“Operator Isolation Based On Data Security Requirements” in Patent Application Approval Process (USPTO 20200104527)
2020 APR 22 (NewsRx) -- By a
This patent application is assigned to
The following quote was obtained by the news editors from the background information supplied by the inventors: “Conventional systems may be tasked with processing data that has restrictions, such as the Protected Health Information (PHI) data involved with glucose monitoring of data for sugar in a health system that requires Health Insurance Portability and Accountability Act (HIPAA) compliance or credit card data processing requiring Payment Card Industry (PCI) compliance.
“In conventional systems, developers have to work with these security considerations and uniquely design applications to work in complicated configurations, where the application data considerations burden the developers and administrators. Some conventional systems may provide features required to operate in such environments.
“However, the cost of operating in these environments is significantly higher than in generic cloud environments that are not fully compliant with these standards. Thus, current solutions that utilize a compliant cloud environment for such applications may be very expensive to create and maintain.
“Also, in order to meet various compliance requirements, every employee working in the infrastructure has to be trained, resulting in delays and higher costs as the pool of available people for any problem is smaller. Furthermore, if a large amount of hardware is needed, the costs rise quickly as it is expensive to build large isolated portions of data centers.
“Some conventional systems use de-identification. De-identification may be described as removing personal identifiers from data. For example, a medical record with identification information ‘John Smith’ contains blood work information, etc. De-identification removes ‘John Smith’ and replaces this identification information with a value that cannot tie back to the individual. This allows for research and statistical studies in the medical field to be conducted without violating HIPAA and patient privacy.”
In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “In accordance with embodiments, a computer-implemented method is provided for operator isolation based on data security requirements. The computer-implemented method comprises: at a cloud node coupled to a tenant secure node and a tenant general node, receiving a graph that includes ingest portions of data and operators. For each of the operators, it is determined whether the operator processes protected data. In response to determining that the operator is tagged with an indication that the operator processes protected data, the operator is forwarded to the tenant secure node for processing. In response to determining that the operator is not tagged with an indication that the operator processes protected data, the operator is forwarded to the tenant general node for processing. Then, while the tenant general node is processing the operator, in response to determining that the operator is processing protected data, a tag is associated with the operator to indicate that the operator processes protected data and the operator is forwarded to the tenant secure node for processing.
“In accordance with other embodiments, a computer program product is provided for operator isolation based on data security requirements. The computer program product comprising a computer readable storage medium having program code embodied therewith, the program code executable by at least one processor to perform operations comprising: at a cloud node coupled to a tenant secure node and a tenant general node, receiving a graph that includes ingest portions of data and operators. For each of the operators, it is determined whether the operator processes protected data. In response to determining that the operator is tagged with an indication that the operator processes protected data, the operator is forwarded to the tenant secure node for processing. In response to determining that the operator is not tagged with an indication that the operator processes protected data, the operator is forwarded to the tenant general node for processing. Then, while the tenant general node is processing the operator, in response to determining that the operator is processing protected data, a tag is associated with the operator to indicate that the operator processes protected data and the operator is forwarded to the tenant secure node for processing.
“In yet other embodiments, a computer system is provided for operator isolation based on data security requirements. The computer system comprises one or more processors, one or more computer-readable memories and one or more computer-readable, tangible storage devices; and program instructions, stored on at least one of the one or more computer-readable, tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to perform operations comprising: at a cloud node coupled to a tenant secure node and a tenant general node, receiving a graph that includes ingest portions of data and operators. For each of the operators, it is determined whether the operator processes protected data. In response to determining that the operator is tagged with an indication that the operator processes protected data, the operator is forwarded to the tenant secure node for processing. In response to determining that the operator is not tagged with an indication that the operator processes protected data, the operator is forwarded to the tenant general node for processing. Then, while the tenant general node is processing the operator, in response to determining that the operator is processing protected data, a tag is associated with the operator to indicate that the operator processes protected data and the operator is forwarded to the tenant secure node for processing.”
The claims supplied by the inventors are:
“1. A computer-implemented method, comprising: at a cloud node coupled to a tenant secure node and a tenant general node, receiving a graph that includes ingest portions of data and operators; for each of the operators, determining whether the operator processes protected data; in response to determining that the operator is tagged with an indication that the operator processes protected data, forwarding the operator to the tenant secure node for processing; in response to determining that the operator is not tagged with an indication that the operator processes protected data, forwarding the operator to the tenant general node for processing; and while the tenant general node is processing the operator, in response to determining that the operator is processing protected data, associating a tag with the operator to indicate that the operator processes protected data; and forwarding the operator to the tenant secure node for processing.
“2. The computer-implemented method of claim 1, further comprising: associating a tag with an ingest portion of data of the ingest portions of data to indicate that the data for the ingest portion is protected data.
“3. The computer-implemented method of claim 1, further comprising: associating a tag with an operator of the operators to indicate that the operator processes protected data.
“4. The computer-implemented method of claim 1, further comprising: using at least one of rule-based patterns and learned patterns to determine whether each of the operators processes protected data.
“5. The computer-implemented method of claim 1, wherein the graph is for a tenant streaming application that is compiled to generate a Streams Application Bundle (SAB) file.
“6. The computer-implemented method of claim 1, wherein the tenant secure node has an underlying compliance infrastructure to ensure that pre-defined rules are being followed to process the protected data.
“7. The computer-implemented method of claim 1, wherein a Software as a Service (SaaS) is configured to perform method operations.
“8. A computer program product, the computer program product comprising a computer readable storage medium having program code embodied therewith, the program code executable by at least one processor to perform: at a cloud node coupled to a tenant secure node and a tenant general node, receiving a graph that includes ingest portions of data and operators; for each of the operators, determining whether the operator processes protected data; in response to determining that the operator is tagged with an indication that the operator processes protected data, forwarding the operator to the tenant secure node for processing; in response to determining that the operator is not tagged with an indication that the operator processes protected data, forwarding the operator to the tenant general node for processing; and while the tenant general node is processing the operator, in response to determining that the operator is processing protected data, associating a tag with the operator to indicate that the operator processes protected data; and forwarding the operator to the tenant secure node for processing.
“9. The computer program product of claim 8, wherein the program code is executable by the at least one processor to perform: associating a tag with an ingest portion of data of the ingest portions of data to indicate that the data for the ingest portion is protected data.
“10. The computer program product of claim 8, wherein the program code is executable by the at least one processor to perform: associating a tag with an operator of the operators to indicate that the operator processes protected data.
“11. The computer program product of claim 8, wherein the program code is executable by the at least one processor to perform: using at least one of rule-based patterns and learned patterns to determine whether each of the operators processes protected data.
“12. The computer program product of claim 8, wherein the graph is for a tenant streaming application that is compiled to generate a Streams Application Bundle (SAB) file.
“13. The computer program product of claim 8, wherein the tenant secure node has an underlying compliance infrastructure to ensure that pre-defined rules are being followed to process the protected data.
“14. The computer program product of claim 8, wherein a Software as a Service (SaaS) is configured to perform computer program product operations.
“15. A computer system, comprising: one or more processors, one or more computer-readable memories and one or more computer-readable, tangible storage devices; and program instructions, stored on at least one of the one or more computer-readable, tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to perform operations comprising: at a cloud node coupled to a tenant secure node and a tenant general node, receiving a graph that includes ingest portions of data and operators; for each of the operators, determining whether the operator processes protected data; in response to determining that the operator is tagged with an indication that the operator processes protected data, forwarding the operator to the tenant secure node for processing; in response to determining that the operator is not tagged with an indication that the operator processes protected data, forwarding the operator to the tenant general node for processing; and while the tenant general node is processing the operator, in response to determining that the operator is processing protected data, associating a tag with the operator to indicate that the operator processes protected data; and forwarding the operator to the tenant secure node for processing.
“16. The computer system of claim 15, further comprising: associating a tag with an ingest portion of data of the ingest portions of data to indicate that the data for the ingest portion is protected data.
“17. The computer system of claim 15, further comprising: associating a tag with an operator of the operators to indicate that the operator processes protected data.
“18. The computer system of claim 15, further comprising: using at least one of rule-based patterns and learned patterns to determine whether each of the operators processes protected data.
“19. The computer system of claim 15, wherein the graph is for a tenant streaming application that is compiled to generate a Streams Application Bundle (SAB) file.
“20. The computer system of claim 15, wherein a Software as a Service (SaaS) is configured to perform computer system operations.”
URL and more information on this patent application, see: Koster, David M.; Nikolai, Jason A.; Santosuosso, John M.; Branson, Michael J. Operator Isolation Based On Data Security Requirements. Filed
(Our reports deliver fact-based news of research and discoveries from around the world.)
Medical supplier says FEMA seized 400K N95 masks, has them 'just sitting on a loading dock at JFK'
Proposed Flood Hazard Determinations
Advisor News
- What’s behind private equity investment in insurance brokerages
- Advisors get a win as NJ Senate passes independent contractor bill
- Why federal retirement benefits are more complex than advisors realize
- Why timing the market is still a retirement mistake and what to do instead
- Business owners may be overlooking a key part of their financial picture
More Advisor NewsAnnuity News
- Best’s Special Report: U.S. Life/Annuity Industry Sees Bottom-Line Growth Despite 18% Decline in Total Income in First-Quarter 2026
- Globe Life Inc. (NYSE: GL) Records 52-Week High Thursday Morning
- Fortitude Re Completes $500 Million FABN Issuance
- Reframing retirement income for greater certainty
- Jackson Introduces Dow Jones Industrial Average Index Option, Flexible Premiums, Six-Year Rate Guarantee in Latest Registered Index-Linked Annuity Launch
More Annuity NewsHealth/Employee Benefits News
- Capitol Beat: Scott's veto signatures piling up
- Rising ACA premiums spur pivot to cheaper plans
- California is getting ready to increase a health insurance tax. Will it affect your premium?
- New Insurance Findings from University of California Described (The impact of Medicaid expansion on coverage among those lacking housing basics, 2010-2019): Insurance
- New Mexico lawmakers press Presbyterian Health Plan over changes
More Health/Employee Benefits NewsLife Insurance News
- OVER $107 MILLION IN LIFE INSURANCE BENEFITS LOCATED FOR TENNESSEANS IN 2025 THROUGH NAIC'S LIFE INSURANCE POLICY LOCATOR SERVICE
- Maryland Heights man pleads guilty in murder-for-hire death of his mom
- AM Best Affirms Credit Ratings of Everlake Life Group Members
- Industry experts warn NAIC: Fix flawed IUL illustrations now
- InsuranceAUM.com Celebrates a Historic 5th Annual Insurance Investment Executives’ Meeting in Chicago, Honoring Outstanding Industry Leaders and Spotlighting Next Event in Austin
More Life Insurance News