Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
2001-03-26
2004-06-29
Pardo, Thuy N. (Department: 2175)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000, C707S793000, C707S793000, C707S793000
Reexamination Certificate
active
06757690
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
Embodiments of the present invention relate to information processing and more specifically to monitoring access to a database.
2. Background of the Related Art
Databases are computerized information storage and retrieval systems. A relational database management system (RDBMS) is a computer database management system that uses relational techniques for storing and retrieving data. Relational databases are computerized information storage and retrieval systems in which data in the form of tables (formally denominated “relations”) are typically stored for use on disk drives or similar mass data stores. A “table” includes a set of rows (formally denominated “tuples” or “records”) spanning several columns (formally denominated “attributes”). Reference is made to C. J. Date,
An Introduction to Database Systems
, 6th edition, Addison-Wesley Publishing Co. Reading, Mass. (1994) for an comprehensive general treatment of the relational database art.
An RDBMS is structured to accept commands to store, retrieve and delete data using, for example, high-level query languages such as the Structured Query Language (SQL). The term “query” denominates a set of commands for retrieving data from a stored database. The SQL standard has been promulgated by the International Standards Association since 1986.
An important need for entities using databases is the ability to restrict access to confidential or private information. For example, a business may require such restriction as a matter of internally implemented business processes or to comply with government regulations. Typically, access to a database is secured by an authorization list. An authorization list contains those individuals who have access to the files or tables in the database. The granularity of the authorization list may be at the file or table level, or maybe specific to columns of a table. The authorization list may further restrict what operations a user can perform on a table or a specific column in the table. For example, the user may be able to read or view the data, but not change or update the data.
Despite the conventional restriction methods being employed, there exists the possibility that the restricted information could be used improperly by individuals having authorization to access the information. Accordingly, simply securing the data may not provide sufficient control over the access to the data. This is especially true in large corporations or business entities having many divisions and many individuals requiring access to the corporate databases.
Therefore, what is needed is a mechanism to audit, or monitor, which individuals are accessing restricted data, and how often the accesses are occurring. In addition, it may be desirable to monitor trends, such as repeated accesses to a particular database.
SUMMARY OF THE INVENTION
In one embodiment, a data structure contained in a database, comprises a data access trigger definition defined on a table, wherein the data access trigger definition is configured for execution upon detection of an access attempt by a data access entity of at least a portion of one record of the table.
In another embodiment, a method of monitoring access attempts to a table contained within a database is provided. The method comprising receiving, from an entity, a request to access at least a portion of a record of a table having at least one data access trigger defined thereon and executing the at least one data access trigger. The data access trigger is configured to perform a logging process, comprising writing access information to a log.
In another embodiment, a method of monitoring access attempts to a table contained within a database is provided. The method comprising receiving, from an entity, a request to access at least a portion of a record of a table having at least one data access trigger defined thereon and executing the at least one data access trigger. The data access trigger is configured to perform a logging process, comprising writing access information to a log and modifying the information being requested before returning the information to the entity.
In another embodiment, a signal bearing medium containing a program which, when executed by at least one processor, performs a method of monitoring access attempts to a table contained within a database is provided. The method comprising receiving, from an entity, a request to access at least a portion of a record of a table having at least one data access trigger defined thereon and executing the at least one data access trigger. The data access trigger is configured to perform a logging process, comprising writing access information to a log. In another embodiment, the information being requested is modified prior to being returned to the entity.
REFERENCES:
patent: 5457800 (1995-10-01), Howells et al.
patent: 5572673 (1996-11-01), Shurts
patent: 5680614 (1997-10-01), Bakuya et al.
patent: 5682535 (1997-10-01), Knudsen
patent: 5809566 (1998-09-01), Charney et al.
patent: 5926819 (1999-07-01), Doo et al.
patent: 6065012 (2000-05-01), Balsara et al.
patent: 6374236 (2002-04-01), Chen et al.
patent: 0 811 944 (1997-12-01), None
patent: WO 00/72563 (2000-11-01), None
Aldrich Craig S.
Anderson Mark John
Brettin Kevin Robert
Euler Theresa Renee
Heimer Scott Joseph
International Business Machines - Corporation
Moser Patterson & Sheridan LLP
Pardo Thuy N.
LandOfFree
Method and system for monitoring and securing data access in... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for monitoring and securing data access in..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for monitoring and securing data access in... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3360861