Patents by Inventor Ety KHAITZIN
Ety KHAITZIN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11829634Abstract: One embodiment provides a method, including: receiving, at a central system, a query requesting access to a dataset, wherein the central system communicates with a plurality of data storage locations, each having a governance policy for data stored at the data storage location, wherein different portions of the dataset are stored within different of the plurality of data storage locations; sending a sub-query formulated based upon the query; receiving a governance enforcement actions listing corresponding to the portion of the dataset stored within the corresponding data storage location; generating a meta-policy of enforcement actions for all of the plurality of data storage locations storing portions of the dataset, wherein the meta-policy identifies enforcement actions and an order of the enforcement actions to be applied to the dataset; and providing the meta-policy to each of the plurality of data storage locations.Type: GrantFiled: July 28, 2021Date of Patent: November 28, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Ramasuri Narayanam, Rishi Saket, Ety Khaitzin, Ritwik Chaudhuri, Rohith Dwarakanath Vallam
-
Patent number: 11816234Abstract: Embodiments of the present systems and methods may provide a data access approval process that supports complex and fine-grained policies and can be applied to different data items at scale, which provides improvement over current technologies. For example, in an embodiment, a computer-implemented method for controlling access to data by computer systems may comprise generating an intermediate representation by integrating a combination of data access policies, data attributes including attributes per data subject, and the data itself to form the intermediate representation, receiving a request for access to the data, rewriting the request for access to the data to incorporate the intermediate representation so as to provide access only to data allowed by the policies integrated into the intermediate representation, and executing the rewritten request and providing only data allowed by the policies integrated into the intermediate representation.Type: GrantFiled: March 19, 2018Date of Patent: November 14, 2023Assignee: International Business Machines CorporationInventors: Maya Anderson, Ronen Itshak Kat, Roee Shlomo, Ety Khaitzin
-
Publication number: 20230030333Abstract: One embodiment provides a method, including: receiving, at a central system, a query requesting access to a dataset, wherein the central system communicates with a plurality of data storage locations, each having a governance policy for data stored at the data storage location, wherein different portions of the dataset are stored within different of the plurality of data storage locations; sending a sub-query formulated based upon the query; receiving a governance enforcement actions listing corresponding to the portion of the dataset stored within the corresponding data storage location; generating a meta-policy of enforcement actions for all of the plurality of data storage locations storing portions of the dataset, wherein the meta-policy identifies enforcement actions and an order of the enforcement actions to be applied to the dataset; and providing the meta-policy to each of the plurality of data storage locations.Type: ApplicationFiled: July 28, 2021Publication date: February 2, 2023Inventors: Ramasuri Narayanam, Rishi Saket, Ety Khaitzin, Ritwik Chaudhuri, Rohith Dwarakanath Vallam
-
Patent number: 11567664Abstract: A computer-implemented method according to one embodiment includes identifying a plurality of storage systems within a storage environment, determining characteristics of each of the plurality of storage systems, the characteristics including one or more data reduction techniques implemented by each of the plurality of storage systems, performing a plurality of storage simulations of one or more data volumes, utilizing the characteristics of each of the plurality of storage systems, and determining one of the plurality of storage systems to store the one or more data volumes, based on results of the plurality of storage simulations.Type: GrantFiled: April 16, 2018Date of Patent: January 31, 2023Assignee: International Business Machines CorporationInventors: Moshe Weiss, Amir Epstein, Danny Harnik, Vladimir Shalikashvili, Ety Khaitzin, Yoni Raveh
-
Patent number: 11366764Abstract: A method for managing a data cache, comprising: storing a cache management list comprising a plurality of entries and having: a tail part stored in a first storage and documenting recently accessed data items stored in the data cache, a body part stored in a second storage and documenting less recently accessed data items stored in the data cache, and a head part stored in the first storage and documenting least recently accessed data items stored in the data cache; and in each of a plurality of iterations: receiving at least one data access request; documenting the data access request in the tail; identifying a plurality of duplicated entries present in the body and the tail; and removing each of the plurality of duplicated entries from the body in the second storage according to a physical organization in the second storage of the plurality of duplicated entries.Type: GrantFiled: September 29, 2020Date of Patent: June 21, 2022Assignee: International Business Machines CorporationInventors: Effi Ofer, Ety Khaitzin, Ohad Eytan
-
Publication number: 20220155987Abstract: A mechanism is provided for dispersed location-based data storage. A request is received to write a data file to a referrer memory region in a set of memory regions. For each data chunk of the data file, responsive to a comparison of a hash value for the data chunk to other hash values for other stored data chunks referenced in the referrer memory region indicating that the data chunk fails to exist in the referrer memory region, responsive to the data chunk existing in another memory region in the set of memory regions, responsive to the memory region failing to be one of the predetermined number N of owner memory regions associated with the referrer memory region, and responsive to the predetermined number N of owner memory regions failing to have been met, a reference to the data chunk is stored in the referrer memory region.Type: ApplicationFiled: February 1, 2022Publication date: May 19, 2022Inventors: REUT COHEN, JONATHAN FISCHER-TOUBOL, Afief Halumi, DANNY HARNIK, Ety Khaitzin, SERGEY MARENKOV, Asaf Porat-Stoler, YOSEF SHATSKY, TOM SIVAN
-
Patent number: 11321479Abstract: Enforcement of policies for tabular data access as a collection of columns over a plurality of different information assets is provided. In an enforcement knowledge graph, information asset-assigned terms are found that correspond to information assets in a virtual information asset that references a set of tabular data. Transitive closures of the information asset-assigned terms are found in a business glossary to form a table of business glossary terms. Term intersection is determined between a hash table of any column-assigned terms and the table of business glossary terms. The information assets are assigned to the virtual information asset when the term intersection is not empty. A set of policy rules associated with the set of tabular data and a context of a user making a data access request to the set of tabular data is applied to the virtual information asset to determine an access enforcement decision.Type: GrantFiled: December 6, 2019Date of Patent: May 3, 2022Assignee: International Business Machines CorporationInventors: Roger C. Raphael, Ety Khaitzin, Scott Schumacher, Arjun Natarajan
-
Publication number: 20220100677Abstract: A method for managing a data cache, comprising: storing a cache management list comprising a plurality of entries and having: a tail part stored in a first storage and documenting recently accessed data items stored in the data cache, a body part stored in a second storage and documenting less recently accessed data items stored in the data cache, and a head part stored in the first storage and documenting least recently accessed data items stored in the data cache; and in each of a plurality of iterations: receiving at least one data access request; documenting the data access request in the tail; identifying a plurality of duplicated entries present in the body and the tail; and removing each of the plurality of duplicated entries from the body in the second storage according to a physical organization in the second storage of the plurality of duplicated entries.Type: ApplicationFiled: September 29, 2020Publication date: March 31, 2022Inventors: Effi Ofer, Ety Khaitzin, Ohad Eytan
-
Patent number: 11269531Abstract: A mechanism is provided for dispersed location-based data storage. A request is received to write a data file to a referrer memory region in a set of memory regions. For each data chunk of the data file, responsive to a comparison of a hash value for the data chunk to other hash values for other stored data chunks referenced in the referrer memory region indicating that the data chunk fails to exist in the referrer memory region, responsive to the data chunk existing in another memory region in the set of memory regions, responsive to the memory region failing to be one of the predetermined number N of owner memory regions associated with the referrer memory region, and responsive to the predetermined number N of owner memory regions failing to have been met, a reference to the data chunk is stored in the referrer memory region.Type: GrantFiled: October 25, 2017Date of Patent: March 8, 2022Assignee: International Business Machines CorporationInventors: Reut Cohen, Jonathan Fischer-Toubol, Afief Halumi, Danny Harnik, Ety Khaitzin, Sergey Marenkov, Asaf Porat-Stoler, Yosef Shatsky, Tom Sivan
-
Patent number: 11178186Abstract: A method, apparatus, system, and computer program product for evaluating enforcement decisions on an asset using a policy. Rules in the policy are applied by a computer system to the asset taking into account a context for a request to access the asset in response receiving to the request to access the asset, and wherein the rules in the policy determine whether access to the asset is allowed. A determination is made by the computer system as to whether a conflict is present in an initial decision made using the rules in the policy. A set of conflict resolution processes are applied by the computer system when the conflict is present such that a final decision is made on the request to access the asset.Type: GrantFiled: March 19, 2020Date of Patent: November 16, 2021Assignee: International Business Machines CorporationInventors: Roger C. Raphael, Rajesh M. Desai, Ety Khaitzin, Shalu Agrawal, Angineh Aghakiant
-
Patent number: 11169968Abstract: Computer program products, as well as corresponding systems and methods are configured for performing deduplication in conjunction with random read and write operations, and include: computing a fingerprint of data included in a write request; determining whether a short term dictionary comprises an entry corresponding to the fingerprint; in response to determining the short term dictionary comprises the entry corresponding to the fingerprint, writing the data to a data store in a deduplicating manner; in response to determining the short term dictionary does not comprise the entry, determining whether a long term dictionary corresponding to the namespace comprises the entry; in response to determining the long term dictionary comprises the entry, writing the data to the data store in the deduplicating manner; and in response to determining the long term dictionary does not comprise the entry, writing the data to the data store in a non-deduplicating manner.Type: GrantFiled: May 21, 2019Date of Patent: November 9, 2021Assignee: International Business Machines CorporationInventors: David D. Chambliss, Joseph S. Glider, Danny Harnik, Ety Khaitzin
-
Patent number: 11144508Abstract: In one embodiment, a deduplicating storage system includes a processor and logic integrated with and/or executable by the processor. The logic is configured to cause the processor to perform a method which includes: computing a fingerprint of a data chunk, and determining whether a short term dictionary corresponding to the namespace comprises an entry corresponding to the fingerprint. In response to determining the short term dictionary does not comprise the entry, a determination is made whether a long term dictionary corresponding to the namespace comprises the entry. In response to determining the long term dictionary comprises the entry: the data chunk is written to the data store in the deduplicating manner, and the short term dictionary is repopulated with the entry. Moreover, in response to determining the long term dictionary does not comprise the entry, the data chunk is written to the data store in a non-deduplicating manner.Type: GrantFiled: June 13, 2019Date of Patent: October 12, 2021Assignee: International Business Machines CorporationInventors: David D. Chambliss, Joseph S. Glider, Danny Harnik, Ety Khaitzin
-
Publication number: 20210297451Abstract: A method, apparatus, system, and computer program product for evaluating enforcement decisions on an asset using a policy. Rules in the policy are applied by a computer system to the asset taking into account a context for a request to access the asset in response receiving to the request to access the asset, and wherein the rules in the policy determine whether access to the asset is allowed. A determination is made by the computer system as to whether a conflict is present in an initial decision made using the rules in the policy. A set of conflict resolution processes are applied by the computer system when the conflict is present such that a final decision is made on the request to access the asset.Type: ApplicationFiled: March 19, 2020Publication date: September 23, 2021Inventors: Roger C. Raphael, Rajesh M. Desai, Ety Khaitzin, Shalu Agrawal, Angineh Aghakiant
-
Publication number: 20210173952Abstract: Enforcement of policies for tabular data access as a collection of columns over a plurality of different information assets is provided. In an enforcement knowledge graph, information asset-assigned terms are found that correspond to information assets in a virtual information asset that references a set of tabular data. Transitive closures of the information asset-assigned terms are found in a business glossary to form a table of business glossary terms. Term intersection is determined between a hash table of any column-assigned terms and the table of business glossary terms. The information assets are assigned to the virtual information asset when the term intersection is not empty. A set of policy rules associated with the set of tabular data and a context of a user making a data access request to the set of tabular data is applied to the virtual information asset to determine an access enforcement decision.Type: ApplicationFiled: December 6, 2019Publication date: June 10, 2021Inventors: Roger C. Raphael, Ety Khaitzin, Scott Schumacher, Arjun Natarajan
-
Patent number: 10795862Abstract: A computer-implemented method includes dividing a data set into a plurality of regions and dividing the plurality of regions into a plurality of chunks of fixed size. The computer-implemented method further includes determining a sample size of the plurality of chunks to be sampled for each region, wherein the sample size is determined based, at least in part, on an acceptance of a likelihood of identifying at least one collision between two regions corresponding to logical entities of a first cluster of logical entities. The computer-implemented method further includes sampling the plurality of chunks for each region based on the determined sample size. The computer-implemented method further includes generating a hash value for each chunk sampled and storing each hash value in an index. The computer-implemented method further includes identifying one or more collisions between the plurality of regions. A corresponding computer system and computer program product are also disclosed.Type: GrantFiled: November 30, 2016Date of Patent: October 6, 2020Assignee: International Business Machines CorporationInventors: Danny Harnik, Ety Khaitzin, Sergey Marenkov, Dmitry Sotnikov
-
Patent number: 10747726Abstract: A computer-implemented method includes receiving a set of basis fingerprints corresponding to image chunks within a basis set of image regions wherein each image region within the basis set of image regions comprises one or more image chunks, and generating a fingerprint for each image chunk of a plurality of selected image chunks within an unprocessed region of a machine image to produce a plurality of sampled fingerprints. The method also includes determining a similarity metric for the unprocessed region from the sampled fingerprints and the basis fingerprints, comparing the similarity metric for the unprocessed region with a selected threshold, and including the unprocessed region within the basis set of image regions in response to determining that the similarity metric is less than the selected threshold. A corresponding computer program product and computer system are also disclosed herein.Type: GrantFiled: March 8, 2016Date of Patent: August 18, 2020Assignee: International Business Machines CorporationInventors: Danny Harnik, Ronen I. Kat, Ety Khaitzin, Sergey Marenkov
-
Patent number: 10740296Abstract: A computer-implemented method includes receiving a set of basis fingerprints corresponding to image chunks within a basis set of image regions wherein each image region within the basis set of image regions comprises one or more image chunks, and generating a fingerprint for each image chunk of a plurality of selected image chunks within an unprocessed region of a machine image to produce a plurality of sampled fingerprints. The method also includes determining a similarity metric for the unprocessed region from the sampled fingerprints and the basis fingerprints, comparing the similarity metric for the unprocessed region with a selected threshold, and including the unprocessed region within the basis set of image regions in response to determining that the similarity metric is less than the selected threshold. A corresponding computer program product and computer system are also disclosed herein.Type: GrantFiled: May 22, 2017Date of Patent: August 11, 2020Assignee: International Business Machines CorporationInventors: Danny Harnik, Ronen I. Kat, Ety Khaitzin, Sergey Marenkov
-
Patent number: 10628433Abstract: Methods, computing systems and computer program products implement embodiments of the present invention that include partitioning a dataset into a full set of logical data units, and selecting a sample subset of the full set, the sample subset including a random sample of the full set based on a sampling ratio. A set of target hash values are selected from a full range of hash values, and, using a hash function, a respective unit hash value is calculated for each of the logical data units in the sample subset. A histogram is computed that indicates a duplication count of each of the unit hash values that matches a given target hash value, and based on the histogram, a number of distinct logical data units in the full set is estimated.Type: GrantFiled: September 5, 2018Date of Patent: April 21, 2020Assignee: International Business Machines CorporationInventors: Danny Harnik, Ety Khaitzin, Dmitry Sotnikov
-
Publication number: 20190317670Abstract: A computer-implemented method according to one embodiment includes identifying a plurality of storage systems within a storage environment, determining characteristics of each of the plurality of storage systems, the characteristics including one or more data reduction techniques implemented by each of the plurality of storage systems, performing a plurality of storage simulations of one or more data volumes, utilizing the characteristics of each of the plurality of storage systems, and determining one of the plurality of storage systems to store the one or more data volumes, based on results of the plurality of storage simulations.Type: ApplicationFiled: April 16, 2018Publication date: October 17, 2019Inventors: Moshe Weiss, Amir Epstein, Danny Harnik, Vladimir Shalikashvili, Ety Khaitzin, Yoni Raveh
-
Publication number: 20190294590Abstract: In one embodiment, a deduplicating storage system includes a processor and logic integrated with and/or executable by the processor. The logic is configured to cause the processor to perform a method which includes: computing a fingerprint of a data chunk, and determining whether a short term dictionary corresponding to the namespace comprises an entry corresponding to the fingerprint. In response to determining the short term dictionary does not comprise the entry, a determination is made whether a long term dictionary corresponding to the namespace comprises the entry. In response to determining the long term dictionary comprises the entry: the data chunk is written to the data store in the deduplicating manner, and the short term dictionary is repopulated with the entry. Moreover, in response to determining the long term dictionary does not comprise the entry, the data chunk is written to the data store in a non-deduplicating manner.Type: ApplicationFiled: June 13, 2019Publication date: September 26, 2019Inventors: David D. Chambliss, Joseph S. Glider, Danny Harnik, Ety Khaitzin