WO2025005821A1 - Processing and displaying restricted data - Google Patents

Abstract

A method for processing and displaying restricted data in a distributed information system comprises the steps of: identifying restricted data and creating a shared data array for all levels of the system, in which a list of restricted data, templates for the subsequent substitution of said data, the origin of the restriction, and network identifiers are stored (101); making the data array accessible to requests from all nodes of the distributed information system (102); creating a logic for the automatic verification of data for filling the data array (103); sending to the data array, upon receipt of a data processing request from a node of the distributed information system, a request with a list of the data intended for processing and checking if said data can be processed (104); if restricted data are found, altering the processing of said data by generating an abstract data layer in which the restricted data are substituted with data from a template (105); generating and displaying the processed data on the basis of the generated abstract layer (106). The invention makes it possible to protect restricted data during handling in distributed information systems.

Description

PROCESSING AND VISUALIZATION OF DATA PROHIBITED FROM TRANSFER

AREA OF TECHNOLOGY

[1] This technical solution generally relates to methods of processing data and preparing data structures for viewing and visualization, namely to a method of processing and visualizing data prohibited for transmission in distributed information systems.

LEVEL OF TECHNOLOGY

[2] Currently, concepts of edge computing are known, in which computations are performed as close to the user as possible in a complex hierarchical client-server architecture, but not necessarily on the client device. A method of distributing computations in parts is also known, i.e. different stages of the algorithm are performed on different devices.

[3] Depending on the type of task, there may be restrictions on the transfer of data between different devices (for example, from the server to the client part and vice versa, from one server to another, etc.).

[4] For example, personal data of individuals may only be permitted to be stored on the user's computer.

[5] For example, details of commercial agreements cannot be transferred from certain company servers to others, although the fact of such an agreement itself may or should be transferred, a so-called commercial secret.

[6] The technical solution described in RU 2541895 “SYSTEM AND METHOD FOR INCREASING THE SECURITY OF ORGANIZATIONAL DATA BY CREATING AN ISOLATED ENVIRONMENTS”, 12/25/2012, Closed Joint-Stock Company “Kaspersky Lab” (RU): “the method for detecting violations of the rules for working with data includes: a) modifying the application code by replacing the call of functions working with data with a call of handler functions; b) collecting information about the modified application’s calls to functions working with data by calling the corresponding handler functions; c) analyzing the information collected at stage b) for non-compliance with the rules for working with data established by the security policy; d) detecting a violation of the rules for working with data based on the analysis.”

[7] The prior art includes a technical solution described in RU 2759210 "SYSTEM AND METHOD FOR PROTECTING ELECTRONIC DOCUMENTS CONTAINING CONFIDENTIAL INFORMATION FROM UNAUTHORIZED ACCESS", 01.09.2020, Crosstech Solutions Group Limited Liability Company (RU): a system for protecting electronic documents containing confidential information from unauthorized access comprises: a tagging subsystem; an access control subsystem; a file tracking subsystem; a classification subsystem; an anonymization subsystem; a screen uniqueization subsystem; a data transmission subsystem; a data storage subsystem; a recognition subsystem; an administration subsystem."

[8] The prior art includes a technical solution described in US 10,931,652 B2 “Data sealing with a sealing enclave”, 24.01.2017, Microsoft Technology Licensing LLC (US): “the method comprises the steps of: sending to a source enclave located in a first native enclave platform a first attestation report for a sealing enclave located in a second native enclave platform; receiving an allowed list and associated enclave data in the sealing enclave from the source enclave, wherein the allowed list includes a list of one or more enclave identifiers that are allowed to unseal the enclave data; securely storing enclave data and the allowlist, and restrict access to enclave data for enclaves with authenticated identities as permitted by the allowlist."

[9] The disadvantages of known solutions are the fact that when working with data that requires protection, the localization of their location is not ensured, and as a result, maximum protection is not provided, and other disadvantages include the limited set of protected data and the fixation of protection on specific extensions of certain files.

DISCLOSURE OF INVENTION

[10] This technical solution is aimed at eliminating the shortcomings inherent in existing solutions known from the prior art.

[11] The technical problem solved in this technical solution is that when working with data that requires protection, the localization of their location is not ensured, and as a consequence, maximum protection is not ensured, as well as the limited set of protected data and the fixation of protection on specific extensions of certain files.

[12] The main technical result that emerges from solving the above-mentioned problem is ensuring the protection of data prohibited from being transmitted when working in distributed information systems.

[13] Additional technical results that emerge from solving the above problem include the ability to ensure protection of specific data attributes, as well as the variability of data protection settings.

[14] The specified technical results are achieved by implementing a method for processing and visualizing data prohibited from transmission in distributed information systems, implemented using a processor and a data storage device, including the following steps:

• when constructing a distributed information system, they determine data prohibited from being transmitted by forming a common data array for all levels of the system, where a list of data prohibited from being transmitted is stored, templates for the subsequent replacement of this data, the source of the prohibition on transmission, and network identifiers;

• the data array generated in the previous step is made available for requests from all nodes of the constructed distributed information system;

• form the logic of automatic data verification for automatic addition of the data array generated in the first step; • when a request for data processing is received from a node of the constructed distributed information system, an additional request is sent with a list of data to be processed to the data array generated in the first step and the possibility of processing is checked;

• if data prohibited from being transferred is found, the data processing is changed by forming an abstract data layer with the automated replacement of data prohibited from being transferred with data from the corresponding template;

• generate and visualize the processed data based on the abstract data layer generated in the previous step.

[15] In one of the specific examples of the implementation of the method, in the event of finding data that is prohibited from being transmitted, a request is made to the user to download this data from the local data storage.

[16] In another particular example of implementing the method, if data is found that is prohibited from being transmitted, this data is automatically downloaded from the local data storage.

[17] In addition, the declared technical result is achieved through a system for processing and visualizing data prohibited for transmission in distributed information systems, containing:

- at least one data processing device;

- at least one data storage device;

- at least one program, where one or more programs are stored on one or more data storage devices and executed on one or more data processing devices, wherein the one or more programs ensure the execution of the following steps:

• when constructing a distributed information system, data prohibited from transmission is determined, forming a common one for all levels systems are a data array that stores a list of data prohibited from being transmitted, templates for subsequent replacement of this data, the source of the prohibition on transmission, and network identifiers;

• the data array generated in the previous step is made available for requests from all nodes of the constructed distributed information system;

• form the logic of automatic data verification for automatic addition of the data array generated in the first step;

• when a request for data processing is received from a node of the constructed distributed information system, an additional request is sent with a list of data to be processed to the data array generated in the first step and the possibility of processing is checked;

• if data prohibited from being transferred is found, the data processing is changed by forming an abstract data layer with the automated replacement of data prohibited from being transferred with data from the corresponding template;

• generate and visualize the processed data based on the abstract data layer generated in the previous step.

[18] In one of the specific examples of the implementation of the system, in the event of finding data that is prohibited from being transmitted, a request is made to the user to download this data from the local data storage.

[19] In another particular example of the implementation of the system, if data is found that is prohibited from being transmitted, this data is automatically downloaded from the local data storage. BRIEF DESCRIPTION OF DRAWINGS

[20] The features and advantages of the present technical solution will become apparent from the following detailed description and the accompanying drawings, in which: [21] Fig. 1 illustrates a block diagram of the implementation of the claimed method.

[22] Fig. 2 illustrates an example of the operation of the described technical solution.

[23] Fig. 3 illustrates a system for implementing the claimed method.

IMPLEMENTATION OF THE INVENTION

[24] Below we will describe the terms and concepts necessary for the implementation of this technical solution.

[25] Data attribute - the name of a column in a table

[26] Distributed information system - any information system that allows for the organization of interaction between independent but interconnected computers. Distributed systems are those that are not located in one controlled area or at one facility. These systems are intended to automate facilities that are characterized by territorial distribution of points of information generation and consumption.

[27] SQL queries are sets of commands for working with relational (tabular) databases. SQL (abbr. from Structured Query Language) is a declarative programming language used to create, modify, and manage data in a relational database managed by the corresponding database management system.

[28] A database abstraction layer (DBAL) is an application programming interface that unifies communication between a computer application and a database management system (DBMS) such as SQL Server, DB2, MySQL, PostgreSQL, Oracle, or SQLite. Traditionally, each DBMS vendor provides its own interface tailored to their product, allowing a programmer to implement code for as many database interfaces as he or she wishes to support. Abstraction layers reduce the amount of work by providing a consistent API to the developer and by hiding as much of the database specifics as possible behind that interface. There are many abstraction layers with different interfaces in many programming languages. [29] The claimed technical solution may be implemented, for example, by a system, a machine-readable medium, a server, etc. In this technical solution, a system means, among other things, a computer system, a computer (electronic computer), a CNC (numerical control), a PLC (programmable logic controller), computerized control systems and any other devices capable of performing a given, clearly defined sequence of operations (actions, instructions).

[30] A command processing unit is an electronic unit or integrated circuit (microprocessor) that executes machine instructions (programs).

[31] The command processing unit reads and executes machine instructions (programs) from one or more data storage devices, such as random access memory (RAM) and/or read-only memory (ROM). ROM may include, but is not limited to, hard disk drives (HDD), flash memory, solid-state drives (SSD), optical storage media (CD, DVD, BD, MD, etc.), etc.

[32] A program is a sequence of instructions intended for execution by a computer control device or a command processing device.

[33] The term "instructions" as used in this application may refer generally to software instructions or software commands that are written in a given programming language to perform a specific function, such as, for example, receiving and processing data, generating a user profile, receiving and transmitting signals, analyzing received data, identifying a user, etc. The instructions may be implemented in a variety of ways, including, for example, object-oriented methods. For example, the instructions may be implemented, via the programming language C++, Java, Python, various libraries (for example, Microsoft Foundation Classes), etc. The instructions that implement the processes described in this solution can be transmitted via both wired and wireless data transmission channels, such as Wi-Fi, Bluetooth, USB, WLAN, LAN, etc.

[34] The presented method for processing and visualizing data prohibited for transmission in distributed information systems (Fig. 1 shows a diagram of the method) solves the problems of ensuring the protection of data prohibited for transmission when working in distributed information systems, as well as ensuring the protection of specific data attributes and the variability of data protection settings by sequentially performing the following steps:

• when constructing a distributed information system, they determine data prohibited from being transmitted by forming a common data array for all levels of the system, where a list of data prohibited from being transmitted is stored, templates for the subsequent replacement of this data, the source of the prohibition on transmission, and network identifiers;

• the data array generated in the previous step is made available for requests from all nodes of the constructed distributed information system;

• form the logic of automatic data verification for automatic addition of the data array generated in the first step;

• when a request for data processing is received from a node of the constructed distributed information system, an additional request is sent with a list of data to be processed to the data array generated in the first step and the possibility of processing is checked; • if data prohibited from being transferred is found, the data processing is changed by forming an abstract data layer with the automated replacement of data prohibited from being transferred with data from the corresponding template;

• generate and visualize the processed data based on the abstract data layer generated in the previous step.

[35] At the design stage of a distributed information system, it is determined which data cannot be transmitted to which nodes of the distributed information system, with a reference to the source of the prohibition.

[36] It is possible to make changes during the operation of the system by adding a table of restrictions to the distributed information system (in one implementation option - to the database). In this case, the distributed information system will additionally need to add functionality for checking the presence of such a table.

[37] The prohibition of certain data can be set explicitly by the user of the distributed information system, or it can be determined by the server in real time, using specified algorithms. In this case, the method of storing the identified prohibitions does not change.

[38] For example, in a distributed information system, logic for checking data for compliance with certain conditions can be implemented initially or by adding it during operation (in the next release of a new version of the distributed information system): for example, the presence of more than N common surnames from the directory of common surnames in a certain attribute of the table can be checked. Or the correspondence of the attribute name to a certain mask can be checked, for example, "yo.*". In this case, a new entry is automatically added to the restrictions table, making this attribute prohibited from being transmitted. [39] In the described method, all levels of the system have access to information that some data will be prohibited from being transmitted, depending on this, the calculation algorithm changes, for example, the text of SQL queries or the entire calculation architecture, for example, additional API calls. Such information about restrictions is available by creating a common restrictions table for all levels of the system.

[40] The general principle for selecting a calculation algorithm option is as follows: if at least one constraint from the constraint table for a selected attribute is triggered during calculation at any level of the system, then it is prohibited from being transferred. For example, if an aggregate for a certain attribute is calculated for less than 100 rows, and the TRANSFER_AGGR_MIN_100 rule is set for this attribute of this table, then this aggregate is not transferred between system levels.

[41] However, it may also be permitted to transmit only aggregated data, for example:

• transfer of amounts from the wage fund for the entire organization as a whole, but not for each employee.

• it may be prohibited to transmit data on average prices for a particular product, aggregated less than by region.

• if less than 100 celestial bodies are included in the spectral analysis of a group of celestial bodies, then such statistics have no scientific value and are not transferred to other levels of the system. Moreover, the ban itself is established in the form of an internal rule of the scientific organization.

• if, when studying the rate of spread of infections, it is revealed that a certain ethnic group is susceptible to this infection, then a rule can be established to prohibit the transmission of the “ethnic group” attribute, i.e. it can only be transmitted in a more general form. [42] To implement these functions, an algorithm for describing such permissions and prohibitions is provided, accessible to all levels of the system as a set of master data.

[43] In general, these constraints are formulated in any declarative (in the form of a set of rule lines that form a description of the required constraint) or imperative (in the form of a set of operators that form the logic for checking the constraint) programming language.

[44] In particular, in one of the methods of implementation in declarative form, such a set of rules can be implemented as a reference table in the DB. Table 1. Example of the structure of a reference table of attribute constraints.

[45] In another method (imperative), restrictions can be given in the form of program code for checking an attribute, for example, code for checking whether an attribute name contains the fragment "Gyu":

=IFERROR(IF(SEARCH("Bo";KS[- 1 ]); 1 ;0);0)

[46] To implement this algorithm, access to data at another level of the system can be provided by forming an abstract layer - the presentation layer (VIEW) in the DB. In this case, in the VIEW data, confidential attributes are either set to zero or calculated taking into account the restrictions in the table above.

Table 2. Example of a table with employees' salaries.

Table 3. Example of a table with restrictions on the transfer of salary data.

1 1 test employees salary TRANSFER_NO -100 An example of forming an abstract data layer taking into account constraints:

fio A salary « character varying ⁿ integer ^и Иванов Иван Ива... Abstract layer data (Table 4):

fio A salary « character varying ⁿ integer ^and Ivanov Ivan Iva...

> Petrov Petr Pet... Sidorov Sidor S...

[47] In all tables, all confidential attributes are replaced with NULL/O/empty string (any special values). However, the specific empty value can be defined separately in each implementation of the algorithm. The main criterion for choosing the type of empty value is that all parts (levels) of the system must process such values without critical errors.

[48] For example, at the last step of the algorithm - visualization on the end device, by default, instead of confidential attributes, zero values will be displayed, i.e. the graph or diagram will be displayed correctly, but with false values.

[49] If the presence of attributes prohibited from transmission is detected, the end device may request the user or automatically download the necessary data from local storage.

[50] If local storage is unavailable, the system may issue warnings about this and offer to enter the necessary data into local storage.

[51] For example, when displaying a payroll distribution chart within a department, the actual data on wages can be stored only on the computer of the head of the HR department. At the same time, the entire methodology for generating reports is available to all departments, as shown in the chart (Fig. 2).

[52] In general (see Fig. 3), the system for combining data from information systems for their subsequent visualization (300) contains one or more processors (301) connected by a common information exchange bus, memory means such as RAM (302) and ROM (303), and input/output interfaces (304).

[53] The processor (301) (or several processors, a multi-core processor, etc.) can be selected from a range of devices that are widely used today, such as those from manufacturers such as: Intel™, AMD™, Apple™, Samsung Exynos™, MediaTEK™, Qualcomm Snapdragon™, etc. The processor or one of the processors used in the system (300) must also include a graphics processor, such as an NVIDIA GPU with a software model compatible with CUDA, or Graphcore, the type of which is also is suitable for the full or partial implementation of the method, and can also be used for training and applying machine learning models in various information systems.

[54] RAM (302) is a random access memory and is intended for storing machine-readable instructions executed by the processor (301) for performing the necessary operations for logical data processing. RAM (302), as a rule, contains executable instructions of the operating system and the corresponding software components (applications, software modules, etc.). In this case, the available memory capacity of the graphic card or graphic processor can act as RAM (302).

[55] ROM (303) is one or more permanent storage devices, such as a hard disk drive (HDD), a solid-state drive (SSD), flash memory (EEPROM, NAND, etc.), optical storage media (CD-R/RW, DVD-R/RW, BlueRay Disc, MD), etc.

[56] To organize the operation of the device components (300) and to organize the operation of external connected devices, various types of I/O interfaces (304) are used. The choice of the corresponding interfaces depends on the specific design of the computing device, which may include, but are not limited to: PCI, AGP, PS/2, IrDa, FireWire, LPT, COM, SATA, IDE, Lightning, USB (2.0, 3.0, 3.1, micro, mini, type C), TRS/Audio jack (2.5, 3.5, 6.35), HDMI, DVI, VGA, Display Port, RJ45, RS232, etc.

[57] To ensure interaction between the user and the device (300), various means (305) of I/O information are used, for example, a keyboard, a display (monitor), a touch display, a touchpad, a joystick, a mouse, a light pen, a stylus, a touch panel, a trackball, speakers, a microphone, augmented reality means, optical sensors, a tablet, light indicators, a projector, a camera, biometric identification means (a retina scanner, a fingerprint scanner, a voice recognition module), etc. [58] The network interaction means (306) ensures the transmission of data via an internal or external computer network, for example, an Intranet, the Internet, a LAN, etc. One or more means (306) may be, but are not limited to: an Ethernet card, a GSM modem, a GPRS modem, an LTE modem, a 5G modem, a satellite communication module, an NFC module, a Bluetooth and/or BLE module, a Wi-Fi module, etc.

[59] The specific choice of device elements (300) for implementing various software and hardware architectural solutions may vary while maintaining the required functionality. In particular, such an implementation may be performed using electronic components used to create digital integrated circuits. I am not limited to, but may use microcircuits whose operating logic is determined during manufacture, or programmable logic integrated circuits (FPGAs), whose operating logic is specified through programming. For programming, programmers and debugging environments are used that allow you to specify the desired structure of a digital device in the form of a basic electrical circuit or a program in special hardware description languages: Verilog, VHDL, AHDL, etc. An alternative to FPGAs are: programmable logic controllers (PLCs), basic matrix crystals (BMCs), which require a factory production process for programming; ASICs — specialized custom large-scale integrated circuits (LSIs), which are significantly more expensive for small-scale and individual production. Thus, the implementation can be achieved by standard means based on classical principles of implementing the basics of computing technology.

[60] The submitted application materials disclose preferred examples of the implementation of the technical solution and should not be interpreted as limiting other, particular examples of its implementation that do not go beyond the limits of the requested legal protection, which are obvious to specialists in the relevant field of technology.

Claims

FORMULA. 1. A method for processing and visualizing data prohibited for transmission in distributed information systems, implemented using a processor and a data storage device, including the following steps: • when constructing a distributed information system, they determine data prohibited from being transmitted by forming a common data array for all levels of the system, where a list of data prohibited from being transmitted is stored, templates for the subsequent replacement of this data, the source of the prohibition on transmission, and network identifiers; • the data array generated in the previous step is made available for requests from all nodes of the constructed distributed information system; • form the logic of automatic data verification for automatic addition of the data array generated in the first step; • when a request for data processing is received from a node of the constructed distributed information system, an additional request is sent with a list of data to be processed to the data array generated in the first step and the possibility of processing is checked; • if data prohibited from being transferred is found, the data processing is changed by forming an abstract data layer with the automated replacement of data prohibited from being transferred with data from the corresponding template; • generate and visualize the processed data based on the abstract data layer generated in the previous step. 2. The method according to paragraph 1, characterized in that in the event of finding data that is prohibited from being transmitted, a request is made to the user to download this data from the local data storage. 3. The method according to paragraph 1, characterized in that in the event of finding data that is prohibited from being transmitted, this data is automatically downloaded from the local data storage. 4. A system for processing and visualizing data prohibited for transmission in distributed information systems, containing: - at least one data processing device; - at least one data storage device; - at least one program, where one or more programs are stored on one or more data storage devices and executed on one or more data processing devices, wherein the one or more programs ensure the execution of the following steps: • when constructing a distributed information system, they determine data prohibited from being transmitted by forming a common data array for all levels of the system, where a list of data prohibited from being transmitted is stored, templates for the subsequent replacement of this data, the source of the prohibition on transmission, and network identifiers; • the data array generated in the previous step is made available for requests from all nodes of the constructed distributed information system; • form the logic of automatic data verification for automatic addition of the data array generated in the first step; • when a request for data processing is received from a node of the constructed distributed information system, an additional request is sent with a list of data to be processed to the data array generated in the first step and the possibility of processing is checked; • if data prohibited from being transmitted is found, the data processing is changed by forming an abstract data layer with the automated replacement of data prohibited from being transmitted with data from the corresponding template; • the processed data is formed and visualized based on the abstract data layer formed in the previous step. 5. The system according to paragraph 3, characterized by the fact that in the event of finding data that is prohibited from being transmitted, a request is made to the user to download this data from the local data storage. 6. The system according to paragraph 3, characterized by the fact that in the event of finding data that is prohibited from being transmitted, this data is automatically downloaded from the local data storage.