Middle ware security layer for cloud computing services
US-2017264619-A1 · Sep 14, 2017 · US
Distribute big data security architecture
US10747895B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10747895-B2 |
| Application number | US-201615276567-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 26, 2016 |
| Priority date | Sep 25, 2015 |
| Publication date | Aug 18, 2020 |
| Grant date | Aug 18, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
This disclosure describes techniques for defining security measures of a secure data corridor that enables data feeds to transmit from an ingress point to an egress point, while maintaining a desired security protection. This disclosure further describes techniques to quantify the desired security protection by determining and further associating a data sensitivity rating with individual data feeds in transmit through the secure data corridor. In some examples, the data sensitivity rating of the secure data corridor may be locked at a default rating that is commensurate with access permissions of a subject or a data sensitivity rating of an adjoining secure data container. Alternatively, the data sensitivity rating may be dynamically set based on data feeds transmitting through the secure data corridor or set based on the data sensitivity rating of data feeds at an ingress point or egress point of the secure data corridor.
First claim
Opening claim text (preview).
What is claimed: 1. A system of a resource management platform, comprising: one or more processors; memory coupled to the one or more processors, the memory including one or more modules that are executable by the one or more processors to: establish a secure data corridor to provide a secure pathway for transmitting data elements between a subject and a secure data container, the secure data corridor having a first data sensitivity rating for data transmission through the secure data corridor; interrogate a nature of a data feed of a set of data elements at an ingress to the secure data corridor, the data elements being associated with data objects having control parameters that govern access to the data objects, the data elements inheriting the control parameters from the data objects, the data feed inheriting the control parameters from the data elements, and access by the subject to the data feed being governed by the control parameters of the data feed; determine, from the interrogation of the nature of the data feed, a second data sensitivity rating of the set of data elements that corresponds to the control parameters; determine whether the first data sensitivity rating of the secure data corridor is commensurate with the nature of the data feed in accordance with the relative values of the first data sensitivity rating of the secure data corridor and the second data sensitivity rating of the set of data elements; and in response to determining that the second data sensitivity rating of the set of data elements is greater than the first data sensitivity rating of the secure data corridor, dynamically reconfigure the secure data corridor with a third data sensitivity rating that is greater than or equal to the second data sensitivity rating of the set of data elements to provide the secure pathway for the set of data elements between the subject and the secure data container with subject access permissions in accordance with the control parameters of the data feed; wherein the control parameters include at least one of an explicit read provision, an explicit write provision, an explicit import provision, or an explicit export provision. 2. The system of claim 1 , wherein the secure data corridor corresponds to a link layer, a network layer, a transport layer, or an application layer of a transmission control protocol (TCP) and internet protocol (IP). 3. The system of claim 1 , wherein the secure data container corresponds to a first secure data container, and wherein the subject corresponds to a second secure data container. 4. The system of claim 1 , wherein the second data sensitivity rating is a minimum threshold of data sensitivity to authorize the subject to access the set of data elements. 5. The system of claim 1 , wherein to establish the secure data corridor between the subject and the secure data container is performed by the resource management platform that provides a policy access control point for transmitting the set of data elements between the ingress point and an egress point. 6. The system of claim 1 , wherein the set of data elements is a first set of data elements, and wherein the one or more modules are further executable by the one or more processors to: receive a message that includes a request to ingress an additional set of data elements into the secure data container; determine an additional data sensitivity rating associated with the additional set of data elements; determine that the additional data sensitivity rating is greater than the third data sensitivity rating of the secure data corridor; and dynamically reconfigure the secure data corridor with a fourth data sensitivity rating that is greater than or equal to the additional data sensitivity rating. 7. The system of claim 1 , wherein the set of data elements is a first set of data elements, and wherein the one or more modules are further executable by the one or more processors to: receive a first message that includes a request from the subject to ingress an additional set of data elements, into the secure data container; determine an additional data sensitivity rating associated with the additional set of data elements, determine that the additional data sensitivity rating is greater than the third data sensitivity rating of the secure data corridor; determine that the third data sensitivity rating of the secure data corridor is locked; and transmit a second message to the subject indicating that the additional set of data elements cannot securely transmit through the secure data corridor. 8. The system of claim 1 , wherein the first data sensitivity rating associated with the secure data corridor is dynamically set to be at least substantially similar to an additional data sensitivity rating associated with the secure data container. 9. The system of claim 1 , wherein the control parameters are initially assigned to the data objects, wherein individual data objects are linked to one or more of the data elements, and the one or more data elements are further linked to individual data feeds via a diagraph of connectivity. 10. The system of claim 1 , wherein the one or more modules are further executable by the one or more processors to: receive a message that includes a request from the subject to ingress an additional set of data elements from the secure data container; determine that the subject is unauthorized to read the additional set of data elements within the secure data container; and configure the secure data corridor to prevent an egress of the additional set of data elements from the secure data container. 11. The system of claim 1 , wherein the one or more modules are further executable by the one or more processors to: receive a message that includes a request from the subject for ingress of an additional set of data elements to the secure data container; determine that the subject is authorized to write data elements to the secure data container; and configure the secure data corridor to transmit the additional set of data elements from the subject to the secure data corridor. 12. A computer-implemented method, comprising: under control of one or more processors: establishing a secure data corridor to provide a secure pathway for transmitting data elements between a subject and a secure data container, the secure data corridor having a first data sensitivity rating for data transmission through the secure data corridor; interrogating a nature of a data feed of a set of data elements at an ingress to the secure data corridor, the data elements being associated with data objects having control parameters that govern access to the data objects, the data elements inheriting the control parameters from the data objects, the data feed inheriting the control parameters from the data elements, and access by the subject to the data feed being governed by the control parameters of the data feed; determining, from the interrogation of the nature of the data feed, a second data sensitivity rating of the set of data elements that corresponds to the control parameters; determining whether the first data sensitivity rating of the secure data corridor is commensurate with the nature of the data feed in accordance with the relative values of the first data sensitivity rating of the secure data corridor and the second data sensitivity rating of the set of data elements; and in response to determining that the second data sensitivity rating of the set of data elements is greater than the first data sensitivity rating of the secure data corridor, dynamically reconfiguring the secure data corridor with a third data sensitivity rating that is greater than or equa
Assignees
Inventors
Classifications
- H04L63/102Primary
Entity profiles · CPC title
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself · CPC title
Protecting personal data, e.g. for financial or medical purposes · CPC title
Multi-level security, e.g. mandatory access control · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10747895B2 cover?
- This disclosure describes techniques for defining security measures of a secure data corridor that enables data feeds to transmit from an ingress point to an egress point, while maintaining a desired security protection. This disclosure further describes techniques to quantify the desired security protection by determining and further associating a data sensitivity rating with individual data f…
- Who is the assignee on this patent?
- T Mobile Usa Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/102. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 18 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).