DATA SOURCE SECURITY CLUSTER

US 20160098484A1
Filed: 10/06/2014
Published: 04/07/2016
Est. Priority Date: 10/06/2014
Status: Active Grant

First Claim

Patent Images

1. A data source security cluster system, comprising:

a federation engine structured with a memory and a processor, the processor in communication with the memory to;

generate a first data source security token and a second data source security token;

send the first data source security token to a first data source and the second data source security token to a second data source;

receive, from a client, a request comprising at least a query, a first security token and a second security token;

extract the query, the first security token and the second security token from the request;

query the first data source for the first data source security token and the second data source for the second data source security token;

determine a first match between the first data source security token and the first security token;

based upon the determining of the first match, authorizing the client to access the first data source;

generate a first sub-query based on the query; and

send the first sub-query to the first data source.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and computer program for implementing data source security cluster are provided. Security tokens may be generated for a plurality of data sources. Clients may request a security token from each data source. The client may send the security tokens and a data query to a federation engine. The federation engine may generate a plurality of sub-queries from the query. The federation engine may match a sub-query and particular security token to a data source. The federation engine may validate each security token and send, to each data source, the matching sub-query for that data source. Each data source may send a result to a sub-query to the federation engine, which may join all of the results into a virtual view.

19 Citations

View as Search Results

20 Claims

1. A data source security cluster system, comprising:
- a federation engine structured with a memory and a processor, the processor in communication with the memory to;
  
  generate a first data source security token and a second data source security token;
  
  send the first data source security token to a first data source and the second data source security token to a second data source;
  
  receive, from a client, a request comprising at least a query, a first security token and a second security token;
  
  extract the query, the first security token and the second security token from the request;
  
  query the first data source for the first data source security token and the second data source for the second data source security token;
  
  determine a first match between the first data source security token and the first security token;
  
  based upon the determining of the first match, authorizing the client to access the first data source;
  
  generate a first sub-query based on the query; and
  
  send the first sub-query to the first data source.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The data source security system of claim 1, the processor further to:
    - determine a second match between the second data source security token and the second security token;
      
      based upon the determining of the second match, authorizing the client to access the second data source;
      
      generate a second sub-query based on the query;
      
      send the second sub-query to the second data source;
      
      join a first result set received from the first data source and a second result set received from the second data source.
  - 3. The data source security system of claim 2,wherein the first result set comprises at least a first data element and a first data identifier,wherein the second result set comprises at least a second data element and a second data identifier;
    - the processor further to;
      
      generate a third sub-query based on the query;
      
      send the third sub-query to a helping data source to request a mapping;
      
      receive the mapping from the helping data source, wherein the mapping comprises the first data identifier mapped to the second data identifier; and
      
      based on the mapping between the first data identifier and the second data identifier, map the first data element to the second data element.
  - 4. The data source security system of claim 3,wherein the first sub-query is a query of a first type of database;
    - wherein the second sub-query is a query of a second type of database;
      
      wherein the third sub-query is a query of a third type of database;
      
      wherein each of the first type of database, the second type of database, and the third type of database is a different type of database than the other two types of database.
  - 5. The data source security system of claim 4,wherein each of the first type of database, the second type of database and the third type of database is a different one of:
    - PostgreSQL, MySQL, Cassandra, and NoSQL.
  - 6. The data source security system of claim 1, the processor further to:
    - at a periodic interval, randomly generate a new first data source security token and a new second data source security token; and
      
      send the new first data source security token to the first data source and the new second data source security token to the second data source.

7. A computer-implemented method, comprising:
- receiving an initial query, a first security token and a second security token;
  
  generating at least a first sub-query and a second sub-query from the initial query;
  
  matching the first sub-query to the first security token and the second sub-query to the second security token;
  
  sending the first sub-query and the first security token to the first data source;
  
  sending the second sub-query and the second security token to the second data source; and
  
  receiving a first result set from the first data source and a second result set from the second data source.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7,wherein the first result set comprises at least a first data element and a first data identifier, andwherein the second result set comprises at least a second data element and a second data identifier.
  - 9. The method of claim 8, further comprising:
    - retrieving a mapping from a helping data source, wherein the mapping maps the first data identifier to the second data identifier.
  - 10. The method of claim 9, further comprising:
    - based on the mapping between the first data identifier and the second data identifier, mapping the first data element to the second data element.
  - 11. The method of claim 7, further comprising:
    - at the first data source, matching the first security token to a first data source security token; and
      
      at the second data source, matching the second security token to the second data source security token.
  - 12. The method of claim 7, further comprising:
    - creating a virtual view comprising the first result set and the second result set.
  - 13. The method of claim 12, further comprising:
    - determining one or more data elements from the virtual view corresponding to the initial query and outputting the one or more data elements.

14. A non-transitory computer-readable medium comprising computer-readable instructions which, when executed by a processor, cause the processor to perform operations comprising:
- receiving a query, a first security token and a second security token;
  
  generating at least a first sub-query and a second sub-query from the query;
  
  mapping the first sub-query to the first security token;
  
  mapping the second sub-query to the second security token;
  
  sending the first sub-query to the first data source;
  
  sending the second sub-query to the second data source;
  
  receiving a first result set from the first data source;
  
  receiving a second result set from the second data source; and
  
  joining the first result set and the second result set to create a third result set.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The non-transitory computer-readable storage medium of claim 14,wherein the first result set comprises at least a first data element and a first data identifier.
  - 16. The non-transitory computer-readable storage medium of claim 15,wherein the second result set comprises at least a second data element and a second data identifier.
  - 17. The non-transitory computer-readable storage medium of claim 16, the processor further to perform operations comprising:
    - querying a helping data source for a mapping;
      
      receiving the mapping from the helping data source, wherein the mapping maps the first data identifier to the second data identifier.
  - 18. The non-transitory computer-readable storage medium of claim 17, the processor further to perform operations comprising:
    - based on the mapping between the first data identifier and the second data identifier, mapping the first data element to the second data element.
  - 19. The non-transitory computer-readable storage medium of claim 17,wherein the first sub-query sent to the first data source is a query of a first type of database;
    - wherein the second sub-query sent to the second data source is a query of a second type of database;
      
      wherein the query sent to the helping data source is a query of a third type of database;
      
      wherein each of the first type of database, the second type of database, and the third type of database is a different type of database than the other two types of database.
  - 20. The non-transitory computer-readable storage medium of claim 14, the processor further to perform operations comprising:
    - querying a first data source for a first data source security token, and querying a second data source for a second data source security token;
      
      matching the first data source security token to the first security token;
      
      matching the second data source security token to the second security token;
      
      at a periodic interval, generating a new first data source security token and a new second data source security token; and
      
      sending the new first data source security token to the first data source and the new second data source security token to the second data source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Nguyen, Filip, Elias, Filip

Granted Patent

US 10,198,558 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/33   using certificates

G06F 21/6218   to a system of files or obj...

G06F 2221/2115   Third party

H04L 63/0807   using tickets, e.g. Kerbero...

DATA SOURCE SECURITY CLUSTER

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DATA SOURCE SECURITY CLUSTER

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links