Skip to main content

IBM R&D Labs in Israel News

MAGEN – the big cover-up

Masking technology developed in the Haifa Research Lab protects confidential data from unauthorized people

HRL MAGEN team: (ltr) Ksenya Kveler,
Amir Geva, Tamar Domany, Sara Porat
and Abigail Tarem
When a call center agent in India opens a customer’s record, how do we make sure the agent can see personal details like name and purchase history but can’t see confidential data like credit card numbers? MAGEN (Masking Gateway for Enterprises), a new research prototype targeted for use in upcoming customer solutions, uses optical character recognition and screen scraping to identify and cover up confidential data. The system works at the screen level by ‘catching’ the information before it hits the screen, analyzing the screen content, and then masking those details that need to be hidden from the person logged in.

Companies face many business scenarios where they need to share information internally and externally—whether for outsourcing, service processes, or marketing. In all these cases, customer privacy and confidential data must be secured so there is no chance of data leakage. The processes used today for masking are diverse and complex, depending on different government regulations and business needs, data formats, and uses.

Keeping secrets

The big challenge lies in dealing with data on the move, where different people are authorized to see only certain pieces of this information. In most cases, a copy is made of the data and specific pieces are either masked or left out, depending on who the copy is being made for and their level of authorization. But all those copies are generating even more data that needs to be secured.

"MAGEN provides a common solution for all applications, regardless of their operating system and communication protocols," says Tamar Domany, project leader at the IBM Haifa Research Lab where MAGEN was developed. "The solution is completely generic and can be used with any data, any application, and for different levels of authorization," she added.

Healthcare and insurance applications

Take, for example, a health insurance company that wants to reduce response times, improve accuracy, and cut costs by outsourcing the processing of medical and dental claims, along with e-mail interaction with customers. The customer service representatives need access to patient records in order to provide the service. Naturally, the private medical information in the patient records can’t be shared with the outsourcing company.

In this case, MAGEN will hide private information so that it never appears on the agents’ screens. MAGEN treats the screen of information as a picture and uses optical character recognition to identify the pieces that were defined as confidential. It then places a data 'mask' over the details that need to remain hidden—without ever copying, changing, or processing the data itself. This results in a super fast and extremely flexible system.

"Using optical character recognition technology and predefined configurations enables us to provide masking without changing the client applications," said Domany. This flexibility also makes it easy for the solution to be customized when new regulations or types of users are introduced.

MAGEN - a smarter way to secure data

By using MAGEN's screen masking approach, the need to tailor data masking solutions to specific environments is eliminated. In short, the MAGEN solution can be deployed in any environment where screen images are delivered.

"It's definitely a smarter way to secure data 'on the move' using a unique approach,” says Domany. “In Hebrew, the word 'magen' means both shield and protection. Our team has succeeded in creating a solution whose name perfectly describes the technological processes that the solution performs."


Want to learn more?

The five phases of the screen masking workflow: