Secure data access using SQL query rewrites

Invention Grant

US09069987B2 Secure data access using SQL query rewrites 有权

Title translation: 使用SQL查询重写来保护数据访问

Please log in to see more content

Patent Title: Secure data access using SQL query rewrites
Patent Title (中): 使用SQL查询重写来保护数据访问
Application No.: US13923609

Application Date: 2013-06-21
Publication No.: US09069987B2

Publication Date: 2015-06-30
Inventor: Edward G. Branish, II , Veerabhadra R. Chinnam , George R. Hughes, Jr. , James C. Sun
Applicant: International Business Machines Corporation
Applicant Address: US NY Armonk
Assignee: International Business Machines Corporation
Current Assignee: International Business Machines Corporation
Current Assignee Address: US NY Armonk
Agent David Zwick; Jeff LaBaw
Main IPC: H04L29/06
IPC: H04L29/06 ; G06F21/62

Secure data access using SQL query rewrites

Abstract:

A mechanism is provided for secure data access in a data processing system. A database having two tables is provided. A subset of the tables' primary key attributes is considered sensitive. A first user is authorized to access the primary key's sensitive attribute in an unmasked format, while a second user is authorized to access same data in a masked format. Two security views are generated granting the second user access to the primary key's sensitive attribute values of both tables in the masked format. The masked format value is generated from an unmasked format value using a reversible function. A join operation between the two security views is performed by optimizing a query statement corresponding to the join operation.

Abstract(Chinese):

提供了一种用于数据处理系统中的安全数据访问的机制。提供了具有两个表的数据库。表的主键属性的子集被认为是敏感的。第一个用户被授权以未屏蔽的格式访问主键的敏感属性，而第二个用户被授权以掩码格式访问相同的数据。生成两个安全视图，允许第二个用户以掩蔽格式访问两个表的主键的敏感属性值。屏蔽格式值使用可逆函数从未屏蔽的格式值生成。通过优化与连接操作相对应的查询语句来执行两个安全视图之间的连接操作。

Public/Granted literature

US20140380051A1 SECURE DATA ACCESS USING SQL QUERY REWRITES Public/Granted day:2014-12-25

Information query

Espacenet