Client Reputation Driven Role-Based Access Control
US-2016036833-A1 · Feb 4, 2016 · US
Secure software defined storage
US11848965B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11848965-B2 |
| Application number | US-202117242017-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 27, 2021 |
| Priority date | Mar 30, 2017 |
| Publication date | Dec 19, 2023 |
| Grant date | Dec 19, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and apparatus for secure software defined storage are disclosed. An example apparatus includes memory and a processor to access a read request for data written to a software defined storage location, obtain the requested data from the software defined storage location, perform a classification operation on the requested data to obtain classification data corresponding to the requested data, the classification data to represent whether the requested data includes personally identifiable information, in response to determining that the requested data includes personally identifiable information, apply data loss prevention to the requested data to create response data, determine whether a client requesting the data from the software defined storage location is authorized to access the requested data, and in response to determining that the client requesting data is authorized to access the requested data, transmit the response data to the client.
First claim
Opening claim text (preview).
What is claimed is: 1. An apparatus for providing data security for software defined storage, comprising: memory; and a programmable device to: access a read request for data written to a software defined storage location outside of the memory; obtain the requested data from a first location in the software defined storage location; obtain classification data corresponding to the requested data from a second location in the memory, the classification data to represent whether the requested data includes personally identifiable information; in response to identifying that the requested data includes the personally identifiable information, apply data loss prevention to the requested data to create response data; determine whether a client that requested the data from the first location in the software defined storage location is authorized to access the requested data; and in response to determining that the client is authorized to access the requested data, transmit the response data to the client. 2. The apparatus of claim 1 , wherein the programmable device is further to, in response to determining that the client is not authorized to access the requested data, not transmit the response data to the client. 3. The apparatus of claim 1 , wherein to determine whether the client is authorized to access the requested data, the programmable device is to determine whether the client satisfies one or more data loss prevention rules associated with the personally identifiable information. 4. The apparatus of claim 1 , wherein the classification data indicates at least one of (a) results from a malware scan on the requested data, (b) an anonymization of the requested data, (c) assigned rights to the requested data, or (d) an encryption of the requested data. 5. The apparatus of claim 1 , wherein the classification data includes metadata associated with the requested data, the metadata indicative of a previously determined classification of the requested data. 6. The apparatus of claim 1 , wherein the programmable device is to obtain the requested data in response to obtaining the classification data and determining the client is authorized to access the requested data. 7. At least one non-transitory computer readable medium comprising instructions, which, when executed, cause at least one processor to at least: access a read request for data written to a first software defined storage location; obtain the requested data from the first software defined storage location; obtain classification data corresponding to the requested data from a second software defined storage location, the second software defined storage location different from the first software defined storage location, the classification data to represent whether the requested data includes personally identifiable information; in response to identifying that the requested data includes the personally identifiable information, apply data loss prevention to the requested data to create response data; determine whether a client that requested the data from the first software defined storage location is authorized to access the requested data; and in response to determining that the client is authorized to access the requested data, transmit the response data to the client. 8. The at least one non-transitory computer readable medium of claim 7 , wherein the instructions, when executed, cause the at least one processor to, in response to determining that the client is not authorized to access the requested data, not transmit the response data to the client. 9. The at least one non-transitory computer readable medium of claim 7 , wherein, to determine whether the client is authorized to access the requested data, the instructions, when executed, cause the at least one processor to determine whether the client satisfies one or more data loss prevention rules associated with the personally identifiable information. 10. The at least one non-transitory computer readable medium of claim 7 , wherein the classification data indicates at least one of (a) results from a malware scan on the requested data, (b) an anonymization of the requested data, (c) assigned rights to the requested data, or (d) an encryption of the requested data. 11. The at least one non-transitory computer readable medium of claim 7 , wherein the classification data includes metadata associated with the requested data, the metadata indicative of a previously determined classification of the requested data. 12. The at least one non-transitory computer readable medium of claim 7 , wherein the instructions, when executed, cause the at least one processor to obtain the requested data in response to obtaining the classification data and determining the client is authorized to access the requested data. 13. An apparatus comprising: means for accessing a read request for data written to a software defined storage location; means for obtaining the requested data from a first location in the software defined storage location, the means for obtaining to obtain classification data corresponding to the requested data from a second location, the second location different from the first location, the classification data to represent whether the requested data includes personally identifiable information; means for applying, in response to identifying that the requested data includes the personally identifiable information, data loss prevention to the requested data to create response data; the means for applying to determine whether a client that requested the data from the software defined storage location is authorized to access the requested data; and means for transmitting, in response to determining that the client is authorized to access the requested data, the response data to the client. 14. The apparatus of claim 13 , wherein the means for transmitting is to not transmit, in response to determining that the client is not authorized to access the requested data, the response data to the client. 15. The apparatus of claim 13 , wherein, to determine whether the client is authorized to access the requested data, the means for applying is to determine whether the client satisfies one or more data loss prevention rules associated with the personally identifiable information. 16. The apparatus of claim 13 , wherein the classification data indicates at least one (a) results from a malware scan on the requested data, (b) an anonymization of the requested data, (c) assigned rights to the requested data, or (d) an encryption of the requested data. 17. A method for providing data security for software defined storage, comprising: accessing a read request for data written to a software defined storage location; obtaining the requested data from a first location in the software defined storage location; obtaining classification data corresponding to the requested data from a server distinct from the software defined storage location, the classification data to represent whether the requested data includes personally identifiable information; in response to identifying that the requested data includes the personally identifiable information, applying, by executing an instruction with a processor, data loss prevention to the requested data to the requested data to create response data; determining, by executing an instruction with the processor, whether a client that requested the data from the software defined storage location is authorized to access the requested data; and in response to determining that the client is authorized to access the requested data, tran
Assignees
Inventors
Classifications
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Providing cryptographic facilities or services · CPC title
to assure secure storage of data (address-based protection against unauthorised use of memory G06F12/14; record carriers for use with machines and with at least a part designed to carry digital markings G06K19/00) · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
for controlling access to devices or network resources · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11848965B2 cover?
- Methods and apparatus for secure software defined storage are disclosed. An example apparatus includes memory and a processor to access a read request for data written to a software defined storage location, obtain the requested data from the software defined storage location, perform a classification operation on the requested data to obtain classification data corresponding to the requested d…
- Who is the assignee on this patent?
- Mcafee Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 19 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).