FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See Section 10 and Rule 13)
Title of invention: METHOD AND SYSTEM FOR DATA MASKING
Applicant
Tata Consultancy Services Limited A company Incorporated in India under the Companies Act, 1956
Having address:
Nirmal Building, 9th floor,
Nariman point, Mumbai 400021,
Maharashtra, India
Preamble to the description:
The following specification particularly describes the invention and the manner in
which it is to be performed.

TECHNICAL FIELD [001] The disclosure herein generally relates to data security, and, more particularly, to a method and system for data masking for data security.
BACKGROUND
[002] In today's data driven digital business landscape, enterprises frequently/periodically need to share, replicate, reciprocate, or test their datasets which often contain sensitive or confidential information. The challenge arises when enterprises want to leverage this vast data for secondary needs such as development, analytics or for that matter testing without exposing the genuine data to potential risks. Exposing real data, even accidentally lead to breaches of privacy, regulatory non compliance, and potential financial or company reputational repercussions.
[003] Existing data security related approaches/systems have the following disadvantages. One, they are platform not agnostic, i.e., they are customized for certain types of data or their data store. Such an approach becomes non-feasible when data having heterogeneous nature is to be masked. Another disadvantage is that majority of the existing approaches are confined to performing data masking at rest, thus making them non-suitable for performing data masking on the fly, which is what majority of the applications demand.
SUMMARY [004] Embodiments of the present disclosure present technological improvements as solutions to one or more of the above-mentioned technical problems recognized by the inventors in conventional systems. For example, in one embodiment, a processor implemented method is provided. The method includes receiving, via one or more hardware processors, an input data. Further, a sensitive data is identified, via the one or more hardware processors, from the received data. Further, a dictionary of a plurality of data elements associated with the sensitive data is stored, via the one or more hardware processors, in a temporary table. Further, a unique algorithmic hash value for each of the plurality of data elements

is generated, via the one or more hardware processors, by appending characters of a plurality of parameters, wherein the plurality of parameters comprise of table name, Media Access Control (MAC), network address of a host, one or more random values, and a timestamp. Further, the one unique algorithmic hash value of each of the plurality of data elements is assigned, via the one or more hardware processors, to the identified sensitive data, causing the plurality of data elements to align in a pre-defined order with respect to the hash values, comprising: ordering each of the plurality of data elements in a pre-defined order with respect to the hash values of the resultant; assigning grades to each of aligned data elements in pre¬defined order; and aligning each of the plurality of data elements with a field value associated with a next grade in the pre-defined order. Further, values in the temporary table are replaced, via the one or more hardware processors, with the aligned data elements.
[005] In an embodiment of the method, aligning each of the plurality of data elements with the field value comprises of aligning nth Grade with (n+1)th Grade and a last element with field value associated with the nth Grade.
[006] In another aspect, a system is provided. The system includes one or more hardware processors, a communication interface, and a memory storing a plurality of instructions. The plurality of instructions cause the one or more hardware processors to receive an input data. Further, a sensitive data is identified, via the one or more hardware processors, from the received data. Further, a dictionary of a plurality of data elements associated with the sensitive data is stored, via the one or more hardware processors, in a temporary table. Further, a unique algorithmic hash value for each of the plurality of data elements are generated, via the one or more hardware processors, by appending characters of a plurality of parameters, wherein the plurality of parameters comprise of table name, Media Access Control (MAC), network address of a host, one or more random values, and a timestamp. Further, the unique algorithmic hash value of each of the plurality of data elements is assigned, via the one or more hardware processors, to the identified sensitive data, causing the plurality of data elements to align in a pre-defined order with respect to the hash values, by: ordering each of the plurality of data elements

in a pre-defined order with respect to the hash values of the resultant; assigning grades to each of aligned data elements in pre-defined order; and aligning each of the plurality of data elements with a field value associated with a next grade in the pre-defined order. Further, values in the temporary table are replaced, via the one or more hardware processors, with the aligned data elements.
[007] In another embodiment of the system, aligning each of the plurality of data elements with the field value comprises of aligning nth Grade with (n+1)th Grade and a last element with field value associated with the nth Grade.
[008] In yet another aspect, a non-transitory computer readable medium is provided. The non-transitory computer readable medium includes a plurality of instructions which when executed, cause one or more hardware processors to receive an input data. Further, a sensitive data is identified, via the one or more hardware processors, from the received data. Further, a dictionary of a plurality of data elements associated with the sensitive data is stored, via the one or more hardware processors, in a temporary table. Further, a unique algorithmic hash value for each of the plurality of data elements is generated, via the one or more hardware processors, by appending characters of a plurality of parameters, wherein the plurality of parameters comprise of table name, Media Access Control (MAC), network address of a host, one or more random values, and a timestamp. Further, the unique algorithmic hash value of each of the plurality of data elements is assigned, via the one or more hardware processors, to the identified sensitive data, causing the plurality of data elements to align in a pre-defined order with respect to the hash values, comprising: ordering each of the plurality of data elements in a pre¬defined order with respect to the hash values of the resultant; assigning grades to each of aligned data elements in pre-defined order; and aligning each of the plurality of data elements with a field value associated with a next grade in the pre-defined order. Further, values in the temporary table are replaced, via the one or more hardware processors, with the aligned data elements.
[009] In an embodiment of the non-transitory computer readable medium, aligning each of the plurality of data elements with the field value comprises of

aligning nth Grade with (n+1)th Grade and a last element with field value associated with the nth Grade.
[010] It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
BRIEF DESCRIPTION OF THE DRAWINGS
[011] The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate exemplary embodiments and, together with the description, serve to explain the disclosed principles:
[012] FIG. 1 illustrates an exemplary system for data masking, according to some embodiments of the present disclosure.
[013] FIGS. 2A and 2B (collectively referred to as FIG. 2) is a flow diagram depicting steps involved in the process of data masking by the system of FIG. 1, according to some embodiments of the present disclosure.
[014] FIGS. 3A through 3E depict an example workflow of the process of data masking by the system of FIG. 1, according to some embodiments of the present disclosure.
DETAILED DESCRIPTION OF EMBODIMENTS [015] Exemplary embodiments are described with reference to the accompanying drawings. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. Wherever convenient, the same reference numbers are used throughout the drawings to refer to the same or like parts. While examples and features of disclosed principles are described herein, modifications, adaptations, and other implementations are possible without departing from the scope of the disclosed embodiments.
[016] Existing data security related approaches/systems have the following disadvantages. One, they are platform agnostic, i.e., they are customized for certain types of data or their data store. Such an approach becomes non-feasible when data having heterogeneous nature is to be masked. Another disadvantage is

that majority of the existing approaches are confined to performing data masking at rest, thus making them non-suitable for performing data masking on the fly, which is what majority of the applications demand.
[017] To address these challenges, method and system disclosed in the embodiments herein use a data masking approach, which uses the following approach. Initially, an input data is received. Further, a sensitive data is identified from the received data. Further, a dictionary of a plurality of data elements associated with the sensitive data is stored in a temporary table. Further, one or more unique values and hash values of a resultant are generated by appending characters of a plurality of parameters, wherein the plurality of parameters comprise of table name, Media Access Control (MAC), network address of a host, one or more random values, and a timestamp. Further, the one or more unique values and the hash values are assigned to the identified sensitive data, causing the plurality of data elements to align in a pre-defined order with respect to the hash values. Further, grades are assigned to each of aligned data elements in pre-defined order. Further, each of the plurality of data elements are aligned with a field value associated with a next grade in the pre-defined order. Further, values in the temporary table are replaced with the aligned data elements. This approach can be used to process any data irrespective of type of data, thus solving the platform agnostic nature of the existing approaches. This approach is also capable of receiving and processing data on the fly, facilitating dynamic data masking.
[018] Referring now to the drawings, and more particularly to FIG. 1 through FIG. 3E, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments and these embodiments are described in the context of the following exemplary system and/or method.
[019] FIG. 1 illustrates an exemplary system for data masking, according to some embodiments of the present disclosure. The system 100 includes or is otherwise in communication with hardware processors 102, at least one memory such as a memory 104, an I/O interface 112. The hardware processors 102, memory 104, and the Input /Output (I/O) interface 112 may be coupled by a system bus such

as a system bus 108 or a similar mechanism. In an embodiment, the hardware processors 102 can be one or more hardware processors.
[020] The I/O interface 112 may include a variety of software and hardware interfaces, for example, a web interface, a graphical user interface, and the like. The I/O interface 112 may include a variety of software and hardware interfaces, for example, interfaces for peripheral device(s), such as a keyboard, a mouse, an external memory, a printer and the like. Further, the I/O interface 112 may enable the system 100 to communicate with other devices, such as web servers, and external databases.
[021] The I/O interface 112 can facilitate multiple communications within a wide variety of networks and protocol types, including wired networks, for example, local area network (LAN), cable, etc., and wireless networks, such as Wireless LAN (WLAN), cellular, or satellite. For the purpose, the I/O interface 112 may include one or more ports for connecting several computing systems with one another or to another server computer. The I/O interface 112 may include one or more ports for connecting several devices to one another or to another server.
[022] The one or more hardware processors 102 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, node machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the one or more hardware processors 102 is configured to fetch and execute computer-readable instructions stored in the memory 104.
[023] The memory 104 may include any computer-readable medium known in the art including, for example, volatile memory, such as static random-access memory (SRAM) and dynamic random-access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes. In an embodiment, the memory 104 includes a plurality of modules 106.
[024] The plurality of modules 106 include programs or coded instructions that supplement applications or functions performed by the system 100 for executing different steps involved in the process of the data masking. The plurality

of modules 106, amongst other things, can include routines, programs, objects, components, and data structures, which performs particular tasks or implement particular abstract data types. The plurality of modules 106 may also be used as, signal processor(s), node machine(s), logic circuitries, and/or any other device or component that manipulates signals based on operational instructions. Further, the plurality of modules 106 can be used by hardware, by computer-readable instructions executed by the one or more hardware processors 102, or by a combination thereof. The plurality of modules 106 can include various sub-modules (not shown). The plurality of modules 106 may include computer-readable instructions that supplement applications or functions performed by the system 100 for the data masking.
[025] The data repository (or repository) 110 may include a plurality of abstracted piece of code for refinement and data that is processed, received, or generated as a result of the execution of the plurality of modules in the module(s) 106.
[026] Although the data repository 110 is shown internal to the system 100, it will be noted that, in alternate embodiments, the data repository 110 can also be implemented external to the system 100, where the data repository 110 may be stored within a database (repository 110) communicatively coupled to the system 100. The data contained within such external database may be periodically updated. For example, new data may be added into the database (not shown in FIG. 1) and/or existing data may be modified and/or non-useful data may be deleted from the database. In one example, the data may be stored in an external system, such as a Lightweight Directory Access Protocol (LDAP) directory and a Relational Database Management System (RDBMS). Functions of the components of the system 100 are now explained with reference to the steps in flow diagram in FIG. 2.
[027] FIGS. 2A and 2B (collectively referred to as FIG. 2) is a flow diagram depicting steps involved in the process of data masking by the system of FIG. 1, according to some embodiments of the present disclosure. At step 202 of method 200 in FIG. 2, the system 100 receives, via the one or more hardware

processors 102, an input data. For example, consider the following table (Table. 1) with Employee name details is received as the input.

ID First Name Last Name
1 Aman Gandhi
2 Jyoti Mahajan
3 Ajay Garg
4 Amarjit Saini
5 Michael Narang
6 Scott Capista
7 Hugo T
8 Ghufran Ahmad
Table. 1
[028] In an embodiment, the input data may be fed as input to the system 100 by a user, via an appropriate interface provided by the I/O interface 112. In another embodiment, the system 100 may automatically fetch the input data from one or more data sources or external systems associated with the system 100, via the I/O interface 112.
[029] Further, at step 204 of the method 200, the system 100 identifies at least a part of the input data as sensitive data, via the one or more hardware processors 102. In an embodiment, the system 100 may identify the sensitive data based on a user input received. For example, if a user of the system 100 specifies that the names in Table. 1 are to be masked, then the system 100 identifies all columns containing the name data as the sensitive data.
[030] Further, at step 206 of the method 200, the system 100 stores a dictionary of a plurality of data elements associated with the sensitive data in a temporary table, via the one or more hardware processors 102. The data elements are rows of the table where the sensitive data is stored. In the example in Table 1, list of distinct first names and list of distinct last_names are data elements. The dictionary of data elements is created by selecting all unique values of the sensitive field. This step, also termed as assignment, may involve assignment of unique values to each of the plurality of data elements. The unique values maybe generated

using one or more custom algorithms exhibiting characteristics of being unique across data elements, unique across datastores, random within and outside collection, irreversible, and on re-execution assigned variable cannot be predicted. [031] Further, at step 208 of the method 200, a unique algorithmic hash value for each of the plurality of data elements is generated, via the one or more hardware processors 102, by appending characters of a plurality of parameters. The plurality of parameters comprise of table name, Media Access Control (MAC), network address of a host, one or more random values, and a timestamp. Hash value of the resultant is then assigned to each field to be masked. This is depicted in Table. 2. Results for Execution 1 and Execution 2 are given in separate tables. Here, the executions 1 and 2 are done using same data, but at different times on same machine. These results indicate that for the same data the system 100 generates different masking results, making it impossible to backtrack, thus improving data security.
Table. 2 - Execution 1:

FIR LA ST
ST Resultant_ _N Resultant_
I NA Algorithmic_Val Hash Val_ AM Algorithmic_Val Hash Val_
D ME _First_Name First_Name E _First_Name Last_Name

First_NameF91F0 D2430D3B Last_NameF91F0 F69AEB073
206E55802E0E05 D93F18629 206E55A02E0E0 65A154490
Am 3AC15ACC295F E9AB43001 Gan 53AC15ACC295 F94A6E00F
1 an 6Employee DE8915 dhi F6Employee E4B53

First_NameF91F0 D4B8FB197 Last_NameF91F0 6A32321536
206E55C02E0E0 FEB0C1603 Ma 206E55E02E0E0 3EBB32F4D
Jyot 53AC15ACC295 A1403F58F haja 53AC15ACC295 97A554EBC
2 i F6Employee C8B40 n F6Employee 2CCA

Aja First_NameF91F0 655BA7C10 Gar Last_NameF91F0 DC9FE9340
3 y 206E56002E0E05 058A47CF2 g 206E56202E0E05 BCDEC1F4

3AC15ACC295F 23C4BEEC0 3AC15ACC295F 9F079F21A
6Employee DCBB4 6Employee 83A9D0

First_NameF91F0 3D52D93F5 Last_NameF91F0 A1925E5B8
206E56402E0E05 349E40BBF 206E56602E0E05 30997137E0
Am 3AC15ACC295F 71B69F1277 Sai 3AC15ACC295F 1F2AEF047
4 arjit 6Employee 4AE4 ni 6Employee FF72

First_NameF91F0 3B7D842DE Last_NameF91F0 8D6B2C541
206E56802E0E05 0A4DB6A2 206E56A02E0E0 C580A483F
Mic 3AC15ACC295F 2E72C924A Nar 53AC15ACC295 7D379AD9
5 hael 6Employee BBCEBD ang F6Employee DD3AC1

First_NameF91F0 BBDEB336 Last_NameF91F0 D822AC377
206E56C02E0E0 0313F54357 206E56E02E0E0 1E27D9042
Scot 53AC15ACC295 36CB81482 Cap 53AC15ACC295 16B66F6858
6 t F6Employee 09EEE ista F6Employee A266

First_NameF91F0 5FD6D9AD Last_NameF91F0 F7F0CC0B8
206E57002E0E05 7504442C52 206E57202E0E05 E4FB1668F
Hug 3AC15ACC295F FD9DCB19 3AC15ACC295F AC961FE85
7 o 6Employee 117142 T 6Employee 0CA0D

First_NameF91F0 181AD0CE7 Last_NameF91F0 9E67780940
206E57402E0E05 7E1324769B 206E57602E0E05 54E785C61
Ghu 3AC15ACC295F 70EA47AC5 Ah 3AC15ACC295F 77280E7742
8 fran 6Employee AE27 mad 6Employee 80A

FIR LA ST
ST Resultant_ _N Resultant_
I NA Algorithmic_Val Hash Val_ AM Algorithmic_Val Hash Val_
D ME _First_Name First_Name E _First_Name Last_Name

First_NameF91F0 B9FF1104C Last_NameF91F0 1B2324C3D
206E57802E0E05 8174DD242 206E57A02E0E0 D9A541695
Am 3AC15ACC295F ED70BBAB Gan 53AC15ACC295 2F21771536
1 an 6Employee 5E1DEF dhi F6Employee 8B58

First_NameF91F0 9972F80B15 Last_NameF91F0 0DD0AA2A
206E57C02E0E0 C3A198054 Ma 206E57E02E0E0 65C2658D2
Jyot 53AC15ACC295 51CE665728 haja 53AC15ACC295 D8C456E77
2 i F6Employee 785 n F6Employee CEDEC3

First_NameF91F0 FE9387E060 Last_NameF91F0 0122A71201
206E58002E0E05 CFD812A61 206E58202E0E05 4B03598CB
Aja 3AC15ACC295F 8039588826 Gar 3AC15ACC295F C34142B26
3 y 6Employee 540 g 6Employee F349

First_NameF91F0 BBF41CF26 Last_NameF91F0 AE68EA417
206E58402E0E05 95B58984B 206E58602E0E05 4EE1552076
Am 3AC15ACC295F 7CD6F1EC Sai 3AC15ACC295F C221AEA01
4 arjit 6Employee D9CF72 ni 6Employee EA4B

First_NameF91F0 BFD5C89F5 Last_NameF91F0 9418635D1
206E58802E0E05 B78758F402 206E58A02E0E0 EF0E6CFD
Mic 3AC15ACC295F 64F748E1D Nar 53AC15ACC295 E304CABA
5 hael 6Employee CE61 ang F6Employee C5DA190

First_NameF91F0 B65BE3D3 Last_NameF91F0 9C95A1D2F
206E58C02E0E0 C028C1185 206E58E02E0E0 7980871AB
Scot 53AC15ACC295 7004B52337 Cap 53AC15ACC295 BDF48AE6
6 t F6Employee 6DE0C ista F6Employee B1EA73

First_NameF91F0 CC1787686 Last_NameF91F0 A721826D2
206E59002E0E05 F9680AA4E 206E59202E0E05 6F485D69A
Hug 3AC15ACC295F 9DFA434C6 3AC15ACC295F 1739312A22
7 o 6Employee 8D8A5 T 6Employee 3DBD

First_NameF91F0 2D82321BB Last_NameF91F0 4AD408DF6
206E59402E0E05 3115FBA18 206E59602E0E05 A1E214FB7
Ghu 3AC15ACC295F 46AA95368 Ah 3AC15ACC295F 0D0888A7B
8 fran 6Employee B59CF mad 6Employee 46E10
Table. 3 - Execution 2:
Data in Table. 2 and Table. 3 indicate that the non- unique, non-repetitive values are assigned to each data element to be masked.

[032] Further, at step 210 of the method 200, the unique algorithmic hash value of each of the plurality of data elements is assigned, via the one or more hardware processors, to the identified sensitive data. Assigning the one or more unique values and the hash values to the identified sensitive data causes the plurality of data elements to align in a pre-defined order with respect to the hash values, i.e. the masked values are aligned to original value. In an embodiment, assigning the one or more unique values and the hash values to the identified sensitive data involves steps 210a through 210c.
• Step 210a:- At this step, the system 100 orders the data elements in ascending/descending order with respect to the resultant hash value assigned. The system 100 may pick one of the ascending order or descending order, randomly, or based on a user input that is configured with the system 100. Result of Step 1 for Execution 1 is given in Table. 4, and for Execution 2 is given in Table. 5.
First Name (using Execution 2 for this example) – In this sample execution data is designated in ascending order on resultant for first name
Table. 4 – Execution 1:-

FIRST Resultant_Hash Val_Fi
NAME Algorithmic_Val_First_Name rst_Name
First_NameF91F0206E59402E0E0 2D82321BB3115FBA18
Ghufran 53AC15ACC295F6Employee 46AA95368B59CF
First_NameF91F0206E57C02E0E0 9972F80B15C3A198054
Jyoti 53AC15ACC295F6Employee 51CE665728785
First_NameF91F0206E58C02E0E0 B65BE3D3C028C11857
Scott 53AC15ACC295F6Employee 004B523376DE0C
First_NameF91F0206E57802E0E0 B9FF1104C8174DD242
Aman 53AC15ACC295F6Employee ED70BBAB5E1DEF
First_NameF91F0206E58402E0E0 BBF41CF2695B58984B
Amarjit 53AC15ACC295F6Employee 7CD6F1ECD9CF72

First_NameF91F0206E58802E0E0 BFD5C89F5B78758F40
Michael 53AC15ACC295F6Employee 264F748E1DCE61
First_NameF91F0206E59002E0E0 CC1787686F9680AA4E
Hugo 53AC15ACC295F6Employee 9DFA434C68D8A5
First_NameF91F0206E58002E0E0 FE9387E060CFD812A6
Ajay 53AC15ACC295F6Employee 18039588826540
Last Name (using Execution 2 for this example)- In this sample execution data is designated in ascending order on resultant for Last name

LAST Resultant_Hash Val_L
NAME Algorithmic_Val_Last_Name ast_Name
Last_NameF91F0206E58202E0E0 0122A712014B03598CB
Garg 53AC15ACC295F6Employee C34142B26F349
Last_NameF91F0206E57E02E0E0 0DD0AA2A65C2658D2
Mahajan 53AC15ACC295F6Employee D8C456E77CEDEC3
Last_NameF91F0206E57A02E0E0 1B2324C3DD9A541695
Gandhi 53AC15ACC295F6Employee 2F217715368B58
Last_NameF91F0206E59602E0E0 4AD408DF6A1E214FB
Ahmad 53AC15ACC295F6Employee 70D0888A7B46E10
Last_NameF91F0206E58A02E0E0 9418635D1EF0E6CFDE
Narang 53AC15ACC295F6Employee 304CABAC5DA190
Last_NameF91F0206E58E02E0E0 9C95A1D2F7980871AB
Capista 53AC15ACC295F6Employee BDF48AE6B1EA73
Last_NameF91F0206E59202E0E0 A721826D26F485D69A
T 53AC15ACC295F6Employee 1739312A223DBD
Last_NameF91F0206E58602E0E0 AE68EA4174EE155207
Saini 53AC15ACC295F6Employee 6C221AEA01EA4B
Table. 5 – Execution 2
• Step 210b: At this step, the system 100 assigns grades, via the one or more hardware processors 102, to each of aligned data elements in pre-defined order. For example, the system 100 may start from

first position in a sequence when the data elements are arranged in the ascending order. This is depicted in Table. 6 and Table. 7.
First Name (using Execution 2 for this example) – In this sample execution data is assigned grades as per algorithm
Table. 6 – Execution 1
Last Name (using Execution 2 for this example)- In this sample execution data is assigned grades as per algorithm

Garg Last_NameF91F0206E58202E
0E053AC15ACC295F6Employ
ee 0122A712014B03598 CBC34142B26F349 0 1 2 3 4 5 6 7
Mahaj an Last_NameF91F0206E57E02E 0E053AC15ACC295F6Employ ee 0DD0AA2A65C2658 D2D8C456E77CEDE C3

Gandhi Last_NameF91F0206E57A02E 0E053AC15ACC295F6Employ ee 1B2324C3DD9A5416 952F217715368B58

Ahmad Last_NameF91F0206E59602E
0E053AC15ACC295F6Employ
ee 4AD408DF6A1E214F B70D0888A7B46E10

Narang Last_NameF91F0206E58A02E 0E053AC15ACC295F6Employ ee 9418635D1EF0E6CF DE304CABAC5DA1 90

Capist a Last_NameF91F0206E58E02E 0E053AC15ACC295F6Employ ee 9C95A1D2F7980871 ABBDF48AE6B1EA 73

T Last_NameF91F0206E59202E
0E053AC15ACC295F6Employ
ee A721826D26F485D6 9A1739312A223DBD

Saini Last_NameF91F0206E58602E
0E053AC15ACC295F6Employ
ee AE68EA4174EE1552
076C221AEA01EA4
B

Table. 7 – Execution 2
Step 210c: At this step, the system 100, via the one or more hardware
processors 102, aligns each of the plurality of data elements with a
field value associated with a next grade in the pre-defined order. At
this step, the system 100 aligns each data element with field value
associated with an associated next grade, for example nth Grade is
aligned with (n+1)th Grade. The last element in the sequence is
aligned with field value associated with the nth Grade.

[033] Further, at step 212 of the method 200, the system 100 replaces
values in the temporary table with the aligned data elements, via the one or more
hardware processors 102. Replacing the values in the temporary table may involve
the following steps.
Table. 8 - Execution 2 Aligned Data

ID
1 2 3 4 5 6 7 8 First Name Last Name New First Name New Last Name

Aman Gandhi Amarjit Ahmad

Jyoti Mahajan Scott Gandhi

Ajay Garg Ghufran Narang

Amarjit Saini Michael Garg

Michael Narang Hugo Capista

Scott Capista Aman T

Hugo T Ajay Saini

Ghufran Ahmad Jyoti Narang
Table. 9 -Execution 2 Final Masked data

ID First Name Last Name
1 Amarjit Ahmad
2 Scott Gandhi
3 Ghufran Narang
4 Michael Garg
5 Hugo Capista
6 Aman T
7 Ajay Saini
8 Jyoti Narang
[034] To show that algorithm exhibits characteristics of irreversibility,
uniqueness of masked data , for execution 1 on same machine , final masked output
is :-
Table. 10 - Execution 1 Aligned Data

I D
1
2
3 First_Nam e Last_Nam e New_First_Nam e New_Last_Nam e

Aman Gandhi Jyoti T

Jyoti Mahajan Ghufran Narang

Ajay Garg Scott Gandhi

4 5 6 7 8 Amarjit Saini Hugo

Michael Narang Amarjit

Scott Capista Aman

Hugo T Ajay

Ghufran Ahmad Michael

Capista
Ahmad
Garg
Mahajan
Saini

Table. 11 - Execution 1 Final Masked data
ID First Name Last Name
1 Jyoti T
2 Ghufran Narang
3 Scott Gandhi
4 Hugo Capista
5 Amarjit Ahmad
6 Aman Garg
7 Ajay Mahajan
8 Michael Saini
[035] After replacing values in the temporary table with the aligned data
elements, the system 100 may further clean up the data by dropping the temporary
table. The flow is depicted with reference to an example data set in FIGS. 3A through 3E.
[036] The written description describes the subject matter herein to enable any person skilled in the art to make and use the embodiments. The scope of the
subject matter embodiments is defined by the claims and may include other
modifications that occur to those skilled in the art. Such other modifications are intended to be within the scope of the claims if they have similar elements that do not differ from the literal language of the claims or if they include equivalent elements with insubstantial differences from the literal language of the claims.
[037] The embodiments of present disclosure herein address unresolved
problem of data masking. The embodiment thus provides an approach of generating one or more unique values and hash values of a resultant used for the data masking by appending characters of a plurality of parameters, wherein the plurality of parameters comprise of table name, Media Access Control (MAC), network address
of a host, one or more random values, and a timestamp. Moreover, the embodiments
18

herein further provide an approach of aligning original data to masked data, using the unique values and hash values.
[038] It is to be understood that the scope of the protection is extended to such a program and in addition to a computer-readable means having a message therein; such computer-readable storage means contain program-code means for implementation of one or more steps of the method, when the program runs on a server or mobile device or any suitable programmable device. The hardware device can be any kind of device which can be programmed including e.g., any kind of computer like a server or a personal computer, or the like, or any combination thereof. The device may also include means which could be e.g., hardware means like e.g., an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or a combination of hardware and software means, e.g., an ASIC and an FPGA, or at least one microprocessor and at least one memory with software processing components located therein. Thus, the means can include both hardware means and software means. The method embodiments described herein could be implemented in hardware and software. The device may also include software means. Alternatively, the embodiments may be implemented on different hardware devices, e.g., using a plurality of CPUs.
[039] The embodiments herein can comprise hardware and software elements. The embodiments that are implemented in software include but are not limited to, firmware, resident software, microcode, etc. The functions performed by various components described herein may be implemented in other components or combinations of other components. For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can comprise, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
[040] The illustrated steps are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily

defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope of the disclosed embodiments. Also, the words “comprising,” “having,” “containing,” and “including,” and other similar forms are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items. It must also be noted that as used herein and in the appended claims, the singular forms “a,” “an,” and “the” include plural references unless the context clearly dictates otherwise.
[041] Furthermore, one or more computer-readable storage media may be utilized in implementing embodiments consistent with the present disclosure. A computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer-readable storage medium may store instructions for execution by one or more processors, including instructions for causing the processor(s) to perform steps or stages consistent with the embodiments described herein. The term “computer-readable medium” should be understood to include tangible items and exclude carrier waves and transient signals, i.e., be non-transitory. Examples include random access memory (RAM), read-only memory (ROM), volatile memory, nonvolatile memory, hard drives, CD ROMs, DVDs, flash drives, disks, and any other known physical storage media.
[042] It is intended that the disclosure and examples be considered as exemplary only, with a true scope of disclosed embodiments being indicated by the following claims.

We Claim:
1. A processor implemented method (200), comprises:
receiving (202), via one or more hardware processors, an input data;
identifying (204), via the one or more hardware processors, a
sensitive data from the received data;
storing (206), via the one or more hardware processors, a dictionary
of a plurality of data elements associated with the sensitive data in a
temporary table;
generating (208), via the one or more hardware processors, a unique
algorithmic hash value for each of the plurality of data elements, by
appending characters of a plurality of parameters, wherein the
plurality of parameters comprise of table name, Media Access
Control (MAC), network address of a host, one or more random
values, and a timestamp;
assigning (210), via the one or more hardware processors, the unique
algorithmic hash value of each of the plurality of data elements to the
identified sensitive data, causing the plurality of data elements to
align in a pre-defined order with respect to the hash values,
comprising:
ordering (210a) each of the plurality of data elements in a
pre-defined order with respect to the hash values of the
resultant;
assigning (210b) grades to each of aligned data elements in
pre-defined order; and
aligning (210c) each of the plurality of data elements with a
field value associated with a next grade in the pre-defined
order; and replacing (212), via the one or more hardware processors, values in the temporary table with the aligned data elements.

2. The method as claimed in claim 1, wherein aligning each of the plurality of data elements with the field value comprises of aligning nth Grade with (n+1)th Grade and a last element with field value associated with the nth Grade.
3. A system (100), comprises:
one or more hardware processors (102);
a communication interface (112); and
a memory (104) storing a plurality of instructions, wherein the
plurality of instructions cause the one or more hardware processors
to:
receive an input data;
identify a sensitive data from the received data;
store a dictionary of a plurality of data elements associated
with the sensitive data in a temporary table;
generate a unique algorithmic hash value for each of the
plurality of data elements, by appending characters of a
plurality of parameters, wherein the plurality of parameters
comprise of table name, Media Access Control (MAC),
network address of a host, one or more random values, and
a timestamp;
assign the unique algorithmic hash value to the identified
sensitive data, causing the plurality of data elements to align
in a pre-defined order with respect to the hash values, by:
ordering each of the plurality of data elements in a pre-defined order with respect to the hash values of the resultant;
assigning grades to each of aligned data elements in pre-defined order; and

aligning each of the plurality of data elements with a field value associated with a next grade in the pre-defined order; and
replace values in the temporary table with the aligned data
elements.
4. The system as claimed in claim 3, wherein the one or more hardware processors are configured to align nth Grade with (n+1)th Grade and a last element with field value associated with the nth Grade, while aligning each of the plurality of data elements with the field value.