Dynamic data masking system and method

摘要

A system and method for providing dynamic data masking for databases through a data masking apparatus.

主权项

1. A method for providing data masking in a system having a database operated by computational hardware and an accessing application operated by a computer, the method comprising:
providing a data masking apparatus comprising a procedure analyzer for handling requests between the accessing applications and the databases, wherein said apparatus is operated by a computer; retrieving at least one stored procedure from said database by said apparatus prior to receiving a request from an accessing application; analyzing said stored procedure by said procedure analyzer to determine whether a sensitive field is present; wherein said analyzing for said stored procedure comprises: decomposing said stored procedure to detect each field; and determining a sensitiveness category for each field; wherein for a field involving a variable that is dependent upon a prior result, categorizing said dependent field by said analyzer as potentially sensitive, and further analyzing said potentially sensitive field by said procedure analyzer at run time; wherein when said sensitive field is present, changing said stored procedure by said procedure analyzer to mask said sensitive field according to dynamic data masking; storing said changed stored procedure in said database by said procedure analyzer; and by said apparatus, receiving the request for the stored procedure from said accessing application; executing said changed stored procedure at said database; and providing a result of said executing to said accessing application.