Systems, methods, and apparatuses for implementing data masking via compression dictionaries

US 9,519,801 B2
Filed: 12/19/2013
Issued: 12/13/2016
Est. Priority Date: 12/19/2012
Status: Active Grant

First Claim

Patent Images

1. A method in a host organization having a processor and a memory therein, wherein the method comprises:

receiving customer data at the host organization via the processor and memory, wherein receiving customer data at the host organization comprises receiving the customer data in its plain text and uncompressed form as part of a database transaction in a live production environment of the host organization;

compressing the customer data using dictionary based compression and a compression dictionary, wherein the compression dictionary used to compress the customer data maps strings to symbols;

storing the compressed customer data in a database of the host organization, wherein storing the compressed customer data in the database of the host organization comprises storing the symbols and not the strings;

retrieving the compressed customer data from the database of the host organization, wherein retrieving the compressed customer data from the database of the host organization comprises retrieving the compressed customer data from the database responsive to a masked transaction specifying a database query for the customer data, wherein the host organization returns the masked customer data to fulfill the masked transaction without exposing the customer data in its plain text and uncompressed form; and

de-compressing the compressed customer data via a masked compression dictionary, wherein the masked compression dictionary de-compresses the customer data into masked customer data by mapping the symbols to masked strings different than the strings used by the compression dictionary to create the symbols.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing data masking via compression dictionaries including, for example, means for receiving customer data at the host organization; compressing the customer data using dictionary based compression and a compression dictionary; storing the compressed customer data in a database of the host organization; retrieving the compressed customer data from the database of the host organization; and de-compressing the compressed customer data via a masked compression dictionary, in which the masked compression dictionary de-compresses the customer data into masked customer data. Other related embodiments are disclosed.

127 Citations

21 Claims

1. A method in a host organization having a processor and a memory therein, wherein the method comprises:
- receiving customer data at the host organization via the processor and memory, wherein receiving customer data at the host organization comprises receiving the customer data in its plain text and uncompressed form as part of a database transaction in a live production environment of the host organization;
  
  compressing the customer data using dictionary based compression and a compression dictionary, wherein the compression dictionary used to compress the customer data maps strings to symbols;
  
  storing the compressed customer data in a database of the host organization, wherein storing the compressed customer data in the database of the host organization comprises storing the symbols and not the strings;
  
  retrieving the compressed customer data from the database of the host organization, wherein retrieving the compressed customer data from the database of the host organization comprises retrieving the compressed customer data from the database responsive to a masked transaction specifying a database query for the customer data, wherein the host organization returns the masked customer data to fulfill the masked transaction without exposing the customer data in its plain text and uncompressed form; and
  
  de-compressing the compressed customer data via a masked compression dictionary, wherein the masked compression dictionary de-compresses the customer data into masked customer data by mapping the symbols to masked strings different than the strings used by the compression dictionary to create the symbols.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the symbols are one of a compression key, an offset, an index, or a replacement string having a size in bits less than the string being compressed.
  - 3. The method of claim 1:
    - wherein compressing the customer data using dictionary based compression and a compression dictionary comprises generating a compression key for the customer data using the compression dictionary and storing the compression key in the database; and
      
      wherein de-compressing the compressed customer data via the masked compression dictionary comprises retrieving the compression key for the customer data and using the compression key to lookup the masked customer data in the masked compression dictionary.
  - 4. The method of claim 1:
    - wherein retrieving the compressed customer data from the database of the host organization comprises receiving a first database query from a testing interface and returning the masked customer data responsive to the first database query from the testing query interface; and
      
      wherein the method further comprises;
      
      (a) receiving a second database query from a query interface,(b) retrieving the compressed customer data from the database of the host organization,(c) de-compressing the compressed customer data via the compression dictionary; and
      
      (d) returning the customer data in its plain text and uncompressed form responsive to the second database query from the query interface.
  - 5. The method of claim 4:
    - wherein the first database query is issued as part of a masked transaction against the database of the host organization; and
      
      wherein the second database query is issued on behalf of a customer having ownership of the customer data.
  - 6. The method of claim 1, further comprising:
    - receiving a test database query from a test Application Programming Interface (test API), the test database query specifying the customer data to be retrieved from the database of the host organization; and
      
      wherein the test API causes the compressed customer data retrieved from the database to be de-compressed using the masked compression dictionary and return the masked customer data responsive to the test database query.
  - 7. The method of claim 1, further comprising:
    - processing real-time transaction requests at the host organization within a live production environment via a customer facing query interface concurrently with the one or more masked transactions within the live production environment via an internally facing testing query interface;
      
      wherein the real-time transaction requests via the customer facing query interface return the customer data in its plain text and uncompressed form based on the compression dictionary; and
      
      wherein the one or more masked transactions via the internally facing testing query interface return masked customer data in an uncompressed form based on the masked compression dictionary.
  - 8. The method of claim 1:
    - wherein the database of the host organization stores underlying records on behalf of customer organizations, the underlying records having sensitive data stored therein; and
      
      wherein the underlying records of the databases having sensitive data stored therein include at least one of HIPAA (Health Insurance Portability and Accountability Act) protected data;
      
      Sarbanes-Oxley Act (SOX) protected data;
      
      proprietary sales data;
      
      proprietary financial data;
      
      proprietary trade-secret data; and
      
      government classified data.
  - 9. The method of claim 1, further comprising:
    - exporting the compressed customer data stored in the database to a test database via the operations including;
      
      (a) de-compressing the compressed customer data using the masked compression dictionary, and (b) storing the masked customer data in the test database in an uncompressed form; and
      
      wherein the test database resides in a non-production environment separate from the database within a live production environment.
  - 10. The method of claim 9, further comprising:
    - sharing the masked customer data as stored in the test database in an uncompressed form subject to policy restrictions and controls.
  - 11. The method of claim 10, wherein the host organization provides a multi-tenant database system via the database and the computing architecture of the host organization, the multi-tenant database system having elements of hardware and software that are shared by a plurality of separate and distinct customer organizations, each of the separate and distinct customer organizations being remotely located from the host organization.
  - 12. The method of claim 1:
    - wherein the host organization implements the method via computing architecture of the host organization including at least the processor and the memory;
      
      wherein a user interface operates at a user client device remote from the host organization and communicatively interfaces with the host organization via a public Internet; and
      
      wherein the host organization operates as a cloud based service provider to the user client device.
  - 13. The method of claim 1, further comprising:
    - retrieving non-compressible data from the database of the host organization;
      
      masking the non-compressible data via the masked compression dictionary; and
      
      returning the de-compressed masked customer data and the masked non-compressible data responsive to a masked transaction issued on behalf of a test sequencer.

14. Non-transitory computer readable storage media having instructions stored thereon that, when executed by a processor in a host organization, the instructions cause the host organization to perform operations comprising:
- receiving customer data at the host organization via the processor, wherein receiving customer data at the host organization comprises receiving the customer data in its plain text and uncompressed form as part of a database transaction in a live production environment of the host organization;
  
  compressing the customer data using dictionary based compression and a compression dictionary, wherein the compression dictionary used to compress the customer data maps strings to symbols;
  
  storing the compressed customer data in a database of the host organization, wherein storing the compressed customer data in the database of the host organization comprises storing the symbols and not the strings;
  
  retrieving the compressed customer data from the database of the host organization, wherein retrieving the compressed customer data from the database of the host organization comprises retrieving the compressed customer data from the database responsive to a masked transaction specifying a database query for the customer data, wherein the host organization returns the masked customer data to fulfill the masked transaction without exposing the customer data in its plain text and uncompressed form; and
  
  de-compressing the compressed customer data via a masked compression dictionary, wherein the masked compression dictionary de-compresses the customer data into masked customer data by mapping the symbols to masked strings different than the strings used by the compression dictionary to create the symbols.
- View Dependent Claims (15, 16, 17)
- - 15. The non-transitory computer readable storage media of claim 14:
    - wherein receiving customer data at the host organization comprises receiving the customer data in its plain text and uncompressed form as part of a database transaction in a live production environment of the host organization; and
      
      wherein retrieving the compressed customer data from the database of the host organization comprises retrieving the compressed customer data from the database responsive to a masked transaction specifying a database query for the customer data, wherein the host organization returns the masked customer data to fulfill the masked transaction without exposing the customer data in its plain text and uncompressed form.
  - 16. The non-transitory computer readable storage media of claim 14:
    - wherein the symbols are one of a compression key, an offset, an index, or a replacement string having a size in bits less than the string being compressed.
  - 17. The non-transitory computer readable storage media of claim 14:
    - wherein the database of the host organization stores underlying records on behalf of customer organizations, the underlying records having sensitive data stored therein; and
      
      wherein the underlying records of the databases having sensitive data stored therein include at least one of HIPAA (Health Insurance Portability and Accountability Act) protected data;
      
      Sarbanes-Oxley Act (SOX) protected data;
      
      proprietary sales data;
      
      proprietary financial data;
      
      proprietary trade-secret data; and
      
      government classified data.

18. A system comprising:
- a processor and a memory to execute instructions at the system;
  
  a request interface to receive customer data at the system, wherein the request interface is to receive the customer data in its plain text and uncompressed form as part of a database transaction in a live production environment of the host organization;
  
  a data compressor to compress the customer data using dictionary based compression and a compression dictionary, wherein the compression dictionary used to compress the customer data maps strings to symbols;
  
  a database to store the compressed customer data, wherein the database is to store the symbols and not the strings;
  
  a test query interface to retrieve the compressed customer data from the database, wherein the test query interface is to retrieve the compressed customer data from the database responsive to a masked transaction specifying a database query for the customer data, wherein the test query interface is to return the masked customer data to fulfill the masked transaction without exposing the customer data in its plain text and uncompressed form; and
  
  a data de-compressor to de-compress the compressed customer data via a masked compression dictionary, wherein the masked compression dictionary de-compresses the customer data into masked customer data by mapping the symbols to masked strings different than the strings used by the compression dictionary to create the symbols.
- View Dependent Claims (19, 20, 21)
- - 19. The system of claim 18:
    - wherein the test query interface to retrieve the compressed customer data from the database comprises the test query interface to receive a first database query from a testing sequencer and return the masked customer data to the test sequencer responsive to the first database query from the testing query interface; and
      
      wherein the system further comprises;
      
      (a) the request interface to further receive a second database query,(b) a query interface to retrieve the compressed customer data from the database,(c) the data de-compressor to de-compress the compressed customer data via the compression dictionary; and
      
      (d) the request interface to return the customer data in its plain text and uncompressed form responsive to the second database query.
  - 20. The system of claim 18, further comprising:
    - a web-server to implement the request interface and to receive the customer data at the system from one of a plurality of customer organizations remote from the system;
      
      wherein the plurality of customer organizations communicably interface with the system via a public Internet; and
      
      wherein each customer organization is an entity selected from the group consisting of;
      
      a separate and distinct remote organization, an organizational group within the host organization, a business partner of the host organization, or a customer organization that subscribes to cloud computing services provided by the host organization.
  - 21. The system of claim 18:
    - wherein a user interface operates at a user client device remote from the system and communicatively interfaces with the system via a public Internet;
      
      wherein the system operates at a host organization as a cloud based service provider to the user client device; and
      
      wherein the cloud based service provider hosts the customer data within a multi-tenant database system at a host organization on behalf of the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Wilding, Mark
Primary Examiner(s)
Pham, Tuan A
Assistant Examiner(s)
Nguyen, Merilyn

Application Number

US14/135,424
Publication Number

US 20140172806A1
Time in Patent Office

1,090 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/2365   Ensuring data consistency a...

G06F 16/24   Querying

G06F 21/6245   Protecting personal data, e...

Systems, methods, and apparatuses for implementing data masking via compression dictionaries

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

127 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods, and apparatuses for implementing data masking via compression dictionaries

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

127 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links