|Dataguise Inc. Patent applications|
|Patent application number||Title||Published|
|20150026823||METHOD AND SYSTEM FOR ENTITLEMENT SETTING, MAPPING, AND MONITORING IN BIG DATA STORES - A method and system for securing sensitive data content in big data stores is provided. In an example method, entities within the big data store that contain sensitive data are identified. Then, users who have entitlement to access these sensitive entities are identified, along with their level of entitlement. Access controls are then set, based on which users can operate on the sensitive entities. Access or attempts to access these entities is monitored on an ongoing basis. An example system maps entitlement to entities within the big data store that contain sensitive content, to monitor access to these entities and to set access controls for users accessing the big data store.||01-22-2015|
|20150026462||METHOD AND SYSTEM FOR ACCESS-CONTROLLED DECRYPTION IN BIG DATA STORES - A method and system for access-controlled decryption in big data stores is provided. In an implementation, a system provides a method for encryption that stores meta-information about sensitive data elements being encrypted in a big data store, such as a Hadoop system, in which the bulk of the data may remain unencrypted. In an implementation, the system reads the stored meta-information at decryption time to determine where the encrypted data is within a large and unencrypted file system, and to determine whether or not an individual user has access rights to decrypt a given element of sensitive data. The system allows fine-grain control over access rights to sensitive data during decryption.||01-22-2015|
|20140304243||METHOD AND SYSTEM FOR MANAGING AND SECURING SUBSETS OF DATA IN A LARGE DISTRIBUTED DATA STORE - A system groups multiple entities in a large distributed data store (DDS), such as directories and files, into a subset called a domain. The domain is treated as a unit for defining policies to detect and treat sensitive data. Sensitive data can be defined by enterprise or industry. Treatment of sensitive data may include quarantining, masking, and encrypting, of the data or the entity containing the data. Data in a domain can be copied as a unit, with or without the same structure, and with transformations such as masking or encryption, into parts of the same DDS or to a different DDS. Domains can be the unit of access control for organizations, and assigned tags useful for identifying their purpose, ownership, location, or other characteristics. Policies and operations, assigned at the domain level, may vary from domain to domain, but within a domain are uniform, except for specific exclusions.||10-09-2014|
|20130080398||METHOD AND SYSTEM FOR DE-IDENTIFICATION OF DATA WITHIN A DATABASE - A method and system for de-identification of one or more data elements inside one or more tables of one or more databases is disclosed. The method includes generating one or more de-identified data elements inside the one or more databases. Upon generating the one or more de-identified data elements, the one or more data elements are updated with the one or more de-identified data elements. The updating of the one or more data elements is directly performed inside the one or more tables of the one or more databases.||03-28-2013|
|20110264631||METHOD AND SYSTEM FOR DE-IDENTIFICATION OF DATA - A method and system for de-identification of data comprising a plurality of data elements. The method involves identifying one or more portions of the data based on a predefined identification condition. The predefined identification condition is expressed in terms of, but is not limited to, one or more characteristics of the data. Further, one or more de-identification data elements are generated corresponding to the one or more data elements of the one or more identified portions of the data. The one or more de-identification data elements are generated based on the one or more characteristics of the one or more portions of the data. Thereafter, the one or more portions of the data are replaced with the one or more de-identification data elements respectively. As a result, the format of the one or more de-identification data elements remains identical to the format of the one or more data elements.||10-27-2011|
Patent applications by Dataguise Inc.