Abstract: Data can be protected in a centralized tokenization environment. A security value is received by a central server from a client device. The central server accesses a token table corresponding to the client device and generates a reshuffled static token table from the accessed token table based on the received security value. When the client device subsequently provides data to be protected to the central server, the central server tokenizes the provided data using the reshuffled static token table and stores the tokenized data in a multi-tenant database. By reshuffling token tables using security values unique to client devices, the central server can protect and store data for each of multiple tenants such that if the data of one tenant is compromised, the data of each other tenant is not compromised.

Abstract: Unicode data can be protected in a distributed tokenization environment. Data to be tokenized can be accessed or received by a security server, which instantiates a number of tokenization pipelines for parallel tokenization of the data. Unicode token tables are accessed by the security server, and each tokenization pipeline uses the accessed token tables to tokenization a portion of the data. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The outputs of the tokenization pipelines are combined, producing tokenized data, which can be provided to a remote computing system for storage or processing.

Abstract: Unicode data can be protected in a distributed tokenization environment. Data to be tokenized can be accessed or received by a security server, which instantiates a number of tokenization pipelines for parallel tokenization of the data. Unicode token tables are accessed by the security server, and each tokenization pipeline uses the accessed token tables to tokenization a portion of the data. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The outputs of the tokenization pipelines are combined, producing tokenized data, which can be provided to a remote computing system for storage or processing.

Abstract: A gateway device includes a network interface connected to data sources, and computer instructions, that when executed cause a processor to access data portions from the data sources. The processor accesses classification rules, which are configured to classify a data portion of the plurality of data portions as sensitive data in response to the data portion satisfying the rule. Each rule is associated with a significance factor representative of an accuracy of the classification rule. The processor applies each of the set of classification rules to a data portion to obtain an output of whether the data is sensitive data. The output are weighed by significance factors to produce a set of weighted outputs. The processor determines if the data portion is sensitive data by aggregating the set of weighted outputs, and presents the determination in a user interface. Security operations may also be performed on the data portion.

Abstract: A gateway device includes a network interface connected to data sources, and computer instructions, that when executed cause a processor to access data portions from the data sources. The processor accesses classification rules, which are configured to classify a data portion of the plurality of data portions as sensitive data in response to the data portion satisfying the rule. Each rule is associated with a significance factor representative of an accuracy of the classification rule. The processor applies each of the set of classification rules to a data portion to obtain an output of whether the data is sensitive data. The output are weighed by significance factors to produce a set of weighted outputs. The processor determines if the data portion is sensitive data by aggregating the set of weighted outputs, and presents the determination in a user interface. Security operations may also be performed on the data portion.

Abstract: Data can be protected in a centralized tokenization environment. A security value is received by a central server from a client device. The central server accesses a token table corresponding to the client device and generates a reshuffled static token table from the accessed token table based on the received security value. When the client device subsequently provides data to be protected to the central server, the central server tokenizes the provided data using the reshuffled static token table and stores the tokenized data in a multi-tenant database. By reshuffling token tables using security values unique to client devices, the central server can protect and store data for each of multiple tenants such that if the data of one tenant is compromised, the data of each other tenant is not compromised.

Abstract: Data can be protected in a centralized tokenization environment. A security value is received by a central server from a client device. The central server accesses a token table corresponding to the client device and generates a reshuffled static token table from the accessed token table based on the received security value. When the client device subsequently provides data to be protected to the central server, the central server tokenizes the provided data using the reshuffled static token table and stores the tokenized data in a multi-tenant database. By reshuffling token tables using security values unique to client devices, the central server can protect and store data for each of multiple tenants such that if the data of one tenant is compromised, the data of each other tenant is not compromised.

Abstract: Data in a database can be protected, for instance by tokenizing the entries of the database using one or more token tables. To enable searching data within the database without first detokenizing the tokenized database entries, bigrams of each data entry can also be tokenized and stored in association with the tokenized data entry. When a query term is received, the query term can be parsed into bigrams, and each bigram can be tokenized. The tokenized query bigrams can be used to query the database, and tokenized database entries corresponding to tokenized bigrams that match the tokenized query bigrams can be identified and returned as search results.

Abstract: Unicode data can be protected in a distributed tokenization environment. Data to be tokenized can be accessed or received by a security server, which instantiates a number of tokenization pipelines for parallel tokenization of the data. Unicode token tables are accessed by the security server, and each tokenization pipeline uses the accessed token tables to tokenization a portion of the data. Each tokenization pipeline performs a set of encoding or tokenization operations in parallel and based at least in part on a value received from another tokenization pipeline. The outputs of the tokenization pipelines are combined, producing tokenized data, which can be provided to a remote computing system for storage or processing.

Abstract: Data can be protected in a centralized tokenization environment. A security value is received by a central server from a client device. The central server accesses a token table corresponding to the client device and generates a reshuffled static token table from the accessed token table based on the received security value. When the client device subsequently provides data to be protected to the central server, the central server tokenizes the provided data using the reshuffled static token table and stores the tokenized data in a multi-tenant database. By reshuffling token tables using security values unique to client devices, the central server can protect and store data for each of multiple tenants such that if the data of one tenant is compromised, the data of each other tenant is not compromised.

Abstract: A gateway device includes a network interface connected to data sources, and computer instructions, that when executed cause a processor to access data portions from the data sources. The processor accesses classification rules, which are configured to classify a data portion of the plurality of data portions as sensitive data in response to the data portion satisfying the rule. Each rule is associated with a significance factor representative of an accuracy of the classification rule. The processor applies each of the set of classification rules to a data portion to obtain an output of whether the data is sensitive data. The output are weighed by significance factors to produce a set of weighted outputs. The processor determines if the data portion is sensitive data by aggregating the set of weighted outputs, and presents the determination in a user interface. Security operations may also be performed on the data portion.

Abstract: Data can be protected in a centralized tokenization environment. A security value is received by a central server from a client device. The central server accesses a token table corresponding to the client device and generates a reshuffled static token table from the accessed token table based on the received security value. When the client device subsequently provides data to be protected to the central server, the central server tokenizes the provided data using the reshuffled static token table and stores the tokenized data in a multi-tenant database. By reshuffling token tables using security values unique to client devices, the central server can protect and store data for each of multiple tenants such that if the data of one tenant is compromised, the data of each other tenant is not compromised.

Abstract: A gateway device includes a network interface connected to data sources, and computer instructions, that when executed cause a processor to access data portions from the data sources. The processor accesses classification rules, which are configured to classify a data portion of the plurality of data portions as sensitive data in response to the data portion satisfying the rule. Each rule is associated with a significance factor representative of an accuracy of the classification rule. The processor applies each of the set of classification rules to a data portion to obtain an output of whether the data is sensitive data. The output are weighed by significance factors to produce a set of weighted outputs. The processor determines if the data portion is sensitive data by aggregating the set of weighted outputs, and presents the determination in a user interface. Security operations may also be performed on the data portion.

Abstract: Data can be protected in a centralized tokenization environment. A security value is received by a central server from a client device. The central server accesses a token table corresponding to the client device and generates a reshuffled static token table from the accessed token table based on the received security value. When the client device subsequently provides data to be protected to the central server, the central server tokenizes the provided data using the reshuffled static token table and stores the tokenized data in a multi-tenant database. By reshuffling token tables using security values unique to client devices, the central server can protect and store data for each of multiple tenants such that if the data of one tenant is compromised, the data of each other tenant is not compromised.

Abstract: A gateway device includes a network interface connected to data sources, and computer instructions, that when executed cause a processor to access data portions from the data sources. The processor accesses classification rules, which are configured to classify a data portion of the plurality of data portions as sensitive data in response to the data portion satisfying the rule. Each rule is associated with a significance factor representative of an accuracy of the classification rule. The processor applies each of the set of classification rules to a data portion to obtain an output of whether the data is sensitive data. The output are weighed by significance factors to produce a set of weighted outputs. The processor determines if the data portion is sensitive data by aggregating the set of weighted outputs, and presents the determination in a user interface. Security operations may also be performed on the data portion.

Abstract: A database security system protects a data table at both the column level and the individual data record level. Access to data records within the data table is governed by categories assigned to data records, by user roles assigned to users, and by a set of security access tables. A first access table maps data record identifiers to data record categories, data record protection schemes, and corresponding scheme keys. A second access table maps user roles to data record categories. A third access table maps column identifiers to column protection schemes and corresponding scheme keys. A fourth access table maps user roles to column identifiers. If a user requests access to a data record, the security access tables are queried using the data record identifier, the associated column identifier, and the user roles associated with the user to determine if the user can access the requested data record.

Abstract: A database security system protects a data table at both the column level and the individual data record level. Access to data records within the data table is governed by categories assigned to data records, by user roles assigned to users, and by a set of security access tables. A first access table maps data record identifiers to data record categories, data record protection schemes, and corresponding scheme keys. A second access table maps user roles to data record categories. A third access table maps column identifiers to column protection schemes and corresponding scheme keys. A fourth access table maps user roles to column identifiers. If a user requests access to a data record, the security access tables are queried using the data record identifier, the associated column identifier, and the user roles associated with the user to determine if the user can access the requested data record.

Abstract: A database security system protects a data table at both the column level and the individual data record level. Access to data records within the data table is governed by categories assigned to data records, by user roles assigned to users, and by a set of security access tables. A first access table maps data record identifiers to data record categories, data record protection schemes, and corresponding scheme keys. A second access table maps user roles to data record categories. A third access table maps column identifiers to column protection schemes and corresponding scheme keys. A fourth access table maps user roles to column identifiers. If a user requests access to a data record, the security access tables are queried using the data record identifier, the associated column identifier, and the user roles associated with the user to determine if the user can access the requested data record.

Abstract: A database security system protects a data table at both the column level and the individual data record level. Access to data records within the data table is governed by categories assigned to data records, by user roles assigned to users, and by a set of security access tables. A first access table maps data record identifiers to data record categories, data record protection schemes, and corresponding scheme keys. A second access table maps user roles to data record categories. A third access table maps column identifiers to column protection schemes and corresponding scheme keys. A fourth access table maps user roles to column identifiers. If a user requests access to a data record, the security access tables are queried using the data record identifier, the associated column identifier, and the user roles associated with the user to determine if the user can access the requested data record.