Search Patents
  • Distributed Storage and Distributed Processing Policy Enforcement Utilizing Virtual Identifiers
    Publication number: 20160203181
    Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to assign virtual identifiers to blocks of a file that contain identical information in different data sources. A distributed storage and distributed processing query statement is received. Real name attributes of the query statement are equated with selected virtual identifiers. Access control policies are applied to the selected virtual identifiers to obtain policy results. The policy results are applied to the real name attributes of the query statement to obtain query results.
    Type: Application
    Filed: December 28, 2015
    Publication date: July 14, 2016
    Applicant: BlueTalon, Inc.
    Inventors: Pratik Verma, Rakesh Khanduja, Prerna Verma
  • Distributed Storage and Distributed Processing Query Statement Reconstruction in Accordance with a Policy
    Publication number: 20160205101
    Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to receive a query statement. The query statement is one of many distributed storage and distributed processing query statements with unique data access methods. Token components are formed from the query statement. The token components are categorized as data components or logic components. Modified token components are formed from the token components in accordance with a policy. The query statement is reconstructed with the modified token components and original computational logic and control logic associated with the query statement.
    Type: Application
    Filed: December 11, 2015
    Publication date: July 14, 2016
    Applicant: BlueTalon, Inc.
    Inventors: Pratik Verma, Rakesh Khanduja
  • ACCESS CONTROL FOR NESTED DATA FIELDS
    Publication number: 20180060365
    Abstract: Systems, computer program products and methods implementing access control for compound structures including subfields are described. A policy system receives a database schema and a data access policy. The database schema defines multiple subfields of a data column. The policy includes one or more rules limiting access to the subfields. A policy analyzer of the policy system creates an access control metadata that stores correspondence between the subfields and the rules. The policy analyzer represents the subfields in the access control metadata using relations between subfields and other components of the database. The policy analyzer provides the access control metadata to a policy enforcer for enforcing the policy on the subfields.
    Type: Application
    Filed: August 26, 2016
    Publication date: March 1, 2018
    Applicant: BlueTalon, Inc.
    Inventors: Prasad Mujumdar, Rakesh Khanduja, Pratik Verma
  • Distributed storage and distributed processing query statement reconstruction in accordance with a policy
    Patent number: 10129256
    Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to receive a query statement. The query statement is one of many distributed storage and distributed processing query statements with unique data access methods. Token components are formed from the query statement. The token components are categorized as data components or logic components. Modified token components are formed from the token components in accordance with a policy. The query statement is reconstructed with the modified token components and original computational logic and control logic associated with the query statement.
    Type: Grant
    Filed: December 11, 2015
    Date of Patent: November 13, 2018
    Assignee: BlueTalon, Inc.
    Inventors: Pratik Verma, Rakesh Khanduja
  • Access control for nested data fields
    Patent number: 10185726
    Abstract: Systems, computer program products and methods implementing access control for compound structures including subfields are described. A policy system receives a database schema and a data access policy. The database schema defines multiple subfields of a data column. The policy includes one or more rules limiting access to the subfields. A policy analyzer of the policy system creates an access control metadata that stores correspondence between the subfields and the rules. The policy analyzer represents the subfields in the access control metadata using relations between subfields and other components of the database. The policy analyzer provides the access control metadata to a policy enforcer for enforcing the policy on the subfields.
    Type: Grant
    Filed: August 26, 2016
    Date of Patent: January 22, 2019
    Assignee: BlueTalon, Inc.
    Inventors: Prasad Mujumdar, Rakesh Khanduja, Pratik Verma
  • Distributed storage and distributed processing query statement reconstruction in accordance with a policy
    Patent number: 10659467
    Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to receive a query statement. The query statement is one of many distributed storage and distributed processing query statements with unique data access methods. Token components are formed from the query statement. The token components are categorized as data components or logic components. Modified token components are formed from the token components in accordance with a policy. The query statement is reconstructed with the modified token components and original computational logic and control logic associated with the query statement.
    Type: Grant
    Filed: November 6, 2018
    Date of Patent: May 19, 2020
    Assignee: BlueTalon, Inc.
    Inventors: Pratik Verma, Rakesh Khanduja
  • Short-Circuit Data Access
    Publication number: 20180004970
    Abstract: A policy system enforces data security policies for requests from accessing data stored on a distributed data storage system received from a client device. The policy enforcement system can determine user credentials from the requests. The enforcement system then determines whether the user credentials allow the request to retrieve the data and if yes, whether the user credentials allow the request to retrieve the data without obligations. Upon determining that user credentials allow the request to retrieve the data without obligations, the policy enforcement system directs the client device to communicate directly with a name node of the data storage system, short-circuiting additional data retrieval and filtering of the policy system.
    Type: Application
    Filed: July 1, 2016
    Publication date: January 4, 2018
    Applicant: BlueTalon, Inc.
    Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
  • Access policies based on HDFS extended attributes
    Patent number: 10491635
    Abstract: Systems, computer program products and methods implementing access control on a distributed file system are described. A policy engine enforces one or more policies to access a data item stored in the distributed file system by utilizing non-system extended attributes of the data item. The policy engine receives, from a client device, a request to access the data item. The policy engine determines a policy for access the data item. The policy specifies one or more conditions for accessing the data item in one or more extended attributes. The one or more extended attributes are associated with the data item in the distributed file system. The policy determines whether to grant the request to access the data item according to values of the one or more extended attributes.
    Type: Grant
    Filed: June 30, 2017
    Date of Patent: November 26, 2019
    Assignee: BlueTalon, Inc.
    Inventor: Dilli Dorai Minnal Arumugam
  • Distributed storage processing statement interception and modification
    Patent number: 10033765
    Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to intercept a query statement at a master machine. The query statement is an instruction from a client machine that specifies how data managed by a distributed storage system should be processed and provided back to the client. In the communication between the client and the master machine, tokens associated with the statement are evaluated to selectively identify a pattern match of one of connection pattern tokens, login pattern tokens or query pattern tokens. For the query pattern tokens, altered tokens for the query statement are formed in response to the pattern match to establish a revised statement. The revised statement is produced in response to application of a policy rule. The revised statement maintains computation, logic and procedure of the statement, but alters parameters of the statement as specified by the policy rule.
    Type: Grant
    Filed: December 11, 2015
    Date of Patent: July 24, 2018
    Assignee: BlueTalon, Inc.
    Inventors: Pratik Verma, Rakesh Khanduja
  • Distributed Storage Processing Statement Interception and Modification
    Publication number: 20160205140
    Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to intercept a query statement at a master machine. The query statement is an instruction from a client machine that specifies how data managed by a distributed storage system should be processed and provided back to the client. In the communication between the client and the master machine, tokens associated with the statement are evaluated to selectively identify a pattern match of one of connection pattern tokens, login pattern tokens or query pattern tokens. For the query pattern tokens, altered tokens for the query statement are formed in response to the pattern match to establish a revised statement. The revised statement is produced in response to application of a policy rule. The revised statement maintains computation, logic and procedure of the statement, but alters parameters of the statement as specified by the policy rule.
    Type: Application
    Filed: December 11, 2015
    Publication date: July 14, 2016
    Applicant: BlueTalon, Inc.
    Inventors: Pratik Verma, Rakesh Khanduja
  • Policy enforcement system
    Patent number: 10277633
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing, by a policy enforcement system, a plurality of policies and data associating a plurality of user credentials with the plurality of policies; receiving, from a client device, a request for data from a file system, the request further comprising user credentials; forwarding the request for data to a second node that stores the data from the file system; receiving, from the node, the data from the file system; selecting from the plurality of policies, based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials; filtering, by the policy enforcement system, the data from the file system based on the one or more policies; and sending the filtered data to the client device.
    Type: Grant
    Filed: January 8, 2018
    Date of Patent: April 30, 2019
    Assignee: BlueTalon, Inc.
    Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
  • Protocol-level identity mapping
    Patent number: 10250723
    Abstract: Systems, computer program products and methods implementing protocol-level mapping are described. An identity mapping system intercepts a request from a client device to a distributed computing system. The identity mapping system determines a first protocol of the request. The identity mapping system determines user credentials associated with the request. The identity mapping system authenticates the request based on the user credentials. The identity mapping system determines a service provided by the distributed computing system that the request accesses. The identity mapping system determines service credentials of that service. The identity mapping system translates the first protocol into a second protocol associated with the distributed computing system, including associating the service credentials with the request. The identity mapping system then submits the request to the distributed computing system.
    Type: Grant
    Filed: April 13, 2017
    Date of Patent: April 2, 2019
    Assignee: BlueTalon, Inc.
    Inventors: Rakesh Khanduja, Vineet Mittal
  • POLICY MANAGEMENT, ENFORCEMENT, AND AUDIT FOR DATA SECURITY
    Publication number: 20170257379
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing, and enforcing policies on data security. A policy appliance includes a policy administration point, a policy decision point, a policy enforcement point and, optionally, an auditing module. The policy appliance can execute in a self-contained environment, e.g., a single virtual machine, a single physical machine, or a cluster of virtual machines or physical machines identically configured. The self-contained policy appliance can receive, manage, enforce and audit multiple policies that specify access privileges of multiple users on multiple databases. The databases can include heterogeneous databases that are configured separately and differently from one another. A single configuration of the policy appliance centralizes and unifies policy management of the heterogeneous database in the self-contained environment.
    Type: Application
    Filed: March 4, 2016
    Publication date: September 7, 2017
    Applicant: BlueTalon, Inc.
    Inventors: Benjamin L. Weintraub, Pratik Verma
  • Policy enforcement for compute nodes
    Patent number: 9871825
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for maintaining, by a policy enforcement system in a first compute node, a plurality of policies and data associating a plurality of user credentials with the plurality of policies. A request is received from a compute process for data from a file system in the first compute node. The request includes user credentials. The request for data is sent to the file system, and the data is received from the file system. Based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials is selected from the plurality of policies. The policy enforcement system filters the data from the file system based on the one or more policies, and sends the filtered data to the compute process.
    Type: Grant
    Filed: December 10, 2015
    Date of Patent: January 16, 2018
    Assignee: BlueTalon, Inc.
    Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
  • Policy management, enforcement, and audit for data security
    Patent number: 10367824
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing, and enforcing policies on data security. A policy appliance includes a policy administration point, a policy decision point, a policy enforcement point and, optionally, an auditing module. The policy appliance can execute in a self-contained environment, e.g., a single virtual machine, a single physical machine, or a cluster of virtual machines or physical machines identically configured. The self-contained policy appliance can receive, manage, enforce and audit multiple policies that specify access privileges of multiple users on multiple databases. The databases can include heterogeneous databases that are configured separately and differently from one another. A single configuration of the policy appliance centralizes and unifies policy management of the heterogeneous database in the self-contained environment.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: July 30, 2019
    Assignee: BlueTalon, Inc.
    Inventors: Benjamin L. Weintraub, Pratik Verma
  • Authentication based on client access limitation
    Patent number: 10803190
    Abstract: Systems, computer program products and methods implementing access control on a distributed file system are described. A file system enforcement point protects an HDFS from unauthorized access by authenticating a declared identity of a task submitting a request from a client. Upon receiving the request, the file system enforcement point submits a challenge to the client, requesting the task to provide credentials of the declared identity. The task submits credentials. On the client, each task has access to credentials of a true identity of the task. Accordingly, in case a task submits a claimed identity that is different from the true identity of the task, the task cannot submit correct credentials in response to the challenge. The file system enforcement point authenticates the declared identity using the submitted credentials. The file system enforcement point allows the client to access the HDFS only upon successful authentication.
    Type: Grant
    Filed: July 21, 2017
    Date of Patent: October 13, 2020
    Assignee: BlueTalon, Inc.
    Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar, Pratik Verma
  • Distributed storage processing statement interception and modification
    Patent number: 10594737
    Abstract: A non-transitory computer readable storage medium has instructions executed by a processor to intercept a query statement at a master machine. The query statement is an instruction from a client machine that specifies how data managed by a distributed storage system should be processed and provided back to the client. In the communication between the client and the master machine, tokens associated with the statement are evaluated to selectively identify a pattern match of one of connection pattern tokens, login pattern tokens or query pattern tokens. For the query pattern tokens, altered tokens for the query statement are formed in response to the pattern match to establish a revised statement. The revised statement is produced in response to application of a policy rule. The revised statement maintains computation, logic and procedure of the statement, but alters parameters of the statement as specified by the policy rule.
    Type: Grant
    Filed: July 17, 2018
    Date of Patent: March 17, 2020
    Assignee: BlueTalon, Inc.
    Inventors: Pratik Verma, Rakesh Khanduja
  • Policy management, enforcement, and audit for data security
    Patent number: 10091212
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing, and enforcing policies on data security. A policy appliance includes a policy administration point, a policy decision point, a policy enforcement point and, optionally, an auditing module. The policy appliance can execute in a self-contained environment, e.g., a single virtual machine, a single physical machine, or a cluster of virtual machines or physical machines identically configured. The self-contained policy appliance can receive, manage, enforce and audit multiple policies that specify access privileges of multiple users on multiple databases. The databases can include heterogeneous databases that are configured separately and differently from one another. A single configuration of the policy appliance centralizes and unifies policy management of the heterogeneous database in the self-contained environment.
    Type: Grant
    Filed: March 4, 2016
    Date of Patent: October 2, 2018
    Assignee: BlueTalon, Inc.
    Inventors: Benjamin L. Weintraub, Pratik Verma
  • Policy enforcement system
    Patent number: 9866592
    Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for storing, by a policy enforcement system, a plurality of policies and data associating a plurality of user credentials with the plurality of policies; receiving, from a client device, a request for data from a file system, the request further comprising user credentials; forwarding the request for data to a second node that stores the data from the file system; receiving, from the node, the data from the file system; selecting from the plurality of policies, based on the received user credentials and the data associating the plurality of user credentials with the plurality of policies, one or more policies that correspond to the received user credentials; filtering, by the policy enforcement system, the data from the file system based on the one or more policies; and sending the filtered data to the client device.
    Type: Grant
    Filed: September 28, 2015
    Date of Patent: January 9, 2018
    Assignee: BlueTalon, Inc.
    Inventors: Dilli Dorai Minnal Arumugam, Prasad Mujumdar
  • Yarn rest API protection
    Patent number: 10291602
    Abstract: Systems, computer program products and methods implementing YARN service protection are described. A reverse proxy in a cluster of computers in a distributed computing system can intercept a request to access a YARN service. The request can be associated with requester credentials. The reverse proxy determines that the request includes a REST API call. The reverse proxy determines, based on authentication configuration information, that the call needs to be authenticated. The reverse proxy authenticates the call based on the requester credentials using an authentication mechanism specified in the configuration information. Upon successful authentication of the call, the reverse proxy makes authorization checks based on specified configuration information. If the authorization checks pass, the reverse proxy forwards the request to a server that provides the YARN service in the cluster. If the authentication or authorization checks fail, the reverse proxy denies the request.
    Type: Grant
    Filed: April 12, 2017
    Date of Patent: May 14, 2019
    Assignee: BlueTalon, Inc.
    Inventors: Sridhar Shanmugam Sailappan, Dilli Dorai Minnal Arumugam
Narrow Results

Filter by US Classification