Method and system for providing masking services

US 8,881,224 B2
Filed: 10/11/2010
Issued: 11/04/2014
Est. Priority Date: 06/24/2010
Status: Active Grant

First Claim

Patent Images

1. A method for providing application data to a user device requesting data from an application hosted on an application server, wherein the user device is connected to the application server through a communication network, the method comprising:

receiving at the application server hosting the application, an application data request from the user device, the application data request comprising a request for application data from the application hosted on said application server;

validating credentials of a user requesting the application data, wherein validation is performed to determine whether the user is authorized to access the requested application data;

determining type of user based on the user credentials;

responsive to determining that the user is not a privileged user;

transferring the application data request from the application server hosting the application to a masking server;

communicating the requested application data from a database utility to the masking server;

masking the application data received at the masking server, based on pre-configured masking rules, andcommunicating the masked application data from the masking server to the application server hosting the application from which application data has been requested by the user device over the communication network; and

communicating the masked application data from the application server hosting the application from which application data has been requested by the user device over the communication network, to the user device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for presenting on-demand masking of data as a software service in a distributed environment is provided. An application hosted on a computing device receives request for access to application data from a user. Credentials of the user are first validated in order to determine whether the user is authorized to access the requested application data. For an authorized user, a category of the user is determined to ascertain whether the user is privileged to obtain full access. In case the user is a privileged user, unmasked application data is fetched from a database utility and provided to the user. In case the user is not a privileged user, application data access request is transferred to a data masking service. Application data is fetched from database utility, masked based on pre-defined masking rules and provided to the user.

9 Citations

View as Search Results

26 Claims

1. A method for providing application data to a user device requesting data from an application hosted on an application server, wherein the user device is connected to the application server through a communication network, the method comprising:
- receiving at the application server hosting the application, an application data request from the user device, the application data request comprising a request for application data from the application hosted on said application server;
  
  validating credentials of a user requesting the application data, wherein validation is performed to determine whether the user is authorized to access the requested application data;
  
  determining type of user based on the user credentials;
  
  responsive to determining that the user is not a privileged user;
  
  transferring the application data request from the application server hosting the application to a masking server;
  
  communicating the requested application data from a database utility to the masking server;
  
  masking the application data received at the masking server, based on pre-configured masking rules, andcommunicating the masked application data from the masking server to the application server hosting the application from which application data has been requested by the user device over the communication network; and
  
  communicating the masked application data from the application server hosting the application from which application data has been requested by the user device over the communication network, to the user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein masking rules are configured by an application owner managing the application, further wherein configuration of masking rules is performed by integrating subscribed data masking service with the application after subscribing to the data masking service by the application owner.
  - 3. The method of claim 2, wherein configuring masking rules comprises specifying data masking options such as specifying data to be masked for an application and type of masking to be performed.
  - 4. The method of claim 2, wherein subscribing to data masking service comprises executing Software as a Service agreement between the application owner and the masking services provider.
  - 5. The method of claim 1, wherein the user comprises at least one of a human user, a software program and an automated machine.
  - 6. The method of claim 1 further comprises providing the user with limited access to application if user credentials are not validated.
  - 7. The method of claim 1, wherein the application hosted by the application server, masking service provided by the masking server and storage services provided by the database utility are implemented on independent software environments connected through one or more communication networks.

8. A method of providing data masking as a software service, the method comprising:
- receiving request for subscription to data masking service from an application owner hosting a software application;
  
  authenticating credentials of the application owner;
  
  facilitating configuration of one or more masking rules corresponding to the software application;
  
  receiving at an application server hosting the software application, an application data request from a user device, wherein the application data request comprises a request for application data from the software application; and
  
  transmitting a request for performing data masking from the application server hosting the software application to a data masking server;
  
  communicating the requested application data from a database utility associated with the software application, to the data masking server;
  
  executing at the data masking server, one or more data masking algorithms for masking the requested application data according to the one or more masking rules;
  
  transmitting masked data from the data masking service to the application server hosting the software application from which application data has been requested by the user device over the communicating network; and
  
  transmitting the masked data from the application server hosting the software application from which application data has been requested by the user device over the communication network, to the user device.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, wherein facilitating configuration of one or more masking rules comprises providing a set of user interfaces to the application owner for specifying options for configuring masking rules.
  - 10. The method of claim 8, wherein the one or more data masking algorithms comprises algorithms for masking at least one of alphabetical data, numerical data, data comprising combination of alphabets and numerals, data comprising unique codes or any combination thereof.
  - 11. The method of claim 8, wherein the masking service is implemented in the form of a source program.
  - 12. The method of claim 8, wherein the masking service is implemented in the form of an object program.

13. A system for provisioning application data in a secure form, the system comprising:
- an application server hosting a software application and configured to;
  
  operationally connect to a user device through a communication network; and
  
  receive an application data request from a user through the user device, the application data request comprising a request for application data from the software application hosted on the application server;
  
  a credential check module configured to validate credentials of the user requesting the application data;
  
  a subscription module configured to manage subscription of the software application to a data masking service;
  
  a masking server operationally connected to the application server hosting the software application and configured to;
  
  receive the application data request from the application server hosting the software application;
  
  receive the requested application data from a database utility;
  
  perform masking of the requested application data based on pre-configured masking rules; and
  
  communicate the masked application data to the application server hosting the software application from which application data has been requested by the user device over the communication network, for onward transmission to the user device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The system of claim 13, wherein the application server is part of a software vendor configured to provide one or more applications and to host the software application, further wherein the software vendor is internal or external to the organization.
  - 15. The system of claim 13, wherein the subscription module is incorporated as part of the masking server.
  - 16. The system of claim 13, wherein validating user credentials comprises determining whether a user is authorized to access the software application.
  - 17. The system of claim 13, wherein the credential check module is further configured to determine category of user.
  - 18. The system of claim 17, wherein the credential check module is further configured to transfer the application data request to masking services provider only if the user is determined to be an unprivileged user.
  - 19. The system of claim 13, wherein the credential check module is further configured to fetch the requested application data from the database utility and provide the application data to the application server, if the user is determined to be a privileged user.
  - 20. The system of claim 13, wherein the masking server comprises:
    - one or more servers configured to execute multiple instances of data masking algorithms; and
      
      a rules engine configured to store software instructions for implementing data masking rules during execution of data masking process.
  - 21. The system of claim 20, wherein the masking services provider regularly updates masking rules based on requirements by application owners.

22. A computer program product comprising a non-transitory computer usable medium having a computer readable program code embodied therein for providing application data to a user device requesting an application hosted on an application server, wherein the user device is connected to the application server through a communication network, the computer program product comprising:
- program instructions for receiving at the application server hosting the application, an application data access request from the user device, the application data request comprising a request for application data from the application hosted on said application server;
  
  program instructions for validating credentials of a user requesting the application data;
  
  program instructions for determining type of user based on the user credentials;
  
  program instructions for responding to determining that the user is not a privileged user by;
  
  transferring the application data request from the application server hosting the application to a masking server;
  
  communicating the requested application data from a database utility to the masking server;
  
  masking the application data received at the masking server based on pre-configured masking rules; and
  
  communicating the masked application data from the masking server to the application server hosting the application from which application data has been requested by the user device over the communication network; and
  
  program instructions for communicating the masked application data from the application server hosting the application from which application data has been requested by the user device over the communication network, to the user device.
- View Dependent Claims (23, 24, 25, 26)
- - 23. The computer program product of claim 22, further comprising program instructions for executing Software as a Service agreement between an application owner and a masking services provider.
  - 24. The computer program product of claim 22 further comprising program instructions for providing the user device with limited access to application data if user credentials are not validated.
  - 25. The computer product of claim 22, further comprising:
    - program instructions for receiving request for subscription to data masking service from an application owner hosting a software application;
      
      program instructions for authenticating credentials of the application owner;
      
      program instructions for facilitating configuration of one or more masking rules corresponding to the software application;
      
      program instructions for receiving request for performing data masking on data associated with the software application; and
      
      program instructions for executing one or more data masking algorithms for performing data masking according to the one or more masking rules.
  - 26. The computer program product of claim 25, wherein the step of facilitating configuration of one or more masking rules comprises program instructions for providing a set of user interfaces to the application owner for specifying options for configuring masking rules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Infosys Limited
Original Assignee
Infosys Limited
Inventors
Saxena, Ashutosh, Saxena, Vishal Krishna, Saxena, Kaushal, Kumar, Surni, Paul, Mithun
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US12/901,769
Publication Number

US 20110321120A1
Time in Patent Office

1,485 Days
Field of Search

726/1, 726/4, 726/5, 726/22, 726/27, 713/165, 713/166, 713/168, 713/182
US Class Current

726/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/31   User authentication

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2107   File encryption

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Method and system for providing masking services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

Method and system for providing masking services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others