Patent Issued for Dynamic monitoring of movement of data (USPTO 11416631): International Business Machines Corporation
2022 SEP 02 (NewsRx) -- By a
The patent’s inventors are Galil, Guy (
This patent was filed on
From the background information supplied by the inventors, news correspondents obtained the following quote: “Protecting sensitive data is critical for data protection and for meeting regulation requirements (e.g. general data protection regulation (GDPR), the
“The data protection and monitoring system may typically capture or sniff data accesses to a database (e.g., requests and responses) in real-time and analyze the data according to policy rules to identify sensitive data. The data protection and monitoring system may include a data activity monitor (DAM) and/or file activity monitor (FAM). The requests and responses sniffed by the data protection and monitoring system may include data packets that may include a data access command, also referred to as query, e.g., a structured query language (SQL) statements, or a response, and associated header information. The header may include parameters such as machine information, network information, user information, client information, etc.
“The data protection and monitoring system may rely on policies to determine what data access to track, alert on and even block. Such policies may use predetermined lists of repositories (e.g., data sources) and objects (e.g., collections and tables) that are categorized as including sensitive data and therefore need protection, e.g., special handling. However, in prior art systems, when sensitive data is copied or moved from monitored repositories or objects to unknown, un-monitored repositories, the copied data is no longer marked as sensitive and the measures that are normally taken to protect sensitive data are not performed.”
Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “According to embodiments of the invention, a system and method for monitoring of movement of data in a computer network may include: parsing a message, the message including one of a data access command sent to a computer database and a response to a data access command, to extract at least one of a template, metadata and data of the message; examining at least one of the template, metadata and data of the message to identify messages related to movement of data that is classified as sensitive; and generating a flow graph indicative of new locations of the sensitive data.
“Embodiments of the invention may further include applying policy rules to the new locations of the sensitive data to monitor access to the new location.
“Embodiments of the invention may further include using the flow graph to detect a data leak through multiple movements of the data.
“According to embodiments of the invention, examining the metadata may include identifying a source and a target for the movement of the data, wherein the target is the new location of the sensitive data.
“According to embodiments of the invention, examining the data and metadata may include: checking if the message includes known types or categories of sensitive data.”
The claims supplied by the inventors are:
“1. A method for monitoring of movement of data in a computer network, the method comprising: maintaining a dictionary of data, metadata and templates associated with sensitive data; ordering the dictionary by frequency of identification of terms in the messages related to movement of data that is classified as sensitive; associating an importance level to each item in the dictionary, wherein the importance level is inversely related to the frequency of identification; removing from the dictionary templates, data and metadata with importance level below a threshold; parsing a message, the message including one of a data access command sent to a computer database and a response to a data access command, to extract at least one of a template, metadata and data of the message; examining at least one of the template, metadata and data of the to identify messages related to movement of data that is classified as sensitive message by matching the templates, data and metadata in the message to the templates, data and metadata in the dictionary; and generating a flow graph indicative of new locations of the sensitive data.
“2. The method of claim 1, comprising: applying policy rules to the new locations of the sensitive data to monitor access to the new location.
“3. The method of claim 1, comprising: using the flow graph to detect a data leak through multiple movements of the data.
“4. The method of claim 1, wherein examining the metadata comprises identifying a source and a target for the movement of the data, wherein the target is the new location of the sensitive data.
“5. The method of claim 1, wherein examining the data and metadata comprises: checking if the message includes known types or categories of sensitive data.
“6. The method of claim 1, wherein examining the template, data and metadata comprises performing one or more of: wildcard search, regular expression search, dictionary search, rule match search, fuzzy search, and natural language processing.
“7. The method of claim 1, wherein examining the data access command comprises identifying in the data access command a template that is associated with movement of data, and identifying in the data access command data or metadata that is associated with sensitive data.
“8. A system for monitoring of movement of data in a computer network, the system comprising: a memory; and a processor configured to: maintain a dictionary of data, metadata and templates associated with sensitive data; order the dictionary by frequency of identification of terms in the messages related to movement of data that is classified as sensitive; associate an importance level to each item in the dictionary, wherein the importance level is inversely related to the frequency of identification; and remove from the dictionary templates, data and metadata with importance level below a threshold; parse a message, the message including one of a data access command sent to a computer database and a response to a data access command, to extract at least one of a template, metadata and data of the data access command; examine at least one of the template, metadata and data of the message to identify messages related to movement of data that is classified as sensitive by matching the templates, data and metadata in the message to the templates, data and metadata in the dictionary; and generate a flow graph indicative of new locations of the sensitive data.
“9. The system of claim 8, wherein the processor is configured to: apply policy rules to the new locations of the sensitive data to monitor access to the new location.
“10. The system of claim 8, wherein the processor is configured to: use the flow graph to detect a data leak through multiple movements of the data.
“11. The system of claim 8, wherein the processor is configured to examine the metadata by identifying a source and a target for the movement of the data, wherein the target is the new location of the sensitive data.
“12. The system of claim 8, wherein the processor is configured to examine the data and metadata by checking if the message includes known types or categories of sensitive data.
“13. The system of claim 12, wherein the processor is configured to examine the template, data and metadata by performing one or more of: wildcard search, regular expression search, dictionary search, rule match search, fuzzy search, and natural language processing.
“14. The system of claim 8, wherein the processor is configured to examine the data access command by identifying in the data access command a template that is associated with movement of data, and identifying in the data access command data or metadata that is associated with sensitive data.
“15. A method for monitoring movement of data in a computer database, the method comprising: maintaining a dictionary of data, metadata and templates associated with sensitive data; ordering the dictionary by frequency of identification of terms in the messages related to movement of data that is classified as sensitive; associating an importance level to each item in the dictionary, wherein the importance level is inversely related to the frequency of identification; removing from the dictionary templates, data and metadata with importance level below a threshold; parsing data access commands sent to the computer database and responses to a data access commands, to extract a template, metadata and data of the data access commands; examining the template, metadata and data to identify data access commands and responses related to movement of sensitive data by matching the templates, data and metadata in the data access commands to the templates, data and metadata in the dictionary; and applying policy rules to the new locations of the sensitive data to monitor access to the new location.
“16. The method of claim 15, comprising: generating a flow graph indicative of new locations of the sensitive data.”
For the URL and additional information on this patent, see: Galil, Guy. Dynamic monitoring of movement of data.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Application Titled “Data Processing Systems For Assessing Readiness For Responding To Privacy-Related Incidents” Published Online (USPTO 20220261717): OneTrust LLC
Flight Delay Insurance Market to Witness Huge Growth by 2028 : AIG, Allianz, PICC: Flight Delay Insurance Market 2022-2028
Advisor News
- Jackson National study: vast underestimate of health care, LTC costs for retirement
- EDITORIAL: Home insurance, tax increases harm county’s housing options
- Nationwide Financial Services President John Carter to retire at year end
- FINRA, FBI warn about generative AI and finances
- Prudential study: Babies born today will likely need nearly $2M to retire
More Advisor NewsAnnuity News
- Brighthouse Financial Inc. (NASDAQ: BHF) Sees Notable Increase in Tuesday Morning Market Activity
- Hexure Integrates with DTCC’s Producer Authorization, Providing Real-Time Can-Sell Check within FireLight
- LIMRA: 2024 retail annuity sales set $432B record, but how does 2025 look?
- Perspectives: Should I trust my retirement to an insurance company?
- Prudential Financial to Reinsure $7B Japanese Whole Life Block with Prismic Life
More Annuity NewsHealth/Employee Benefits News
- 500 people, many undocumented immigrants, rally in CT Capitol for expanded health coverage
- Some settlements reached in fraud lawsuit involving Sunny Hostin’s husband
- REITS and FFOs
- Nebraska mental health providers say federal change puts vulnerable at risk
- NC bill would limit insurers' prior authorizations
Proposed NC bill limits reach of insurers' prior authorizations
More Health/Employee Benefits NewsLife Insurance News
- AM Best Affirms Credit Ratings of Members of Aegon Ltd.’s U.S. Subsidiaries
- Annual Report of Employee Stock Purchase/Savings Plan (Form 11-K)
- Fourth Quarter 2024 Press Release
- Brighthouse Financial Inc. (NASDAQ: BHF) Sees Notable Increase in Tuesday Morning Market Activity
- Jackson National study: vast underestimate of health care, LTC costs for retirement
More Life Insurance News