Privacy management across multiple devices
US-8978158-B2 · Mar 10, 2015 · US
Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods
US12052289B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12052289-B2 |
| Application number | US-202217693937-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 14, 2022 |
| Priority date | Jun 10, 2016 |
| Publication date | Jul 30, 2024 |
| Grant date | Jul 30, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A data transfer analysis system is disclosed that analyzes data transfer log entries to determine whether a data transfer is authorized. The system determines information about the data assets involved in the data transfer (e.g., network address, geographical location, etc.) and uses a data map to determine if data transfers are authorized between the two data assets. If not, the system may take one or more actions, such as generating a notification, terminating the data transfer, restricting the access of the user that initiated the transfer, modifying network communications capabilities between the assets to prevent future transfers, and storing metadata that can be used to prevent future such transfers.
First claim
Opening claim text (preview).
What is claimed: 1. A method comprising: analyzing, by computing hardware, a first data transfer log entry representing a first data transfer between a first computing system and a second computing system to determine authorized transfer data defining location-based transfer restrictions between the first computing system and the second computing system by: determining a physical location of the second computing system based on the first data transfer log entry; and in response to determining that transfers from the first computing system to the physical location are not authorized, determining a first location-based transfer restriction indicating that transfers from the first computing system to the second computing system are not authorized; determining, by the computing hardware based on the authorized transfer data, that the first computing system is not authorized to complete data transfers with the second computing system based on the physical location of the second computing system relative to the first computing system; storing, by the computing hardware and in response to determining that the first computing system is not authorized to complete data transfers with the second computing system, metadata comprising a record of location-based transfer restrictions indicating that the second computing system is not authorized to perform data transfers with the first computing system according to the physical location of the second computing system relative to the first computing system; detecting, by the computing hardware and based on a generation of a second data transfer log entry, a request to initiate a second data transfer between the first computing system and the second computing system; determining, by the computing hardware executing computer program instructions for analyzing the second data transfer log entry using the metadata, that the second data transfer is subject to the location-based transfer restrictions; and facilitating prevention, based on determining that the second data transfer is subject to the location-based transfer restrictions, of the first computing system from executing processing operations or performing network communication for completing the second data transfer. 2. The method of claim 1 , further comprising: providing, by the computing hardware, an authorization interface that is configured for requesting authorization data for the second data transfer; receiving, by the computing hardware and via the authorization interface, the authorization data; and overriding, by the computing hardware, the location-based transfer restrictions based on receiving the authorization data, wherein overriding the location-based transfer restrictions permits the first computing system to execute the processing operations or perform the network communication for completing the second data transfer. 3. The method of claim 1 , wherein the location-based transfer restrictions define at least one of a first restriction regarding transfers from the first computing system to a particular jurisdiction, or a second restriction regarding transfers form the first computing system to a particular geographic location. 4. The method of claim 1 , wherein analyzing the first data transfer log entry to determine the authorized transfer data defining the location-based transfer restrictions between the first computing system and the second computing system comprises: determining, by accessing a data map defining the authorized transfer data for the first computing system, whether transfers from the first computing system to the physical location of the second computing system are authorized based on the authorized transfer data. 5. The method of claim 1 , wherein: the first data transfer log entry includes a first network address for the first computing system and a second network address for the second computing system; the method further comprises determining, by the computing hardware, a first location of the first computing system based on the first network address and a second location of the second computing system based on the second network address; and the location-based transfer restrictions include a first restriction indicating that data transfers from the first location to the second location are not authorized based on the physical location of the second computing system relative to the first computing system. 6. The method of claim 1 , wherein facilitating prevention of the first computing system from executing processing operations or performing network communication for completing the second data transfer comprises using an application programming interface to modify a configuration of the first computing system to block the second data transfer. 7. The method of claim 1 , further comprising: identifying, based on the second data transfer log entry, a user that initiated the request to initiate the second data transfer; and in response to identifying the user, facilitating modification, by the computing hardware, of permissions related to data transfer initiation by the user. 8. A system comprising: a non-transitory computer-readable medium storing instructions; and processing hardware communicatively coupled to the non-transitory computer-readable medium, wherein the processing hardware is configured to execute the instructions and thereby perform operations comprising: analyzing a first data transfer log entry representing a first data transfer between a first computing system and a second computing system to determine authorized transfer data defining inter-computing system transfer restrictions between the first computing system and the second computing system by: determining a physical location of the second computing system based on the first data transfer log entry; and in response to determining that transfers from the first computing system to the physical location are not authorized, determining a first location-based transfer restriction indicating that transfers from the first computing system to the second computing system are not authorized; determining, based on the authorized transfer data, that the first computing system is not authorized to complete data transfers with the second computing system based on the physical location of the second computing system relative to the first computing system; in response to determining that the first computing system is not authorized to complete data transfers with the second computing system, storing metadata comprising a record of the inter-computing system transfer restrictions indicating that the second computing system is not authorized to perform data transfers with the first computing system; detecting, based on a generation of a second data transfer log entry, a request to initiate a second data transfer between the first computing system and the second computing system; determining, by the processing hardware executing computer program instructions for analyzing the second data transfer log entry using the metadata, that the second data transfer is subject to the inter-computing system transfer restrictions; and preventing, based on determining that the second data transfer is subject to the inter-computing system transfer restrictions, the first computing system from executing processing operations or performing network communication for completing the second data transfer. 9. The system of claim 8 , wherein the operations further comprise: accessing a data map defining the authorized transfer data for the first computing system; identifying the inter-computing system transfer restrictions for the first computing system from the data map; determining, from the inter-computing system transfer restrictions, that the fir
Assignees
Inventors
Classifications
Discovery or management of network topologies · CPC title
involving long-term monitoring or reporting · CPC title
Retrieval from the web · CPC title
Assessing vulnerabilities and evaluating computer system security · CPC title
Architectures of general purpose stored program computers (with program plugboard G06F15/08; multicomputers G06F15/16) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12052289B2 cover?
- A data transfer analysis system is disclosed that analyzes data transfer log entries to determine whether a data transfer is authorized. The system determines information about the data assets involved in the data transfer (e.g., network address, geographical location, etc.) and uses a data map to determine if data transfers are authorized between the two data assets. If not, the system may tak…
- Who is the assignee on this patent?
- Onetrust Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 30 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).