Leading system determination

US 9,904,796 B2
Filed: 09/30/2015
Issued: 02/27/2018
Est. Priority Date: 09/30/2015
Status: Active Grant

First Claim

Patent Images

1. A method for blocking data access in a network comprising a plurality of systems, the method comprising:

receiving an indication in a current system of the plurality of systems of an occurrence of an event that indicates an end of purpose determination is to be performed for one or more applications utilizing data records associated with a plurality of related data objects on the plurality of systems, the data objects corresponding to an entity, and wherein the related data objects are synchronized between the plurality of systems;

analyzing determination criteria associated with the data records to determine whether the current system is a master system of the plurality of systems, wherein each data object has an associated customized determination criteria table, and wherein determination criteria stored in a first field of a customized determination criteria table links a plurality of other tables for specifying whether the plurality of systems are master systems or dependent systems and the customized determination criteria table further includes a role in a second field;

if the current system is determined to be the master system based on the first and second fields in the customized determination criteria table, the method further comprises;

(1) performing an end-of-purpose determination in the current system and its dependent systems; and

(2) blocking access to the data records; and

if the current system is determined not to be the master system based on the determination criteria, the method further comprises determining whether related data objects exist in the master system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments described herein relate to an improved technique for blocking access to data records associated with an entity in a network comprising a plurality of systems. The operations include accessing and analyzing determination criteria associated with the entity to determine in which systems the data should be blocked. An end-of-purpose determination can be performed in one or more of the systems based on whether the current system is a master system, a dependent system of the master system, or a standalone system of the plurality of systems. Access to the entity data records can then be blocked from the appropriate systems when an end of purpose for the data has been reached for any processes running on the system.

21 Citations

View as Search Results

18 Claims

1. A method for blocking data access in a network comprising a plurality of systems, the method comprising:
- receiving an indication in a current system of the plurality of systems of an occurrence of an event that indicates an end of purpose determination is to be performed for one or more applications utilizing data records associated with a plurality of related data objects on the plurality of systems, the data objects corresponding to an entity, and wherein the related data objects are synchronized between the plurality of systems;
  
  analyzing determination criteria associated with the data records to determine whether the current system is a master system of the plurality of systems, wherein each data object has an associated customized determination criteria table, and wherein determination criteria stored in a first field of a customized determination criteria table links a plurality of other tables for specifying whether the plurality of systems are master systems or dependent systems and the customized determination criteria table further includes a role in a second field;
  
  if the current system is determined to be the master system based on the first and second fields in the customized determination criteria table, the method further comprises;
  
  (1) performing an end-of-purpose determination in the current system and its dependent systems; and
  
  (2) blocking access to the data records; and
  
  if the current system is determined not to be the master system based on the determination criteria, the method further comprises determining whether related data objects exist in the master system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein if the current system is not the master system and related data objects exist in the master system, the method further comprises:
    - (1) performing a local end-of-purpose determination in the current system only; and
      
      (2) communicating a start-of-retention time indication to the master system.
  - 3. The method of claim 1 wherein if the current system is not the master system and related data objects do not exist in the master system, the method further comprises:
    - (1) performing a local end-of-purpose determination in the current system and its dependent systems; and
      
      (2) blocking access to the data records.
  - 4. The method of claim 1 further comprising:
    - generating a start-of-retention time for the data records when it is determined that the end of purpose has been reached; and
      
      storing the start-of-retention time in a data record.
  - 5. The method of claim 1 further comprising allowing continued access to the data records when it is determined that the end of purpose for the data records has not been reached.
  - 6. The method of claim 1 wherein the data records include private data of the entity that is subject to retention time restrictions.
  - 7. The method of claim 1 wherein the master system is the system in which the data records were created.

8. A system for blocking data access in a network comprising a plurality of systems comprising:
- a processor in communication with a database via a communication link;
  
  a memory system coupled with the processor and configured to store computer code, which when executed by the processor, causes the processor to perform operations comprising;
  
  receiving an indication in a current system of the plurality of systems of an occurrence of an event that indicates an end of purpose determination is to be performed for one or more applications utilizing data records associated with a plurality of related data objects on the plurality of systems, the data objects corresponding to an entity, and wherein the related data objects are synchronized between the plurality of systems;
  
  analyzing determination criteria associated with the data records to determine whether the current system is a master system of the plurality of systems, wherein each data object has an associated customized determination criteria table, and wherein determination criteria stored in a first field of a customized determination criteria table links a plurality of other tables for specifying whether the plurality of systems are master systems or dependent systems and the customized determination criteria table further includes a role in a second field;
  
  if the current system is determined to be the master system based on the first and second fields in the customized determination criteria table, the operations further comprise;
  
  (1) performing an end-of-purpose determination in the current system and its dependent systems when the current system is determined to be the master system based on the determination criteria; and
  
  (2) blocking access to the data records when it is determined that the end of purpose has been reached; and
  
  if the current system is determined not to be the master system based on the determination criteria, the operations further comprise determining whether related data objects exist in the master system.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8 wherein if the current system is not the master system and related data objects exist in the master system, the operations further comprise:
    - (1) performing a local end-of-purpose determination in the current system only; and
      
      (2) communicating a start-of-retention time indication to the master system.
  - 10. The system of claim 8 wherein if the current system is not the master system and related data objects do not exist in the master system, the operations further comprise:
    - (1) performing a local end-of-purpose determination in the current system and its dependent systems; and
      
      (2) blocking access to the data records.
  - 11. The system of claim 8 wherein the operations further comprise:
    - generating a start-of-retention time for the data records when it is determined that the end of purpose has been reached; and
      
      storing the start-of-retention time in a data record.
  - 12. The system of claim 8 wherein the operations further comprise allowing continued access to the data records when it is determined that the end of purpose has not been reached.
  - 13. The system of claim 8 wherein the data records include private data that is subject to retention time restrictions.
  - 14. The system of claim 8 wherein the master system is the system in which the data records were created.

15. A non-transitory computer readable storage medium tangibly embodying computer code, which when executed by a computer system, causes the computer system to perform operations for blocking data access in a network comprising a plurality of systems, the operations comprising:
- receiving an indication in a current system of the plurality of systems of an occurrence of an event that indicates an end of purpose determination is to be performed for one or more applications utilizing data records associated with a plurality of related data objects on the plurality of systems, the data objects corresponding to an entity, and wherein the related data objects are synchronized between the plurality of systems;
  
  analyzing determination criteria associated with the data records to determine whether the current system is a master system of the plurality of systems, wherein each data object has an associated customized determination criteria table, and wherein determination criteria stored in a first field of a customized determination criteria table links a plurality of other tables for specifying whether the plurality of systems are master systems or dependent systems and the customized determination criteria table further includes a role in a second field;
  
  if the current system is determined to be the master system based on the first and second fields in the customized determination criteria table, the operations further comprise;
  
  (1) performing an end-of-purpose determination in the current system and its dependent systems; and
  
  (2) blocking access to the data records when it is determined that the end of purpose has been reached; and
  
  if the current system is determined not to be the master system based on the determination criteria, the operations further comprise determining whether related data objects exist in the master system.
- View Dependent Claims (16, 17, 18)
- - 16. The computer readable storage medium of claim 15 wherein if the current system is not the master system and the related data objects exist in the master system, the operations further comprise:
    - (1) performing a local end-of-purpose determination in the current system only; and
      
      (2) communicating a start-of-retention time indication to the master system.
  - 17. The computer readable storage medium of claim 15 wherein if the current system is not the master system and related data objects do not exist in the master system, the operations further comprise:
    - (1) performing a local end-of-purpose determination in the current system and its dependent systems; and
      
      (2) blocking access to the data records.
  - 18. The computer readable storage medium of claim 16 wherein the operations further comprise:
    - generating a start-of-retention time for the data records when it is determined that the end of purpose has been reached; and
      
      storing the start-of-retention time in a data record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Pluder, Carsten, Ravindran, Dinesh, Bacchi, Alain
Primary Examiner(s)
KIM, TAE K

Application Number

US14/871,390
Publication Number

US 20170091479A1
Time in Patent Office

881 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/125   characterised by the use of...

G06F 16/219   Managing data history or ve...

G06F 21/6227   where protection concerns t...

G06F 21/6236   between heterogeneous systems

G06F 21/6245   Protecting personal data, e...

H04L 63/0407   wherein the identity of one...

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04W 12/02   Protecting privacy or anony...

Leading system determination

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Leading system determination

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links