Enforcement of data privacy to maintain obfuscation of certain data
First Claim
Patent Images
1. A method, comprising:
- determining, by a microprocessor, whether data to be released from a database maps to at least one confidential mapping between sets of data in the database; and
in response to the data mapping to the at least one confidential mapping, determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy, wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy further comprises performing static enforcement of the anonymity policy by analyzing program code without executing the program code, wherein the program code performs release of the data at one or more release points when the program code is executed, and wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy and performing static enforcement of the anonymity policy further comprises;
determining, during the static enforcement whether an invocation of an obfuscation function is performed in the program code on at least one path from a query to at least one of the one or more release points at which the data would be released by the program code when the program code is executed; and
in response to an invocation of the obfuscation function not being performed in the program code on the at least the path from the query to the at least one release point at which the data would be released by the program code, performing during the static enforcement at least one action.
4 Assignments
0 Petitions
Accused Products
Abstract
A computer-readable medium is disclosed that tangibly embodies a program of machine-readable instructions executable by a digital processing apparatus to perform operations including determining whether data to be released from a database is associated with one or more confidential mappings between sets of data in the database. The operations also include, in response to the data being associated with the one or more confidential mappings, determining whether release of the data meets one or more predetermined anonymity requirements of an anonymity policy. Methods and apparatus are also disclosed.
14 Citations
14 Claims
-
1. A method, comprising:
-
determining, by a microprocessor, whether data to be released from a database maps to at least one confidential mapping between sets of data in the database; and in response to the data mapping to the at least one confidential mapping, determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy, wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy further comprises performing static enforcement of the anonymity policy by analyzing program code without executing the program code, wherein the program code performs release of the data at one or more release points when the program code is executed, and wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy and performing static enforcement of the anonymity policy further comprises; determining, during the static enforcement whether an invocation of an obfuscation function is performed in the program code on at least one path from a query to at least one of the one or more release points at which the data would be released by the program code when the program code is executed; and in response to an invocation of the obfuscation function not being performed in the program code on the at least the path from the query to the at least one release point at which the data would be released by the program code, performing during the static enforcement at least one action. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus, comprising:
-
at least one processor; and at least one memory including instructions, the at least one processor configured, in response to executing the instructions, to cause the apparatus to perform at least the following; determining whether data to be released from a database maps to at least one confidential mapping between sets of data in the database; and in response to the data mapping to the at least one confidential mapping, determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy, wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy further comprises performing static enforcement of the anonymity policy by analyzing program code without executing the program code, wherein the program code performs release of the data at one or more release points when the program code is executed, and wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy and performing static enforcement of the anonymity policy further comprises; determining the one or more release points in the program code; and determining, during the static enforcement, whether the release or the data from the one or more release points is in accordance with a k-anonymity requirement specified by the anonymity policy. - View Dependent Claims (8, 9, 10)
-
-
11. A method, comprising:
-
determining, by a microprocessor, whether data to be released from a database maps to at least one confidential mapping between sets of data in the database; and in response to the data mapping to the at least one confidential mapping, determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy, wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy further comprises performing static enforcement of the anonymity policy by analyzing program code without executing the program code, wherein the program code performs release of the data at one or more release points when the program code is executed, and wherein determining whether release of the data meets at least one predetermined anonymity requirement of an anonymity policy and performing, static enforcement in the anonymity policy further comprises; determining the one or more release points in the program code; and determining, during the static enforcement, whether the release of the data from the one or more release points is in accordance with a k-anonymity requirement specified by the anonymity policy. - View Dependent Claims (12, 13, 14)
-
Specification