Dynamic masking of application displays using OCR technologies
by S. Porat,
B. Carmeli,
T. Domany,
T. Drory,
A. Geva,
and A. Tarem
Industry coalitions are developing regulations to govern
information sharing and to protect sensitive business data and the
privacy of individuals. In many cases, these regulations make it
impossible to outsource business operations, unless the companies
have effective technologies to protect sensitive information. This
paper addresses scenarios in which data servers and applications
are owned and maintained on the premises of a company, and the
service providers remotely access the data and the applications. We
present a unique solution called Masking Gateway for Enterprises
(MAGEN) that masks sensitive information appearing on
application displays, without any interference with the applications
that generate those screens. The major novelty lies in the utilization
of optical character recognition (OCR) for analyzing and
understanding application screens. Together with a comprehensive
rule language, this approach makes it possible to characterize fields
containing sensitive information and mask them according to
predefined rules. The rule language is very flexible, abstract, and
intuitive and is designed to cope with a vast set of policies and
security needs. We describe the major challenges in implementing
MAGEN and the results of experimenting with it in situations that
occur in actual business settings. We outline techniques that
optimize the OCR process to minimize latency and ensure robust
operation.
PDF
