Real-time data redaction in a database management system
First Claim
1. A computer-implemented method comprising steps of:
- generating an internal representation of a query that references a plurality of columns that includes a particular column;
determining that said particular column is affected by a redaction policy, wherein said redaction policy specifies a regular expression that applies to said particular column, wherein said regular expression;
specifies one or more matching criteria for a matching string;
indicates one or more values to replace with a random value;
executing the query, wherein executing the query includes;
for a particular column value in said particular column, determining that a particular string in said particular column value matches said one or more matching criteria;
in response to determining that a particular string matches said matching criteria, generating a replacement string, wherein generating a replacement string includes, replacing, according to said regular expression, one or more characters in said particular string with a random value;
returning said replacement string in place of said particular string.
0 Assignments
0 Petitions
Accused Products
Abstract
A database server receives a data request from a client. In response to the data request, the database server selects, from a database, actual data that satisfies criteria specified by the data request. The database server retrieves the selected actual data from the database. Also in response to the data request, the database server redacts the retrieved data in real time without modifying the actual data contained within the database. This may be accomplished by the prior insertion of masking operators into a top SELECT clause of a query representation generated during semantic analysis. The database server returns the redacted data to the client as a reply to the data request.
-
Citations
10 Claims
-
1. A computer-implemented method comprising steps of:
-
generating an internal representation of a query that references a plurality of columns that includes a particular column; determining that said particular column is affected by a redaction policy, wherein said redaction policy specifies a regular expression that applies to said particular column, wherein said regular expression; specifies one or more matching criteria for a matching string; indicates one or more values to replace with a random value; executing the query, wherein executing the query includes; for a particular column value in said particular column, determining that a particular string in said particular column value matches said one or more matching criteria; in response to determining that a particular string matches said matching criteria, generating a replacement string, wherein generating a replacement string includes, replacing, according to said regular expression, one or more characters in said particular string with a random value; returning said replacement string in place of said particular string. - View Dependent Claims (2, 3, 4, 5)
-
-
6. One or more non-transitory storage media storing instructions, which when executed by one or more computing devices, cause:
-
generating an internal representation of a query that references a plurality of columns that includes a particular column; determining that said particular column is affected by a redaction policy, wherein said redaction policy specifies a regular expression that applies to said particular column, wherein said regular expression; specifies one or more matching criteria for a matching string; indicates one or more values to replace with a random value; executing the query, wherein executing the query includes; for a particular column value in said particular column, determining that a particular string in said particular column value matches said one or more matching criteria; in response to determining that a particular string matches said matching criteria, generating a replacement string, wherein generating a replacement string includes, replacing, according to said regular expression, one or more characters in said particular string with a random value; returning said replacement string in place of said particular string. - View Dependent Claims (7, 8, 9, 10)
-
Specification