US2006259950A1PendingUtilityA1
Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior
Est. expiryFeb 18, 2025(expired)· nominal 20-yr term from priority
Inventors:Ulf Mattsson
G06F 21/6227G06F 2221/2141G06F 21/6245G06F 21/60G06F 21/604H04L 63/1433G06F 21/6218G06F 12/16G06F 12/1458G06F 12/1416G06F 12/14G06F 17/00
50
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
A method for controlling data access in a data-at-rest system includes executing a link intrusion prevention analysis between multiple layers of the data-at-rest system, introducing a privacy policy at enforcement points that span multiple system layers, and dynamically altering the privacy policy.
Claims
exact text as granted — not AI-modified1 . A method for controlling data access in a data-at-rest system, the method comprising:
executing a link intrusion prevention analysis between multiple layers of the data-at-rest system; introducing a privacy policy at enforcement points that span multiple system layers; and dynamically altering the privacy policy.
2 . The method of claim 1 , wherein the data-at-rest system is a database system.
3 . The method of claim 1 , further comprising modifying the protection of data at one of the multiple system layers.
4 . The method of claim 3 , wherein the step of modifying is performed based on a result of the link intrusion prevention analysis.
5 . The method of claim 1 , wherein the privacy policy comprises access control information.
6 . The method of claim 1 , wherein the privacy policy comprises intrusion detection information.
7 . The method of claim 1 , wherein the privacy policy comprises cryptographic information.
8 . A computer-readable medium containing instructions for causing a computer to perform the method of claim 1 .
9 . A method for controlling access to a database system, the method comprising:
assigning a first access criterion and a second access criterion to a user role; receiving a query from a user, the user having an access history; determining that the user matches the user role; comparing, in a first system layer, the access history to the first access criterion; and comparing, in a second system layer that differs from the first system layer, the access history to the second access criterion.
10 . The method of claim 9 , wherein the first access criterion comprises a privacy policy.
11 . The method of claim 9 , further comprising learning a value for the first access criterion.
12 . The method of claim 9 , further comprising selecting a response to the query,
wherein the response is selected from the group consisting of blocking the query, alerting a system administrator and allowing the query, and allowing the query.
13 . The method of claim 12 , wherein selecting a response to the query comprises selecting a response to the query based on a result of the step of comparing in a first system layer.
14 . A computer-readable medium containing instructions for causing a computer to perform the method of claim 9 .
15 . A method for accessing data, the method comprising:
in a first system layer, receiving a first request from a user, the user having an access history, the access history including a counter; in the first system layer, comparing the counter to a first threshold; and transmitting a second request to a second system layer, the second request being based on the first request.
16 . The method of claim 14 , further comprising comparing the counter to a second threshold.
17 . The method of claim 14 , wherein the counter comprises a scorecard.
18 . The method of claim 14 , further comprising:
determining that the counter exceeds a third threshold; and alerting a system administrator.
19 . The method of claim 14 , further comprising:
in the first system layer, transmitting a notification to the second system layer to deny the second request.
20 . A system comprising:
a computer-readable medium as recited in claim 14; and a computer in data communication with the computer-readable medium.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.