CLIAMS:We claim
1. A data security server (DSS) system, for secure generation and transmission, over a communication network, of data, the DSS system comprising:
a processor;
a memory communicatively coupled to the processor, wherein the memory stores processor-executable instructions, which, on execution, cause the processor to:
generate a key based on a passphrase received from a user;
receive a query from the user;
retrieve raw data from a data repository based on the received query;
generate an obfuscated query based on the received query and the generated key;
randomize at least one of a table and a field of the raw data based on the generated key to produce a randomized schema;
pre-process the raw data based on the received query, wherein the pre-processing does not exceed a user-defined threshold of execution of the received query;
insert the preprocessed data into the randomized schema; and
generate a data payload by inserting the obfuscated query and the randomized schema into a data carrier, wherein the data payload is to be transferred to at least one client device for processing and wherein the data carrier comprises one or more data packets.

2. The DSS system as claimed in claim 1, wherein the instructions, on execution, further cause the processor to:
segment the pre-processed data; and
insert the segmented data into the data carrier for generating the data payload

3. The DSS system as claimed in claim 1, wherein the instructions, on execution, further cause the processor to:
receive a distribution list for a document, wherein the distribution list comprises identifiers of at least one of a client user and the client device authorized to access the data by processing the payload;
generate an access control list, based on the distribution list, wherein the access control list includes a first sub-list for access allowed white-list and a second sub-list for access disallowed black-list; and
insert the access control list to the data payload.

4. The DSS system as claimed in claim 1, wherein the instructions, on execution, further cause the processor to:
generate at least one of an access violation policy and a document destruction policy, based on pre-defined data security rules received from the user; and
insert at least one of the access violation policy and the document destruction policy to the data payload.

5. The DSS system as claimed in claim 1, wherein the instructions, on execution, further cause the processor to:
generate a master script template, wherein the master script template is indicative of the query which is to be executed by the at least one of the client user and the client device, the document protection rules to be implemented by the at least one of the client user and the client device, and the intrusion detection rules to be implemented by the at least one of the client user and the client device; and
insert the master script template to the data payload.

6. A data security client (DSC) system for secure generation and transmission, over a communication network, of data, the DSC system comprising:
a processor;
a memory communicatively coupled to the processor, wherein the memory stores processor-executable instructions, which on execution cause the processor to:
receive a data payload;
receive a secure passkey from a client user;
process the data payload to extract an obfuscated query and data from the data payload wherein at least one of a table and a field of the data is randomized;
decipher an executable query from the obfuscated query based on the secure key;
restructure the data, based on the secure passkey, by reconstructing at least one of the table and at least one of the field of the data which is randomized;
execute the executable query on the restructured data to generate a document; and
provide at least one of a client user and the client device with an access of the document.

7. The DSC system as claimed in claim 6, wherein the instructions, on execution, further cause the processor to:
process the data payload to extract an access control list wherein the access control list includes an access allowed white-list, and an access disallowed black-list of the client users authorized to access the document; and
provide access of the document based on the access control list.

8. The DSC system as claimed in claim 6, wherein the instructions, on execution, further cause the processor to:
extract at least one of an access allowed white-list and an access disallowed black-list from the access control list; and
provide the access of the document to one or more client users mapped on the white-list; and
deny the access of the document to one or more client users mapped on the black-list.

9. The DSC system as claimed in claim 6, wherein the instructions, on execution, further cause the processor to:
count the number of times an unauthorized attempt to access the document is made by the one or more client users;
securely delete, by a plurality of sector overwrites, the document on the number of unauthorized attempts exceeding a pre-defined threshold.
10. A computer implemented method of secure generation and transmission, over a communication network, of data, the method comprising:
generating, by a data security server system, a key based on a passphrase received from a user;
receiving, by the data security server system, a query from the user;
retrieving, by the data security server system, raw data from a data repository based on the received query;
generating, by the data security server system, an obfuscated query based on the received query and the generated key;
randomizing, by the data security server system, at least one of a table and a field of the raw data based on the generated key to produce a randomized schema;
pre-processing, by the data security server system, the raw data based on the received query, wherein the pre-processing does not exceed a user-defined threshold of execution of the received query;
inserting, by the data security server system, the preprocessed data into the randomized schema; and
generating, by the data security server system, a data payload by inserting the obfuscated query and the randomized schema into a data carrier, wherein the data payload is to be transferred to at least one client device for processing and wherein the data carrier comprises one or more data packets.
11. The method as claimed in claim 10, wherein the method further comprises:
segmenting, by the data security server system, the pre-processed data; and
inserting, by the data security server system, the segmented data into the data carrier for generating the data payload.

12. The method as claimed in claim 10, wherein the method further comprises:
receiving, by the data security server system, a distribution list for a document, wherein the distribution list comprises identifiers of at least one of a client user and the client device authorized to access the data by processing the payload;
generating, by the data security server system, an access control list, based on the distribution list, wherein the access control list includes a first sub-list for access allowed white-list and a second sub-list for access disallowed black-list; and
inserting, by the data security server system, the access control list to the data payload.

13. The method as claimed in claim 12, wherein the method further comprises:
generating, by the data security server system, at least one of an access violation policy and a document destruction policy, based on pre-defined data security rules received from the user; and
inserting, by the data security server system, at least one of the access violation policy and the document destruction policy to the data payload.

14. The method as claimed in claim 10, wherein the method further comprises:
generating, by the data security server system, a master script template, wherein the master script template is indicative of the query which is to be executed by the at least one of the client user and the client device, the document protection rules to be implemented by the at least one of the client user and the client device, and the intrusion detection rules to be implemented by the at least one of the client user and the client device; and
inserting, by the data security server system, the master script template to the data payload.

15. A computer implemented method of secure generation and transmission, over a communication network, of data, the method comprising:
receiving, by a data security client system, a data payload;
receiving, by the data security client system, a secure passkey from a client user;
processing, by the data security client system, the data payload to extract an obfuscated query and data from the data payload wherein at least one of a table and a field of the data is randomized;
deciphering, by the data security client system, an executable query from the obfuscated query based on the secure key;
restructuring, by the data security client system, the data, based on the secure passkey, by reconstructing at least one of the table and at least one of the field of the data which is randomized;
executing, by the data security client system, the executable query on the restructured data to generate a document; and
providing, by the data security client system, at least one of a client user and the client device with an access of the document.

16. The method as claimed in claim 15, wherein the method further comprises:
processing, by the data security client system, the data payload to extract an access control list wherein the access control list includes an access allowed white-list, and an access disallowed black-list of the client users authorized to access the document; and
providing, by the data security client system, access of the document based on the access control list.

17. The method as claimed in claim 16, wherein the method further comprises:
extracting, by the data security client system, at least one of an access allowed white-list and an access disallowed black-list from the access control list; and
providing, by the data security client system, the access of the document to one or more client users mapped on the white-list; and
denying, by the data security client system, the access of the document to one or more client users mapped on the black-list.

18. The method as claimed in claim 15, wherein the method further comprises:
analyzing the data payload to determine a designated deadline associated with the data payload;
comparing the designated deadline with a current timestamp of the at least of the data security client system and the client devices, to determine whether the designated deadline has been violated; and
securely deleting at least one of the data payload and the document in determining the designated deadline to have been violated.
19. The method as claimed in claim 15, wherein the method further comprises:
counting, by the data security client system, the number of times an unauthorized attempt to access the document is made by the one or more client users;
on the number of unauthorized attempts exceeding a pre-defined threshold, securely deleting the document.

Dated this 20th day of March 2014

Sravan Kumar Gampa
Of K&S Partners
Agent for the Applicant
,TagSPECI:TECHNICAL FIELD
The present subject matter relates to access control of data, and, particularly but not exclusively, to secure generation and transmission of data over a communication network.