Patent Application Titled “Cloaked User-Space File System Implemented Using An Entity Data Store” Published Online (USPTO 20230122216): Dataparency LLC

2023 MAY 10 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- According to news reporting originating from Washington, D.C., by NewsRx journalists, a patent application by the inventor Shear, Timothy A. (Novi, MI, US), filed on December 17, 2022, was made available online on April 20, 2023.

The assignee for this patent application is Dataparency LLC (Novi, Michigan, United States).

Reporters obtained the following quote from the background information supplied by the inventors: “Field of the Invention. The invention relates generally to data storage and processing by a digital computer, particularly to database systems on a shared cloud platform, and more particularly to methods of ensuring data security without compromising efficiency.

“Description of Related Art Many efforts have been made to defend against hacking and security breaches of computer databases without sacrificing convenience and functionality. Efforts have focused on enhancing security measures to defeat hackers, such as robust credential verification and data encryption, but databases remain vulnerable to persistent and prolonged efforts to obtain data behind the security barriers. The approach of the prior art is analogous to erecting taller, thicker walls around the castle to defeat attempted breaches.

“The problem takes on a new dimension as technology moves to the Cloud platform model, which offers services through a network platform exposing access and service through the network to outside or external endpoints. Typical services supported by Cloud platforms are Database-as-a-Service (DaaS), Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and many other ‘as-a-Service’ offerings. As access points to the platform proliferate, defending against attacks such as hacking and ransomware becomes more difficult, and layering additional security layers can result in inconvenience and inefficiency.

“Meanwhile, the majority of databases are structured as “relational” databases which require schema, e.g. “last name” “birthdate” “blood type” to be arranged in tables of rows and columns. The query/retrieval language SQL (Structured Query Language) forms the basis of all relational database access. Such design and access restrictions can constrain the ability of real world entities to store data optimally. An example of one such database is U.S. Pat. No. 8,793,768 “Relationship-Based Authorization” (Beck). Beck uses rows and columns in a table to store relationships (e.g. ‘768 FIG. 4), and consults those relationships as part of a “front end” to control access to documents stored in an otherwise conventional database.

“Newer database designs include nonrelational databases, increasingly known as “NoSQL” (Not only SQL) such as MongoDB, Couchbase, CouchDB, Marklogic, AWS DynamoDB, Microsoft Azure DB and other Key/Value database products wherein data components are not organized as tables, but as “keys” associated with “values.” (Sometimes referred to as “tags” associated with “values.”). Such database models are more conducive to the hierarchical mode of organizing familiar to humans, such as domain/class/entity/collection, e.g., FairviewHospital/patients/JohnSmith/testresults. However, databases such as MongoDB and CouchDB have their own shortcomings. For example, to speed up queries these databases require a priori definition of fields to index. This requires stored data to conform to the indexing parameters. Documents that do not have the field in the index specification will not be included in indexed queries. In other words, databases built using MongoDB and CouchDB are schema-specific.

“There is a need for a database that provides a reduced attack surface and accessibility of the cloud, impregnable security, flexible and schema-agnostic access, and entity control over its data.”

In addition to obtaining background information on this patent application, NewsRx editors also obtained the inventor’s summary information for this patent application: “Disclosed is an entity-centric, domain-partitionable, custodian-controlled database platform. Posting, query and retrieval of a data is bound to unique, unidirectional (one-way) “relationship identifiers” that identify the relationship access privileges between, for example, an entity requesting access to a document pertaining to a targeted entity. For example, if entity1 is a doctor and entity2 is a patient, the platform assigns a unique Relationship Distributed Identifier (RDID) the doctor would use when he posts a document pertaining to entity2’s lab test result. Each component of information from every document ingested into the platform retains the RDID and entity information provided at the time the information was ingested. Therefore, the database presents as entity-centric, i.e., structured around entities and their relationships.

“Access to the platform is generally through a network such as the internet or intranet preferably using hierarchical HTTP Uniform Resource Identifiers (URI). This allows domain-driven design for consistent and yet flexible data modeling of the enterprise’s data. For example, the platform may be accessed by a standard REST Resource-oriented Application Program Interface (API) using familiar HTTP (or HTTPS) verbs GET and POST. Data queries can thus be a simple “path” definition in the API call. This allows expression of the RDID directly in the hierarchical path, e.g., domain/class/RDID/collection. Collections of like data elements are organized as “aspects” within the data hierarchy of the entity, including features such as demographics, events, readings, etc. As every field is addressable, the invention allows fast ad hoc queries because there is no need to specify indexing parameters.

“The database is overseen by a trusted Data Custodian Platform. The Data Custodian Platform may be a local, entity-owned service, or a contracted service provided by a cloud provider. The Data Custodian Platform administers entity data, access and updating. The Data Custodian Platform accepts privacy rules from an entity which the platform uses in any access/update operation. These privacy rules may also be used to insulate sensitive data from queries submitted to the database, including queries submitted to the data platform’s entity data store(s) (hereinafter “data store set” or simply “data store”) and may further depend on the role of the requestor. This ensures transparency to the entity data while respecting the privacy context desired by the entity.

“Data pertaining to an entity comprises resources or addressable values that are arranged in a hierarchical structure rooted at entity domain, many of which the entity may belong, preferably consistent with the real-world entity that is being represented. These resources are further arraigned into groupings or sets of related resources called ‘aspects’ or collections. Additionally, aspects may be ‘virtual’ and/or ‘compositional’ where multiple physical or virtual aspects are combined into a named virtual aspect. A sample aspect could be ‘demographics’, i.e., the identifying characteristics of the entity. Again, FairviewHospital/patients/JohnSmith/testresults is an example. An example from the realm of devices and the Internet of Things might be companyx/temperature-sensors/thermo26/readings.

“In summary, the invention presents a trusted platform or service which is domain partitionable, entity-bound, entity-relationship-centric, self-sovereign identity, order-preserving, immutable, schema-agnostic, and resource-oriented, and which can be used on cloud services, and which is readily adapted to data concerning people, groups, businesses, devices, and/or microservices. There is a largely unmet need for an infrastructure to manage data and privacy/security from an entity-centered platform. Industries that would benefit from such an infrastructure include the healthcare domain, customer management and relations (CRM), personal finance and banking, DLT (Distributed Ledger Technology) ledgers, military and defense, and governmental agencies such as Medicare/Medicaid.”

The claims supplied by the inventors are:

“1. A method of storing files in a file system residing on an information sharing platform, said information sharing platform configured to send and receive data over a network, comprising: connecting an entity to the file system via the network; receiving, at a server connected to the network, a request to establish a relationship between the entity and the file system; assigning a unique, encoded and unidirectional Relationship Distributed Identifier (RDID) for the relationship between the entity and the file system, wherein the RDID may be deconstructed by the system to identify the entity and the relationship parameters between the entity and file system; and requiring the entity to include the RDID in a Uniform Resource Indicator (URI) path in order to store a file on the system at a data store node.

“2. The method of claim 1, wherein the file system comprises a hierarchical arrangement of a plurality of nodes, with adjacent nodes having linkages.

“3. The method of claim 2, wherein the location of the file within the file system hierarchy is hidden from, and inscrutable to, any entity not possessing the RDID.

“4. The method of claim 2, wherein the hierarchical relationship between any two nodes is hidden from, and inscrutable to, any entity not possessing the RDID.

“5. The method of claim 2, further comprising a step of deriving a Unique Uniform Identifier (UUID) from one or more linkages between the plurality of nodes that are hierarchically superordinate to the file’s data store node.

“6. The method of claim 5, wherein the URI path comprises the UUID.

“7. The method of claim 6, wherein the UUID is hashed.

“8. The method of claim 6 wherein the UUID is encoded.

“9. A method of storing files in a hierarchical file system residing on a data network, said hierarchical file system comprising a root directory node and a subordinate directory node, the method comprising the steps of: receiving, at a server connected to the network, a request from an entity to store a file at a data store node that is immediately subordinate to the subordinate directory node; deriving, at a server connected to the network, a leaf Unique Uniform Identifier (UUID) based on the hierarchical relationships between the root directory node and the subordinate directory node and the data store node; and assigning a Uniform Resource Indicator (URI) path for the data store node that comprises the leaf UUID.

“10. The method of claim 9, wherein the hierarchical relationships between adjacent nodes are linkages and every linkage has a unique node-pair UUID.

“11. The method of claim 10 wherein the deriving step utilizes two or more node-pair UUIDs in the hierarchy between the root directory node and the data store node to derive the leaf UUID.

“12. The method of claim 9, wherein coincident with assigning the URI path, the file system communicates with the data network for file storage at the data store node.

“13. The method of claim 9, further comprising the data network authenticating the entity prior to allowing the entity to access files stored on the file system.

“14. The method of claim 13, wherein the authenticating step comprises receiving a unique, encoded and unidirectional Relationship Distributed Identifier (RDID) for the relationship between the entity and the file system.

“15. The method of claim 14, wherein the URI path further comprises the RDID.

“16. The method of claim 15, wherein the authenticating step further comprises receiving a JSON web token (JWT).

“17. A non-transitory computer-readable medium for implementing a highly secure hierarchical file system residing on a data network, the hierarchical file system comprising a root directory node and a subordinate directory node, said medium comprising stored instructions that cause one or more servers in communication with the network to perform the following operations: connecting an entity to the network; authenticating one or more access credentials provided by the entity, wherein said access credentials comprise a unique, encoded and unidirectional Relationship Distributed Identifier (RDID) for a relationship between the entity and the file system; receiving a request from an entity to store a file at a data store node that is immediately subordinate to the directory node; deriving a leaf Unique Uniform Identifier (UUID) based on the hierarchical relationships between the root directory node and the subordinate directory node and the data store node; and assigning a Uniform Resource Indicator (URI) path for the data store node that comprises the leaf UUID.

“18. The medium of claim 17, wherein the hierarchical relationships between adjacent nodes are linkages and every linkage has a unique node-pair UUID.

“19. The medium of claim 18 wherein the deriving operation utilizes more than one node-pair UUID in the hierarchy between the root directory node and the data store node to derive the leaf UUID.

“20. The medium of claim 17, wherein the URI path comprises the RDID.”

For more information, see this patent application: Shear, Timothy A. Cloaked User-Space File System Implemented Using An Entity Data Store. U.S. Patent Application Number 20230122216, filed December 17, 2022 and posted April 20, 2023. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(20230122216)&db=US-PGPUB&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)