< Back
Sign In to Follow Application
View All Documents & Correspondence
Login

Data Masking

Abstract: A system and a method for data masking at a mainframe application are provided. The method includes receiving a request to access a mainframe application from a user profile. A role assigned to the user-profile is fetched from a roles-repository. The role defines rights associated with the user-profile to access information from the mainframe application. Corresponding to the request, an access session is initiated based on the role. A screen is received corresponding to the access session. The screen includes a plurality of fields, where one or more fields of the plurality of fields includes sensitive data associated with the mainframe application. Contextual information associated with the plurality of fields is identified corresponding to the session. Rules indicative of the fields to be masked, are fetched corresponding to the screen based on the role. The fields are masked based on the rule and the contextual information associated with the fields.

Get Free WhatsApp Updates!
Notices, Deadlines & Correspondence

Patent Information

Application #
Filing Date
13 March 2015
Publication Number
13/2017
Publication Type
INA
Invention Field
CHEMICAL
Status
Email
iprdel@lakshmisri.com
Parent Application
Patent Number
Legal Status
Grant Date
2024-01-01
Renewal Date

Applicants

TATA CONSULTANCY SERVICES LIMITED
Nirmal Building, 9th Floor, Nariman Point, Mumbai, Maharashtra 400021, India

Inventors

1. SAXENA, Rohit
Tata Research Development and Design Centre (TRDDC) 54-B, Hadapsar Industrial Estate, Pune, Maharashtra 411013 India
2. JADHAV, Amit Prakash
Tata Research Development and Design Centre (TRDDC) 54-B, Hadapsar Industrial Estate, Pune, Maharashtra 411013 India
3. SHUKLA, Manish
Tata Research Development and Design Centre (TRDDC) 54-B, Hadapsar Industrial Estate, Pune, Maharashtra 411013, India
4. BANAHATTI, Vijayanand Mahadeo
Tata Research Development and Design Centre (TRDDC) 54-B, Hadapsar Industrial Estate, Pune, Maharashtra 411013, India
5. LODHA, Sachin P.
Tata Research Development and Design Centre (TRDDC) 54-B, Hadapsar Industrial Estate, Pune, Maharashtra 411013, India

Specification

DESC:As Attached ,CLAIMS:1. A computer-implemented method for dynamic masking data associated with a mainframe application hosted on a mainframe server, the method comprising:
receiving, at a hardware including one or more processors and one or more memory devices effecting a computing device, a request to access a mainframe application from a user profile, the user-profile associated with a user and comprising identity information of the user attempting to access the mainframe application, wherein an authentication status of the user profile is valid;
fetching, from a roles-repository, a role assigned to the user-profile, wherein the role associated with the user-profile defines one or more rights to access information from the mainframe application;
initiating, corresponding to the request, an access session with the mainframe server for accessing the mainframe application;
receiving, corresponding to the access session, a screen comprising a plurality of fields, wherein one or more field of the plurality of fields comprises sensitive data associated with the mainframe application;
identifying uniqueness in the screen corresponding to the session from the mainframe application, wherein identifying the uniqueness comprises determining contextual information associated with the plurality of fields of the screen;
fetching, from a rules repository stored in the one or more memories of the computing device, at least one rule corresponding to the screen based on the role, the at least one rule indicative of the one or more fields of the screen to be masked; and
masking the one or more fields of the screen based on the at least one rule and the contextual information associated with the one or more fields.

2. The method as claimed in claim 1, further comprising:
connecting with an external server, the external server comprising pre-stored user data having authentication status of a plurality of user-profiles to determine the authentication status of the user profile; and
generating the access session corresponding to the request upon determining the authentication status of the user profile to be valid.

3. The method as claimed in claim 1, further comprising configuring an intermediate representation information comprising the contextual information associated with context of the plurality of fields of the screen, the context comprising position and relationship between the plurality of fields.
4. The method as claimed in claim 3, wherein the intermediate representation information further comprises actual values of the one or more fields of the screen, and wherein the actual values of the one or more fields are masked at a display component of the computing device.
5. The method as claimed in claim 4, further comprising:
receiving a subsequent request to access the one or more fields, the subsequent request being a write request;
replacing the masked value with the actual values, the actual values being retrieved from the intermediate representation information;
sending the actual values to the mainframe server; and
allowing, in response to the subsequent request, an access the actual values associated with the one or more sensitive fields.

6. The method as claimed in claim 5, wherein the actual values are stored in form of key-value pairs, a key of a key-value pair comprising one of:
an identifier of a field to be masked, and
a function F(x) adapted to generate a unique key for the field based on a relative position to generate the key, the function adapted to generate the key based on the intermediate representation information.

7. The method as claimed in claim 1, further comprising logging user activity associated with the request and the subsequent request to access the mainframe application.

8. The method as claimed in claim 1, further comprising:
allocating a privacy budget to each user-profile of the plurality of user-profiles;
associating respective scores with the one or more fields of the mainframe application; and
deducting scores equal to the respective score from the privacy budget upon the access to the one or more fields.

9. The method as claimed in claim 1, wherein identifying the uniqueness in the screen comprises:
parsing data associated with the plurality of fields of the screen to form fragments of data to identify relationship between the plurality of fields; and
systematically storing the fragments of the data in a traversable structure, wherein systematically storing the fragments of the data facilitates in determining the contextual information and differentiate similar fields of the plurality of fields in the screen.

10. A computer-implemented system executed by a computing device for dynamic masking of data associated with a mainframe application hosted on a mainframe server, the system comprising:
one or more memories; and
one or more processors, the one or more memories coupled to the one or more processors, wherein the one or more processors are capable of executing programmed instructions stored in the one or more memories to:
receive a request to access a mainframe application from a user profile, the user-profile associated with a user and comprising identity information of the user attempting to access the mainframe application, wherein an authentication status of the user profile is valid;
fetch, from a roles-repository, a role assigned to the user-profile, wherein the role associated with the user-profile defines one or more rights to access information from the mainframe application;
initiate, corresponding to the request, an access session with the mainframe server for accessing the mainframe application;
receive, corresponding to the access session, a screen comprising a plurality of fields, wherein one or more field of the plurality of fields comprises sensitive data associated with the mainframe application;
identify uniqueness in the screen corresponding to the session from the mainframe application, wherein identifying the uniqueness comprises determining contextual information associated with the plurality of fields of the screen;
fetch, from a rules repository stored in the one or more memories of the computing device, at least one rule corresponding to the screen based on the role, the at least one rule indicative of the one or more fields of the screen to be masked; and
mask the one or more fields of the screen based on the at least one rule and the contextual information associated with the one or more fields.

11. The system as claimed in claim 10, said one or more processors are further configured by the instructions to:
connect with an external server, the external server comprising pre-stored user data having authentication status of a plurality of user-profiles to determine the authentication status of the user profile; and
generate the access session corresponding to the request upon determining the authentication status of the user profile to be valid.

12. The system as claimed in claim 10, wherein said one or more processors are further configured by the instructions to configure an intermediate representation information comprising the contextual information associated with context of the plurality of fields of the screen, the context comprising position and relationship between the plurality of fields.
13. The system as claimed in claim 12, wherein the intermediate representation information further comprises actual values of the one or more fields of the screen, and wherein the actual values of the one or more fields are masked at a display component of the computing device.
14. The system as claimed in claim 13, wherein said one or more processors are further configured by the instructions to:
receive a subsequent request to access the one or more fields, the subsequent request being a write request;
replace the masked value with the actual values, the actual values being retrieved from the intermediate representation information;
send the actual values to the mainframe server; and
allow, in response to the subsequent request, an access the actual values associated with the one or more sensitive fields.

15. The system as claimed in claim 14, wherein the actual values are stored in form of key-value pairs, a key of a key-value pair comprising one of:
an identifier of a field to be masked, and
a function F(x) adapted to generate a unique key for the field based on a relative position to generate the key, the function adapted to generated the key based on the intermediate representation information.

16. The system as claimed in claim 10, wherein said one or more processors are further configured by the instructions to log user activity associated with the request and the subsequent request to access the mainframe application.

17. The system as claimed in claim 10, wherein said one or more processors are further configured by the instructions to:
allocate a privacy budget to each user-profile of the plurality of user-profiles;
associate respective scores with the one or more fields of the mainframe application; and
deduct scores equal to the respective score from the privacy budget upon the access to the one or more fields.

18. The system as claimed in claim 10, wherein to identify the uniqueness in the screen, said one or more processors are further configured by the instructions to:
parse data associated with the plurality of fields of the screen to form fragments of data to identify relationship between the plurality of fields; and
systematically store the fragments of the data in a traversable structure, wherein systematically storing the fragments of the data facilitates in determining the

contextual information and differentiate similar fields of the plurality of fields in the screen.

Documents

Application Documents

# Name Date
1 829-MUM-2015-FORM-1-26-03-2015.pdf 2015-03-26
2 829-MUM-2015-CORRESPONDENCE-26-03-2015.pdf 2015-03-26
3 REQUEST FOR CERTIFIED COPY [26-02-2016(online)].pdf 2016-02-26
4 OTHERS [09-03-2016(online)].pdf 2016-03-09
5 Drawing [09-03-2016(online)].pdf 2016-03-09
6 Description(Complete) [09-03-2016(online)].pdf 2016-03-09
7 Form 3 [14-10-2016(online)].pdf 2016-10-14
8 SPEC FOR FILING.pdf 2018-08-11
9 Request For Certified Copy-Online.pdf 2018-08-11
10 FORM 3.pdf 2018-08-11
11 FIGURES FOR FILING.pdf.pdf 2018-08-11
12 ABSTRACT1.JPG 2018-08-11
13 829-MUM-2015-Power of Attorney-040615.pdf 2018-08-11
14 829-MUM-2015-Correspondence-040615.pdf 2018-08-11
15 829-MUM-2015-FER.pdf 2020-02-24
16 829-MUM-2015-FORM 3 [30-07-2020(online)].pdf 2020-07-30
17 829-MUM-2015-Information under section 8(2) [03-08-2020(online)].pdf 2020-08-03
18 829-MUM-2015-OTHERS [24-08-2020(online)].pdf 2020-08-24
19 829-MUM-2015-FER_SER_REPLY [24-08-2020(online)].pdf 2020-08-24
20 829-MUM-2015-COMPLETE SPECIFICATION [24-08-2020(online)].pdf 2020-08-24
21 829-MUM-2015-CLAIMS [24-08-2020(online)].pdf 2020-08-24
22 829-MUM-2015-ABSTRACT [24-08-2020(online)].pdf 2020-08-24
23 829-MUM-2015-PatentCertificate01-01-2024.pdf 2024-01-01
24 829-MUM-2015-IntimationOfGrant01-01-2024.pdf 2024-01-01

Search Strategy

1 search_strategy_21-02-2020.pdf

ERegister / Renewals

3rd: 08 Feb 2024

From 13/03/2017 - To 13/03/2018

4th: 08 Feb 2024

From 13/03/2018 - To 13/03/2019

5th: 08 Feb 2024

From 13/03/2019 - To 13/03/2020

6th: 08 Feb 2024

From 13/03/2020 - To 13/03/2021

7th: 08 Feb 2024

From 13/03/2021 - To 13/03/2022

8th: 08 Feb 2024

From 13/03/2022 - To 13/03/2023

9th: 08 Feb 2024

From 13/03/2023 - To 13/03/2024

10th: 08 Feb 2024

From 13/03/2024 - To 13/03/2025

11th: 10 Mar 2025

From 13/03/2025 - To 13/03/2026