×

TRANSPARENT CLIENT APPLICATION TO ARBITRATE DATA STORAGE BETWEEN MUTABLE AND IMMUTABLE DATA REPOSITORIES

  • US 20170364699A1
  • Filed: 08/11/2017
  • Published: 12/21/2017
  • Est. Priority Date: 06/02/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method of retrofitting applications configured to access a given data repository to instead access a heterogeneous set of data repositories in place of the given data repository for at least some data, the method comprising:

  • receiving, with a computing device, a first write request from an application requesting to write data to a first remote database via a network, wherein;

    the first write request specifies a first value to be written to a first field in the first remote database;

    the first write request specifies a second value to be written to a second field in the first remote database;

    the first write request is compliant with an application program interface of a database driver configured to interface with the first remote database; and

    the database driver and at least part of the application issuing the first write request execute in the same instance of an operating system executing on the computing device;

    obtaining, with the computing device, a data policy having one or more rules by which values are classified as higher-security values or lower-security values;

    classifying, with the computing device and at least one of the one or more rules, the first value as lower-security;

    classifying, with the computing device and at least one of the one or more rules, the second value as higher-security;

    in response to classifying the second value as higher-security, redirecting the second value from a destination specified by the application in the received first write request by;

    obtaining a unique identifier of the second value that does not reveal the second value;

    causing the second value to be stored in a second remote database that is different from the first remote database; and

    updating an index with an entry that maps the unique identifier to the second value in the second remote database; and

    forming, with the computing device, one or more application program interface requests to the database driver that;

    (i) instruct the database driver to cause the first remote database to store the first value in association with the first field; and

    (ii) instruct the database driver to cause the first remote database to store the unique identifier in association with the second field,wherein an attacker with full access to the first database does not have access to the second value classified as higher security, and wherein code of the application is not modified to interface with two databases in place of the first remote database.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×