Virtual masked database

US 9,311,369 B2
Filed: 08/15/2008
Issued: 04/12/2016
Est. Priority Date: 04/28/2008
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a data store configured to store a database table that stores sets of data corresponding to records in respective rows, where the database table includes an unmasked column that stores an unmasked version of given data and a masked column that stores a masked version of the data such that each row includes i) a unmasked field in the unmasked column that stores an unmasked version of data, and ii) a masked field in the masked column that stores the masked version of the data;

view logic configured to;

receive a request from a first user to view data in a record;

access a row in the database table that stores the record;

determine that the first user is not authorized to view an unmasked version of the data; and

provide a view that includes a masked version of the data in a masked field in the row; and

update logic configured to;

receive, from the first user, a modification to the masked version of data in the masked field;

access a mapping table to identify an unmasked field that stores an unmasked version of the data; and

update the unmasked version of the data in the identified unmasked field to correspond to the modification made to the masked version of the data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and other embodiments associated with virtual masked databases are described. One example system includes a masking logic to mask an unmasked column of a database table to produce a masked column. The masked column is then added to the database creating a bi-masked database. A portion of the bi-masked database is then selected by a view logic and provided to a user. The view provided to the user may allow fast, conflict free queries and updates to the database. By providing the user either masked or unmasked data based on information associated with the user, an added layer of data security may be achieved.

Citations

20 Claims

1. A system, comprising:
- a data store configured to store a database table that stores sets of data corresponding to records in respective rows, where the database table includes an unmasked column that stores an unmasked version of given data and a masked column that stores a masked version of the data such that each row includes i) a unmasked field in the unmasked column that stores an unmasked version of data, and ii) a masked field in the masked column that stores the masked version of the data;
  
  view logic configured to;
  
  receive a request from a first user to view data in a record;
  
  access a row in the database table that stores the record;
  
  determine that the first user is not authorized to view an unmasked version of the data; and
  
  provide a view that includes a masked version of the data in a masked field in the row; and
  
  update logic configured to;
  
  receive, from the first user, a modification to the masked version of data in the masked field;
  
  access a mapping table to identify an unmasked field that stores an unmasked version of the data; and
  
  update the unmasked version of the data in the identified unmasked field to correspond to the modification made to the masked version of the data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, where the view logic is configured to determine that the first user is not authorized to view the unmasked version of the data based, at least in part, on one or more of a permission setting, an identification number, a password, and a cryptographic key.
  - 3. The system of claim 1, where the update logic is further configured to:
    - generate a masked version of the updated unmasked data; and
      
      store the masked version of the data in the masked field in the row.
  - 4. The system of claim 3 where the update logic is further configured to generate the masked version of the updated unmasked data by generating a random, non-repeating value.
  - 5. The system of claim 3 where the update logic is further configured to generate the masked version of the updated unmasked data by masking a portion of the unmasked data, such that the masked version of the data includes masked data and unmasked data.
  - 6. The system of claim 1, where the view logic is further configured to:
    - receive a request from a second user to view the data in the record;
      
      access the row in the database table that stores the record;
      
      determine that the second user is authorized to view an unmasked version of the data; and
      
      provide a view that includes the unmasked version of the data in an unmasked field in the row.
  - 7. The system of claim 1 where the update logic is further configured to update the unmasked version of the data without allowing the user to view the unmasked version of the data stored in the unmasked field.

8. A non-transitory computer-readable medium storing computer-executable instructions that when executed by a computer cause the computer to:
- store a database table that stores sets of data corresponding to records in respective rows, where the database table includes an unmasked column that stores an unmasked version of given data and a masked column that stores a masked version of the data such that each row includes i) a unmasked field in the unmasked column that stores an unmasked version of data, and ii) a masked field in the masked column that stores the masked version of the data; and
  
  receive a request from a first user to view data in a record;
  
  access a row in the database table that stores the record;
  
  determine that the first user is not authorized to view an unmasked version of the data; and
  
  provide a view that includes a masked version of the data in a masked field in the row;
  
  receive, from the first user, a modification to the masked version of data in the masked field;
  
  access a mapping table to identify an unmasked field that stores an unmasked version of the data; and
  
  update the unmasked version of the data in the identified unmasked field to correspond to the modification made to the masked version of the data.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable medium of claim 8, further comprising instructions configured to cause the computer to determine that the first user is not authorized to view the unmasked version of the data based, at least in part, on one or more of a permission setting, an identification number, a password, and a cryptographic key.
  - 10. The non-transitory computer-readable medium of claim 8, further comprising instructions configured to cause the computer to:
    - generate a masked version of the updated unmasked data; and
      
      store the masked version of the data in the masked field in the row.
  - 11. The non-transitory computer-readable medium of claim 10, further comprising instructions configured to cause the computer to generate the masked version of the updated unmasked data by generating a random, non-repeating value.
  - 12. The non-transitory computer-readable medium of claim 10, further comprising instructions configured to cause the computer to generate the masked version of the updated unmasked data by masking a portion of the unmasked data, such that the masked version of the data includes masked data and unmasked data.
  - 13. The non-transitory computer-readable medium of claim 8, further comprising instructions configured to cause the computer to:
    - receive a request from a second user to view the data in the record;
      
      access the row in the database table that stores the record;
      
      determine that the second user is authorized to view an unmasked version of the data; and
      
      provide a view that includes the unmasked version of the data in an unmasked field in the row.
  - 14. The non-transitory computer-readable medium of claim 8, further comprising instructions configured to cause the computer to update the unmasked version of the data without allowing the user to view the unmasked version of the data stored in the unmasked field.

15. A computer-implemented method, comprising:
- storing a database table that stores sets of data corresponding to records in respective rows, where the database table includes an unmasked column that stores an unmasked version of given data and a masked column that stores a masked version of the data such that each row includes i) a unmasked field in the unmasked column that stores an unmasked version of data, and ii) a masked field in the masked column that stores the masked version of the data; and
  
  receiving a request from a first user to view data in a record;
  
  accessing a row in the database table that stores the record;
  
  determining that the first user is not authorized to view an unmasked version of the data; and
  
  providing a view that includes a masked version of the data in a masked field in the row;
  
  receiving, from the first user, a modification to the masked version of data in the masked field;
  
  accessing a mapping table to identify an unmasked field that stores an unmasked version of the data; and
  
  updating the unmasked version of the data in the identified unmasked field to correspond to the modification made to the masked version of the data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-implemented method of claim 15, further comprising:
    - receiving a request from a second user to view the data in the record;
      
      accessing the row in the database table that stores the record;
      
      determining that the second user is authorized to view an unmasked version of the data; and
      
      providing a view that includes the unmasked version of the data in an unmasked field in the row.
  - 17. The computer-implemented method of claim 15, further comprising determining that the first user is not authorized to view the unmasked version of the data based, at least in part, on one or more of a permission setting, an identification number, a password, and a cryptographic key.
  - 18. The computer-implemented method of claim 15, further comprising updating the unmasked version of the data without allowing the user to view the unmasked version of the data stored in the unmasked field.
  - 19. The computer-implemented method of claim 15, further comprising:
    - generating a masked version of the updated unmasked data; and
      
      storing the masked version of the data in the masked field in the row.
  - 20. The computer-implemented method of claim 19, further comprising generating the masked version of the updated unmasked data by generating a random, non-repeating value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Pattabhi, Ravi, Akali, Harish
Primary Examiner(s)
Alam, Hosain
Assistant Examiner(s)
NGUYEN, THU N

Application Number

US12/228,716
Publication Number

US 20100042643A1
Time in Patent Office

2,797 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 16/256 in federated or virtual dat...

Virtual masked database

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual masked database

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links