Researchers Submit Patent Application, “Managing Queries With Data Processing Permits”, for Approval (USPTO 20210319128): Patent Application – Insurance News Net

Insurance Daily News

2021 NOV 01 (NewsRx) — By a News Reporter-Staff News Editor at Insurance Daily News — From Washington, D.C., NewsRx journalists report that a patent application by the inventors Alexander, Samuel (San Francisco, CA, US); Anderson, Maxwell (San Francisco, CA, US); Chavez, Tom (San Francisco, CA, US); Salomon, Yacov (Danville, CA, US); Vaidya, Vivek (San Francisco, CA, US); Winter, Anton (San Mateo, CA, US); Yates, Seth (Danville, CA, US), filed on April 13, 2020, was made available online on October 14, 2021.

No assignee for this patent application has been made.

News editors obtained the following quote from the background information supplied by the inventors: “Database systems may be subject to a number of data regulations. Data regulations may specify how a database system may store data and how the database system may support access to the data. Examples of such regulations may include the European Union’s General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA) for health-related data privacy, and the Federal Trade Commission’s (FTC’s) data and privacy regulations for financial institutions, among other such regulations. In some cases, implementing a system that handles legitimizing reasons for accessing data separate from data processing may fail to ensure technically that the system uses the data in the proper manner, resulting in a great deal of risk for the organization running the database system. That is, simply claiming to follow the rules may not meet the high standards of some data protection regulations, leaving an organization liable or facing prohibitive cost if the system uses any user data incorrectly (e.g., without the proper consent or legitimizing reason). Additionally, in some cases, following data regulations at a database system may result in a number of processing inefficiencies, potential security risks, or both. For example, decrypting data at query time in a database (e.g., to support checking legitimizing reasons) may result in insecure storage of data (e.g., at least temporarily while executing a query).”

As a supplement to the background information on this patent application, NewsRx correspondents also obtained the inventors’ summary information for this patent application: “Data regulations may set rules and/or restrictions for how a data management system may collect, store, and process user data. To handle such data regulations, a system may implement data processing permits and cryptographic techniques to tie legitimizing reasons for using data (e.g., user consent) to data handling. For example, by tying user consent to data handling at a technical level, the system may automatically comply with data regulations and efficiently update to handle changing data regulations and/or regulations across different jurisdictions. However, data regulations may further specify security criteria for handling data in a database system. For example, the database system may secure user information by storing the user data as encrypted at rest in a database. The user data may be encrypted to ensure that the data is accessed by specific users or systems with the proper credentials and is used for specific purposes supported by legitimizing reasons (e.g., user consent or other regulations). The database may restrict other users or systems from accessing the data and may restrict requests for unauthorized usages of the data by withholding an encryption key corresponding to the encrypted data. Many applications may send queries, such as structured query language (SQL) queries, to the database system requesting access to data records. However, such applications may not be aware of how the database system is securely storing the data at rest. As such, the queries may request data using plaintext values, fields, and operators, which may not accurately represent the format of data in a database. Temporarily decrypting data to run such queries may expose private user data (e.g., for potential security breaches by malicious users). If the plaintext data is directly accessed in any way (e.g., within a database management system (DBMS)) to support querying, the DBMS may fail to uphold one or more data regulations associated with user privacy.

“To maintain data security in a database system while supporting robust query functionality, the database system may implement a database proxy for managing queries. Furthermore, the database proxy, the underlying database, or both may integrate data processing permits into query transformation, query execution, query results processing, or some combination thereof to support privacy-by-design. For example, a database system may implement data processing permits to manage data access using one or more encryption schemes to tie permits to data (e.g., cryptographically ensuring that the system follows data regulations). To support queries for a database implementing such encryption schemes, the database may implement a database proxy (e.g., a server or shim). When the system receives a query, the database proxy may intercept and transform the query based on the encryption schema of the database. Transforming the query may involve transforming plaintext values to ciphertext values, indicating one or more user-defined functions (UDFs) in place of query operations to perform equivalent operations on encrypted data (e.g., homomorphically encrypted data), determining relevant data processing permits, or any combination of these processes. The database proxy may execute the transformed query at the database. Based on the query transformation and one or more UDFs supported by the DBMS, the database may execute the query directly on encrypted data (e.g., without decrypting the data even temporarily in the database). Such a process may maintain data security throughout query execution. Additionally or alternatively, the DBMS may implement policies and/or roles to support filtering data at execution time according to data processing permits. For example, one or more hidden columns in the database may support indications of user consent statuses for particular data fields, rows, or columns. The DBMS may filter out query results that are not consented to by an appropriate user.

“The database may return encrypted query results to the database proxy in response to the transformed query, and the database proxy may decrypt the results for use by a querying application. In some cases, the database proxy may perform further processing of the query results (e.g., based on one or more data processing permits). For example, the database proxy may filter out information from the query results based on querying limits set by a data processing permit. The database proxy may send the resulting plaintext query results to an application in response to the query.

“By implementing one or more of the techniques described herein, a database system may integrate a DBMS storing secure, encrypted data with a privacy-by-design technical framework. The database proxy may manage any types of queries entering the database system, such that a secure, encrypted database may accurately and efficiently run the queries (e.g., based on one or more query transformations). Using homomorphic encryption, UDFs, and data processing permits, the database system may maintain a high standard of data security at rest and at query time, comply with data privacy regulations (e.g., with technical guarantees), support robust querying functionality, and support consumer rights, such as private user data deletion.

“Aspects of the disclosure are initially described in the context of systems supporting query management for a database. Additional aspects are described with reference to a database schema and a process flow. Aspects of the disclosure are further illustrated by and described with reference to apparatus diagrams, system diagrams, and flowcharts that relate to managing queries with data processing permits.

“FIG. 1 illustrates an example of a system 100 that supports managing queries with data processing permits in accordance with aspects of the present disclosure. The system 100 may include a database system 165, including a database 110 and a database proxy 105. The database 110 may be an example of a single database, a distributed database, multiple distributed databases, a data store, an emergency backup database, or any other system supporting data storage. The database proxy 105 may be an example of a server, such as a single server, a server cluster, an application server, a database server, a proxy server, a cloud-based server, a virtual machine, or any other system, service, or device supporting data processing. The database system 165 may implement the database proxy 105 to handle queries 125 to the database 110. For example, using the database proxy 105, the system 100 may integrate a relational DBMS with a privacy-by-design framework implementing data processing permits 160 to achieve data security while complying with data privacy regulations.

“The database 110 may store encrypted data 115 to ensure data security at rest. In some examples, an application, such as an application running on a user device 120 (e.g., a laptop, a desktop computer, a smartphone, a server, a tablet, a sensor, or any other computing device or system capable of generating, analyzing, transmitting, or receiving communications or data), may query the database 110 for data. The database proxy 105 may intercept-or otherwise receive-the query 125 to manage running the query 125 on the database 110 according to the specific database schema. For example, the database proxy 105 may intercept the query 125 based on the database 110 storing data records as encrypted data 115. As such, the database proxy 105 may operate as a shim between the application and the DBMS. The database proxy 105 may use encryption schemes, user-defined functions (UDFs) for the DBMS, or a combination thereof to transform and execute the query 125 at the database 110.

“For example, the user device 120 may transmit a query 125 to the database system 165. The query 125 may be an example of a SQL query or a query following any other supported format. The database proxy 105 may receive the query 125 in order to transform the query 125. For example, an application may define the query 125 independent of the schema of the database 110. However, the database 110 may store data as encrypted data 115 in the database 110. To support security protocols, the database 110 may maintain data encryption at all times in the database 110 (e.g., in a DBMS). For example, the encrypted data 115 may be encrypted at rest in the database 110 and may be encrypted at query time in the database 110. In this way, plaintext data may not be available in the database 110. To support maintaining data encryption at query time (e.g., when executing a query at the database 110), the database proxy 105 may transform the query 125 to function properly within the database 110 on encrypted data 115. In some examples, using a query transformation component 130 (e.g., a component implemented in hardware, software executed by a processor, firmware, or any combination thereof), the database proxy 105 may transform the query 125 according to the database schema (e.g., an encryption schema of the database 110). The transformed query 135 may support execution on encrypted data 115 in the database 110.”

There is additional summary information. Please visit full patent to read further.”

The claims supplied by the inventors are:

“1. A method for data processing at a database system comprising a database proxy and a database, the method comprising: receiving, at the database proxy, a query comprising an indication of data associated with the database and privacy metadata indicating a data processing activity for using the data; transforming, at the database proxy, the query based at least in part on an encryption schema of the database; and executing, at the database, the transformed query, wherein executing the transformed query is based at least in part on a data processing permit stored for the database system and applicable to the data processing activity.

“2. The method of claim 1, wherein the query comprises a request for the data stored in the database and a user identifier associated with the request for the data, and the transforming further comprises: identifying the data processing permit applicable to the data processing activity and the user identifier; and encrypting the user identifier with a permit key associated with the identified data processing permit, wherein the transformed query comprises a select statement indicating the encrypted user identifier.

“3. The method of claim 2, further comprising: receiving a legitimizing reason for the user identifier to access the data for the data processing activity; generating the data processing permit applicable to the data processing activity and the user identifier based at least in part on receiving the legitimizing reason; encrypting the user identifier with the permit key associated with the data processing permit based at least in part on receiving the legitimizing reason; and storing, in the database, the encrypted user identifier with a relation to the data stored in the database.

“4. The method of claim 3, wherein: the encrypted user identifier is stored in a column in the database; the column supports executing the select statement for the query in the database; and the encrypted user identifier provides access to a row in the database comprising the data.

“5. The method of claim 2, further comprising: receiving, at the database proxy, a second query comprising a second request for the data stored in the database and second privacy metadata indicating a second data processing activity for using the data and a second user identifier associated with the second request for the data; failing to identify a second data processing permit applicable to both the second data processing activity and the second user identifier; and refraining from retrieving the data in response to the second query based at least in part on failing to identify the second data processing permit.

“6. The method of claim 1, wherein the query comprises a request for the data stored in the database, and the executing the transformed query further comprises: identifying, in the database, a consent status for a data field based at least in part on the data processing activity, wherein the consent status is based at least in part on the data processing permit; and retrieving the data from the database based at least in part on the identified consent status.

“7. The method of claim 6, further comprising: filtering a data column of the database, a data row of the database, or a combination thereof based at least in part on a hidden consent column of the database.

“8. The method of claim 6, further comprising: accessing a table in the database based at least in part on a reference stored with the data, wherein the consent status is identified based at least in part on a value stored in the table, the data processing activity, the data processing permit, or a combination thereof.

“9. The method of claim 1, wherein executing the transformed query further comprises: receiving, at the database proxy, a query result based at least in part on executing the transformed query at the database; and modifying, at the database proxy, the query result based at least in part on the data processing permit applicable to the data processing activity.

“10. The method of claim 9, wherein the modifying further comprises: filtering the query result based at least in part on the data processing permit.

“11. The method of claim 1, wherein the query comprises an insert query for the data, the method further comprising: identifying a legitimizing reason for storing the data based at least in part on the data processing permit, wherein the query is transformed to store the data at the database according to the encryption schema of the database and based at least in part on the legitimizing reason for storing the data.

“12. The method of claim 1, further comprising: receiving, at the database proxy, a ciphertext query result based at least in part on executing the transformed query at the database; and decrypting, at the database proxy, the ciphertext query result to obtain a plaintext query result based at least in part on the encryption schema of the database.

“13. The method of claim 12, wherein the query is received from a user device, the method further comprising: transmitting, to the user device, the plaintext query result in response to the query.

“14. The method of claim 12, wherein: the data is encrypted at rest in the database; and the data is encrypted in the database during execution of the transformed query.

“15. The method of claim 1, wherein transforming the query further comprises: performing one or more calls to one or more user-defined functions for the database system based at least in part on a clause in the query, an operator in the query, the encryption schema of the database, or a combination thereof

“16. The method of claim 1, wherein: the data is stored in the database in a plurality of columns using a plurality of respective encryption schemes; and the database executes the transformed query on a column of the plurality of columns based at least in part on a query function for the transformed query supported by the column according to a respective encryption scheme for the column.

“17. The method of claim 1, wherein: the data is stored in the database in a single column using a plurality of layered encryption schemes; the database decrypts one or more layers of the plurality of layered encryption schemes based at least in part on a query function for the transformed query; and the database executes the transformed query on the single column based at least in part on the decrypted one or more layers of the plurality of layered encryption schemes.

“18. The method of claim 1, further comprising: installing the database proxy for the database system; determining, at the database proxy, an initial schema of the database; and updating the initial schema of the database to the encryption schema of the database based at least in part on the initial schema of the database and a plurality of data processing permits associated with installing the database proxy.

“19. An apparatus for data processing at a database system comprising a database proxy and a database, the apparatus comprising: a processor; memory coupled with the processor; and instructions stored in the memory and executable by the processor to cause the apparatus to: receive, at the database proxy, a query comprising an indication of data associated with the database and privacy metadata indicating a data processing activity for using the data; transform, at the database proxy, the query based at least in part on an encryption schema of the database; and execute, at the database, the transformed query, wherein executing the transformed query is based at least in part on a data processing permit stored for the database system and applicable to the data processing activity.

“20. A non-transitory computer-readable medium storing code for data processing at a database system comprising a database proxy and a database, the code comprising instructions executable by a processor to: receive, at the database proxy, a query comprising an indication of data associated with the database and privacy metadata indicating a data processing activity for using the data; transform, at the database proxy, the query based at least in part on an encryption schema of the database; and execute, at the database, the transformed query, wherein executing the transformed query is based at least in part on a data processing permit stored for the database system and applicable to the data processing activity.”

For additional information on this patent application, see: Alexander, Samuel; Anderson, Maxwell; Chavez, Tom; Salomon, Yacov; Vaidya, Vivek; Winter, Anton; Yates, Seth. Managing Queries With Data Processing Permits. Filed April 13, 2020 and posted October 14, 2021. Patent URL: https://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220210319128%22.PGNR.&OS=DN/20210319128&RS=DN/20210319128

(Our reports deliver fact-based news of research and discoveries from around the world.)

Source of this news: https://insurancenewsnet.com/oarticle/researchers-submit-patent-application-managing-queries-with-data-processing-permits-for-approval-uspto-20210319128-patent-application

Related posts:

'Tis the Season for the Wayward Car finance package Phish – Krebs concerned with Security - Krebs av...
The holiday shopping season really want means big business with phishers, who tend to have increased success this time of year possessing lure about a wayward product that needs redelivery. Here’s a...
5 Common Instagram proxy misconceptions and how to fix them - TG Daily
Have you ever considered using private proxies to connect your Instagram account? If you are a regular Insta user, you most probably didn’t consider or you didn’t even know that Instagram proxies exi...
Trial Orders UK ISP TalkTalk to Block More Piracy Web - ISPreview. co. england
Budget broadband ISP TalkTalk has this week revised their list of blocked world wide web (i. e. those explore they’ve been told to sign up by the UK High Court) to include a number of new on...
5 secure ways to configure a Firewall - Security Boulevard
Internet access is no longer an option; it has become a requirement for everyone. Internet connection has its own set of advantages for an organization, but it also allows the outside world to commu...
Forensic Methodology Report: How to catch NSO Group's Pegasus - Amnesty International
Introduction NSO Group claims that its Pegasus spyware is only used to “investigate terrorism and crime”  and “leaves no traces whatsoever”. This Forensic Methodology Report shows that neither o...
Attackers Scanning for Exchange Servers Vulnerable to ProxyShell - Decipher
Following the release of details last week about three vulnerabilities in Microsoft Exchange, attackers have begun scanning for vulnerable servers, and there are tens of thousands of them online. The...
Microsoft adds Azure capabilities to Windows Server 2022 - SecurityBrief Asia
Barely a month after the launch of Windows Server 2022, users are exploring everything the new platform has to offer, including new features like Hyper-V virtual machine support Released last mo...
Li-Cycle Strengthens IP Position Receiving Two Additional U.S. Patents - Yahoo Finance
Li-Cycle continues to build technology presence in United States with granted patents from the U.S. Patent and Trademark Office relating to the processing and recovery of critical, finite materials f...
CCIV Stock Is Offering an Advantage to Bullish Investors - InvestorPlace
Some are issuing warnings and others are simply letting bearish positions against Churchill Capital Corp (NYSE:CCIV) do their bidding. But bullish investors appear to have the upper hand in CCIV stoc...
'Neurevt' Trojan Targets Mexican Banking concern Customers - BankInfoSecurity. apresentando
Account Takeover Fraud , Cybercrime , Fraud Remedies & Cybercrime Updated Malware This time Includes Spyware and a Backdoor Prajeet Nair ( @prajeetspeaks ) • June 19, 2021 &nbs...
Current refinance rates on Jan. 10, 2022: Rates are climbing, but still low - Swift Digital news age...
John Greim/Getty Multiple important mortgage refinance rates increased today. Both 15-year fixed and 30-year fixed refinances saw their average rates go up. In addition , the average ...
Why Should You Use Proxy Rotation Tools? - The Union Journal
Proxy Rotation ToolsWhile there are many possible solutions to hiding your identity online and browsing from a different IP, a proxy rotator might be the best one. A proxy rotator, or proxy rotation ...
New differential fuzzing tool reveals novel HTTP request smuggling techniques - The Daily Swig
White paper systematically examines the attack while showcasing a ‘laundry list’ of new flaws Researchers have released a new fuzzing tool used for finding novel HTTP request smuggling techni...
Blackmagic Design DaVinci Resolve 18 with Cloud-Based sharing & more - Newsshooter
Share this article Blackmagic Design today announced DaVinci Resolve 18, a major new cloud collaboration update that allows multiple editors, colorists, VFX artists, and audio engineers to work...
Analytical Bug Reported in NPM Package With Millions of Downloading Weekly - The Hacker News
A traditionally used NPM package called ' Pac-Resolver ' for this JavaScript programming language may remediated with a fix for a high-severity remote code completion vulnerability that could...
NYPD locates van, names person of interest in Brooklyn subway shooting - WBRZ
NEW YORK (AP) — A gunman in a gas mask and a construction vest set off a smoke canister on a rush-hour subway train in Brooklyn and shot at least 10 people Tuesday, authorities said. Police were scou...
Gaming headphones are also on sale during Christmas 2021 - WindowsReport.com
by Alexandru Poloboc News Editor With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, ...
A solar C/O and sub-solar metallicity in a hot Jupiter atmosphere - Nature.com
1.Mordasini, C., van Boekel, R., Molliere, P., Henning, T. & Benneke, B. The imprint of exoplanet formation history on observable present-day spectra of hot Jupiters. Astrophys. J. 832, 41 (2016)...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30