Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
1998-09-03
2002-01-01
Mizrahi, Diane (Department: 2171)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000, C709S203000, C709S216000, C709S218000, C713S155000, C713S161000, C713S166000
Reexamination Certificate
active
06336114
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention generally relates to data security systems and, in particular, to a system and method for preventing unauthorized access of a information stored within a column of a data table.
2. Related Art
Current database systems store a variety of information, and it is often desirable to keep the information stored within many database systems private. Therefore, in many applications, it is important to allow only authorized users to access the information stored within a database system. Furthermore, it is often desirable for authorized users to access the information within the database system from remote locations.
In many prior art systems, a server at the premises of the database system is utilized to enable remote access to the database system. To retrieve data from the database system remotely, an authorized user establishes communication with the server, and the server verifies that the user is an authorized user. For example, the server typically requires the user to enter a valid password before allowing the user to connect to the database system. If the user enters a valid password, then the server allows the user's computer (the client) to connect to the database system. The client then queries the database system through Structured Query Language (SQL) queries (or other types of queries) in order to retrieve the desired data from databases within the database system.
Many times, the user is only authorized to access certain data within the database system. Therefore, the database system typically includes security features that restrict the user's access to certain data within the database system based on the user's password, which identifies the user. For example, many database systems include a plurality of data tables where each data table include multiple columns of information. A particular user might be authorized to access information in some of the columns but unauthorized to access information in other columns. Consequently, many secure database systems require a user password before allowing the user to retrieve information. The user password identifies the user to the database and is used by the database to deny access to any of the columns of information designated as unauthorized to the user.
However, in some situations, restricting an authorized user's access to columns of information within database system may not be sufficient. In this regard, a column of information in current database system is usually divided into a plurality of rows. It may be desirable to further restrict the data accessible to a user according to certain rows within the column. Furthermore, if an unauthorized user manages to discover a valid password, the impact of the breach of security can be minimized if the discovered password enables access only to certain tables and to certain rows within these certain tables.
Most current database systems, however, restrict access to a data table only to certain columns of information. Therefore, a valid password enables access to all of the information contained within a column that is accessible via the password. Consequently, the password supplied to a server may be used to restrict database access to certain authorized users and to certain columns of information within a database system. However, most current database systems fail to restrict database access of authorized users to certain rows of information stored within the columns of the database.
Thus, a heretofore unaddressed need exists in the industry for providing a more system and method for restricting access to the information within an accessible column of information in a database.
SUMMARY OF THE INVENTION
The present invention overcomes the inadequacies and deficiencies of the prior art as discussed herein. In general, the present invention provides a system and method for utilizing a server computer to restrict access to certain information within a column of database.
The present invention utilizes a client computer (client), a server computer (server), and a database system. The client establishes communication with the server and submits a request for data to the server. The server receives the request and retrieves data from a column within a table of the database system in response to the request. The server then determines which rows within the column can be accessed by a user of the client. The server discards data or requests for data associated with rows that the user is not authorized to access.
In accordance with another feature of the present invention, the server includes a security information table. The security information table includes predefined values that indicate which rows of information within the database system are accessible to the user. The server analyzes these values in order to determine whether the user is authorized to access a particular row.
The present invention has many advantages, a few of which are delineated hereafter, as mere examples.
An advantage of the present invention is that an authorized user can be prevented from accessing certain data within a column of a data table that is accessible to the user.
Another advantage of the present invention is that a database system can be remotely accessible without allowing unauthorized users to connect with the database system.
Another advantage of the present invention is that an authorized user only gains access to certain information within the database system.
Other features and advantages of the present invention will become apparent to one skilled in the art upon examination of the following detailed description, when read in conjunction with the accompanying drawings. It is intended that all such features and advantages be included herein within the scope of the present invention, as is defined by the claims.
REFERENCES:
patent: 4817050 (1989-03-01), Komatsu et al.
patent: 4891785 (1990-01-01), Donohoo
patent: 5177789 (1993-01-01), Covert
patent: 5196840 (1993-03-01), Leith et al.
patent: 5253341 (1993-10-01), Rozmanith et al.
patent: 5349675 (1994-09-01), Fitzgerald et al.
patent: 5416917 (1995-05-01), Adair et al.
patent: 5446740 (1995-08-01), Yien et al.
patent: 5471611 (1995-11-01), McGregor
patent: 5550976 (1996-08-01), Henderson et al.
patent: 5581749 (1996-12-01), Hossain et al.
patent: 5611048 (1997-03-01), Jacobs et al.
patent: 5628011 (1997-05-01), Ahamed et al.
patent: 5649103 (1997-07-01), Datta et al.
patent: 5664173 (1997-09-01), Fast
patent: 5701461 (1997-12-01), Dalal et al.
patent: 5706434 (1998-01-01), Kremen et al.
patent: 5708832 (1998-01-01), Inniss et al.
patent: 5710918 (1998-01-01), Lagarde et al.
patent: 5713018 (1998-01-01), Chan
patent: 5719941 (1998-02-01), Swift et al.
patent: 5721780 (1998-02-01), Ensor et al.
patent: 5737592 (1998-04-01), Nguyen et al.
patent: 5752242 (1998-05-01), Havens
patent: 5768381 (1998-06-01), Hawthorne
patent: 5819268 (1998-10-01), Hackett
patent: 5862323 (1999-01-01), Blakley, III et al.
patent: 5864843 (1999-01-01), Carino, Jr. et al.
patent: 5918013 (1999-06-01), Mighdoll et al.
patent: 5944824 (1999-08-01), He
patent: 5956400 (1999-09-01), Chaum et al.
patent: 5970075 (1999-10-01), Wasada
patent: 6047072 (2000-04-01), Field et al.
patent: 6070245 (2000-05-01), Murphy, Jr. et al.
patent: 6088699 (2000-07-01), Gampper et al.
patent: 6088700 (2000-07-01), Larsen et al.
patent: 6134591 (2000-10-01), Nickles
IEEE publication entitled, “Light weight security for parallel access to multiple mirror sites” by Buelent Yener, Inf. Sci. Res Center, Lucent Technol. Bell Lab, Murray Hill, NJ; Computers and Communications, Proced. 2000, Fifth IEEE Symposium, pp. 180-185.*
“Network-vs. Host-based Intrusion Detection, A Guide to Intrusion Detection Technology”, Internet Security Systems, Oct. 2, 1998, pp. 2-10.
“Getting Past the Cyberspace Hype: Adaptive Security—A Model Solution—A Solution Model”, Internet Security Systems, Jun. 15, 1997, pp. 1-24.
“Securing Operating Platforms: A solution for tightening system security”, Internet Security Syst
Holland Jon E.
Lanier Ford Shaver & Payne P.C.
Mizrahi Diane
Westcorp Software Systems, Inc.
LandOfFree
System and method for restricting access to a data table... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for restricting access to a data table..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for restricting access to a data table... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2856083