Managing data storage for databases based on application awareness
US-8984031-B1 · Mar 17, 2015 · US
Data processing systems for data transfer risk identification and related methods
US11475136B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11475136-B2 |
| Application number | US-202117493290-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 4, 2021 |
| Priority date | Jun 10, 2016 |
| Publication date | Oct 18, 2022 |
| Grant date | Oct 18, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In particular embodiments, a Data Transfer Risk Identification System may be configured to analyze one or more data systems (e.g., data assets), identify data transfers between/among those systems, apply data transfer rules to each data transfer record, perform a data transfer assessment on each data transfer record based on the data transfer rules to be applied to each data transfer record, and calculate a risk score for the data transfer based at least in part on the one or more data transfer risks associated with the data transfer record.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: generating, by computing hardware, a data transfer record representing a transfer of data from a first data asset to a second data asset, the data transfer record comprising an indication of a type for the data; identifying a data model associated with the first data asset and the second data asset; analyzing, by the computing hardware, the data model to identify a first location of the first data asset and a second location of the second data asset, wherein: the data model comprises a data structure defining a first set of attributes for the first data asset and a second set of attributes for the second data asset, at least one of the first set of attributes or the second set of data attributes comprises at least one of an Internet Protocol address or a domain, and analyzing the data model to identify the first location of the first data asset and the second location of the second data asset comprises analyzing the first set of attributes to identify the first location and the second set of attributes to identify the second location; performing, by the computing hardware, a data transfer assessment using a set of data transfer rules applicable to the transfer of the data based on the type for the data, the first location, and the second location; identifying, by the computing hardware, a data transfer risk based on the data transfer assessment; generating, by the computing hardware, a risk rating for the transfer of the data from the first data asset to the second data asset based on the data transfer risk; determining, by the computing hardware, that the risk rating satisfies a risk threshold; and responsive to determining that the risk rating satisfies the risk threshold, causing, by the computing hardware, performance of an action to address the data transfer risk, wherein the action comprises at least one of (i) generating a secure link between the first data asset and the second data asset so that the transfer of the data can be conducted via the secure link, (ii) suspending the transfer of the data from the first data asset to the second data asset, or (iii) having the data involved in the transfer encrypted. 2. The method of claim 1 , wherein the action further comprises: requesting, via a graphical user interface, user approval of the transfer of the data from the first data asset to the second data asset; receiving an indication of user disapproval of the transfer of the data originating from the graphical user interface; and responsive to receiving the indication of user disapproval, causing termination of the transfer of the data from the first data asset to the second data asset. 3. The method of claim 1 , wherein the action further comprises: requesting, via a graphical user interface, user approval of the transfer of the data from the first data asset to the second data asset; receiving an indication of the user approval originating from the graphical user interface; and responsive to receiving the user approval, cause resumption of the transfer of the data from the first data asset to the second data asset. 4. The method of claim 1 , wherein the set of data transfer rules comprise at least one of: (a) a rule associated with an encryption level used for the data; (b) a rule associated with an amount of time the data is stored; or (c) a rule associated with an access restriction placed on the data. 5. A system comprising: a non-transitory computer-readable medium storing instructions; and a processing device communicatively coupled to the non-transitory computer-readable medium, wherein, the processing device is configured to execute the instructions and thereby perform operations comprising: identifying a transfer of data from a first data asset to a second data asset; analyzing a data model associated with the first data asset and the second data asset to identify a first location of the first data asset and a second location of the second data asset, wherein: the data model comprises a data structure defining a first set of attributes for the first data asset and a second set of attributes for the second data asset, at least one of the first set of attributes or the second set of attributes comprises at least one of an Internet Protocol address or a domain, and analyzing the data model to identify the first location of the first data asset and the second location of the second data asset comprises analyzing the first set of attributes to identify the first location and the second set of attributes to identify the second location; identifying a set of data transfer rules application to the transfer of the data based on a type of data involved in the transfer; performing a data transfer assessment using the set of data transfer rules based on the first location and the second location; identifying a data transfer risk based on the data transfer assessment; generating a risk rating for the transfer of the data from the first data asset to the second data asset based on the data transfer risk; determining that the risk rating satisfies a risk threshold; and responsive to determining that the risk rating satisfies the risk threshold, causing performance of an action to address the data transfer risk, wherein the action comprises at least one of (i) generating a secure link between the first data asset and the second data asset so that the transfer of the data can be conducted via the secure link, (ii) suspending the transfer of the data from the first data asset to the second data asset, or (iii) having the data involved in the transfer encrypted. 6. The system of claim 5 , wherein the action comprises: requesting, via a graphical user interface, user approval of the transfer of the data from the first data asset to the second data asset; receiving an indication of user disapproval of the transfer of the data originating from the graphical user interface; and responsive to receiving the user disapproval, causing termination of the transfer of the data from the first data asset to the second data asset. 7. The system of claim 5 , wherein the action comprises: requesting, via a graphical user interface, user approval of the transfer of the data from the first data asset to the second data asset; receiving an indication of the user approval originating from the graphical user interface; and responsive to receiving the user approval, causing resumption of the transfer of the data from the first data asset to the second data asset. 8. The system of claim 5 , wherein generating the risk rating comprises: determining a weighting factor for the data transfer risk; determining a risk factor for the data transfer risk using the weighting factor; and generating the risk rating based on the risk factor. 9. A non-transitory computer-readable medium having program code that is stored thereon, the program code executable by one or more processing devices for performing operations comprising: analyzing a data model associated with a first data asset and a second data asset to identify a first location of the first data asset and a second location of the second data asset, wherein: the first data asset and the second data asset are involved in a transfer of data, the data model comprises a data structure defining a first set of attributes for the first data asset and a second set of attributes for the second data asset, at least one of the first set of attributes or the second set of attributes comprises at least one of an Internet Protocol address or a domain, and analyzing the data model to identify the first location of the first data asset and the second location of the second data asset comprises analyzing the first set of a
Assignees
Inventors
Classifications
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
by securing the transmission between two devices or processes · CPC title
Test or assess a computer or a system · CPC title
Protecting personal data, e.g. for financial or medical purposes · CPC title
Machine learning · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11475136B2 cover?
- In particular embodiments, a Data Transfer Risk Identification System may be configured to analyze one or more data systems (e.g., data assets), identify data transfers between/among those systems, apply data transfer rules to each data transfer record, perform a data transfer assessment on each data transfer record based on the data transfer rules to be applied to each data transfer record, an…
- Who is the assignee on this patent?
- Onetrust Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 18 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).