“Sensitive Data Identification In Real Time For Data Streaming” in Patent Application Approval Process (USPTO 20210336928): Patent Application

2021 NOV 12 (NewsRx) -- By a News Reporter-Staff News Editor at Insurance Daily News -- A patent application by the inventors Biller, Ofer Haim (Midreshet Ben Gurion, IL); Sofer, Oded (Midreshet Ben Gurion, IL), filed on April 23, 2020, was made available online on October 28, 2021, according to news reporting originating from Washington, D.C., by NewsRx correspondents.

This patent application has not been assigned to a company or institution.

The following quote was obtained by the news editors from the background information supplied by the inventors: “Identifying and protecting sensitive data is critical for data protection and for meeting regulation requirements (general data protection regulation (GDPR), the California consumer privacy act (CCPA), the health insurance portability and accountability act (HIPAA), payment card industry data security standard (PCI DSS), Sarbanes-Oxley Act (SOX), Iso27000, Etc.). A data firewall, for example Guardium®, may provide automated discovery and classification of sensitive data, data activity monitoring and discovery of unusual activity around sensitive data. The data firewall may protect against unauthorized data access by learning regular user access patterns and can provide alerts on suspicious activities.

“The data firewall typically captures or sniffs data accesses to a database (e.g., requests and responses) in real-time and analyzes the data according to policy rules to identify sensitive data. The data firewall may include a data activity monitor (DAM) and/or file activity monitor (FAM). The requests and responses sniffed by the data firewall may include data packets that may include a query, e.g., a structured query language (SQL) requests, or a response, and associated header information. The header may include metadata such as machine information, network information, user information, client information, etc.

“The classification of data may be performed by parsing the captured data packets, extracting the mapping between the metadata and data (e.g., field name for every value), running a rule engine against the metadata and then scanning the data itself to identify sensitive data. Currently, DAM and FAM products are classifying the captured data offline due to the complexity and performance requirements of the classification process. However, using the classifier in offline mode may be too late for preventing data breach or data tampering.

“Therefore, a method for online classification and identification of sensitive data for data streaming is required.”

In addition to the background information obtained for this patent application, NewsRx journalists also obtained the inventors’ summary information for this patent application: “According to embodiments of the invention, a system and method for classifying data in real-time may include may include: capturing a plurality of data packets flowing between a data source machine and a data client; searching at least one of the data packets for tokens associated with sensitive information; if tokens associated with sensitive information are not found in a data packet: allowing the data packet to flow between the data source machine and the data client; and sending the data packet to a comprehensive security analysis; and if tokens associated with sensitive information are found in the data packet: preventing the data packet form flowing between the data source machine and the data client; sending the data packet to a comprehensive security analysis.

“Furthermore, if tokens associated with sensitive information are found in the data packet, embodiments of the invention may include continuing to prevent the data packet from flowing between the data source machine and the data client if the comprehensive security analysis finds security issues: and allowing the data packet to flow between the data source machine and the data client if the comprehensive security analysis finds no security issues.

“According to embodiments of the invention, the data source machine may be selected from: a database server, a file server, a proxy and a database server, a combination of a proxy and a file server, a combination of a network gate and a database server, and a combination of a network gate and a file server.

“According to embodiments of the invention, the data packet may be one of: a query sent from the data client to the data source machine, and a response sent from the data source machine to the data client.

“According to embodiments of the invention, capturing and searching may be performed by a software agent that is installed on the data source machine.

“According to embodiments of the invention, performing a comprehensive security analysis may be performed by a dedicated security server, and wherein the data packet is sent to the dedicated security server for performing the comprehensive security analysis.

“According to embodiments of the invention, searching the data packet for tokens associated with sensitive information may include at least one of: wildcard search, pattern search and dictionary search.

“Embodiments of the invention may include updating the tokens associated with sensitive information based on results of the comprehensive security analysis.

“According to embodiments of the invention, the comprehensive security analysis may include: parsing the data packet; mapping metadata to data; building hierarchy of the data; and processing policy rules.

“Embodiments of the invention may include issuing a security alert if tokens associated with sensitive information are found in the data packet and if the comprehensive security analysis finds security issues.

“Embodiments of the invention may include: after capturing, decrypting the plurality of data packets to obtain a header of each packet; analyzing the headers to determine security status of packets associated with the headers; and selecting the at least one data packet based on the security status.

“It will be appreciated that for simplicity and clarity of illustration, elements shown in the figures have not necessarily been drawn to scale. For example, the dimensions of some of the elements may be exaggerated relative to other elements for clarity. Further, where considered appropriate, reference numerals may be repeated among the figures to indicate corresponding or analogous elements.”

The claims supplied by the inventors are:

“1. A method for classifying data in real-time, the method comprising: capturing a plurality of data packets flowing between a data source machine and a data client; searching at least one of the data packets for tokens associated with sensitive information; if tokens associated with sensitive information are not found in a data packet: allowing the data packet to flow between the data source machine and the data client; and sending the data packet to a comprehensive security analysis; and if tokens associated with sensitive information are found in the data packet: preventing the data packet form flowing between the data source machine and the data client; and sending the data packet to a comprehensive security analysis.

“2. The method of claim 1, comprising, if tokens associated with sensitive information are found in the data packet: continuing to prevent the data packet from flowing between the data source machine and the data client if the comprehensive security analysis finds security issues; and allowing the data packet to flow between the data source machine and the data client if the comprehensive security analysis finds no security issues.

“3. The method of claim 1, wherein the data source machine is selected from the list consisting of: a database server, a file server, a proxy and a database server, a combination of a proxy and a file server, a combination of a network gate and a database server, and a combination of a network gate and a file server.

“4. The method of claim 1, wherein the data packet is one of: a query sent from the data client to the data source machine, and a response sent from the data source machine to the data client.

“5. The method of claim 1, wherein capturing and searching are performed by a software agent that is installed on the data source machine.

“6. The method of claim 5, wherein performing a comprehensive security analysis is performed by a dedicated security server, and wherein the data packet is sent to the dedicated security server for performing the comprehensive security analysis.

“7. The method of claim 1, wherein searching the data packet for tokens associated with sensitive information comprises at least one of: wildcard search, pattern search and dictionary search.

“8. The method of claim 1, comprising: updating the tokens associated with sensitive information based on results of the comprehensive security analysis.

“9. The method of claim 1, wherein the comprehensive security analysis comprises: parsing the data packet; mapping metadata to data; building hierarchy of the data; and processing policy rules.

“10. The method of claim 1, comprising: issuing a security alert if tokens associated with sensitive information are found in the data packet and if the comprehensive security analysis finds security issues.

“11. The method of claim 1, comprising: after capturing, decrypting the plurality of data packets to obtain a header of each packet; analyzing the headers to determine security status of packets associated with the headers; and selecting the at least one data packet based on the security status.

“12. A system for classifying data in real-time, the system comprising: a memory; and a processor configured to: capture a plurality of data packets flowing between a data source machine and a data client; search at least one of the data packets for tokens associated with sensitive information; if tokens associated with sensitive information are not found in a data packet: allow the data packet to flow between the data source machine and the data client; and send the data packet to a comprehensive security analysis; and if tokens associated with sensitive information are found in the data packet: prevent the data packet form flowing between the data source machine and the data client; and send the data packet to a comprehensive security analysis.

“13. The system of claim 12, wherein if tokens associated with sensitive information are found in the data packet, the processor is configured to: continue to prevent the data packet from flowing between the data source machine and the data client if the comprehensive security analysis finds security issues; and allow the data packet to flow between the data source machine and the data client if the comprehensive security analysis finds no security issues.

“14. The system of claim 12, wherein the data source machine is selected from the list consisting of: a database server, a file server, a proxy and a database server, a combination of a proxy and a file server, a combination of a network gate and a database server, and a combination of a network gate and a file server.

“15. The system of claim 12, wherein the data packet is one of: a query sent from the data client to the data source machine, and a response sent from the data source machine to the data client.

“16. The system of claim 12, wherein that the processor is installed on the data source machine, and wherein performing a comprehensive security analysis is performed by a dedicated security server, and wherein the processor is configured to send the data packet to the dedicated security server for performing the comprehensive security analysis.

“17. The system of claim 12, wherein searching the data packet for tokens associated with sensitive information comprises at least one of: wildcard search, pattern search and dictionary search.

“18. The system of claim 12, wherein the processor is configured to: update the tokens associated with sensitive information based on results of the comprehensive security analysis.

“19. The system of claim 12, wherein the processor is configured to: issue a security alert if tokens associated with sensitive information are found in the data packet and if the comprehensive security analysis finds security issues.

“20. The system of claim 12, wherein the processor is configured to: after capturing, decrypt the plurality of data packets to obtain a header of each packet; analyze the headers to determine security status of packets associated with the headers; and select the at least one data packet based on the security status.”

URL and more information on this patent application, see: Biller, Ofer Haim; Sofer, Oded. Sensitive Data Identification In Real Time For Data Streaming. Filed April 23, 2020 and posted October 28, 2021. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220210336928%22.PGNR.&OS=DN/20210336928&RS=DN/20210336928

(Our reports deliver fact-based news of research and discoveries from around the world.)