| 发明名称 |
Prevention of information leakage from a document based on dynamic database label based access control (LBAC) policies |
| 摘要 |
In a method for preventing information leakage in a workflow environment, a computer system receives a request to access documents in a repository. In one aspect, the computer system identifies articles in the document against the access credentials of the requestor. Further, the computer system extracts protected information from rows and columns in the articles based on label access controls. In another aspect, the computer system generates protected values in the extracted protected information from the rows and generating protected patterns in the extracted protected information from the columns. The computer system redacts the generated protected value and the generated protected patterns based on the access credentials of the requestor. |
| 申请公布号 |
US8918895(B2) |
申请公布日期 |
2014.12.23 |
| 申请号 |
US201313890329 |
申请日期 |
2013.05.09 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Agrawal Sheshnarayan;Mohania Mukesh K. |
| 分类号 |
G06F7/04;H04L29/06;G06F21/62;G06F21/60 |
主分类号 |
G06F7/04 |
| 代理机构 |
|
代理人 |
Kashef Mohammed;Bangali Arnold |
| 主权项 |
1. A method for preventing information leakage from a document, the method comprising the steps of:
a computer system receiving a request to access documents in a repository, wherein the request includes a plurality of search parameters including a parameter identifying a keyword search or a parameter identifying a unique ID search of the document; the computer system matching articles in the document against access credentials of a requestor, wherein the plurality of search parameters are merged with the matched articles in the documents based on the access credentials of the requestor; the computer system extracting structured information in the document; the computer system extracting protected information from rows and columns from the articles of the extracted structured information based on label access controls, wherein the label access controls define one or more security policies in the repository, and wherein the one or more security policies determine whether the requestor has privilege to access information in the repository based on the access credentials of the requestor; the computer system generating protected values in the extracted protected information from the rows and generating protected patterns in the extracted protected information from the columns; and the computer system redacting the generated protected values and the protected patterns. |
| 地址 |
Armonk NY US |
