Patent Issued for Operator isolation based on data security requirements (USPTO 11023612)
2021 JUN 22 (NewsRx) -- By a
Patent number 11023612 is assigned to
The following quote was obtained by the news editors from the background information supplied by the inventors: “Conventional systems may be tasked with processing data that has restrictions, such as the Protected Health Information (PHI) data involved with glucose monitoring of data for sugar in a health system that requires Health Insurance Portability and Accountability Act (HIPAA) compliance or credit card data processing requiring Payment Card Industry (PCI) compliance.
“In conventional systems, developers have to work with these security considerations and uniquely design applications to work in complicated configurations, where the application data considerations burden the developers and administrators. Some conventional systems may provide features required to operate in such environments.
“However, the cost of operating in these environments is significantly higher than in generic cloud environments that are not fully compliant with these standards. Thus, current solutions that utilize a compliant cloud environment for such applications may be very expensive to create and maintain.
“Also, in order to meet various compliance requirements, every employee working in the infrastructure has to be trained, resulting in delays and higher costs as the pool of available people for any problem is smaller. Furthermore, if a large amount of hardware is needed, the costs rise quickly as it is expensive to build large isolated portions of data centers.
“Some conventional systems use de-identification. De-identification may be described as removing personal identifiers from data. For example, a medical record with identification information “John Smith” contains blood work information, etc. De-identification removes “John Smith” and replaces this identification information with a value that cannot tie back to the individual. This allows for research and statistical studies in the medical field to be conducted without violating HIPAA and patient privacy.”
In addition to the background information obtained for this patent, NewsRx journalists also obtained the inventors’ summary information for this patent: “In accordance with embodiments, a computer-implemented method is provided for operator isolation based on data security requirements. The computer-implemented method comprises: at a cloud node coupled to a tenant secure node and a tenant general node, receiving a graph that includes ingest portions of data and operators. For each of the operators, it is determined whether the operator processes protected data. In response to determining that the operator is tagged with an indication that the operator processes protected data, the operator is forwarded to the tenant secure node for processing. In response to determining that the operator is not tagged with an indication that the operator processes protected data, the operator is forwarded to the tenant general node for processing. Then, while the tenant general node is processing the operator, in response to determining that the operator is processing protected data, a tag is associated with the operator to indicate that the operator processes protected data and the operator is forwarded to the tenant secure node for processing.
“In accordance with other embodiments, a computer program product is provided for operator isolation based on data security requirements. The computer program product comprising a computer readable storage medium having program code embodied therewith, the program code executable by at least one processor to perform operations comprising: at a cloud node coupled to a tenant secure node and a tenant general node, receiving a graph that includes ingest portions of data and operators. For each of the operators, it is determined whether the operator processes protected data. In response to determining that the operator is tagged with an indication that the operator processes protected data, the operator is forwarded to the tenant secure node for processing. In response to determining that the operator is not tagged with an indication that the operator processes protected data, the operator is forwarded to the tenant general node for processing. Then, while the tenant general node is processing the operator, in response to determining that the operator is processing protected data, a tag is associated with the operator to indicate that the operator processes protected data and the operator is forwarded to the tenant secure node for processing.
“In yet other embodiments, a computer system is provided for operator isolation based on data security requirements. The computer system comprises one or more processors, one or more computer-readable memories and one or more computer-readable, tangible storage devices; and program instructions, stored on at least one of the one or more computer-readable, tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, to perform operations comprising: at a cloud node coupled to a tenant secure node and a tenant general node, receiving a graph that includes ingest portions of data and operators. For each of the operators, it is determined whether the operator processes protected data. In response to determining that the operator is tagged with an indication that the operator processes protected data, the operator is forwarded to the tenant secure node for processing. In response to determining that the operator is not tagged with an indication that the operator processes protected data, the operator is forwarded to the tenant general node for processing. Then, while the tenant general node is processing the operator, in response to determining that the operator is processing protected data, a tag is associated with the operator to indicate that the operator processes protected data and the operator is forwarded to the tenant secure node for processing.”
The claims supplied by the inventors are:
“1. A computer-implemented method, comprising operations for: at a cloud node coupled to a tenant secure node and a tenant general node, receiving a graph that includes ingest portions of data and operators; for each of the operators, determining whether the operator is tagged with an indication that the operator processes protected data; in response to determining that the operator is tagged with the indication that the operator processes protected data, forwarding the operator to the tenant secure node for processing; in response to determining that the operator is not tagged with the indication that the operator processes protected data, forwarding the operator to the tenant general node for processing; and while the tenant general node is processing the operator, determining whether the operator is processing protected data; in response to determining that the operator is processing protected data, associating a tag with the operator to indicate that the operator processes protected data; and forwarding the operator to the tenant secure node for processing; and in response to determining that the operator is not processing protected data, processing the operator at the tenant general node.
“2. The computer-implemented method of claim 1, further comprising operations for: associating a tag with an ingest portion of data of the ingest portions of data to indicate that the data for the ingest portion is protected data.
“3. The computer-implemented method of claim 1, wherein the tag associated with the operator is for one of personal health information and personal identifiable information.
“4. The computer-implemented method of claim 1, further comprising operations for: using at least one of rule-based patterns and learned patterns to determine whether each of the operators processes protected data.
“5. The computer-implemented method of claim 1, wherein the graph is for a tenant streaming application that is compiled to generate a Streams Application Bundle (SAB) file.
“6. The computer-implemented method of claim 1, wherein the tenant secure node has an underlying compliance infrastructure to ensure that pre-defined rules are being followed to process the protected data.
“7. The computer-implemented method of claim 1, wherein a Software as a Service (SaaS) is configured to perform the operations of the computer-implemented method.
“8. A computer program product, the computer program product comprising a computer readable storage medium having program code embodied therewith, the program code executable by at least one processor to perform operations for: at a cloud node coupled to a tenant secure node and a tenant general node, receiving a graph that includes ingest portions of data and operators; for each of the operators, determining whether the operator is tagged with an indication that the operator processes protected data; in response to determining that the operator is tagged with the indication that the operator processes protected data, forwarding the operator to the tenant secure node for processing; in response to determining that the operator is not tagged with the indication that the operator processes protected data, forwarding the operator to the tenant general node for processing; and while the tenant general node is processing the operator, determining whether the operator is processing protected data; in response to determining that the operator is processing protected data, associating a tag with the operator to indicate that the operator processes protected data; and forwarding the operator to the tenant secure node for processing; and in response to determining that the operator is not processing protected data, processing the operator at the tenant general node.
“9. The computer program product of claim 8, wherein the program code is executable by the at least one processor to perform operations for: associating a tag with an ingest portion of data of the ingest portions of data to indicate that the data for the ingest portion is protected data.
“10. The computer program product of claim 8, wherein the tag associated with the operator is for one of personal health information and personal identifiable information.
“11. The computer program product of claim 8, wherein the program code is executable by the at least one processor to perform operations for: using at least one of rule-based patterns and learned patterns to determine whether each of the operators processes protected data.
“12. The computer program product of claim 8, wherein the graph is for a tenant streaming application that is compiled to generate a Streams Application Bundle (SAB) file.
“13. The computer program product of claim 8, wherein the tenant secure node has an underlying compliance infrastructure to ensure that pre-defined rules are being followed to process the protected data.
“14. The computer program product of claim 8, wherein a Software as a Service (SaaS) is configured to perform the operations of the computer program product.
“15. A computer system, comprising: one or more processors, one or more computer-readable memories and one or more computer-readable, tangible storage devices; and program instructions, stored on at least one of the one or more computer-readable, tangible storage devices for execution by at least one of the one or more processors via at least one of the one or more computer-readable memories, to perform operations comprising: at a cloud node coupled to a tenant secure node and a tenant general node, receiving a graph that includes ingest portions of data and operators; for each of the operators, determining whether the operator is tagged with an indication that the operator processes protected data; in response to determining that the operator is tagged with the indication that the operator processes protected data, forwarding the operator to the tenant secure node for processing; in response to determining that the operator is not tagged with the indication that the operator processes protected data, forwarding the operator to the tenant general node for processing; and while the tenant general node is processing the operator, determining whether the operator is processing protected data; in response to determining that the operator is processing protected data, associating a tag with the operator to indicate that the operator processes protected data; and forwarding the operator to the tenant secure node for processing; and in response to determining that the operator is not processing protected data, processing the operator at the tenant general node.
“16. The computer system of claim 15, wherein the operations further comprise: associating a tag with an ingest portion of data of the ingest portions of data to indicate that the data for the ingest portion is protected data.
“17. The computer system of claim 15, wherein the tag associated with the operator is for one of personal health information and personal identifiable information.
“18. The computer system of claim 15, wherein the operations further comprise: using at least one of rule-based patterns and learned patterns to determine whether each of the operators processes protected data.
“19. The computer system of claim 15, wherein the graph is for a tenant streaming application that is compiled to generate a Streams Application Bundle (SAB) file.
“20. The computer system of claim 15, wherein a Software as a Service (SaaS) is configured to perform the operations of the computer system.”
URL and more information on this patent, see: Branson, Michael J. Operator isolation based on data security requirements.
(Our reports deliver fact-based news of research and discoveries from around the world.)
Dealing with a flooded basement after Sunday night’s storm? Here’s what you need to know about insurance coverage.
HEALTH INSURANCE SERVICES
Advisor News
- Trump bets his tax cuts will please Las Vegas voters on his swing West
- Lifetime income is the missing link to global retirement security
- Don’t let caregiving derail your clients’ retirement
- The ‘magic number’ for retirement hits $1.45M
- OBBBA can give small-business clients opportunities for saving
More Advisor NewsAnnuity News
- Human connection still key in the new annuity era
- Lifetime income is the missing link to global retirement security
- ‘All-weather’ annuity portfolios aim to sharply limit rainy days
- Annuity income: The new 401(k) standard?
- Smart annuity planning can benefit long-term tax planning
More Annuity NewsHealth/Employee Benefits News
- Why benefits advisors should revisit HSAs, FSAs and HRAs with clients
- Elevance shares slip after insurer discloses Medicare warning
- County leaders look at ways to cut costs
- TENNESSEE SENATE PASSES BIOMARKER TESTING COVERAGE BILL, SENDING TO GOVERNOR'S DESK
- Federal judge sides with Oregon Right to Life in abortion insurance coverage case
More Health/Employee Benefits NewsLife Insurance News
- AI and life insurance: Fast today, unpredictable tomorrow
- Judge allows PHL policyholders to intervene, denies ‘premium holiday’
- eHealth expands into final expense insurance
- CID hosts info session for PHL Variable policyholders
- ‘Seismic changes’ cloud global economy, analyst says
More Life Insurance News