US2026053211A1PendingUtilityA1

Method and System for Managing and Securing Subsets of Data in a Large Distributed Data Store

Assignee: DATAGUISE INCPriority: Mar 15, 2013Filed: Jul 23, 2025Published: Feb 26, 2026
Est. expiryMar 15, 2033(~6.7 yrs left)· nominal 20-yr term from priority
A41D 13/0587G06F 16/182
81
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system groups multiple entities in a large distributed data store (DDS), such as directories and files, into a subset called a domain. The domain is treated as a unit for defining policies to detect and treat sensitive data. Sensitive data can be defined by enterprise or industry. Treatment of sensitive data may include quarantining, masking, and encrypting, of the data or the entity containing the data. Data in a domain can be copied as a unit, with or without the same structure, and with transformations such as masking or encryption, into parts of the same DDS or to a different DDS. Domains can be the unit of access control for organizations, and assigned tags useful for identifying their purpose, ownership, location, or other characteristics. Policies and operations, assigned at the domain level, may vary from domain to domain, but within a domain are uniform, except for specific exclusions.

Claims

exact text as granted — not AI-modified
1 - 20 . (canceled) 
     
     
         21 . A system for managing data in a Distributed Data Store (DDS), said system including:
 a Distributed Data Store (DDS), wherein said DDS includes a first subset, wherein said first subset comprises a first set of a plurality of data entities, wherein said first set of a plurality of data entities includes one or more directories, files, collections, documents, or other logical units of data,   wherein said plurality of data entities of said first set are marked as being part of said first subset; and   wherein said DDS includes a second subset, wherein said second subset comprises a second set of a plurality of data entities, wherein said second set of a plurality of data entities includes one or more directories, files, collections, documents, or other logical units of data,   wherein said plurality of data entities of said second set are marked as being part of said second subset; and   a repository storing first metadata relating to said first subset, wherein said first metadata identifies said first subset and identifies a set of first properties of said first subset,   wherein said set of first properties includes an identification of at least one first sensitive data type,   wherein said repository includes at least one first policy assigned to said at least one first sensitive data type,   said repository also storing second metadata relating to said second subset, wherein said second metadata identifies said second subset and identifies a set of second properties of said second subset, wherein said set of second properties is different from said set of first properties,   wherein said set of second properties includes an identification of at least one second sensitive data type,   wherein said repository includes at least one second policy assigned to said at least one second sensitive data type,   wherein data is managed in said DDS by scanning said first subset by applying said identification of said at least one first sensitive data type to said first set of a plurality of data entities to identify at least one data entity of said first set of a plurality of data entities as belonging to said at least one first sensitive data type,   retrieving said at least one first policy assigned to said at least one first sensitive type, and   applying said at least one first policy to said at least one data entity of said first set of a plurality of data entities belonging to said at least one first sensitive data type, and   scanning said second subset by applying said identification of said at least one second sensitive data type to said second set of a plurality of data entities to identify at least one data entity of said second set of a plurality of data entities as belonging to said at least one second sensitive data type,   retrieving said at least one second policy assigned to said at least one second sensitive type, and   applying said at least one second policy to said at least one data entity of said second set of a plurality of data entities belonging to said at least one second sensitive data type,   wherein said at least one first policy includes masking said at least one data entity of said first set.   
     
     
         22 . The system of  21  wherein said at least one second policy includes masking said at least one data entity of said second set. 
     
     
         23 . The system of  claim 21  wherein at least one of said at least one first policy assigned to said at least one first sensitive data type and said at least one second policy assigned to said at least one second sensitive data type includes masking at least one of said at least one first sensitive data type and said at least one second sensitive data type. 
     
     
         24 . The system of  claim 21  wherein at least one of said at least one first policy assigned to said at least one first sensitive data type and said at least one second policy assigned to said at least one second sensitive data type includes masking at least one of said at least one first sensitive data type and said at least one second sensitive data type. 
     
     
         25 . The system of  claim 21  wherein at least one of said at least one first policy assigned to said at least one first sensitive data type and said at least one second policy assigned to said at least one second sensitive data type includes quarantining at least one of said at least one first sensitive data type and said at least one second sensitive data type. 
     
     
         26 . The system of  claim 21  wherein said at least one first sensitive data type and said at least one second sensitive data type are one of credit card numbers, social security numbers, medical record numbers, addresses, names of patients, names high net-worth individuals, driver's license numbers, and bank account numbers. 
     
     
         27 . The system of  claim 21  wherein said repository is outside said DDS. 
     
     
         28 . A method for managing data in a Distributed Data Store (DDS), said method including:
 retrieving data from a Distributed Data Store (DDS), wherein said DDS includes a first subset, wherein said first subset comprises a first set of a plurality of data entities, wherein said first set of a plurality of data entities includes one or more directories, files, collections, documents, or other logical units of data,   wherein said plurality of data entities of said first set are marked as being part of said first subset,   wherein said DDS includes a second subset, wherein said second subset comprises a second set of a plurality of data entities, wherein said second set of a plurality of data entities includes one or more directories, files, collections, documents, or other logical units of data,   wherein said plurality of data entities of said second set are marked as being part of said second subset;   retrieving first metadata relating to said first subset from a repository, wherein said first metadata identifies said first subset and identifies a set of first properties of said first subset,   wherein said set of first properties includes an identification of at least one first sensitive data type,   wherein said repository includes at least one first policy assigned to said at least one first sensitive data type,   wherein said repository also stores second metadata relating to said second subset, wherein said second metadata identifies said second subset and identifies a set of second properties of said second subset, wherein said set of second properties is different from said set of first properties,   wherein said set of second properties includes an identification of at least one second sensitive data type,   wherein said repository includes at least one second policy assigned to said at least one second sensitive data type; and   managing data in said DDS by:   scanning said first subset by applying said identification of said at least one first sensitive data type to said first set of a plurality of data entities to identify at least one data entity of said first set of a plurality of data entities as belonging to said at least one first sensitive data type;   retrieving said at least one first policy assigned to said at least one first sensitive type;   applying said at least one first policy to said at least one data entity of said first set of a plurality of data entities belonging to said at least one first sensitive data type;   scanning said second subset by applying said identification of said at least one second sensitive data type to said second set of a plurality of data entities to identify at least one data entity of said second set of a plurality of data entities as belonging to said at least one second sensitive data type;   retrieving said at least one second policy assigned to said at least one second sensitive type; and   applying said at least one second policy to said at least one data entity of said second set of a plurality of data entities belonging to said at least one second sensitive data type,   wherein said at least one first policy includes masking said at least one data entity of said first set.   
     
     
         29 . The method of  28  wherein said at least one second policy includes masking said at least one data entity of said second set. 
     
     
         30 . The method of  claim 28  wherein at least one of said at least one first policy assigned to said at least one first sensitive data type and said at least one second policy assigned to said at least one second sensitive data type includes masking at least one of said at least one first sensitive data type and said at least one second sensitive data type. 
     
     
         31 . The method of  claim 28  wherein at least one of said at least one first policy assigned to said at least one first sensitive data type and said at least one second policy assigned to said at least one second sensitive data type includes masking at least one of said at least one first sensitive data type and said at least one second sensitive data type. 
     
     
         32 . The method of  claim 28  wherein at least one of said at least one first policy assigned to said at least one first sensitive data type and said at least one second policy assigned to said at least one second sensitive data type includes quarantining at least one of said at least one first sensitive data type and said at least one second sensitive data type. 
     
     
         33 . The method of  claim 28  wherein said at least one first sensitive data type and said at least one second sensitive data type are one of credit card numbers, social security numbers, medical record numbers, addresses, names of patients, names high net-worth individuals, driver's license numbers, and bank account numbers. 
     
     
         34 . The method of  claim 28  wherein said repository is outside said DDS.

Join the waitlist — get patent alerts

Track US2026053211A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.