Network-based real-time distributed data compliance broker

US 10,084,795 B2
Filed: 07/14/2014
Issued: 09/25/2018
Est. Priority Date: 07/14/2014
Status: Active Grant

First Claim

Patent Images

1. A data processing system comprising:

one or more processors;

one or more non-transitory computer-readable storage media storing sequences of instructions which, when executed by the one or more processors, cause the processor to perform;

in a local data service, receiving a request for processing data;

identifying one or more local policies applicable to the request;

invoking a local policy execution point to cause the local policy execution point to apply the one or more local policies to the request to determine whether the request is to be processed locally;

in response to determining that the request is not be processed locally;

determining, based on, at least in part, the one or more local polices, an encryption scheme to be applied to the data processed according to the request;

determining one or more remote brokers of a plurality of remote brokers that are configured to identify remote data services for processing requests;

generating metadata indicating a preferred remote data service that is configured to process the request remotely;

transmitting the request to the one or more remote brokers of the plurality of remote brokers to cause the one or more remote brokers to;

send a remote policy request and the metadata to a remote policy access point to provide the one or more remote policies that are applicable to the request and the metadata;

upon receiving the one or more remote policies, invoke a remote policy execution point to cause the remote policy execution point to apply the one or more remote policies to the request and the metadata to determine whether a particular remote data service is configured to process the request, and if so, transmitting the request to the particular remote data service for processing; and

return the data that is encrypted according to the encryption scheme;

wherein the one or more remote brokers are federated brokers and are configured to audit data access decisions of other remote brokers to ensure a uniform compliance with one or more remote policies.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an embodiment, a data processing system comprises: one or more processors; one or more non-transitory computer-readable storage media storing sequences of instructions which, when executed by the one or more processors, cause the processor to perform: in a local data service, receiving a request for processing data; identifying one or more local policies applicable to the request; based, at least in part, on the one or more local policies, determining whether the request may be processed locally; in response to determining that the request may not be processed locally, transmitting the request to one or more remote brokers to cause the one or more remote brokers to determine a remote data service configured to process the request.

109 Citations

View as Search Results

14 Claims

1. A data processing system comprising:
- one or more processors;
  
  one or more non-transitory computer-readable storage media storing sequences of instructions which, when executed by the one or more processors, cause the processor to perform;
  
  in a local data service, receiving a request for processing data;
  
  identifying one or more local policies applicable to the request;
  
  invoking a local policy execution point to cause the local policy execution point to apply the one or more local policies to the request to determine whether the request is to be processed locally;
  
  in response to determining that the request is not be processed locally;
  
  determining, based on, at least in part, the one or more local polices, an encryption scheme to be applied to the data processed according to the request;
  
  determining one or more remote brokers of a plurality of remote brokers that are configured to identify remote data services for processing requests;
  
  generating metadata indicating a preferred remote data service that is configured to process the request remotely;
  
  transmitting the request to the one or more remote brokers of the plurality of remote brokers to cause the one or more remote brokers to;
  
  send a remote policy request and the metadata to a remote policy access point to provide the one or more remote policies that are applicable to the request and the metadata;
  
  upon receiving the one or more remote policies, invoke a remote policy execution point to cause the remote policy execution point to apply the one or more remote policies to the request and the metadata to determine whether a particular remote data service is configured to process the request, and if so, transmitting the request to the particular remote data service for processing; and
  
  return the data that is encrypted according to the encryption scheme;
  
  wherein the one or more remote brokers are federated brokers and are configured to audit data access decisions of other remote brokers to ensure a uniform compliance with one or more remote policies.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, further comprising instructions which when executed cause:
    - in response to determining that the request may be processed locally, invoking one or more local brokers to initiate processing of the request.
  - 3. The system of claim 1, wherein the request is any one of:
    - a data record create request, a data record read request, a data record update request, or a data record delete request.
  - 4. The system of claim 1, wherein the one or more local policies govern access to data persistently stored in local storage devices;
    - wherein the one or more remote policies govern access to data persistently stored in remote storage devices.
  - 5. The system of claim 1, wherein the one or more remote brokers communicate with a policy administration point to obtain the one or more remote policies and updates for the one or more remote policies.

6. A data processing method comprising:
- in a local data service, receiving a request for processing data;
  
  identifying one or more local policies applicable to the request;
  
  invoking a local policy execution point to cause the local policy execution point to apply the one or more local policies to the request to determine whether the request is to be processed locally;
  
  in response to determining that the request is not be processed locally;
  
  determining, based on, at least in part, the one or more local polices, an encryption scheme to be applied to the data processed according to the request;
  
  determining one or more remote brokers of a plurality of remote brokers that are configured to identify remote data services for processing requests;
  
  generating metadata indicating a preferred remote data service that is configured to process the request remotely;
  
  transmitting the request to the one or more remote brokers of the plurality of remote brokers to cause the one or more remote brokers to;
  
  send a remote policy request and the metadata to a remote policy access point to provide the one or more remote policies that are applicable to the request and the metadata;
  
  upon receiving the one or more remote policies, invoke a remote policy execution point to cause the remote policy execution point to apply the one or more remote policies to the request and the metadata to determine whether a particular remote data service is configured to process the request, and if so, transmitting the request to the particular remote data service for processing; and
  
  return the data that is encrypted according to the encryption scheme;
  
  wherein the one or more remote brokers are federated brokers and are configured to audit data access decisions of other remote brokers to ensure a uniform compliance with one or more remote policies;
  
  wherein the method is performed using one or more computing devices.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, further comprising:
    - in response to determining that the request may be processed locally, invoking one or more local brokers to initiate processing of the request.
  - 8. The method of claim 6, wherein the request is any one of:
    - a data record create request, a data record read request, a data record update request, or a data record delete request.
  - 9. The method of claim 6, wherein the one or more local policies govern access to data persistently stored in local storage devices;
    - wherein the one or more remote policies govern access to data persistently stored in remote storage devices.
  - 10. The method of claim 6, wherein the one or more remote brokers communicate with a policy administration point to obtain the one or more remote policies and updates for the one or more remote policies.

11. A computer system comprising a server computer comprising one or more non-transitory computer-readable data storage media stored with one or more sequences of instructions which when executed using a particular user computer among a plurality of user computers cause the particular user computer to perform:
- in a local data service, receiving a request for processing data;
  
  identifying one or more local policies applicable to the request;
  
  invoking a local policy execution point to cause the local policy execution point to apply the one or more local policies to the request to determine whether the request is to be processed locally;
  
  in response to determining that the request is not be processed locally;
  
  determining, based on, at least in part, the one or more local polices, an encryption scheme to be applied to the data processed according to the request;
  
  determining one or more remote brokers of a plurality of remote brokers that are configured to identify remote data services for processing requests;
  
  generating metadata indicating a preferred remote data service that is configured to process the request remotely;
  
  transmitting the request to the one or more remote brokers of the plurality of remote brokers to cause the one or more remote brokers to;
  
  send a remote policy request and the metadata to a remote policy access point to provide the one or more remote policies that are applicable to the request and the metadata;
  
  upon receiving the one or more remote policies, invoke a remote policy execution point to cause the remote policy execution point to apply the one or more remote policies to the request and the metadata to determine whether a particular remote data service is configured to process the request, and if so, transmitting the request to the particular remote data service for processing; and
  
  return the data that is encrypted according to the encryption scheme;
  
  wherein the one or more remote brokers are federated brokers and are configured to audit data access decisions of other remote brokers to ensure a uniform compliance with one or more remote policies.
- View Dependent Claims (12, 13, 14)
- - 12. The computer system of claim 11, further comprising instructions which when executed cause:
    - in response to determining that the request may be processed locally, invoking one or more local brokers to initiate processing of the request.
  - 13. The computer system of claim 11, wherein the request is any one of:
    - a data record create request, a data record read request, a data record update request, or a data record delete request.
  - 14. The computer system of claim 11, wherein the one or more local policies govern access to data persistently stored in local storage devices;
    - wherein the one or more remote policies govern access to data persistently stored in remote storage devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Akireddy, Ravi, Estes, Robert S.
Primary Examiner(s)
Pwu, Jeffrey C
Assistant Examiner(s)
Tran, Baotram

Application Number

US14/330,816
Publication Number

US 20160014140A1
Time in Patent Office

1,534 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 9/5055   considering software capabi...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

Network-based real-time distributed data compliance broker

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

109 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Network-based real-time distributed data compliance broker

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

109 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links