Network-based real-time distributed data compliance broker
First Claim
1. A data processing system comprising:
- one or more processors;
one or more non-transitory computer-readable storage media storing sequences of instructions which, when executed by the one or more processors, cause the processor to perform;
in a local data service, receiving a request for processing data;
identifying one or more local policies applicable to the request;
invoking a local policy execution point to cause the local policy execution point to apply the one or more local policies to the request to determine whether the request is to be processed locally;
in response to determining that the request is not be processed locally;
determining, based on, at least in part, the one or more local polices, an encryption scheme to be applied to the data processed according to the request;
determining one or more remote brokers of a plurality of remote brokers that are configured to identify remote data services for processing requests;
generating metadata indicating a preferred remote data service that is configured to process the request remotely;
transmitting the request to the one or more remote brokers of the plurality of remote brokers to cause the one or more remote brokers to;
send a remote policy request and the metadata to a remote policy access point to provide the one or more remote policies that are applicable to the request and the metadata;
upon receiving the one or more remote policies, invoke a remote policy execution point to cause the remote policy execution point to apply the one or more remote policies to the request and the metadata to determine whether a particular remote data service is configured to process the request, and if so, transmitting the request to the particular remote data service for processing; and
return the data that is encrypted according to the encryption scheme;
wherein the one or more remote brokers are federated brokers and are configured to audit data access decisions of other remote brokers to ensure a uniform compliance with one or more remote policies.
1 Assignment
0 Petitions
Accused Products
Abstract
In an embodiment, a data processing system comprises: one or more processors; one or more non-transitory computer-readable storage media storing sequences of instructions which, when executed by the one or more processors, cause the processor to perform: in a local data service, receiving a request for processing data; identifying one or more local policies applicable to the request; based, at least in part, on the one or more local policies, determining whether the request may be processed locally; in response to determining that the request may not be processed locally, transmitting the request to one or more remote brokers to cause the one or more remote brokers to determine a remote data service configured to process the request.
109 Citations
14 Claims
-
1. A data processing system comprising:
-
one or more processors; one or more non-transitory computer-readable storage media storing sequences of instructions which, when executed by the one or more processors, cause the processor to perform; in a local data service, receiving a request for processing data; identifying one or more local policies applicable to the request; invoking a local policy execution point to cause the local policy execution point to apply the one or more local policies to the request to determine whether the request is to be processed locally; in response to determining that the request is not be processed locally; determining, based on, at least in part, the one or more local polices, an encryption scheme to be applied to the data processed according to the request; determining one or more remote brokers of a plurality of remote brokers that are configured to identify remote data services for processing requests; generating metadata indicating a preferred remote data service that is configured to process the request remotely; transmitting the request to the one or more remote brokers of the plurality of remote brokers to cause the one or more remote brokers to;
send a remote policy request and the metadata to a remote policy access point to provide the one or more remote policies that are applicable to the request and the metadata;
upon receiving the one or more remote policies, invoke a remote policy execution point to cause the remote policy execution point to apply the one or more remote policies to the request and the metadata to determine whether a particular remote data service is configured to process the request, and if so, transmitting the request to the particular remote data service for processing; and
return the data that is encrypted according to the encryption scheme;wherein the one or more remote brokers are federated brokers and are configured to audit data access decisions of other remote brokers to ensure a uniform compliance with one or more remote policies. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A data processing method comprising:
-
in a local data service, receiving a request for processing data; identifying one or more local policies applicable to the request; invoking a local policy execution point to cause the local policy execution point to apply the one or more local policies to the request to determine whether the request is to be processed locally; in response to determining that the request is not be processed locally; determining, based on, at least in part, the one or more local polices, an encryption scheme to be applied to the data processed according to the request; determining one or more remote brokers of a plurality of remote brokers that are configured to identify remote data services for processing requests; generating metadata indicating a preferred remote data service that is configured to process the request remotely; transmitting the request to the one or more remote brokers of the plurality of remote brokers to cause the one or more remote brokers to;
send a remote policy request and the metadata to a remote policy access point to provide the one or more remote policies that are applicable to the request and the metadata;
upon receiving the one or more remote policies, invoke a remote policy execution point to cause the remote policy execution point to apply the one or more remote policies to the request and the metadata to determine whether a particular remote data service is configured to process the request, and if so, transmitting the request to the particular remote data service for processing; and
return the data that is encrypted according to the encryption scheme;wherein the one or more remote brokers are federated brokers and are configured to audit data access decisions of other remote brokers to ensure a uniform compliance with one or more remote policies; wherein the method is performed using one or more computing devices. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer system comprising a server computer comprising one or more non-transitory computer-readable data storage media stored with one or more sequences of instructions which when executed using a particular user computer among a plurality of user computers cause the particular user computer to perform:
-
in a local data service, receiving a request for processing data; identifying one or more local policies applicable to the request; invoking a local policy execution point to cause the local policy execution point to apply the one or more local policies to the request to determine whether the request is to be processed locally; in response to determining that the request is not be processed locally; determining, based on, at least in part, the one or more local polices, an encryption scheme to be applied to the data processed according to the request; determining one or more remote brokers of a plurality of remote brokers that are configured to identify remote data services for processing requests; generating metadata indicating a preferred remote data service that is configured to process the request remotely; transmitting the request to the one or more remote brokers of the plurality of remote brokers to cause the one or more remote brokers to;
send a remote policy request and the metadata to a remote policy access point to provide the one or more remote policies that are applicable to the request and the metadata;
upon receiving the one or more remote policies, invoke a remote policy execution point to cause the remote policy execution point to apply the one or more remote policies to the request and the metadata to determine whether a particular remote data service is configured to process the request, and if so, transmitting the request to the particular remote data service for processing; and
return the data that is encrypted according to the encryption scheme;wherein the one or more remote brokers are federated brokers and are configured to audit data access decisions of other remote brokers to ensure a uniform compliance with one or more remote policies. - View Dependent Claims (12, 13, 14)
-
Specification