Data security in a disconnected environment
First Claim
Patent Images
1. A computer-implemented method for data protection comprising:
- receiving a request at a computer from a user for a data record encrypted with an encryption key and stored in a database comprising at least a plurality of sensitive data records;
accessing by the computer a maintained count associated with the encryption key comprising a sum of a number of accessed database data records encrypted with the encryption key by the user and a number of actions performed on the accessed data records by the user;
determining if the maintained count exceeds a threshold stored at the computer representing a number of interactions the user is authorized to perform with the accessed data records without connecting the computer to an external access control system;
responsive to a determination that the maintained count does not exceed the threshold;
providing a result of the requested data record to the user;
incrementing the maintained count responsive to providing the result of the requested data record to the user with a value representing each data record included in the result of the requested data record; and
further incrementing the maintained count by a number equal to the total number of actions performed by the user on the provided data record; and
responsive to a determination that the maintained count exceeds the threshold, prompting the user to connect the computer to the external access control system.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers. The systems and methods regulate access to sensitive data with minimal dependency on a communications network. Data access is quantitatively limited to minimize the data breaches resulting from, e.g., a stolen laptop or hard drive.
-
Citations
11 Claims
-
1. A computer-implemented method for data protection comprising:
-
receiving a request at a computer from a user for a data record encrypted with an encryption key and stored in a database comprising at least a plurality of sensitive data records; accessing by the computer a maintained count associated with the encryption key comprising a sum of a number of accessed database data records encrypted with the encryption key by the user and a number of actions performed on the accessed data records by the user; determining if the maintained count exceeds a threshold stored at the computer representing a number of interactions the user is authorized to perform with the accessed data records without connecting the computer to an external access control system; responsive to a determination that the maintained count does not exceed the threshold; providing a result of the requested data record to the user; incrementing the maintained count responsive to providing the result of the requested data record to the user with a value representing each data record included in the result of the requested data record; and further incrementing the maintained count by a number equal to the total number of actions performed by the user on the provided data record; and responsive to a determination that the maintained count exceeds the threshold, prompting the user to connect the computer to the external access control system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium whose contents cause a computer to perform a method for data protection comprising:
-
receiving a request at a computer from a user for a data record encrypted with an encryption key and stored in a database comprising at least a plurality of sensitive data records; accessing by the computer a maintained count associated with the encryption key comprising a sum of a number of accessed database data records encrypted with the encryption key by the user and a number of actions performed on the accessed data records by the user; determining if the maintained count exceeds a threshold stored at the computer representing a number of interactions the user is authorized to perform with the accessed data records without connecting the computer to an external access control system; responsive to a determination that the maintained count does not exceed the threshold; providing a result of the requested data record to the user; incrementing the maintained count responsive to providing the result of the requested data record to the user with a value representing each data record included in the result of the requested data record; and further incrementing the maintained count by a number equal to the total number of actions performed by the user on the provided data record; and responsive to a determination that the maintained count exceeds the threshold, prompting the user to connect the computer to the external access control system.
-
Specification