What technology area does this patent fall under?

Primary CPC classification G06F3/067. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Jul 13 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).

System for dynamically determining access constraints of data-repository objects

US11061586B1 · US · B1

Patent metadata
Field	Value
Publication number	US-11061586-B1
Application number	US-201715819864-A
Country	US
Kind code	B1
Filing date	Nov 21, 2017
Priority date	Nov 21, 2017
Publication date	Jul 13, 2021
Grant date	Jul 13, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Various systems and methods are provided for calculating a data criticality score upon ingesting a data object into a data storage system. This data criticality score can be used to control subsequent access requests for the data object. In one embodiment, a computer system receives a data object at a first node comprising a decision engine. The decision engine generates a data criticality score based, at least in part, on one or more inputs related to the data object. After calculating the data criticality score, the system uses the data criticality score to determine whether a given action is allowable for the data object. After determining whether the given action is allowable, the system receives a user request to perform a first action on the data object. The system then determines whether the user request should be granted with respect to the first action, and if allowable, performs the first action.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: identifying a data object by a decision engine, wherein the data object is stored on a current storage tier in a network, wherein the network comprises a first node including the decision engine; generating a data criticality score for the data object by the decision engine, wherein the generating the data criticality score for the data object is based, at least in part, on at least a first characteristic of the data object and a second characteristic of the data object, wherein the first characteristic and second characteristic are provided as inputs to the decision engine, the generating determines the data criticality score for the data object, at least in part, by assigning a greater weight to the first characteristic than is assigned to the second characteristic, and the data criticality score for the data object is configured for use in controlling a subsequent request for access to the data object; determining whether the data criticality score for the data object exceeds a threshold; and in response to determining that the data criticality score for the data object exceeds the threshold, migrating the data object from the current storage tier to a more secure storage tier, wherein the more secure storage tier has one or more security parameters that are more stringent than the current storage tier. 2. The method of claim 1 , wherein at least one of the first characteristic and the second characteristic comprises at least one of: a classification of the data object, a user account associated with the data object, location information associated with the data object, a first time associated with the data object, a retention value associated with the data object, and a number of access attempts associated with the data object. 3. The method of claim 1 , further comprising: configuring, by the decision engine, one or more parameters to be used to control actions that are executed on the data object based on the data criticality score of the data object, wherein the configuring is performed prior to receiving subsequent requests for actions to be executed on the data object. 4. The method of claim 1 , wherein the first characteristic is assigned a first weight, wherein the first weight is a first integer between one and ten inclusive; the second characteristic is assigned a second weight, wherein the second weight is a second integer between one and ten inclusive; and the first integer is not equal to the second integer. 5. The method of claim 1 , further comprising: determining whether a first action is allowable with respect to the data object, wherein the determining is based, at least in part, on the data criticality score; subsequent to determining whether the first action is allowable with respect to the data object, setting a value to indicate whether the first action is allowable with respect to the data object, wherein the value is configured to be used in controlling the subsequent request for access; subsequent to setting the value, receiving a request to perform the first action on the data object; and subsequent to receiving the request to perform the first action on the data object, determining whether to grant the request, wherein determining whether to grant the request is based, at least in part, on the value. 6. The method of claim 5 , wherein the determining whether to grant the subsequent request is further based, at least in part, on the first action. 7. The method of claim 5 , further comprising: in response to a determination that the subsequent request should be granted, performing the first action on the data object. 8. A computer program product, comprising a plurality of instructions stored on a non-transitory, computer-readable storage medium, wherein the instructions are configured to execute a method comprising the steps of: identifying a data object by a decision engine, wherein the data object is stored on a current storage tier in a network, wherein the network comprises a first node including the decision engine; generating a data criticality score for the data object by the decision engine, wherein the generating the data criticality score for the data object is based, at least in part, on at least a first characteristic of the data object and a second characteristic of the data object, wherein the first characteristic and second characteristic are provided as inputs to the decision engine, the generating determines the data criticality score for the data object, at least in part, by assigning a greater weight to the first characteristic than is assigned to the second characteristic, and the data criticality score for the data object is configured for use in controlling a subsequent request for access to the data object; determining whether the data criticality score for the data object exceeds a threshold; and in response to determining that the data criticality score for the data object exceeds a threshold, migrating the data object from the current storage tier to a more secure storage tier, wherein the more secure storage tier has one or more security parameters that are more stringent than the current storage tier. 9. The computer program product of claim 8 , wherein at least one of the first characteristic and the second characteristic comprises at least one of: a classification of the data object, a user account associated with the data object, location information associated with the data object, a first time associated with the data object, a retention value associated with the data object, and a number of access attempts associated with the data object. 10. The computer program product of claim 8 , wherein the method further comprises: configuring, by the decision engine, one or more parameters to be used to control actions that are executed on the data object based on the data criticality score of the data object, wherein the configuring is performed prior to receiving subsequent requests for actions to be executed on the data object. 11. The computer program product of claim 8 , wherein the method further comprises: determining whether a first action is allowable with respect to the data object, wherein the determining is based, at least in part, on the data criticality score; subsequent to determining whether the first action is allowable with respect to the data object, setting a value to indicate whether the first action is allowable with respect to the data object, wherein the value is configured to be used in controlling the subsequent request for access; subsequent to setting the value, receiving a request to perform the first action on the data object; and subsequent to receiving the request to perform the first action on the data object, determining whether to grant the request, wherein determining whether to grant the request is based, at least in part, on the value. 12. The computer program product of claim 11 , wherein the determining whether to grant the subsequent request is further based, at least in part, on the first action. 13. The computer program product of claim 11 , wherein the method further comprises: in response to a determination that the subsequent request should be granted, performing the first action on the data object. 14. A system comprising: a microprocessor; and a non-transitory, computer-readable storage medium, comprising computer instructions executable by the microprocessor, wherein the computer instructions are configured to perform a method comprising the steps of: identifying a data ob

Assignees

Veritas Technologies Llc

Inventors

Classifications

G06F16/125
characterised by the use of retention policies (retention policies for HSM systems G06F16/185) · CPC title
G06F3/067Primary
Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS] · CPC title
G06F3/0659
Command handling arrangements, e.g. command buffers, queues, command scheduling · CPC title
G06F3/0622Primary
in relation to access · CPC title

Patent family

Related publications grouped by family.

View patent family 76764383

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11061586B1 cover?: Various systems and methods are provided for calculating a data criticality score upon ingesting a data object into a data storage system. This data criticality score can be used to control subsequent access requests for the data object. In one embodiment, a computer system receives a data object at a first node comprising a decision engine. The decision engine generates a data criticality scor…
Who is the assignee on this patent?: Veritas Technologies Llc
What technology area does this patent fall under?: Primary CPC classification G06F3/067. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Jul 13 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Managing security credentials

Securing a media storage device using write restriction mechanisms

Memory access control

Techniques for preventing large-scale data breaches utilizing differentiated protection layers

Data cleansing and governance using prioritization schema

Accessing a file system using tiered deduplication

Frequently asked questions