LEGISLATION AWARE SYSTEM

US 20170140389A1
Filed: 11/17/2015
Published: 05/18/2017
Est. Priority Date: 11/17/2015
Status: Active Grant

First Claim

Patent Images

1. A method, said method comprising:

identifying, by one or more processors of a computer system, a set of at least two legal compliance rules associated with a service that uses and/or stores data, wherein the legal compliance rules include a type and format of the data, a physical locality within a legal jurisdiction relevant to security rules for the data, how long the data needs to be kept, whether or not the data needs to be encrypted, and what individuals, organizations or authorities are permitted access to the data and under what circumstances;

identifying, by the one or more processors, a plurality of service providers with associated service provider characteristics, wherein each service provider is a physical computer having a central processing unit (CPU) and is capable of providing the service, and wherein the service provider characteristics associated with each service provider include a location where each service provider performs the service, a region specific to each service provider in which each service provider'"'"'s data for the service is stored, a cost per megabyte (MB) of each service provider'"'"'s data for the service, and a percent utilization of each service provider'"'"'s CPU used for the service;

verifying, by the one or more processors, compliance with the legal compliance rules of the service provider characteristics of each service provider and of a service definition describing attributes of the service, wherein said verifying comprises matching the legal compliance rules against the service provider characteristics and the attributes of the service and confirming that each service provider characteristic and each attribute of the service conforms to the legal compliance rules, wherein the service definition attributes includes a value representing how often the data is backed up, an indicator denoting where disaster recovery of the data is provided, an indicator denoting a type of encryption that is used for the data, and an indicator denoting that long-term storage of the data is available and for how long, and wherein said verifying comprises verifying said compliance for only at least two service providers of the plurality of service providers;

returning, by the one or more processors from a result of said verifying, either said compliance or said non-compliance for each service provider;

determining, by the one or more processors, a priority of each service provider of the at least two service providers who compliance was verified, wherein the priority is based on an availability of the data for each service provider of the at least two service providers; and

selecting, by the one or more processors from the at least two service providers who compliance was verified, a first service provider to provide the service, wherein said selecting the first service provider is based on the first service provider having been determined to have a highest priority from among the priorities determined for each service provider of the at least two service providers, and wherein said verifying compliance for the first service provider provides assurance that the data will be kept and serviced by the first service provider in a compliant manner according to the legal compliance rules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and associated computer system and computer program product. A set of legal compliance rules associated with a service is identified. A service provider with associated service provider characteristics is identified. The service provider is capable of providing the service. Compliance or non-compliance of the legal compliance rules with the service provider characteristics is verified using service characteristics of a default service. A compliant or non-compliant verification of the service provider for the default service is returned from a result of the verifying compliance or non-compliance.

Citations

39 Claims

1. A method, said method comprising:
- identifying, by one or more processors of a computer system, a set of at least two legal compliance rules associated with a service that uses and/or stores data, wherein the legal compliance rules include a type and format of the data, a physical locality within a legal jurisdiction relevant to security rules for the data, how long the data needs to be kept, whether or not the data needs to be encrypted, and what individuals, organizations or authorities are permitted access to the data and under what circumstances;
  
  identifying, by the one or more processors, a plurality of service providers with associated service provider characteristics, wherein each service provider is a physical computer having a central processing unit (CPU) and is capable of providing the service, and wherein the service provider characteristics associated with each service provider include a location where each service provider performs the service, a region specific to each service provider in which each service provider'"'"'s data for the service is stored, a cost per megabyte (MB) of each service provider'"'"'s data for the service, and a percent utilization of each service provider'"'"'s CPU used for the service;
  
  verifying, by the one or more processors, compliance with the legal compliance rules of the service provider characteristics of each service provider and of a service definition describing attributes of the service, wherein said verifying comprises matching the legal compliance rules against the service provider characteristics and the attributes of the service and confirming that each service provider characteristic and each attribute of the service conforms to the legal compliance rules, wherein the service definition attributes includes a value representing how often the data is backed up, an indicator denoting where disaster recovery of the data is provided, an indicator denoting a type of encryption that is used for the data, and an indicator denoting that long-term storage of the data is available and for how long, and wherein said verifying comprises verifying said compliance for only at least two service providers of the plurality of service providers;
  
  returning, by the one or more processors from a result of said verifying, either said compliance or said non-compliance for each service provider;
  
  determining, by the one or more processors, a priority of each service provider of the at least two service providers who compliance was verified, wherein the priority is based on an availability of the data for each service provider of the at least two service providers; and
  
  selecting, by the one or more processors from the at least two service providers who compliance was verified, a first service provider to provide the service, wherein said selecting the first service provider is based on the first service provider having been determined to have a highest priority from among the priorities determined for each service provider of the at least two service providers, and wherein said verifying compliance for the first service provider provides assurance that the data will be kept and serviced by the first service provider in a compliant manner according to the legal compliance rules.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The method of claim 1, wherein the availability of the data pertains to volume of the data, a processing time for processing the data, and a network bandwidth for transmitting the data.
  - 22. The method of claim 21, wherein the method further comprises:
    - after initiation of the first service provider providing the service, determining, by the one or more processors, that the first service provider no longer comprises said compliance; and
      
      in response to said determining that the first service provider no longer comprises said compliance, migrating the service from the first service provider to a second service provider whose compliance was verified and currently prevails, wherein said selecting the second service provider is based on the second service provider having been determined to have a highest priority from among the priorities determined for each remaining service provider whose compliance was verified and currently prevails.
  - 23. The method of claim 1, wherein the computer system comprises a computer in which a read-only memory (ROM) is hard-wired, wherein the ROM contains program code, which, upon being executed by the one or more processors, implements the method, and wherein the computer is a special purpose computer specific to the method due to the ROM being hard wired in the computer.
  - 24. The method of claim 1, said method further comprising:
    - converting the legal compliance rules into a single conditional expression comprising a first constraint on where each service provider is required to provide the service and a second constraint on where the data is required to be stored,wherein said verifying comprises verifying the compliance or non-compliance of the single conditional expression with the service provider characteristics of each service provider and the service definition.
  - 25. The method of claim 24, wherein the first constraint is that each service provider is required to provide the service at either a first location or a second location that differs from the first location, and wherein the second constraint is that the data is required to be stored at the first location.
  - 26. The method of claim 25,wherein the plurality of service providers comprise a first service provider, a second service provider, and a third service provider,wherein the first service provider performs the service at the first location for data stored at the first location so that the first service provider is compliant with the legal compliance rules,wherein the second service provider performs the service at the first location for data stored at a third location that differs from the first location and the second location so that the second service provider is non-compliant with the legal compliance rules, andwherein the third service provider performs the service at the second location for data stored at the first location so that the third service provider is compliant with the legal compliance rules.

2-20. -20. (canceled)

27. A computer program product, comprising one or more computer readable hardware storage devices having computer readable program code stored therein, said program code containing instructions executable by one or more processors of a computer system to implement a method, said method comprising:
- identifying, by the one or more processors, a set of at least two legal compliance rules associated with a service that uses and/or stores data, wherein the legal compliance rules include a type and format of the data, a physical locality within a legal jurisdiction relevant to security rules for the data, how long the data needs to be kept, whether or not the data needs to be encrypted, and what individuals, organizations or authorities are permitted access to the data and under what circumstances;
  
  identifying, by the one or more processors, a plurality of service providers with associated service provider characteristics, wherein each service provider is a physical computer having a central processing unit (CPU) and is capable of providing the service, and wherein the service provider characteristics associated with each service provider include a location where each service provider performs the service, a region specific to each service provider in which each service provider'"'"'s data for the service is stored, a cost per megabyte (MB) of each service provider'"'"'s data for the service, and a percent utilization of each service provider'"'"'s CPU used for the service;
  
  verifying, by the one or more processors, compliance with the legal compliance rules of the service provider characteristics of each service provider and of a service definition describing attributes of the service, wherein said verifying comprises matching the legal compliance rules against the service provider characteristics and the attributes of the service and confirming that each service provider characteristic and each attribute of the service conforms to the legal compliance rules, wherein the service definition attributes includes a value representing how often the data is backed up, an indicator denoting where disaster recovery of the data is provided, an indicator denoting a type of encryption that is used for the data, and an indicator denoting that long-term storage of the data is available and for how long, and wherein said verifying comprises verifying said compliance for only at least two service providers of the plurality of service providers;
  
  returning, by the one or more processors from a result of said verifying, either said compliance or said non-compliance for each service provider;
  
  determining, by the one or more processors, a priority of each service provider of the at least two service providers who compliance was verified, wherein the priority is based on an availability of the data for each service provider of the at least two service providers; and
  
  selecting, by the one or more processors from the at least two service providers who compliance was verified, a first service provider to provide the service, wherein said selecting the first service provider is based on the first service provider having been determined to have a highest priority from among the priorities determined for each service provider of the at least two service providers, and wherein said verifying compliance for the first service provider provides assurance that the data will be kept and serviced by the first service provider in a compliant manner according to the legal compliance rules.
- View Dependent Claims (28, 29, 30, 31, 32, 33)
- - 28. The computer program product of claim 27, wherein the availability of the data pertains to volume of the data, a processing time for processing the data, and a network bandwidth for transmitting the data.
  - 29. The computer program product of claim 28, wherein the method further comprises:
    - after initiation of the first service provider providing the service, determining, by the one or more processors, that the first service provider no longer comprises said compliance; and
      
      in response to said determining that the first service provider no longer comprises said compliance, migrating the service from the first service provider to a second service provider whose compliance was verified and currently prevails, wherein said selecting the second service provider is based on the second service provider having been determined to have a highest priority from among the priorities determined for each remaining service provider whose compliance was verified and currently prevails.
  - 30. The computer program product of claim 27, wherein the computer system comprises a computer in which a read-only memory (ROM) is hard-wired, wherein the ROM contains program code, which, upon being executed by the one or more processors, implements the method, and wherein the computer is a special purpose computer specific to the method due to the ROM being hard wired in the computer.
  - 31. The computer program product of claim 27, said method further comprising:
    - converting the legal compliance rules into a single conditional expression comprising a first constraint on where each service provider is required to provide the service and a second constraint on where the data is required to be stored,wherein said verifying comprises verifying the compliance or non-compliance of the single conditional expression with the service provider characteristics of each service provider and the service definition.
  - 32. The computer program product of claim 31, wherein the first constraint is that each service provider is required to provide the service at either a first location or a second location that differs from the first location, and wherein the second constraint is that the data is required to be stored at the first location.
  - 33. The computer program product of claim 32,wherein the plurality of service providers comprise a first service provider, a second service provider, and a third service provider,wherein the first service provider performs the service at the first location for data stored at the first location so that the first service provider is compliant with the legal compliance rules,wherein the second service provider performs the service at the first location for data stored at a third location that differs from the first location and the second location so that the second service provider is non-compliant with the legal compliance rules, andwherein the third service provider performs the service at the second location for data stored at the first location so that the third service provider is compliant with the legal compliance rules.

34. A computer system, comprising one or more processors, one or more memories, and one or more computer readable hardware storage devices, said one or more hardware storage device containing program code executable by the one or more processors via the one or more memories to implement a method, said method comprising:
- identifying, by the one or more processors, a set of at least two legal compliance rules associated with a service that uses and/or stores data, wherein the legal compliance rules include a type and format of the data, a physical locality within a legal jurisdiction relevant to security rules for the data, how long the data needs to be kept, whether or not the data needs to be encrypted, and what individuals, organizations or authorities are permitted access to the data and under what circumstances;
  
  identifying, by the one or more processors, a plurality of service providers with associated service provider characteristics, wherein each service provider is a physical computer having a central processing unit (CPU) and is capable of providing the service, and wherein the service provider characteristics associated with each service provider include a location where each service provider performs the service, a region specific to each service provider in which each service provider'"'"'s data for the service is stored, a cost per megabyte (MB) of each service provider'"'"'s data for the service, and a percent utilization of each service provider'"'"'s CPU used for the service;
  
  verifying, by the one or more processors, compliance with the legal compliance rules of the service provider characteristics of each service provider and of a service definition describing attributes of the service, wherein said verifying comprises matching the legal compliance rules against the service provider characteristics and the attributes of the service and confirming that each service provider characteristic and each attribute of the service conforms to the legal compliance rules, wherein the service definition attributes includes a value representing how often the data is backed up, an indicator denoting where disaster recovery of the data is provided, an indicator denoting a type of encryption that is used for the data, and an indicator denoting that long-term storage of the data is available and for how long, and wherein said verifying comprises verifying said compliance for only at least two service providers of the plurality of service providers;
  
  returning, by the one or more processors from a result of said verifying, either said compliance or said non-compliance for each service provider;
  
  determining, by the one or more processors, a priority of each service provider of the at least two service providers who compliance was verified, wherein the priority is based on an availability of the data for each service provider of the at least two service providers; and
  
  selecting, by the one or more processors from the at least two service providers who compliance was verified, a first service provider to provide the service, wherein said selecting the first service provider is based on the first service provider having been determined to have a highest priority from among the priorities determined for each service provider of the at least two service providers, and wherein said verifying compliance for the first service provider provides assurance that the data will be kept and serviced by the first service provider in a compliant manner according to the legal compliance rules.
- View Dependent Claims (35, 36, 37, 38, 39)
- - 35. The method of claim 34, wherein the availability of the data pertains to volume of the data, a processing time for processing the data, and a network bandwidth for transmitting the data.
  - 36. The computer system of claim 35, wherein the method further comprises:
    - after initiation service provider providing the service, determining, by the one or more processors, that the first service provider no longer comprises said compliance; and
      
      in response to said determining that the first service provider no longer comprises said compliance, migrating the service from the first service provider to a second service provider whose compliance was verified and currently prevails, wherein said selecting the second service provider is based on the second service provider having been determined to have a highest priority from among the priorities determined for each remaining service provider whose compliance was verified and currently prevails.
  - 37. The computer system of claim 34, wherein the computer system comprises a computer in which a read-only memory (ROM) is hard-wired, wherein the ROM contains program code, which upon being executed by the one or more processors, implements the method, and wherein the computer is a special purpose computer specific to the method due to the ROM being hard wired in the computer.
  - 38. The computer system of claim 34, said method further comprising:
    - converting the legal compliance roles into a single conditional expression comprising a first constraint on where each service provider is required to provide the service and a second constraint on where the data is required to be stored,wherein said verifying comprises verifying the compliance or non-compliance of the single conditional expression with the service provider characteristics of each service provider and the service definition.
  - 39. The computer system of claim 38, wherein the first constraint is that each service provider is required to provide the service at either a first location or a second location that differs from the first location, and wherein the second constraint is that the data is required to be stored at the first location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Easton, John P.

Granted Patent

US 10,810,601 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/119   Details of migration of fil...

G06F 16/122   using management policies b...

G06F 16/125   characterised by the use of...

G06F 16/185   Hierarchical storage manage...

G06F 16/214   Database migration support

G06F 9/4875   with migration policy, e.g....

G06Q 30/018   Certifying business or prod...

LEGISLATION AWARE SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

LEGISLATION AWARE SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links