Method and System for Managing and Securing Subsets of Data in a Large Distributed Data Store
Abstract
A system groups multiple entities in a large distributed data store (DDS), such as directories and files, into a subset called a domain. The domain is treated as a unit for defining policies to detect and treat sensitive data. Sensitive data can be defined by enterprise or industry. Treatment of sensitive data may include quarantining, masking, and encrypting, of the data or the entity containing the data. Data in a domain can be copied as a unit, with or without the same structure, and with transformations such as masking or encryption, into parts of the same DDS or to a different DDS. Domains can be the unit of access control for organizations, and assigned tags useful for identifying their purpose, ownership, location, or other characteristics. Policies and operations, assigned at the domain level, may vary from domain to domain, but within a domain are uniform, except for specific exclusions.
Claims
exact text as granted — not AI-modified1 - 20 . (canceled)
21 . A system for managing data in a Distributed Data Store (DDS), said system including:
a Distributed Data Store (DDS), wherein said DDS includes a first subset, wherein said first subset comprises a first set of a plurality of data entities, wherein said first set of a plurality of data entities includes one or more directories, files, collections, documents, or other logical units of data, wherein said plurality of data entities of said first set are marked as being part of said first subset; and wherein said DDS includes a second subset, wherein said second subset comprises a second set of a plurality of data entities, wherein said second set of a plurality of data entities includes one or more directories, files, collections, documents, or other logical units of data, wherein said plurality of data entities of said second set are marked as being part of said second subset; and a repository storing first metadata relating to said first subset, wherein said first metadata identifies said first subset and identifies a set of first properties of said first subset, wherein said set of first properties includes an identification of at least one first sensitive data type, wherein said repository includes at least one first policy assigned to said at least one first sensitive data type, said repository also storing second metadata relating to said second subset, wherein said second metadata identifies said second subset and identifies a set of second properties of said second subset, wherein said set of second properties is different from said set of first properties, wherein said set of second properties includes an identification of at least one second sensitive data type, wherein said repository includes at least one second policy assigned to said at least one second sensitive data type, wherein data is managed in said DDS by scanning said first subset by applying said identification of said at least one first sensitive data type to said first set of a plurality of data entities to identify at least one data entity of said first set of a plurality of data entities as belonging to said at least one first sensitive data type, retrieving said at least one first policy assigned to said at least one first sensitive type, and applying said at least one first policy to said at least one data entity of said first set of a plurality of data entities belonging to said at least one first sensitive data type, and scanning said second subset by applying said identification of said at least one second sensitive data type to said second set of a plurality of data entities to identify at least one data entity of said second set of a plurality of data entities as belonging to said at least one second sensitive data type, retrieving said at least one second policy assigned to said at least one second sensitive type, and applying said at least one second policy to said at least one data entity of said second set of a plurality of data entities belonging to said at least one second sensitive data type, wherein said at least one first policy includes masking said at least one data entity of said first set.
22 . The system of 21 wherein said at least one second policy includes masking said at least one data entity of said second set.
23 . The system of claim 21 wherein at least one of said at least one first policy assigned to said at least one first sensitive data type and said at least one second policy assigned to said at least one second sensitive data type includes masking at least one of said at least one first sensitive data type and said at least one second sensitive data type.
24 . The system of claim 21 wherein at least one of said at least one first policy assigned to said at least one first sensitive data type and said at least one second policy assigned to said at least one second sensitive data type includes masking at least one of said at least one first sensitive data type and said at least one second sensitive data type.
25 . The system of claim 21 wherein at least one of said at least one first policy assigned to said at least one first sensitive data type and said at least one second policy assigned to said at least one second sensitive data type includes quarantining at least one of said at least one first sensitive data type and said at least one second sensitive data type.
26 . The system of claim 21 wherein said at least one first sensitive data type and said at least one second sensitive data type are one of credit card numbers, social security numbers, medical record numbers, addresses, names of patients, names high net-worth individuals, driver's license numbers, and bank account numbers.
27 . The system of claim 21 wherein said repository is outside said DDS.
28 . A method for managing data in a Distributed Data Store (DDS), said method including:
retrieving data from a Distributed Data Store (DDS), wherein said DDS includes a first subset, wherein said first subset comprises a first set of a plurality of data entities, wherein said first set of a plurality of data entities includes one or more directories, files, collections, documents, or other logical units of data, wherein said plurality of data entities of said first set are marked as being part of said first subset, wherein said DDS includes a second subset, wherein said second subset comprises a second set of a plurality of data entities, wherein said second set of a plurality of data entities includes one or more directories, files, collections, documents, or other logical units of data, wherein said plurality of data entities of said second set are marked as being part of said second subset; retrieving first metadata relating to said first subset from a repository, wherein said first metadata identifies said first subset and identifies a set of first properties of said first subset, wherein said set of first properties includes an identification of at least one first sensitive data type, wherein said repository includes at least one first policy assigned to said at least one first sensitive data type, wherein said repository also stores second metadata relating to said second subset, wherein said second metadata identifies said second subset and identifies a set of second properties of said second subset, wherein said set of second properties is different from said set of first properties, wherein said set of second properties includes an identification of at least one second sensitive data type, wherein said repository includes at least one second policy assigned to said at least one second sensitive data type; and managing data in said DDS by: scanning said first subset by applying said identification of said at least one first sensitive data type to said first set of a plurality of data entities to identify at least one data entity of said first set of a plurality of data entities as belonging to said at least one first sensitive data type; retrieving said at least one first policy assigned to said at least one first sensitive type; applying said at least one first policy to said at least one data entity of said first set of a plurality of data entities belonging to said at least one first sensitive data type; scanning said second subset by applying said identification of said at least one second sensitive data type to said second set of a plurality of data entities to identify at least one data entity of said second set of a plurality of data entities as belonging to said at least one second sensitive data type; retrieving said at least one second policy assigned to said at least one second sensitive type; and applying said at least one second policy to said at least one data entity of said second set of a plurality of data entities belonging to said at least one second sensitive data type, wherein said at least one first policy includes masking said at least one data entity of said first set.
29 . The method of 28 wherein said at least one second policy includes masking said at least one data entity of said second set.
30 . The method of claim 28 wherein at least one of said at least one first policy assigned to said at least one first sensitive data type and said at least one second policy assigned to said at least one second sensitive data type includes masking at least one of said at least one first sensitive data type and said at least one second sensitive data type.
31 . The method of claim 28 wherein at least one of said at least one first policy assigned to said at least one first sensitive data type and said at least one second policy assigned to said at least one second sensitive data type includes masking at least one of said at least one first sensitive data type and said at least one second sensitive data type.
32 . The method of claim 28 wherein at least one of said at least one first policy assigned to said at least one first sensitive data type and said at least one second policy assigned to said at least one second sensitive data type includes quarantining at least one of said at least one first sensitive data type and said at least one second sensitive data type.
33 . The method of claim 28 wherein said at least one first sensitive data type and said at least one second sensitive data type are one of credit card numbers, social security numbers, medical record numbers, addresses, names of patients, names high net-worth individuals, driver's license numbers, and bank account numbers.
34 . The method of claim 28 wherein said repository is outside said DDS.Join the waitlist — get patent alerts
Track US2026053211A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.