US2006259950A1PendingUtilityA1

Multi-layer system for privacy enforcement and monitoring of suspicious data access behavior

50
Assignee: MATTSSON ULFPriority: Feb 18, 2005Filed: Feb 17, 2006Published: Nov 16, 2006
Est. expiryFeb 18, 2025(expired)· nominal 20-yr term from priority
Inventors:Ulf Mattsson
G06F 21/6227G06F 2221/2141G06F 21/6245G06F 21/60G06F 21/604H04L 63/1433G06F 21/6218G06F 12/16G06F 12/1458G06F 12/1416G06F 12/14G06F 17/00
50
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A method for controlling data access in a data-at-rest system includes executing a link intrusion prevention analysis between multiple layers of the data-at-rest system, introducing a privacy policy at enforcement points that span multiple system layers, and dynamically altering the privacy policy.

Claims

exact text as granted — not AI-modified
1 . A method for controlling data access in a data-at-rest system, the method comprising: 
 executing a link intrusion prevention analysis between multiple layers of the data-at-rest system;    introducing a privacy policy at enforcement points that span multiple system layers; and    dynamically altering the privacy policy.    
   
   
       2 . The method of  claim 1 , wherein the data-at-rest system is a database system.  
   
   
       3 . The method of  claim 1 , further comprising modifying the protection of data at one of the multiple system layers.  
   
   
       4 . The method of  claim 3 , wherein the step of modifying is performed based on a result of the link intrusion prevention analysis.  
   
   
       5 . The method of  claim 1 , wherein the privacy policy comprises access control information.  
   
   
       6 . The method of  claim 1 , wherein the privacy policy comprises intrusion detection information.  
   
   
       7 . The method of  claim 1 , wherein the privacy policy comprises cryptographic information.  
   
   
       8 . A computer-readable medium containing instructions for causing a computer to perform the method of  claim 1 .  
   
   
       9 . A method for controlling access to a database system, the method comprising: 
 assigning a first access criterion and a second access criterion to a user role;    receiving a query from a user, the user having an access history;    determining that the user matches the user role;    comparing, in a first system layer, the access history to the first access criterion; and    comparing, in a second system layer that differs from the first system layer, the access history to the second access criterion.    
   
   
       10 . The method of  claim 9 , wherein the first access criterion comprises a privacy policy.  
   
   
       11 . The method of  claim 9 , further comprising learning a value for the first access criterion.  
   
   
       12 . The method of  claim 9 , further comprising selecting a response to the query, 
 wherein the response is selected from the group consisting of blocking the query, alerting a system administrator and allowing the query, and allowing the query.    
   
   
       13 . The method of  claim 12 , wherein selecting a response to the query comprises selecting a response to the query based on a result of the step of comparing in a first system layer.  
   
   
       14 . A computer-readable medium containing instructions for causing a computer to perform the method of  claim 9 .  
   
   
       15 . A method for accessing data, the method comprising: 
 in a first system layer, receiving a first request from a user, the user having an access history, the access history including a counter;    in the first system layer, comparing the counter to a first threshold; and    transmitting a second request to a second system layer, the second request being based on the first request.    
   
   
       16 . The method of  claim 14 , further comprising comparing the counter to a second threshold.  
   
   
       17 . The method of  claim 14 , wherein the counter comprises a scorecard.  
   
   
       18 . The method of  claim 14 , further comprising: 
 determining that the counter exceeds a third threshold; and    alerting a system administrator.    
   
   
       19 . The method of  claim 14 , further comprising: 
 in the first system layer, transmitting a notification to the second system layer to deny the second request.    
   
   
       20 . A system comprising: 
 a computer-readable medium as recited in  claim 14;  and    a computer in data communication with the computer-readable medium.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.