System and method for data masking
First Claim
Patent Images
1. A computer system for masking data, the system comprising:
- one or more processors; and
one or more memories operatively coupled to at least one of the one or more processors and having instructions stored thereon that, when executed by at least one of the one or more processors, cause at least one of the one or more processors to;
receive a database query request directed to a database;
apply a rule set to the database query request to identify one or more sensitive columns in the database which are responsive to the database query request;
rewrite the database query request, based on the rule set, such that the rewritten request will result in data from the one or more sensitive columns being retrieved and converted into a masked format according to one or more instructions in the rewritten request; and
transmit the rewritten request to the database.
8 Assignments
0 Petitions
Accused Products
Abstract
A system and computer-implemented method for providing security rules to an existing enterprise database system. The disclosed system and computer-implemented method intercepts database connection requests provided by third-party applications and end-users and determines what, if any, security rules to be applied to the request, including masking, scrambling and unmasking the data, as well as whether the requesting user has a need to know the requested data. Accordingly, personally identifiable and other sensitive information is not provided to an unauthorized requesting application and/or end-user.
18 Citations
36 Claims
-
1. A computer system for masking data, the system comprising:
-
one or more processors; and one or more memories operatively coupled to at least one of the one or more processors and having instructions stored thereon that, when executed by at least one of the one or more processors, cause at least one of the one or more processors to; receive a database query request directed to a database; apply a rule set to the database query request to identify one or more sensitive columns in the database which are responsive to the database query request; rewrite the database query request, based on the rule set, such that the rewritten request will result in data from the one or more sensitive columns being retrieved and converted into a masked format according to one or more instructions in the rewritten request; and transmit the rewritten request to the database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. At least one non-transitory computer-readable medium storing computer-readable instructions that, when executed by one or more computing devices, cause at least one of the one or more computing devices to:
-
receive a database query request directed to a database; apply a rule set to the database query request to identify one or more sensitive columns in the database which are responsive to the database query request; rewrite the database query request, based on the rule set, such that the rewritten request will result in data from the one or more sensitive columns being retrieved and converted into a masked format according to one or more instructions in the rewritten request; and transmit the rewritten request to the database. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A method for masking data executed by one or more computing devices, the method comprising the steps of:
-
receiving, by at least one of the one or more computing devices, a database query request directed to a database; applying, by at least one of the one or more computing devices, a rule set to the database query request to identify one or more sensitive columns in the database which are responsive to the database query request; rewriting, by at least one of the one or more computing devices, the database query request, based on the rule set, such that the rewritten request will result in data from the one or more sensitive columns being retrieved and converted into a masked format according to one or more instructions in the rewritten request; and transmitting, by at least one of the one or more computing devices, the rewritten request to the database. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification