Patent Issued for Dynamic monitoring of movement of data (USPTO 11416631): International Business Machines Corporation
2022 SEP 02 (NewsRx) -- By a
The patent’s inventors are Galil, Guy (
This patent was filed on
From the background information supplied by the inventors, news correspondents obtained the following quote: “Protecting sensitive data is critical for data protection and for meeting regulation requirements (e.g. general data protection regulation (GDPR), the
“The data protection and monitoring system may typically capture or sniff data accesses to a database (e.g., requests and responses) in real-time and analyze the data according to policy rules to identify sensitive data. The data protection and monitoring system may include a data activity monitor (DAM) and/or file activity monitor (FAM). The requests and responses sniffed by the data protection and monitoring system may include data packets that may include a data access command, also referred to as query, e.g., a structured query language (SQL) statements, or a response, and associated header information. The header may include parameters such as machine information, network information, user information, client information, etc.
“The data protection and monitoring system may rely on policies to determine what data access to track, alert on and even block. Such policies may use predetermined lists of repositories (e.g., data sources) and objects (e.g., collections and tables) that are categorized as including sensitive data and therefore need protection, e.g., special handling. However, in prior art systems, when sensitive data is copied or moved from monitored repositories or objects to unknown, un-monitored repositories, the copied data is no longer marked as sensitive and the measures that are normally taken to protect sensitive data are not performed.”
Supplementing the background information on this patent, NewsRx reporters also obtained the inventors’ summary information for this patent: “According to embodiments of the invention, a system and method for monitoring of movement of data in a computer network may include: parsing a message, the message including one of a data access command sent to a computer database and a response to a data access command, to extract at least one of a template, metadata and data of the message; examining at least one of the template, metadata and data of the message to identify messages related to movement of data that is classified as sensitive; and generating a flow graph indicative of new locations of the sensitive data.
“Embodiments of the invention may further include applying policy rules to the new locations of the sensitive data to monitor access to the new location.
“Embodiments of the invention may further include using the flow graph to detect a data leak through multiple movements of the data.
“According to embodiments of the invention, examining the metadata may include identifying a source and a target for the movement of the data, wherein the target is the new location of the sensitive data.
“According to embodiments of the invention, examining the data and metadata may include: checking if the message includes known types or categories of sensitive data.”
The claims supplied by the inventors are:
“1. A method for monitoring of movement of data in a computer network, the method comprising: maintaining a dictionary of data, metadata and templates associated with sensitive data; ordering the dictionary by frequency of identification of terms in the messages related to movement of data that is classified as sensitive; associating an importance level to each item in the dictionary, wherein the importance level is inversely related to the frequency of identification; removing from the dictionary templates, data and metadata with importance level below a threshold; parsing a message, the message including one of a data access command sent to a computer database and a response to a data access command, to extract at least one of a template, metadata and data of the message; examining at least one of the template, metadata and data of the to identify messages related to movement of data that is classified as sensitive message by matching the templates, data and metadata in the message to the templates, data and metadata in the dictionary; and generating a flow graph indicative of new locations of the sensitive data.
“2. The method of claim 1, comprising: applying policy rules to the new locations of the sensitive data to monitor access to the new location.
“3. The method of claim 1, comprising: using the flow graph to detect a data leak through multiple movements of the data.
“4. The method of claim 1, wherein examining the metadata comprises identifying a source and a target for the movement of the data, wherein the target is the new location of the sensitive data.
“5. The method of claim 1, wherein examining the data and metadata comprises: checking if the message includes known types or categories of sensitive data.
“6. The method of claim 1, wherein examining the template, data and metadata comprises performing one or more of: wildcard search, regular expression search, dictionary search, rule match search, fuzzy search, and natural language processing.
“7. The method of claim 1, wherein examining the data access command comprises identifying in the data access command a template that is associated with movement of data, and identifying in the data access command data or metadata that is associated with sensitive data.
“8. A system for monitoring of movement of data in a computer network, the system comprising: a memory; and a processor configured to: maintain a dictionary of data, metadata and templates associated with sensitive data; order the dictionary by frequency of identification of terms in the messages related to movement of data that is classified as sensitive; associate an importance level to each item in the dictionary, wherein the importance level is inversely related to the frequency of identification; and remove from the dictionary templates, data and metadata with importance level below a threshold; parse a message, the message including one of a data access command sent to a computer database and a response to a data access command, to extract at least one of a template, metadata and data of the data access command; examine at least one of the template, metadata and data of the message to identify messages related to movement of data that is classified as sensitive by matching the templates, data and metadata in the message to the templates, data and metadata in the dictionary; and generate a flow graph indicative of new locations of the sensitive data.
“9. The system of claim 8, wherein the processor is configured to: apply policy rules to the new locations of the sensitive data to monitor access to the new location.
“10. The system of claim 8, wherein the processor is configured to: use the flow graph to detect a data leak through multiple movements of the data.
“11. The system of claim 8, wherein the processor is configured to examine the metadata by identifying a source and a target for the movement of the data, wherein the target is the new location of the sensitive data.
“12. The system of claim 8, wherein the processor is configured to examine the data and metadata by checking if the message includes known types or categories of sensitive data.
“13. The system of claim 12, wherein the processor is configured to examine the template, data and metadata by performing one or more of: wildcard search, regular expression search, dictionary search, rule match search, fuzzy search, and natural language processing.
“14. The system of claim 8, wherein the processor is configured to examine the data access command by identifying in the data access command a template that is associated with movement of data, and identifying in the data access command data or metadata that is associated with sensitive data.
“15. A method for monitoring movement of data in a computer database, the method comprising: maintaining a dictionary of data, metadata and templates associated with sensitive data; ordering the dictionary by frequency of identification of terms in the messages related to movement of data that is classified as sensitive; associating an importance level to each item in the dictionary, wherein the importance level is inversely related to the frequency of identification; removing from the dictionary templates, data and metadata with importance level below a threshold; parsing data access commands sent to the computer database and responses to a data access commands, to extract a template, metadata and data of the data access commands; examining the template, metadata and data to identify data access commands and responses related to movement of sensitive data by matching the templates, data and metadata in the data access commands to the templates, data and metadata in the dictionary; and applying policy rules to the new locations of the sensitive data to monitor access to the new location.
“16. The method of claim 15, comprising: generating a flow graph indicative of new locations of the sensitive data.”
For the URL and additional information on this patent, see: Galil, Guy. Dynamic monitoring of movement of data.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Patent Application Titled “Data Processing Systems For Assessing Readiness For Responding To Privacy-Related Incidents” Published Online (USPTO 20220261717): OneTrust LLC
Flight Delay Insurance Market to Witness Huge Growth by 2028 : AIG, Allianz, PICC: Flight Delay Insurance Market 2022-2028
Advisor News
- Study asks: How do different generations approach retirement?
- LTC: A critical component of retirement planning
- Middle-class households face worsening cost pressures
- Metlife study finds less than half of US workforce holistically healthy
- Invigorating client relationships with AI coaching
More Advisor NewsAnnuity News
- Jackson Financial ramps up reinsurance strategy to grow annuity sales
- Insurer to cut dozens of jobs after making splashy CT relocation
- AM Best Comments on Credit Ratings of Teachers Insurance and Annuity Association of America Following Agreement to Acquire Schroders, plc.
- Crypto meets annuities: what to know about bitcoin-linked FIAs
- Trademark Application for “EMPOWER MY WEALTH” Filed by Great-West Life & Annuity Insurance Company: Great-West Life & Annuity Insurance Company
More Annuity NewsHealth/Employee Benefits News
- New Hampshire Built Its Health Insurance Stability Before the Storm And That Choice Paid Off – Roger Sevigny
- The new frontier in obesity care for seniors
- 30 DAYS, $1.8 MILLION AND ZERO BILLS PASSED: KDP STATEMENT ON WASTEFUL GOP-LED GENERAL ASSEMBLY
- New Vaccines Findings from University of California Riverside Outlined (Emergency Department Survey of Vaccination Knowledge, Vaccination Coverage, and Willingness To Receive Vaccines In an Emergency Department Among Underserved Populations – …): Immunization – Vaccines
- Researchers at George Washington University School of Medicine and Health Sciences Target Artificial Intelligence (Health Insurance Portability and Accountability Act Liability in the Age of Generative Artificial Intelligence): Artificial Intelligence
More Health/Employee Benefits NewsLife Insurance News