Classifying data and enforcing data access control using a context-based hierarchical policy
US-2023004663-A1 · Jan 5, 2023 · US
Access control rights assignment capabilities utilizing a new context-based hierarchy of data based on new forms of metadata
US11797702B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11797702-B2 |
| Application number | US-202117198734-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 11, 2021 |
| Priority date | Mar 11, 2021 |
| Publication date | Oct 24, 2023 |
| Grant date | Oct 24, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
One example method includes extracting content metadata from data, storing the content metadata in a data catalogue, receiving at the data catalogue, from a user, a request to access the data, transmitting, by the data catalogue to a security service provider, an access request that includes the extracted content metadata and metadata relating to the access request, accessing, by the security service provider, identity metadata concerning an identity of the user, and a data access policy, and transmitting, by the security service provider to the data catalogue, a decision as to whether or not access can be granted to the data, and the decision is based on the data access policy, the identity metadata, and the metadata in the access request.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: extracting content metadata from data; storing the content metadata in, or in a location accessible to, a data catalogue; receiving at the data catalogue, from a user, a request to access the data; transmitting, by the data catalogue to a security service provider, an access request that includes the extracted content metadata and metadata relating to the access request; accessing, by the security service provider, identity metadata concerning an identity of the user, and a data access policy; and transmitting, by the security service provider to the data catalogue, a decision as to whether or not access can be granted to the data, and the decision is based on the data access policy, the identity metadata, and the metadata in the access request. 2. The method as recited in claim 1 , wherein the identity metadata is received by the security service provider from an identity server. 3. The method as recited in claim 1 , wherein the data access policy is automatically modified, without manual intervention by a human, in response to a change to the data. 4. The method as recited in claim 1 , wherein the extracted content metadata comprises metadata about one or more attributes of the data. 5. The method as recited in claim 1 , wherein the data access policy defines a hierarchy of multiple metadata attributes. 6. The method as recited in claim 1 , wherein the data access policy is enforceable with respect to the data regardless of the physical location of the data. 7. The method as recited in claim 1 , wherein the data access policy is enforceable with respect to the data regardless of the entity that generated the data, how the data was generated, or when the data was generated. 8. The method as recited in claim 1 , wherein the data access policy is immediately and automatically applied to newly added data. 9. The method as recited in claim 1 , wherein an alert is automatically generated when data is detected that is not covered by the data access policy. 10. The method as recited in claim 1 , wherein the data access policy defines a timeframe, or amount of time, that the user is permitted to access the data. 11. A non-transitory computer readable storage medium having stored therein instructions that are executable by one or more hardware processors to perform operations comprising: extracting content metadata from data; storing the content metadata in, or in a location accessible to, a data catalogue; receiving at the data catalogue, from a user, a request to access the data; transmitting, by the data catalogue to a security service provider, an access request that includes the extracted content metadata and metadata relating to the access request; accessing, by the security service provider, identity metadata concerning an identity of the user, and a data access policy; and transmitting, by the security service provider to the data catalogue, a decision as to whether or not access can be granted to the data, and the decision is based on the data access policy, the identity metadata, and the metadata in the access request. 12. The non-transitory computer readable storage medium as recited in claim 11 , wherein the identity metadata is received by the security service provider from an identity server. 13. The non-transitory computer readable storage medium as recited in claim 11 , wherein the data access policy is automatically modified, without manual intervention by a human, in response to a change to the data. 14. The non-transitory computer readable storage medium as recited in claim 11 , wherein the extracted content metadata comprises metadata about one or more attributes of the data. 15. The non-transitory computer readable storage medium as recited in claim 11 , wherein the data access policy defines a hierarchy of multiple metadata attributes. 16. The non-transitory computer readable storage medium as recited in claim 11 , wherein the data access policy is enforceable with respect to the data regardless of the physical location of the data. 17. The non-transitory computer readable storage medium as recited in claim 11 , wherein the data access policy is enforceable with respect to the data regardless of the entity that generated the data, how the data was generated, or when the data was generated. 18. The non-transitory computer readable storage medium as recited in claim 11 , wherein the data access policy is immediately and automatically applied to newly added data. 19. The non-transitory computer readable storage medium as recited in claim 11 , wherein an alert is automatically generated when data is detected that is not covered by the data access policy. 20. The non-transitory computer readable storage medium as recited in claim 11 , wherein the data access policy defines a timeframe, or amount of time, that the user is permitted to access the data.
Assignees
Inventors
Classifications
- G06F21/6218Primary
to a system of files or objects, e.g. local or distributed file system or database · CPC title
Updates performed during online database operations; commit processing · CPC title
between a Database Management System and a front-end application · CPC title
Indexing structures · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11797702B2 cover?
- One example method includes extracting content metadata from data, storing the content metadata in a data catalogue, receiving at the data catalogue, from a user, a request to access the data, transmitting, by the data catalogue to a security service provider, an access request that includes the extracted content metadata and metadata relating to the access request, accessing, by the security s…
- Who is the assignee on this patent?
- Emc Ip Holding Co Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6218. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Oct 24 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).