-
公开(公告)号:US11210410B2
公开(公告)日:2021-12-28
申请号:US16573326
申请日:2019-09-17
发明人: Roger C. Raphael , Hani Talal Jamjoom , Rajesh M. Desai , Iun Veng Leong , Uttama Shakya , Arjun Natarajan
摘要: Serving data assets based on security policies is provided. A request to access an asset received from a user having a particular context is evaluated based on a set of asset access enforcement policies. An asset access policy enforcement decision is generated based on evaluating the request. It is determined whether the asset access policy enforcement decision is to transform particular data of the asset prior to allowing access. In response to determining that the asset access policy enforcement decision is to transform the particular data of the asset prior to allowing access, a transformation specification that includes an ordered subset of unit transformations for transforming the particular data of the asset is generated based on the particular context of the user and the set of asset access enforcement policies. A transformed asset is generated by applying the transformation specification to the asset transforming the particular data of the asset.
-
公开(公告)号:US20210119970A1
公开(公告)日:2021-04-22
申请号:US16655022
申请日:2019-10-16
摘要: A method, apparatus, system, and computer program product evaluate an information asset with a corpus of policies in conjunction with the context of access including a specific user. A large corresponding set of rules in the policy corpus are identified by computer system. A continuous process of rule evaluation occurs against information asset metadata wherein a series of processing including set of common subexpressions between the predicates of all active rules, pre-evaluation, compaction and storage are identified by the computer system in the policy and rule corpus. Metadata for the information asset is applied by the computer system to the set of common subexpressions to form partially evaluated rules for the policy. The partially evaluated rules henceforth compacted are stored by the computer system in association with the information asset. Subsequently the partially evaluated rules are a compressed form of the rule corpus for the policies in the system and hence reduce computer resources and significantly improve the response tome used to evaluate the enforcement decision for the said information asset with the policy in conjunction with the context of access. The process can be repeated each time at least one of the metadata or the policy changes to provide continuous processing of rules to maintain compacted up-to-date partially evaluated rules to enforce the policy.
-
公开(公告)号:US11283839B2
公开(公告)日:2022-03-22
申请号:US16705775
申请日:2019-12-06
摘要: Predicting access impact of a plurality of rule changes on a corpus of information assets is provided. A set of affected rules in a new rule space for controlling access to the corpus of information assets is received. The set of affected rules is shredded to identify right-hand side terms contained in predication blocks of the set of affected rules. An enforcement knowledge graph is traversed to identify a set of hot information assets having same terms as the right-hand side terms of the set of affected rules. The set of hot information assets having the same terms as the right-hand side terms of the set of affected rules is added to a hash table of hot information assets.
-
公开(公告)号:US11362997B2
公开(公告)日:2022-06-14
申请号:US16655022
申请日:2019-10-16
IPC分类号: H04L9/40 , H04L41/0893 , G06F16/2453
摘要: A method, apparatus, system, and computer program product evaluate an information asset with a corpus of policies in conjunction with the context of access including a specific user. A large corresponding set of rules in the policy corpus are identified by computer system. A continuous process of rule evaluation occurs against information asset metadata wherein a series of processing including set of common subexpressions between the predicates of all active rules, pre-evaluation, compaction and storage are identified by the computer system in the policy and rule corpus. Metadata for the information asset is applied by the computer system to the set of common subexpressions to form partially evaluated rules for the policy. The partially evaluated rules henceforth compacted are stored by the computer system in association with the information asset. Subsequently the partially evaluated rules are a compressed form of the rule corpus for the policies in the system and hence reduce computer resources and significantly improve the response tome used to evaluate the enforcement decision for the said information asset with the policy in conjunction with the context of access. The process can be repeated each time at least one of the metadata or the policy changes to provide continuous processing of rules to maintain compacted up-to-date partially evaluated rules to enforce the policy.
-
公开(公告)号:US20210176279A1
公开(公告)日:2021-06-10
申请号:US16705775
申请日:2019-12-06
摘要: Predicting access impact of a plurality of rule changes on a corpus of information assets is provided. A set of affected rules in a new rule space for controlling access to the corpus of information assets is received. The set of affected rules is shredded to identify right-hand side terms contained in predication blocks of the set of affected rules. An enforcement knowledge graph is traversed to identify a set of hot information assets having same terms as the right-hand side terms of the set of affected rules. The set of hot information assets having the same terms as the right-hand side terms of the set of affected rules is added to a hash table of hot information assets.
-
公开(公告)号:US11347891B2
公开(公告)日:2022-05-31
申请号:US16445366
申请日:2019-06-19
摘要: Disclosed is a computer-implemented method to identify and anonymize personal information, the method comprising analyzing a first corpus with a personal information sniffer, wherein the first corpus includes unstructured text, wherein the personal information sniffer is configured to detect a set of types of personal information, and wherein the personal information sniffer produces a first set of results. The method comprises analyzing the first corpus with a set of annotators, wherein each annotator is configured to identify all instances of a type of personal information in the corpus, and wherein the set of annotators produces a second set of results. The method comprises comparing the first set of results and the second set of results, determining, the first set of results does not match the second set of results, and updating, based on the determining, the personal information sniffer.
-
公开(公告)号:US20210081550A1
公开(公告)日:2021-03-18
申请号:US16573326
申请日:2019-09-17
发明人: Roger C. Raphael , Hani Talal Jamjoom , Rajesh M. Desai , Iun Veng Leong , Uttama Shakya , Arjun Natarajan
摘要: Serving data assets based on security policies is provided. A request to access an asset received from a user having a particular context is evaluated based on a set of asset access enforcement policies. An asset access policy enforcement decision is generated based on evaluating the request. It is determined whether the asset access policy enforcement decision is to transform particular data of the asset prior to allowing access. In response to determining that the asset access policy enforcement decision is to transform the particular data of the asset prior to allowing access, a transformation specification that includes an ordered subset of unit transformations for transforming the particular data of the asset is generated based on the particular context of the user and the set of asset access enforcement policies. A transformed asset is generated by applying the transformation specification to the asset transforming the particular data of the asset.
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.018 秒)
