AUTHORIZATION-BASED REDACTION OF DATA

US 20130117802A1
Filed: 11/03/2011
Published: 05/09/2013
Est. Priority Date: 11/03/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method comprising:

prior to providing a content item to an entity, a component sending an authorization request to an authorization component;

receiving, at the component, an authorization response to the authorization request, wherein the authorization response indicates;

that the entity is permitted to access the content item; and

that one or more portions are to be redacted from the content item prior to providing the content item to the entity;

in response to the authorization response, the component sending a redaction request to a redaction component to redact the one or more portions from the content item to produce a redacted version of the content item; and

providing the redacted version of the content item to the entity;

wherein the method is performed by one or more computing devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Tasks for providing a post-redaction document to a requestor are distributed among several distinct components. The decision about whether a particular requestor is permitted to obtain a requested content item is made by an authorization service. When obtaining requested content item is permitted, the authorization service returns (a) portion identification information, and (b) redaction technique information that indicates the manner by which that portion should be redacted. Redaction is then performed by a redaction component. Techniques are described in which the portion identification information identifies portions to be redacted using XPath expressions, and the redaction component has logic to identify the portions, within the pre-redaction version of the content item, that are targeted by the XPath expressions.

45 Citations

View as Search Results

20 Claims

1. A method comprising:
- prior to providing a content item to an entity, a component sending an authorization request to an authorization component;
  
  receiving, at the component, an authorization response to the authorization request, wherein the authorization response indicates;
  
  that the entity is permitted to access the content item; and
  
  that one or more portions are to be redacted from the content item prior to providing the content item to the entity;
  
  in response to the authorization response, the component sending a redaction request to a redaction component to redact the one or more portions from the content item to produce a redacted version of the content item; and
  
  providing the redacted version of the content item to the entity;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein:
    - the component is an orchestration component;
      
      the step of sending an authorization request is performed in response to receiving a request for the content item from the entity; and
      
      the redacted version of the content item is provided to the entity in response to the request for the content item that was received from the entity.
  - 3. The method of claim 1 wherein the component provides the redacted version of the content item to the entity without the entity having requested to receive the content item.
  - 4. The method of claim 1 wherein:
    - the authorization response includes an XPath expression that indicates the one or more portions;
      
      based on the XPath expression in the authorization response, the component includes the XPath expression in the redaction request; and
      
      the redaction component redacts the one or more portions from the content item based on the XPath expression.
  - 5. The method of claim 1 wherein:
    - the authorization response includes an indication of which redaction technique, of a plurality of redaction techniques supported by the redaction component, is to be used to redact the one or more portions; and
      
      based on the indication in the authorization response, the component indicates, in the redaction request, the redaction technique that is to be used to redact the one or more portions.
  - 6. The method of claim 1 further comprising the authorization component inspecting a set of stored policies to determine whether the entity is permitted to access the content item.
  - 7. The method of claim 6 wherein the stored policies include a particular policy that indicates that the one or more portions are to be redacted from the content item prior to providing the content item to the entity.
  - 8. The method of claim 7 wherein:
    - the particular policy indicates that a particular redaction technique is to be used to redact the one or more portions; and
      
      the authorization response includes an indication of the particular redaction technique.
  - 9. The method of claim 8 wherein the particular redaction technique is a particular encryption technique, of a plurality of encryption techniques supported by the redaction component.

10. One or more non-transitory computer-readable media storing instructions which, when executed by one or more processors, cause the one or more processors to execute an authorization service that is configured to perform the steps of:
- receive an authorization request that indicates a role of a requestor and a requested service; and
  
  in response to the request, send an authorization response that includes;
  
  at least one XPath expression that identifies which portion of a content item, from the requested service, is to be redacted before the content item is provided to a requestor that has the role; and
  
  an indication of which type of encryption, of a plurality of available types of encryption, is to be used to used to redact said portion of the content item.

11. One or more non-transitory computer-readable media storing instructions which, when executed by one or more processors, cause the one or more processors to execute a redaction component that is configured to perform the steps of:
- receiving a redaction request that includes an XPath expression and an indication of a selected type of encryption, wherein the selected type of encryption is one of a plurality of types of encryption supported by the redaction component; and
  
  in response to the redaction request, generating a post-redaction version of a content item by performing the selected type of encryption on one or more portions of a pre-redaction version of the content item, wherein the one or more portions are portions that match the XPath expression.

12. One or more non-transitory computer-readable media storing instructions which, when executed by one or more processors, cause the one or more processors to perform a method that includes:
- prior to providing a content item to an entity, a component sending an authorization request to an authorization component;
  
  receiving, at the component, an authorization response to the authorization request, wherein the authorization response indicates;
  
  that the entity is permitted to access the content item; and
  
  that one or more portions are to be redacted from the content item prior to providing the content item to the entity;
  
  in response to the authorization response, the component sending a redaction request to a redaction component to redact the one or more portions from the content item to produce a redacted version of the content item; and
  
  providing the redacted version of the content item to the entity;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The one or more non-transitory computer-readable media of claim 12 wherein:
    - the component is an orchestration component;
      
      the step of sending an authorization request is performed in response to receiving a request for the content item from the entity; and
      
      the redacted version of the content item is provided to the entity in response to the request for the content item that was received from the entity.
  - 14. The one or more non-transitory computer-readable media of claim 12 wherein the component provides the redacted version of the content item to the entity without the entity having requested to receive the content item.
  - 15. The one or more non-transitory computer-readable media of claim 12 wherein:
    - the authorization response includes an XPath expression that indicates the one or more portions;
      
      based on the XPath expression in the authorization response, the component includes the XPath expression in the redaction request; and
      
      the redaction component redacts the one or more portions from the content item based on the XPath expression.
  - 16. The one or more non-transitory computer-readable media of claim 12 wherein:
    - the authorization response includes an indication of which redaction technique, of a plurality of redaction techniques supported by the redaction component, is to be used to redact the one or more portions; and
      
      based on the indication in the authorization response, the component indicates, in the redaction request, the redaction technique that is to be used to redact the one or more portions.
  - 17. The one or more non-transitory computer-readable media of claim 12 wherein the method further comprises the authorization component inspecting a set of stored policies to determine whether the entity is permitted to access the content item.
  - 18. The one or more non-transitory computer-readable media of claim 17 wherein the stored policies include a particular policy that indicates that the one or more portions are to be redacted from the content item prior to providing the content item to the entity.
  - 19. The one or more non-transitory computer-readable media of claim 18 wherein:
    - the particular policy indicates that a particular redaction technique is to be used to redact the one or more portions; and
      
      the authorization response includes an indication of the particular redaction technique.
  - 20. The one or more non-transitory computer-readable media of claim 19 wherein the particular redaction technique is a particular encryption technique, of a plurality of encryption techniques supported by the redaction component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Fendt, Patrick

Application Number

US13/288,909
Publication Number

US 20130117802A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2117   User registration

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

AUTHORIZATION-BASED REDACTION OF DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

45 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHORIZATION-BASED REDACTION OF DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links