of the one or more data processing rules associated with the requested data portion being satisfied. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer system, comprising:
-
a database storing a plurality of data portions; a data protection table comprising, for each of one or more data portions, a plurality of data processing rules associated with the data portion that must each be satisfied before the data portion can be accessed; and a processor configured to; in response to a request to access a data portion, determine whether each of the one or more data processing rules associated with the requested data portion are satisfied; and grant access to the requested data portion responsive to each of the retrieved one or more data processing rules being satisfied. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A computer-implemented data processing method comprising:
-
maintaining a database comprising a plurality of data portions, each data portion associated with a data category; maintaining a separate data protection table comprising, for at least one data category, one or more data processing rules associated with the data category that must each be satisfied before a data portion associated with the data category can be accessed; receiving a request to access a data portion associated with a first data category from a user; determining whether each of the one or more data processing rules associated with the requested data portion are satisfied; and granting the user access to the requested data portion responsive to each of the retrieved one or more data processing rules being satisfied. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46)
-
-
47. A computer system, comprising:
-
a database storing a plurality of data portions, each data portion associated with a data category; a data protection table comprising, for at least one data category, one or more data processing rules associated with the data category that must each be satisfied before a data portion associated with the data category can be accessed; and a processor configured to; in response to a request to access a data portion associated with a first data category from a user, determine whether each of the one or more data processing rules associated with the requested data portion are satisfied; and grant access to the requested data portion responsive to each of the retrieved one or more data processing rules being satisfied. - View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
-
Specification