| CPC G06F 21/6218 (2013.01) [G06F 21/602 (2013.01); H04L 9/3213 (2013.01)] | 20 Claims |
|
1. A method of managing access to data, comprising:
storing, at a database server, a database that includes a plurality of fields;
encrypting, at the database server and by a database driver of an application computing device, data of each field of the database using an application encryption algorithm;
receiving, by the database driver and from an access rights system, data indicating user-specific data access roles and user-specific data permissions for each of the user-specific data access roles, each of the user-specific data permissions defining a subset of the data of the database that the corresponding user-specific data access role has authorization for decrypting the subset of the data;
receiving, by the database driver, a user token representing credentials and user-specific data access roles of an authorized user, wherein the user token is generated by the access rights system;
receiving, at the database driver, a query for requested data stored by the database;
validating, by the database driver, the user token;
comparing, by the database driver, the user-specific data access role of the user token with the user-specific data access roles of the access rights system to identify user-specific data permissions for the user-specific data access role of the user token; and
determining, by the database driver and based on the comparing, whether the user-specific data permissions for the user-specific data access role identified within the user token includes authorization for decrypting the requested data for the authorized user, including:
determining that the user-specific data permissions for the user-specific data access role identified within the user token indicates that read access is authorized for the requested data, and in response, displaying the requested data as unencrypted or unmasked data.
|