Hidden separation and access to data on a device
US-2017177844-A1 · Jun 22, 2017 · US
Data privacy awareness in workload provisioning
US10949545B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10949545-B2 |
| Application number | US-202016805859-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 2, 2020 |
| Priority date | Jul 11, 2018 |
| Publication date | Mar 16, 2021 |
| Grant date | Mar 16, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Data privacy information pertaining to particular data hosted by a first workload provisioned to a first location can be received. The first workload can be monitored to determine whether the first workload is accessed by a second workload, determine whether the second workload is indicated as being authorized, in the data privacy information, to access the particular data hosted by first workload, and determine whether the second workload has access to the particular data hosted by the first workload. If so, information identifying the second workload and a manner in which the second workload accessed the particular data hosted by the first workload can be stored to a data storage.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: receiving data privacy information pertaining to particular data hosted by a first workload provisioned to a first location; monitoring the first workload, the monitoring the first workload comprising: determining whether the first workload is accessed by a second workload; responsive to determining that the first workload is accessed by the second workload, determining whether the second workload is indicated as being authorized, in the data privacy information, to access the particular data hosted by first workload; and responsive to determining that the second workload is not indicated as being authorized to access the particular data hosted by the first workload, determining whether the second workload has access to the particular data hosted by the first workload; and responsive to determining that the second workload has access to the particular data hosted by the first workload, automatically storing, using a processor, to a data storage information identifying the second workload and a manner in which the second workload accessed the particular data hosted by the first workload. 2. The method of claim 1 , further comprising: responsive to determining that the second workload has access to the data hosted by the first workload, automatically communicating a notification to a system or compliance administrator indicating that the first workload has been accessed by an unauthorized workload, the notification comprising the information identifying the second workload and the manner in which the second workload accessed the particular data hosted by the first workload. 3. The method of claim 1 , further comprising: determining, based on the data privacy information, whether the first location is a location where the first workload is allowed to be provisioned; responsive to determining that the first location is a location where the first workload is not allowed to be provisioned, determining whether there is an issue with the first workload regarding data privacy; and responsive to determining that there is an issue with the first workload regarding the data privacy, automatically storing to the data storage information identifying the issue with the first workload regarding the data privacy. 4. The method of claim 1 , further comprising: determining, based on the data privacy information, whether the first location is a location where the first workload is allowed to be provisioned; responsive to determining that the first location is a location where the first workload is not allowed to be provisioned, determining whether there is an issue with the first workload regarding data privacy; and responsive to determining that there is an issue with the first workload regarding the data privacy, automatically communicating a notification to a system or compliance administrator indicating the issue with the first workload regarding the data privacy. 5. The method of claim 4 , wherein the notification indicates that the first workload has been provisioned to a location that is not a location where the workload is allowed to be provisioned. 6. The method of claim 1 , further comprising: determining, based on the data privacy information, whether the first location is a location where the first workload is allowed to be provisioned; and responsive to determining that the first location is a location where the first workload is not allowed to be provisioned, automatically provisioning the first workload to a second location to which provisioning of the first workload is allowed based on the data privacy information. 7. The method of claim 6 , further comprising: communicating the data privacy information pertaining to the particular data to a data privacy advisor application; responsive to the communicating the data privacy information pertaining to the particular data to the data privacy advisor application, receiving from the data privacy advisor application locations allowed information and identifying, as candidate locations, locations indicated in the locations allowed information; and selecting the second location from the candidate locations. 8. A system, comprising: a processor programmed to initiate executable operations comprising: receiving data privacy information pertaining to particular data hosted by a first workload provisioned to a first location; monitoring the first workload, the monitoring the first workload comprising: determining whether the first workload is accessed by a second workload; responsive to determining that the first workload is accessed by the second workload, determining whether the second workload is indicated as being authorized, in the data privacy information, to access the particular data hosted by first workload; and responsive to determining that the second workload is not indicated as being authorized to access the particular data hosted by the first workload, determining whether the second workload has access to the particular data hosted by the first workload; and responsive to determining that the second workload has access to the particular data hosted by the first workload, automatically storing to a data storage information identifying the second workload and a manner in which the second workload accessed the particular data hosted by the first workload. 9. The system of claim 8 , the executable operations further comprising: responsive to determining that the second workload has access to the data hosted by the first workload, automatically communicating a notification to a system or compliance administrator indicating that the first workload has been accessed by an unauthorized workload, the notification comprising the information identifying the second workload and the manner in which the second workload accessed the particular data hosted by the first workload. 10. The system of claim 8 , the executable operations further comprising: determining, based on the data privacy information, whether the first location is a location where the first workload is allowed to be provisioned; responsive to determining that the first location is a location where the first workload is not allowed to be provisioned, determining whether there is an issue with the first workload regarding data privacy; and responsive to determining that there is an issue with the first workload regarding the data privacy, automatically storing to the data storage information identifying the issue with the first workload regarding the data privacy. 11. The system of claim 8 , the executable operations further comprising: determining, based on the data privacy information, whether the first location is a location where the first workload is allowed to be provisioned; responsive to determining that the first location is a location where the first workload is not allowed to be provisioned, determining whether there is an issue with the first workload regarding data privacy; and responsive to determining that there is an issue with the first workload regarding the data privacy, automatically communicating a notification to a system or compliance administrator indicating the issue with the first workload regarding the data privacy. 12. The system of claim 11 , wherein the notification indicates that the first workload has been provisioned to a location that is not a location where the workload is allowed to be provisioned. 13. The system of claim 8 , the executable operations further comprising: determining, based on the data privacy information, whether the first location is a location where the first workload is allowed to be provisioned; and responsive to
Assignees
Inventors
Classifications
Services making use of location information · CPC title
- G06F21/6245Primary
Protecting personal data, e.g. for financial or medical purposes · CPC title
involving task migration · CPC title
Event management; Broadcasting; Multicasting; Notifications · CPC title
considering the load · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10949545B2 cover?
- Data privacy information pertaining to particular data hosted by a first workload provisioned to a first location can be received. The first workload can be monitored to determine whether the first workload is accessed by a second workload, determine whether the second workload is indicated as being authorized, in the data privacy information, to access the particular data hosted by first workl…
- Who is the assignee on this patent?
- IBM, Green Market Square Ltd
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6245. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 16 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).