Browse Prior Art Database

Group Level Data Masking in Relational Databases

IP.com Disclosure Number: IPCOM000237776D
Publication Date: 2014-Jul-10
Document File: 2 page(s) / 37K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method and computer program product to be used as part of a relational database manager. The system consists of designating a plurality of database table columns as SPI or BPI fields, and designating one or more individual accounts into a special group of individual accounts having read access to tables containing Sensitive Personal Information (SPI) or Business Personal Information (BPI) fields.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

Group Level Data Masking in Relational Databases

Different levels of authorizations on a relational database can be granted to individual accounts or groups of individual accounts. An account with no authorization to read a particular database table or view receives an error return code when attempting to read the table. The next higher level authorization is Select authority, with which an individual authorized account can typically read all columns of the database table or view. If needed, individual columns can be protected from access using access control capabilities, but accounts without the required credentials for one or more table columns attempting to read these columns are confronted with an error return code and no records returned.

Typically, the protected columns might contain Sensitive Personal Information (SPI) or Business Personal Information (BPI), and certain applications may require that the data in these columns be masked with dummy data. While database table views can be defined, the views must be individually designed for each application use and individually authorized for different accounts or groups of accounts. An example of this problem is a database supporting an application system containing SPI or BPI fields that need to be audited by independent auditors at any time. The auditors need to run the application program without seeing any of the confidential data in the SPI or BPI columns. With current techniques, custom views need to be defined on the base tables, and application programs need to be modified to produce terminal output or reports with masked data, which defeats the purpose of the audit itself. Off-the-shelf data masking utilities are available, but these programs generally produce masked data by physically and permanently changing the SPI or BPI column data on the database (as in masking confidential data on migrated production databases restored to a test server).

Disclosed is a method and computer program product to be used as part of a relational database manager which consists of designating a...