METHOD AND SYSTEM FOR MANAGING AND SECURING SUBSETS OF DATA IN A LARGE DISTRIBUTED DATA STORE

US 20140304243A1
Filed: 03/17/2014
Published: 10/09/2014
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

defining a subset of data entities in a large distributed data store (DDS) as a data domain;

establishing one or more policies for the data domain as a unit;

securing the subset of data entities in the defined data domain, including limiting access and establishing a security protocol for the data domain according to the one or more policies; and

determining operations allowable on the data domain according to the one or more policies.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system groups multiple entities in a large distributed data store (DDS), such as directories and files, into a subset called a domain. The domain is treated as a unit for defining policies to detect and treat sensitive data. Sensitive data can be defined by enterprise or industry. Treatment of sensitive data may include quarantining, masking, and encrypting, of the data or the entity containing the data. Data in a domain can be copied as a unit, with or without the same structure, and with transformations such as masking or encryption, into parts of the same DDS or to a different DDS. Domains can be the unit of access control for organizations, and assigned tags useful for identifying their purpose, ownership, location, or other characteristics. Policies and operations, assigned at the domain level, may vary from domain to domain, but within a domain are uniform, except for specific exclusions.

Citations

20 Claims

1. A method, comprising:
- defining a subset of data entities in a large distributed data store (DDS) as a data domain;
  
  establishing one or more policies for the data domain as a unit;
  
  securing the subset of data entities in the defined data domain, including limiting access and establishing a security protocol for the data domain according to the one or more policies; and
  
  determining operations allowable on the data domain according to the one or more policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1, wherein the data entities comprise directories, files, collections, tables, or documents of the large distributed data store (DDS).
  - 3. The method as recited in claim 1, wherein the one or more policies include one of a sensitive data policy, a backup and restore policy, an access policy, a data maintenance policy, a public availability policy, a privacy policy, a copying policy, a subdomain creation policy, a searching policy, a masking policy, a quarantining policy, or an encryption policy.
  - 4. The method as recited in claim 1, wherein the operations to be determined as allowable on the data domain according to the one or more policies include one of copying the data domain as a unit within the large DDS, copying the data domain as a unit to a different DDS, copying the data domain with masking, or copying the data domain with encryption, searching for sensitive data, masking, quarantining, encrypting, making at least part of the data domain publicly available, making at least part of the data domain read-only, and deleting data elements.
  - 5. The method as recited in claim 1, further comprising transferring inheritable properties with a data domain when copying the data domain, wherein an inheritable property includes on of an encryption key to be used for security, categories of sensitive data, policies to mask specific types of the sensitive data, business tags attached to the data domain, and access rights to groups of users over the constituents of the domain.
  - 6. The method as recited in claim 1, wherein securing the subset of data entities in the data domain further comprises:
    - detecting sensitive data in the data domain; and
      
      applying the one or more policies to quarantine, mask, or encrypt the sensitive data or a data entity containing the sensitive data.
  - 7. The method as recited in claim 1, wherein limiting access includes establishing at least one tag for identifying a purpose, an ownership, or a location of the data domain;
    - andlimiting access to the data domain by assigning the tag to at least one user.
  - 8. The method as recited in claim 1, wherein defining a subset of data entities in a large distributed data store (DDS) as a data domain further includes defining each data domain according to a different department in an organization.
  - 9. The method as recited in claim 8, wherein each department and each corresponding data domain has a respective security requirement, a respective access control, and at least one respective policy for the corresponding data domain.
  - 10. The method as recited in claim 1, wherein establishing a security protocol further includes assigning an access key or an encryption key to the data domain, determining an expiration period for a key, determining a key strength, or determining a key type.
  - 11. The method as recited in claim 1, further comprising rules to govern which policies apply to a data domain when a data entity belongs to multiple data domains.

12. A system, comprising:
- a controller for defining a data domain within a large distributed data store (DDS) and for operating on the data domain;
  
  an agent for interacting with clusters of the DDS; and
  
  a user interface for accessing and using the DDS through the controller.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
- - 13. The system of claim 12, wherein the controller creates the data domain and associates data entities in the DDS with the data domain.
  - 14. The system of claim 13, wherein the data entities comprise directories, files, collections, tables, or documents of the large distributed data store (DDS).
  - 15. The system of claim 12, wherein the controller creates policies for the data domain, including one of a policy for sensitive data discovery, masking, quarantining, encrypting, backing-up and restoring data, creating subdomains, or copying domains.
  - 16. The system of claim 12, wherein the user interface allows the user to perform tasks including searching, masking, encryption, or quarantining on one or more domains, to view results of the tasks, to create tags, and to associate the tags with one or more data domains.
  - 17. The system of claim 12, further comprising a repository for storing metadata about the data domain created and managed through the user interface, wherein information related to the data entities including directories, files, collections, and documents, is mapped to the metadata.
  - 18. The system of claim 17, further comprising a dashboard for displaying an aggregate of information from one of a sensitive data scan, a masking operation, a quarantining operation, an encryption operation, or a history of operations on a data domain.
  - 19. The system of claim 18, wherein the dashboard displays the information filtered for specific domains and subdomains.
  - 20. The system of claim 19, wherein the dashboard uses tags to display partitioned data or filtered data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dataguise Incorporated (PKW Holdings, Inc.)
Original Assignee
Dataguise Incorporated (PKW Holdings, Inc.)
Inventors
Ramesh, Subramanian, Chahal, Jaspaul Singh

Granted Patent

US 11,010,348 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/694
CPC Class Codes

G06F 16/182 Distributed file systems

METHOD AND SYSTEM FOR MANAGING AND SECURING SUBSETS OF DATA IN A LARGE DISTRIBUTED DATA STORE

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR MANAGING AND SECURING SUBSETS OF DATA IN A LARGE DISTRIBUTED DATA STORE

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links