Researchers Submit Patent Application, “Secure Data Replication Systems And Methods”, for Approval (USPTO 20230244668): Patent Application

2023 AUG 18 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- From Washington, D.C., NewsRx journalists report that a patent application by the inventors ATIAS, Adir (Migdal Ha’Emek, IL); FIREBERGER, Aviram (Kibuts Carmia, IL); GOLAN, Oron (Meitar Halamish, IL); LUTSKY, Evgeny (Tel-Aviv, IL); PINES, Aviad (Jerusalem, IL), filed on January 31, 2022, was made available online on August 3, 2023.

No assignee for this patent application has been made.

News editors obtained the following quote from the background information supplied by the inventors: “In recent years, data protection has become increasingly important. This importance has increased due to several factors including easy, rapid, and even automatic data replication, personal data privacy concerns, data security breaches and resulting negative consumer sentiment, export regulation, and data privacy regulation, amongst others. Resulting compliance with regulations (e.g., General Data Protection Regulation or “GDPR”, California Consumer Protection Act or “CCPA”, Health Insurance Portability and Accountability Act or “HIPAA”), corporate policies, contractual requirements, and consumer expectations is thereby a very specialized, time-consuming, and error-prone process. Such errors can result in significant fines, detrimental news reports, and loss of customer trust.”

As a supplement to the background information on this patent application, NewsRx correspondents also obtained the inventors’ summary information for this patent application: “Various embodiments herein address issues arising from data sharing, privacy, and security regulations, laws, and other such restrictions in some embodiments by introducing a role or function of Policy Inspector. The Policy Inspector is responsible for storing, managing, evaluating, and acting upon pre-defined policies when new data replication events, such as when setting up a new subscription for a subscriber data storage node to data events published by a publisher data storage node. The roles or functions in data replication in various embodiments herein are therefore Publisher, Subscriber, Distributor, and Policy Inspector. Such embodiments can not only increase data security and compliance with policies and legal requirements, but also increase system performance by eliminating previously required validation of every data replication event.

“One embodiment in the form of a method includes receiving input creating or modifying a data distribution restriction, which when implemented will restrict distribution of particular data by publisher nodes located in at least one geographic or political area to subscriber nodes outside of the at least one geographic or political area. The method continues by querying a subscription repository storing data defining subscriptions to publisher node data events on publisher nodes located in the at least one geographic or political area to identify existing subscriptions to data events about the particular data by subscriber nodes located outside of the at least one geographic or political area. The method may then output the query results identifying existing subscriber node subscriptions contrary to the new or newly modified data distribution restriction. The received input may then be stored in a database such that subsequent changes to existing and creation of new subscriptions are conditionally limited by the new or newly modified data distribution restriction.

“Another method embodiment includes storing data on a data storage device identifying a data source and designating that data source as a publisher node to which other nodes maybe subscribe, and a location associated with the source. This method may then store additional data on the data storage device identifying a subscriber node and a location associated with the subscriber node. Input my then be received requesting a subscription from the publisher node by a subscriber node. In response thereto, some embodiments continue by retrieving, from a database, location data identifying the locations of the publisher and subscriber nodes and further retrieving, from the database, any location-related policies associated with the location of one or both of the publisher and subscriber nodes, each location related policy restricting distribution of data from, to, or between locations specified in data defining the respective location related policy. Validating processing is then performed on the requested subscription in view of all retrieved location-related policies. Upon success of the validating, this method includes storing, in the database, data enabling the requested subscription and transmitting a success indication via the network in response to the received subscription request.

“A further example embodiment is in the form of a data management system including a computer processor, a network interface device, a data storage device, and instructions stored on the data storage device defining modules of the data management system. The instructions of such embodiments are executable by the computer processor on data local to the data management system and as accessible via the network interface device. These modules include various modules. In some such embodiments, a policy repository module stores data defining at least one policy restricting replication of data by a distributor service module from publisher nodes with a first association to subscriber nodes with a second association. The distributor service module, in some embodiments replicates data from publisher nodes to respective subscriber nodes upon occurrence of data events configured to invoke data replication from publisher nodes to subscriber nodes subject to compliance with policies defined in data stored in the policy repository module. Additionally, policy engine module executes to apply the policies defined in data stored in the policy repository module to restrict distribution of data by the distributor service module.”

The claims supplied by the inventors are:

“1. A method comprising: receiving input creating or modifying a data distribution restriction, which when implemented will restrict distribution of particular data by publisher nodes having at least one associated property to subscriber nodes not having the at least one associated property; querying a subscription repository storing data defining subscriptions to publisher node data events on publisher nodes having the at least one associated property to identify existing subscriptions to data events with regard to the particular data by subscriber nodes not having the at least one associated property; outputting query results identifying existing subscriber node subscriptions contrary to a new or newly modified data distribution restriction; storing the received input in a database such that subsequent changes to existing and creation of new subscriptions are conditionally limited by the new or newly modified data distribution restriction; and storing data on a data storage device representing a new subscription of a subscriber node to a publisher node that is compliant with the input stored to the database.

“2. The method of claim 1, further comprising: suspending the identified existing subscriber node subscriptions contrary to the new or newly modified data distribution restriction.

“3. The method of claim 1, wherein the particular data is data of a type subject to one or both of privacy and security regulation.

“4. The method of claim 1, wherein: data identifying the at least one associated property is data identifying at least one geographic or political area.

“5. A method comprising: storing data on a data storage device identifying a data source and designating that data source as a publisher node to which other nodes may subscribe, and an identity property associated with the source; storing data on the data storage device identifying a subscriber node and an identity property associated with the subscriber node; receiving input requesting a subscription from the publisher node by a subscriber node; retrieving, from a database, identity property data identifying the identity properties of the publisher and subscriber nodes; retrieving, from the database, any identity property-related policies associated with the identity property of one or both of the publisher and subscriber nodes, each identity property-related policy restricting distribution of data from publishers to be accessed by subscribers with the identity property specified in data defining the respective identity property-related policy; validating the requested subscription in view of retrieved identity property-related policies; and upon success of the validating, storing, in the database, data enabling the requested subscription and transmitting a success indication via a network in response to the received subscription request.

“6. The method of claim 5, further comprising: upon failure of the validating, transmitting an error indication via the network in response to the received subscription request and disregarding the subscription request.

“7. The method of claim 5, further comprising receiving via the network and storing on the data storage device input identifying the data source as storing a type of data subject to at least one of a privacy and security requirement limiting access to and distribution of data stored by the data source.

“8. The method of claim 5, wherein the data source includes at least one of a database instance, a database table, and a column of a database table.

“9. The method of claim 5, further comprising: receiving and storing data in the database defining a new location-related policy; applying the new location-related policy to subscriptions stored in the database to identify any violations; and outputting a report listing the identified violations.

“10. The method of claim 9, further comprising: suspending subscriptions identified as violating the new location-related policy.

“11. The method of claim 5, wherein: the identity properties identify respective location of the publisher and subscriber nodes; the identity property-related policies are location-related policies and the identity property-related policies restrict distribution of data from, to, or between locations and include at least one policy implementing at least one of a privacy regulation, a security regulation, and an export control regulation.

“12. The method of claim 11, wherein the location-related policies restricting distribution of data from, to, or between locations includes at least one policy implementing a customer privacy policy of an entity for which the method is performed.

“13. A data management system comprising: a computer processor; a network interface device; a data storage device; and instructions stored on the data storage device defining modules of the data management system, the instructions executable by the computer processor on data local to the data management system and as accessible via the network interface device, the modules including: a policy repository module storing data defining at least one policy restricting replication of data by a distributor service from publisher nodes with a first association to subscriber nodes with a second association; the distributor service module that replicates data from publisher nodes to respective subscriber nodes upon occurrence of data events configured to invoke data replication from publisher nodes to subscriber nodes subject to compliance with policies defined in data stored in the policy repository module; and a policy engine that executes to apply the policies defined in data stored in the policy repository module to restrict distribution of data by the distributor service module.

“14. The data management system of claim 13, wherein the policy engine executes to validate, in view of policies stored in the policy repository, a new or modification of an existing data replication subscription prior to storing thereof such that only valid subscriber node data replication subscriptions can be stored.

“15. The data management system of claim 13, wherein the first and second associations associate the publisher and subscriber nodes with respective areas within which they are physically located.

“16. The data management system of claim 15, wherein the areas include one or both of geographic and political areas.

“17. The data management system of claim 16, wherein the policy repository module stores data defining at least one policy restricting data distribution based on one or both of geographic and political areas of publisher nodes.

“18. The data management system of claim 17, wherein at least one policy further restricts data distribution based on a geographic and political area of subscriber nodes.

“19. The data management system of claim 17, wherein one policy restricting distribution of data based on one or both of geographic and political area definitions is a government-imposed requirement restricting data distribution.

“20. The data management system of 17, wherein one policy restricting distribution of data based on one or both of geographic and political area definitions is associated with a particular subset of data stored by at least one publisher node.”

For additional information on this patent application, see: ATIAS, Adir; FIREBERGER, Aviram; GOLAN, Oron; LUTSKY, Evgeny; PINES, Aviad. Secure Data Replication Systems And Methods. U.S. Patent Application Number 20230244668, filed January 31, 2022 and posted August 3, 2023. Patent URL (for desktop use only): https://ppubs.uspto.gov/pubwebapp/external.html?q=(20230244668)&db=US-PGPUB&type=ids

(Our reports deliver fact-based news of research and discoveries from around the world.)