[go: up one dir, main page]

WO2018195112A1 - Système de commutation basé sur la réglementation pour routage de message électronique - Google Patents

Système de commutation basé sur la réglementation pour routage de message électronique Download PDF

Info

Publication number
WO2018195112A1
WO2018195112A1 PCT/US2018/028019 US2018028019W WO2018195112A1 WO 2018195112 A1 WO2018195112 A1 WO 2018195112A1 US 2018028019 W US2018028019 W US 2018028019W WO 2018195112 A1 WO2018195112 A1 WO 2018195112A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
message
policy
router
payload
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2018/028019
Other languages
English (en)
Inventor
Jason Crabtree
Andrew Sellers
John Uchiyama
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qomplx Inc
Original Assignee
Fractal Industries Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US15/489,716 external-priority patent/US20170230285A1/en
Application filed by Fractal Industries Inc filed Critical Fractal Industries Inc
Priority to EP18788373.1A priority Critical patent/EP3613228A4/fr
Publication of WO2018195112A1 publication Critical patent/WO2018195112A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/20Hop count for routing purposes, e.g. TTL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/02Topology update or discovery
    • H04L45/04Interdomain routing, e.g. hierarchical routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/302Route determination based on requested QoS
    • H04L45/306Route determination based on the nature of the carried application
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/50Routing or path finding of packets in data switching networks using label swapping, e.g. multi-protocol label switch [MPLS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/18Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals

Definitions

  • the present invention is in the field of routing electronic messages over wide area networks possibly including the internet Specifically, the use of a system of routers that employ labels encapsulated in a message's individual, organization and government OSI model layer headers to establish message payload level availability zones.
  • network bound messages with sensitive information containing payloads are received with information regulation identifying and information policy identifying labels in addition to source router identifying label all of which may correspond to OSI model layer 8, 9 and 10 corresponding information in the form of " ⁇ GOVERNMENT>. ⁇ ORGANIZATION ⁇ .>INDIVIDUAL>" for routing functions and
  • both source and receiver specific for all applicable regulation and policy rules of the current message payload may control delivery path of the regulated message and the suitability of the intended recipient entity using additional recipient entity credential data local to the message destination systems. All stages of payload analysis, label application, transmission and delivery to the recipient entity of each service system handled payload may be logged for subsequent forensic or regulatory compliance analysis.
  • a regulation based switching system for electronic message routing comprising: an access Lightly regulated data store stored in a memory of and operating on a processor of a computing device and configured for the entry and management of information regulation and information policy rules.
  • an information regulation and information policy aware message payload level routing module stored in a memory of and operating on a processor of a computing device and configured to: retrieve all current information regulation and information policy information rules programming from the access tightly regulated data store; receive network bound messages addressed to a specific receiving entity from at least one message payload aware messaging client; apply all regulatory and policy based rule programming based upon payload content from each network bound message; confirm that the sender of the network bound message and information payload of the network bound message comply with all regulatory and policy based rule programming to be transmitted to the receiver; activate a network bound message rule compliant source router stored in a memory of and operating on a processor of a computing device and configured to send the network bound message to a receiver router at the specific receiving entity, the source router pre-programmed to choose a path of router hops compliant to all current information regulation and information policy information rules; activate a network bound message rule compliant receiver router stored in a memory of and operating on a processor of a computing device and configured to receive an incoming network message from a source router
  • a regulation based switching system for electronic message routing has been developed wherein at least one of the access tightly regulated data stores includes a ledger feature to immutably record changes made to access the tightly regulated data store, wherein at least a plurality of information regulations is issued by at least one government entity from at least one geographical region, wherein at least a plurality of information policies is issued by at least one organization from at least one geographical region.
  • a method for regulation based switching for electronic message routing comprising the steps of: a) retrieving current information handling regulation based rules programming and current information handling policy based rules programming from an access tightly regulated data store stored in a memory of and operating on a processor of a computing device using an information regulation and information policy aware message payload level routing module stored in a memory of and operating on a processor of a computing device; b) receiving network bound messages addressed to a specific receiving entity from at least one message payload aware messaging client using the information regulation and information policy aware message payload level routing module; c) applying all regulatory and policy based rule programming based upon payload content from each network bound message using the information regulation and information policy aware message payload level routing module; d) activating a network bound message rule compliant source router stored in a memory of and operating on a processor of a computing device and configured to send the network bound message to a receiver router at the specific receiving entity, the source router preprogrammed to choose a path of router hops
  • Fig. 1 is a diagram of an exemplary architecture of a regulatory message label aware message routing system per an embodiment
  • FIG. 2 is a flow diagram of an exemplary function of a regulatory message label aware message routing system in routing sensitive electronic messages per an embodiment
  • Fig. 3 is a diagram showing an exemplary representation of the ten layer OSI model divided into three sub-figures: Fig. 3A The media layers; Fig. 3B The host layers; and Fig 3C The payload layers.
  • Fig. 4 is a comparison of select features of common routers and an embodiment router.
  • FIG. 5 divided into Fig. 5A and Fig. 5B are process diagrams of a simplified OSI 8/9/10 message header and example programming structure per an embodiment
  • Fig. 6 is a diagram illustrating the use of routing regulatory labels to create availability zones
  • Fig 7 is a block diagram iUustrating an exemplary hardware architecture of a computing device used in various embodiments of the invention.
  • FIG. 8 is a block diagram iUustrating an exemplary logical architecture for a client device, according to various embodiments.
  • FIG. 9 is a block diagram iUustrating an exemplary architectural arrangement of clients, servers, and external services, according to various embodiments.
  • FIG. 10 is another block diagram iUustrating an exemplary hardware architecture of a computing device used in various embodiments.
  • Devices that are in communication with each other need not be in continuous communication with each other, unless expressly specified otherwise.
  • devices that are in communication with each other may communicate directly or indirectly through one or more intermediaries, logical or physical.
  • steps may be performed simultaneously despite being described or implied as occurring sequentially (e.g., because one step is described after the other step).
  • the illustration of a process by its depiction in a drawing does not imply that the illustrated process is exclusive of other variations and modifications thereto, does not imply that the illustrated process or any of its steps are necessary to one or more of the invention(s), and does not imply that the illustrated process is preferred.
  • steps are generally described once per embodiment, but this does not mean they must occur once, or that they may only occur once each time a process, method, or algorithm is carried out or executed. Some steps may be omitted in some embodiments or some occurrences, or some steps may be executed more than once in a given embodiment or occurrence.
  • Fig. 1 is a diagram of an exemplary architecture of a regulatory label aware message routing system 100 per an embodiment
  • the embodiment works to simplify the exchange of messages containing sensitive and regulation controlled information by allowing routing boundaries, rules, policies and router handling programming for each to be centrally entered and then dictate message flow for the entire controlled WAN.
  • the messages may enter the embodiment from external sources through a message label switch (MLS) aware messaging client 105 which is so named as it may set up routing paths based upon payload content dictated labels.
  • MLS message label switch
  • the labels may contain policy and regulatory information pertaining to an individual, and pertaining to similar information connected to entities at an organization or government level
  • These messages may arrive at the messaging client already possessing a label designation for the source router, which may be software based, to be employed to send it, one or more labels disclosing the payload and thus designating the payload router, which again may be software based, to be targeted and a destination location indication of where the author requests the message sent 105.
  • Designation of formal destination or "receiver" MLS aware router may be made by an MLS addresser module 110 which selects a receiver router for the message at least partially based upon the current rule, policy and regulation entries stored in a MLS rules write ahead data store 140.
  • the message now with its source router, payload router and receiver router designated, will pass to the source exchange module 115 which may serve as a message aggregator for the specified MLS source router 160.
  • the source router which may be software based may be implemented and configured upon arrival of a message payload requiring specific regulatory of policy dictated capabilities.
  • an MLS type source label which indicates an individual (IND), organization (ORG) and government (GOV) labeling structure 115a where information about the sender, the sender's organization and the sender's country or geographical zone may be disclosed. For example,
  • US.ABC1234MHOSP.NK EA NMD'' may identify Dr. Noa Kean at ABC1234 Memorial Hospital in the US. Each portion of this label may invoke p re-engineered programming rules within the regulatory label aware message routing system that effect the payloads that may be sent, who may send the payload and the receivers to which they may be transmitted.
  • a pre-programmed rule such as but not limited to whether NKEANMD may send messages from the source router may be exercised. If this example rule, together with other possible source router rules are passed, the message may be bound to the source router 160.
  • a next process to occur prior to transmission of the message may be the analysis of the payload label plus any other policy markers that may accompany the message header in preferred aspects, in a payload exchange module 165.
  • the payload label may of be the form "payload class" ⁇ CLASS>, "payload method” ⁇ METHOD>, and "payload origm” ⁇ STDIN
  • This label like that for binding the source router, invokes pre-engineered programming pertaining to the characteristics of the payload contained in the message as disclosed by the payload label and in at least some instances, additional policy markers attached to the message possibly in a header stack.
  • One of a great plurality of examples may be payload containing a HEPAA regulated patient record possessing a "PRECORD.TRANSFER.STDOUT" label.
  • Some pre-programmed rules that may be applied are whether the sending individual, Dr. Kean in our example, may legally access and send the payload. A failure to pass this test or other tests, individually or in combination (where the 'AND' conjunctive is implicitly in effect by default but 'OR' disjunctive may also be used) may stop the transaction.
  • Another rule may address whether ABC1234 Memorial Hospital may send the ⁇ regulated payload to the intended recipient and a last pre-programmed rule may determine whether the recipient has the credentials to receive the HIPAA protected payload.
  • the message will be bound to the payload router 170, which may be implemented and configured on-the-fly and the message may then be transmitted to the receiver exchange module 175 which serves as an aggregator for incoming messages to that router using a more global reverse receiver message, which while it has the general form of ⁇ GOV>. ⁇ ORG>. ⁇ IND> may use a more generic form of the label where the individual recipient is programmatically substituted with a generic, all inclusive, identifier (*).
  • the transfer to the receiver router may involve the transmission of the message from one regulatory label aware message routing system, which itself may be highly distributed to another distributed regulatory label aware message routing system, possibly requiring a plurality of intermediary hops.
  • message layer routing OSI 7/8
  • packet layer routing OSI 3
  • MPLS multi-protocol label switching
  • an edge router which the source router may be considered an example, to specify the router for the next hop in the path to the ultimate destination as well as possibly designating the ultimate destination router.
  • the current router may strip its designation from the list and add that of the chosen next hop router in its place.
  • An extension of MPLS may also allow labels constraining the travel of the routed message to routers with specific capabilities, possibly security protocols or message integrity related, or geographical zones, for instance only within the US, to be placed on the label stack such that only network routers with those characteristics may be used.
  • This feature of adding policy labels may allow individuals, organizations and governments using regulatory label aware message routing system services to easily ensure that their network messages fulfill all necessary data transfer laws and regulations.
  • ERR> 165a may be expected as common MLS router and MLS payload label sets, other embodiments may use labels having different informational constituents that are known to that messaging network system but are not ⁇ GOV>. ⁇ ORG>. ⁇ IND> or
  • Jo Wilson may be confirmed using the payload label 185a before being placed in a client federated payload exchange module 190 for the recipient, J. Wilson, MD. under the handling requirements for the materials listed in the payload label 190a.
  • the entire message may be duplicated such that each recipient gets an autonomous copy of the message which may be modified or tracked per programmed rules of the embodiment
  • Embodiments of the regulatory label aware message routing system provides the ability to write routing rules using a plurality of programming languages and may have extension libraries for at least a subset of those languages to allow for the precise and efficient codification of message handling actions such that all nuances of these important, potentially complex directives may be accurately represented.
  • Programming of route or policy directives may be accomplished remotely 145 in most embodiments using programming interface clients specific for either route rule command entry 120 or route policy command entry 130. Certain aspects may use only direct MLS programming client connections for route rule programming changes, policy rule programming changes or both to maintain a higher level of security.
  • MLS route rule programming is normalized in an MLS route writing module 125 and, upon confirmation of the authority of the programming author by the MLS route writing module may be committed to an append-only MLS rules write-ahead data store 140 for persistent storage.
  • MLS policy rule programming is normalized in an MLS policy writing module 135 and, upon confirmation that the author of the new programming is authorized to add rule code to the routing system, committed to the append-only MLS rules write ahead data store 140 for persistent storage.
  • embodiments of the write ahead log 140 which hold the current, working, set of both routing and policy rules as well as records of all previous rules may incorporate a distributed ledger.
  • One distributed ledger mechanism that may be used are available blockchains such as BITCOESTTM,
  • Translation of the current router and policy rules of the write ahead log 140 into the router 160, 170, 180 behavior of the embodiment may be performed by the MLS route module 150 for router rules and the MLS policy module 155 for policy expressions. These modules may perform updates by destroying existing software based routers and creating new routers compliant for the newest rule state or by updating the existing router or routers to reflect the current rule status based upon instantaneous embodiment conditions or implementation. This allows for the most efficient rule entry to rule implementation pathway based upon the specific needs of the embodiment [034] As embodiments are designed to be a distributed service, each of the described features may individually take place on different physical servers possible residing in separate, distant, data centers.
  • Fig. 2 is a flow diagram of an exemplary function of a regulatory message label aware message routing system in routing sensitive electronic messages per an embodiment 200.
  • the message payload is generated by the message client and may include data comprised of one or more of a plurality of both sensitive or regulated information parts which in turn may include but are not limited to personal identification information such as bank account numbers, personal identification numbers (ex. a social security number, driver license number, or similar such code known to those skilled in the art), national security and defense information, or intellectual property information, just to name a few examples of the focus of the function of the
  • non-regulated portions 201 may also indicate the entity meant to receive the message.
  • the message client may then create a header specifying the source of the message as well as the contents of its payload in the message's payload level (OSI layers 8/9/10 (see Fig. 3)) header, placing labels, also known as "keys" corresponding to ⁇ GOVERNMENT>, ⁇ ORGANIZATION>, and ⁇ INDVIDUAL> for the source router of the message and ⁇ CLASS>, ⁇ METHOD>, and ⁇ ORIGEV> describing the payload 202.
  • OSI layers 8/9/10 see Fig. 3
  • Source router label information within the header and the payload description label information may then be used to address the message to a receiver router based upon the contents of the message header, the intended recipient and the current routing rules and policies stored within the embodiment 203. It is possible that the combination of the message header's source router and payload keys and the current embodiment's router rules and policies, no acceptable receiver router will be generated as the message may not be sent to the intended recipient. Under this condition when the message is bound to the source router by the header's sourceKey 204, this routing rule failure or some other routing rule or policy failure later determined 205 may lead 206 to the message not being sent 207 in which case the message client (Fig. 1, 105) may be informed.
  • the nature and restrictions upon the payload of the message may also be determined based upon the embodiment's message client generated payload label designations 209 after the message is aggregated upon passing through the source router and bound to the payload router 208. Again, failure to comply with routing rules and policies based on payload contents may lead 210 to a failure of the message to progress to the intended recipient 211 for security, secrecy, or statutory restrictions, just to name a few examples of delivery failure categories familiar to those skilled in the art and handled by embodiments.
  • the message may be sent to the recipient This may be done by first sending the message to a receiving router for the organization, ignoring the receiving individual and may take multiple transitions between connected routing appliances (hops) to accomplish. These hops are pre-specified by
  • the header receiver label first pointing to the first intermediate hop router, which upon reaching the first intermediate hop router is stripped from the header and replaced by the label for the second intermediate hop router and so on, the process of substituting the receiving router label repeating until the ultimate destination router is reached.
  • the path or router hops taken may be affected by other policy or router rules such as but not limited to restrictions on geographical zone or region or information protection protocols present, that each router must fulfill, for example "US", "defense department controlled” or "fflPAA safeguards in place” to name just a few illustrative possibilities, the message may be restricted only to MLS routers in the US, restricted only to MLS routers controlled by the military, or only MLS routers running specific information handling or protection protocols, HIPAA protections, in the example.
  • the MLS header including all labels may be stripped the message forwarded, provided that individual is determined to be authorized to handle the sent information 212, using lookup for the recipient individual, the message is delivered using classic OSI layer 3 routing and layer 2 switching 214.
  • Certain embodiments may routinely encrypt the payload or handle payloads with task specific encoding such as but not limited to structured threat information expression (STIX), trusted automated exchange of indicator information ( ⁇ ), and cyber observables (CybOX), among other similar offerings known to those skilled in the art.
  • task specific encoding such as but not limited to structured threat information expression (STIX), trusted automated exchange of indicator information ( ⁇ ), and cyber observables (CybOX), among other similar offerings known to those skilled in the art.
  • Fig. 3 is a diagram showing an exemplary representation of the ten layer OSI model.
  • the OSI stack has long served as a model of the abstract layers that make up a network system 301 from computing device application at layer seven through the physical media that may cany the encoded impulses at layer 1 each with a specific attributed function 302.
  • layers 1, 2, and 3 which are often called the "media layers" 310 comprise the 1.
  • the physical layer 311a which is made up of the hardware, such as network cards, patch cables and repeaters that generates, carries and receives the information containing impulses 311b; 2.
  • the data link layer 312a which represents the low level protocols such as Ethernet and token ring, just to name two, to ensure reliable transmission of data between two endpoints connected by physical layer devices, switches are placed at this layer 312b; and 3.
  • the network layer 313a which manages network traffic between multiple network nodes including message packet routing and traffic control protocols, routers are placed at this layer 313b. Looking at Fig.
  • the next 4 layers may, together, be designated the "host layers 320" comprise: Layer 4, the transport layer 321a which includes the protocols, such as udp and tcp that promote reliable transmission of data segments or datagrams between points on a network including connection initiation, segment acknowledgement, and re-transmit management 321b; Layer 5, the session layer 322a provides management of communication sessions in the form of back and forth transmission of information between two nodes on a network 322b; Layer 6 the presentation layer 323a, which manages form changes such as network level encryption/decryption, and compression/decompression of data 323b; and Layer 7, the application layer 324a which comprise the APIs allowing an operating system level process to exchange data with OSI layers below it 324b. Some of these layers place informational headers pertaining to their activities onto the core payload data which travels over the network with the payload data packets and are removed as the transmission is delivered at the destination.
  • the transport layer 321a which includes the protocols, such as udp and tc
  • Payload Layers 330 which comprises Layer 8, an individual layer 331a, which manages parameters within a payload description pertaining to the individual sending a network transmission containing the payload and an individual receiving that network transmission 331b.
  • Layer 9 an organization layer 332a, which manages parameters in a payload description that pertains to the sending organization and the receiving organization including authorization to the payload contents and rules and policies of both organizations that may modify network message transmission, including pathway and delivery 332b.
  • Layer 10 a "government layer” 333a allows description of rules and policies that may relate to geographical or network topology defined “availability zones" for where specific information may be transmitted and what safeguards must accompany the payload information 333b.
  • Fig. 4 is a comparison of select features of common routers and an embodiment router 400.
  • virtually all routers called to mind when discussing a computing device network 410 from a small wide area network to those that serve the internet perform by reading the OSI layer 3 packet header 411 and determining to which of a plurality of known routers 413 to forward that packet using the destination ip address, or a suitable analog depending on the networking system in use, without regard to payload contents.
  • Multiple improvements on this basic description have arisen, but the majority have been in response to speed and network segment congestion issues or aimed at more rudimentary security matters as preventing injection of malicious routers into the routing tables used to determine a next "hop" in a delivery path.
  • Embodiment MLS routers 420 may route messages through a network based upon the payload contents and any regulatory routing rules or policies associated with that payload and thus may be considered to work on OSI layers 8,9 and 10 that have been added to the OSI model to describe the activities of networking protocols and hardware that inspect message payload related restrictions, credentials or instructions pertaining to individuals (OSI layer 8), organizations (OSI layer 9) and governments (OSI layer 10) 421.
  • embodiments also comprise an extensive body of programming at least some of which attaches identifying labels for entities, groups of entities, and payload information regulations and policies to specific actions and effects of those regulations and policies to, for example, programmatically ensure that a message payload marked with the label such as "ELT is only routed through European Union compliant routers 423.
  • ELT European Union compliant routers 423.
  • Fig. 5 divided into Figs. 5A and 5B are process diagrams of a simplified OSI 8/9/10 message header and example programming structure per an embodiment 500.
  • Fig. 5A Given a network with a simplified embodiment OSI layer 8/9/10 type header 510 presented here, we have a message being sent by N. Kean, MD 515d at ABC1234 Memorial Hospital 515c which is in the United States 515b (US.ABC1234MHOSP.NKEANMD) as indicated by the sourceKey 515a.
  • N. Kean MD 515d at ABC1234 Memorial Hospital 515c which is in the United States 515b (US.ABC1234MHOSP.NKEANMD) as indicated by the sourceKey 515a.
  • the message payload is a patient's record 520b, the action is categorized as a transfer 520c and the initiator may be a workstation: STDOUT 520d as is indicated by the messages payloadKey (PRECORD.TRANSFEKSTDOUT) 520a.
  • the message and is payload is being sent to another doctor J. Wilson, MD and a remote embodiment served hospital WXYZ4321 Memorial Hospital which is also in the United States as is indicated by the receiverKey 525a in the message's header (US.WXYZ4321MHOSPJW1I.SONMD) 525b, 525c, 525d.
  • header is devised to best illustrate some of the important features of the embodiment and may not be found in a single header or, in some cases, any header generated by a preferred embodiment
  • the MLS addresser module (see Fig. 1, 110) 550 may add the label for the receiving router: .addReceiverKeyQ and then sends the message.
  • the source router exchange 115, 551 may perform several pre-programmed tests and then binds the message to the source router 160, 552 which may be implemented (.of("US.ABC1234MHOSP.*")) and configured (.if("patient-health-record'')) on-the-fly in software in certain embodiments.
  • the message may then be passed to a payload exchange module 165, 553 which may perform further payload specific tests and then bind the message to the appropriate payload router 170, 554, 555, As illustrated in Fig. 5B, 590, which again may be implemented
  • Fig. 6 is a diagram illustrating the use of routing regulatory labels to create availability zones 600.
  • Availability zones may be a large geographical region such as a country, for example the United States 601, Mexico 602 and Canada 603 just to list three of the plurality known to those skilled in the art
  • Other availability zones may result from the presence of a specific organization such as but in no way limited to military installations 610a, 610b, 610c and 690 which may possess the ability to process defense regulated messages 615a, 615b, 615c or health care facilities 620a, 620b, 620c which may occupy geography as small as a single building and be equipped to process HIPAA regulated messages 625a, 625b, 625c.
  • a USA (US) defense (DEF) regulated and labeled message 617 with an MLS header 617a may thus be sent to USA military installations such as but not limited to bases and buildings 610a-c over MLS service routers 615a, 615b, 615c.
  • USA military installations such as but not limited to bases and buildings 610a-c over MLS service routers 615a, 615b, 615c.
  • a health care message payload 655 with a MLS compliant header 655a will be successfully sent by a HIPAA compliant MLS source router 625c to a HIPAA compliant MLS router 625b at a second HIPAA credentialed availability zone 620b but not to a US DEF authorized availability zone 610c which lacks HIPAA data handling protocols 663.
  • Embodiments may route messages through compliant MLS router exclusive paths 615a to 615b to 615c when intermediate hops are required. Failed message transmission attempts 661, 662, 663 would fail prior to transmission out of the source availability zones. Partial paths in those samples were solely to illustrate the intended, failing target
  • the techniques disclosed herein may be implemented on hardware or a combination of software and hardware. For example, they may be implemented in an operating system kernel, in a separate user process, in a library package bound into network applications, on a specially constructed machine, on an application-specific integrated circuit (ASIC), or on a network interlace card.
  • ASIC application-specific integrated circuit
  • Software/hardware hybrid implementations of at least some of the embodiments disclosed herein may be implemented on a programmable network-resident machine (which should be understood to include intermittently connected network-aware machines) selectively activated or reconfigured by a computer program stored in memory.
  • a programmable network-resident machine which should be understood to include intermittently connected network-aware machines
  • Such network devices may have multiple network interfaces that may be configured or designed to utilize different types of network communication protocols.
  • a general architecture for some of these machines may be described herein in order to illustrate one or more exemplary means by which a given unit of functionality may be implemented.
  • At least some of the features or functionalities of the various embodiments disclosed herein may be implemented on one or more general-purpose computers associated with one or more networks, such as for example an end-user computer system, a client computer, a network server or other server system, a mobile computing device (e.g., tablet computing device, mobile phone, smartphone, laptop, or other appropriate computing device), a consumer electronic device, a music player, or any other suitable electronic device, router, switch, or other suitable device, or any combination thereof.
  • at least some of the features or functionalities of the various embodiments disclosed herein may be implemented in one or more virtualized computing environments (e.g., network computing clouds, virtual machines hosted on one or more physical computing machines, or other appropriate virtual environments).
  • FIG. 7 there is shown a block diagram depicting an exemplary computing device 10 suitable for implementing at least a portion of the features or functionalities disclosed herein.
  • Computing device 10 may be, for example, any one of the computing machines listed in the previous paragraph, or indeed any other electronic device capable of executing software- or hardware-based instructions according to one or more programs stored in memory.
  • Computing device 10 may be configured to communicate with a plurality of other computing devices, such as clients or servers, over communications networks such as a wide area network a metropolitan area network, a local area network, a wireless network, the Internet, or any other network, using known protocols for such communication, whether wireless or wired.
  • communications networks such as a wide area network a metropolitan area network, a local area network, a wireless network, the Internet, or any other network, using known protocols for such communication, whether wireless or wired.
  • computing device 10 includes one or more central processing units (CPU) 12, one or more interfaces 15, and one or more busses 14 (such as a peripheral component interconnect (PCI) bus).
  • CPU 12 may be responsible for implementing specific functions associated with the functions of a specifically configured computing device or machine.
  • a computing device 10 may be configured or designed to function as a server system utilizing CPU 12, local memory 11 and/or remote memory 16, and interface(s) 15.
  • CPU 12 may be caused to perform one or more of the different types of functions and/or operations under the control of software modules or components, which for example, may include an operating system and any appropriate applications software, drivers, and the like.
  • CPU 12 may include one or more processors 13 such as, for example, a processor from one of the Intel, ARM, Qualcomm, and AMD families of microprocessors. In some
  • processors 13 may include specially designed hardware such as application- specific integrated circuits (ASICs), electrically erasable programmable read-only memories (EEPROMs), field-programmable gate arrays (FPGAs), and so forth, for controlling operations of computing device 10.
  • ASICs application-specific integrated circuits
  • EEPROMs electrically erasable programmable read-only memories
  • FPGAs field-programmable gate arrays
  • a local memory 11 such as non-volatile random access memory (RAM) and/or read-only memory (ROM), including for example one or more levels of cached memory
  • RAM non-volatile random access memory
  • ROM read-only memory
  • Memory 11 may be used for a variety of purposes such as, for example, caching and/or storing data, prograniming instructions, and the like.
  • CPU 12 may be one of a variety of system-on-a-chip (SOC) type hardware that may include additional hardware such as memory or graphics processing chips, such as a Qualcomm SNAPDRAGONTM or Samsung EXYNOSTM CPU as are becoming increasingly common in the art, such as for use in mobile devices or integrated devices.
  • SOC system-on-a-chip
  • processor is not limited merely to those integrated circuits referred to in the art as a processor, a mobile processor, or a microprocessor, but broadly refers to a microcontroller, a microcomputer, a programmable logic controller, an application-specific integrated circuit, and any other programmable circuit.
  • interfaces 15 are provided as network interface cards (NICs).
  • NICs network interface cards
  • NICs control the sending and receiving of data packets over a computer network; other types of interfaces 15 may for example support other peripherals used with computing device 10.
  • interfaces that may be provided are Ethernet interfaces, frame relay interfaces, cable interfaces, DSL interfaces, token ring interfaces, graphics interfaces, and the like.
  • interfaces may be provided such as, for example, universal serial bus (USB), Serial, Ethernet, FIREWIRETM, THUNDERBOLTTM, PCI, parallel, radio frequency (RF), BLUETOOTHTM, near-field communications (e.g., using near-field magnetics), 802.11 (WiFi), frame relay, TCP/IP, ISDN, fast Ethernet interfaces, Gigabit Ethernet interfaces, Serial ATA (SATA) or external SATA (ESATA) interfaces, high-definition multimedia interface (HDMI), digital visual interface (DVT), analog or digital audio interfaces, asynchronous transfer mode (ATM) interfaces, high-speed serial interface (HSSI) interfaces, Point of Sale (POS) interfaces, fiber data distributed interfaces (FDDIs), and the like.
  • USB universal serial bus
  • RF radio frequency
  • BLUETOOTHTM near-field communications
  • near-field communications e.g., using near-field magnetics
  • WiFi wireless FIREWIRETM
  • Such interfaces 15 may include physical ports appropriate for communication with appropriate media. In some cases, they may also include an independent processor (such as a dedicated audio or video processor, as is common in the art for high-fidelity A/V hardware interfaces) and, in some instances, volatile and/or non-volatile memory (e.g., RAM).
  • an independent processor such as a dedicated audio or video processor, as is common in the art for high-fidelity A/V hardware interfaces
  • volatile and/or non-volatile memory e.g., RAM
  • processors 13 may be used, and such processors 13 may be present in a single device or distributed among any number of devices.
  • a single processor 13 handles communications as well as routing computations, while in other embodiments a separate dedicated conununications processor may be provided.
  • different types of features or functionalities may be implemented in a system according to the invention that includes a client device (such as a tablet device or smartphone ninning client software) and server systems (such as a server system described in more detail below).
  • the system of the present invention may employ one or more memories or memory modules (such as, for example, remote memory block 16 and local memory 11) configured to store data, program instructions for the general- purpose network operations, or other information relating to the functionality of the
  • Program instructions may control execution of or comprise an operating system and/or one or more applications, for example.
  • Memory 16 or memories 11, 16 may also be configured to store data structures, configuration data, encryption data, historical system operations information, or any other specific or generic non-program information described herein.
  • At least some network device embodiments may include nontransitoiy machine-readable storage media, which, for example, may be configured or designed to store program instructions, state information, and the like for performing various operations described herein.
  • nontransitory machine- readable storage media include, but are not limited to, magnetic media such as hard disks, floppy disks, and magnetic tape; optical media such as CD- ROM disks; magneto-optical media such as optical disks, and hardware devices that are specially configured to store and perform program instructions, such as read-only memory devices (ROM), flash memory (as is common in mobile devices and integrated systems), solid state drives (SSD) and "hybrid SSD” storage drives that may combine physical components of solid state and hard disk drives in a single hardware device (as are becoming increasingly common in the art with regard to personal computers), memristor memory, random access memory (RAM), and the like.
  • ROM read-only memory
  • flash memory as is common in mobile devices and integrated systems
  • SSD solid state drives
  • hybrid SSD hybrid SSD
  • such storage means may be integral and non-removable (such as RAM hardware modules that may be soldered onto a motherboard or otherwise integrated into an electronic device), or they may be removable such as swappable flash memory modules (such as “thumb drives” or other removable media designed for rapidly exchanging physical storage devices), "hot-swappable” hard disk drives or solid state drives, removable optical storage discs, or other such removable media, and that such integral and removable storage media may be utilized interchangeably.
  • program instructions include both object code, such as may be produced by a compiler, machine code, such as may be produced by an assembler or a linker, byte code, such as may be generated by for example a JAVATM compiler and may be executed using a Java virtual machine or equivalent, or files containing higher level code that may be executed by the computer using an interpreter (for example, scripts written in Python, Perl, Ruby, Groovy, or any other scripting language).
  • interpreter for example, scripts written in Python, Perl, Ruby, Groovy, or any other scripting language.
  • systems according to the present invention may be implemented on a standalone computing system.
  • Fig. 8 there is shown a block diagram depicting a typical exemplary architecture of one or more embodiments or components thereof on a standalone computing system.
  • Computing device 20 includes processors 21 that may run software that cany out one or more functions or applications of embodiments of the invention, such as for example a client application 24.
  • Processors 21 may carry out computing instructions under control of an operating system 22 such as, for example, a version of Microsoft's
  • WINDOWSTM operating system Apple's Mac OS X or iOS operating systems, some variety of the Linux operating system, Google's ANDROIDTM operating system, or the like.
  • one or more shared services 23 may be operable in system 20, and may be useful for providing common services to client applications 24.
  • Services 23 may for example be WINDOWSTM services, user-space common services in a Linux environment, or any other type of common service architecture used with operating system 21.
  • Input devices 28 may be of any type suitable for receiving user input, including for example a keyboard, touchscreen, microphone (for example, for voice input), mouse, touchpad, trackball, or any combination thereof.
  • Output devices 27 may be of any type suitable for providing output to one or more users, whether remote or local to system 20, and may include lor example one or more screens for visual output, speakers, printers, or any combination thereof.
  • Memory 25 may be random-access memory having any structure and architecture known in the art, for use by processors 21, for example to run software.
  • Storage devices 26 may be any magnetic, optical mechanical, memristor, or electrical storage device for storage of data in digital form (such as those described above). Examples of storage devices 26 include flash memory, magnetic hard drive, CD-ROM, and/or the like. [056] In some embodiments, systems of the present invention may be implemented on a distributed computing network, such as one having any number of clients and/or servers.
  • FIG. 9 there is shown a block diagram depicting an exemplary architecture 30 for implementing at least a portion of a system according to an embodiment of the invention on a distributed computing network.
  • any number of clients 33 may be provided.
  • Each client 33 may run software for implementing client-side portions of the present invention; clients may comprise a system 20 such as that illustrated above.
  • any number of servers 32 may be provided for handling requests received from one or more clients 33.
  • Clients 33 and servers 32 may communicate with one another via one or more electronic networks 31, which may be in various embodiments any of the Internet, a wide area network, a mobile telephony network (such as CDMA or GSM cellular networks), a wireless network (such as WiFi, Wimax, LTE, and so forth), or a local area network (or indeed any network topology known in the art; the invention does not prefer any one network topology over any other).
  • a mobile telephony network such as CDMA or GSM cellular networks
  • a wireless network such as WiFi, Wimax, LTE, and so forth
  • a local area network or indeed any network topology known in the art; the invention does not prefer any one network topology over any other.
  • Networks 31 may be implemented using any known network protocols, including for example wired and/or wireless protocols.
  • servers 32 may call external services 37 when needed to obtain additional information, or to refer to additional data concerning a particular call.
  • external services 37 may take place, for example, via one or more networks 31.
  • external services 37 may comprise web-enabled services or functionality related to or installed on the hardware device itself
  • client applications 24 may obtain information stored in a server system 32 in the cloud or on an external service 37 deployed on one or more of a particular enterprise's or user's premises.
  • clients 33 or servers 32 may make use of one or more specialized services or appliances that may be deployed locally or remotely across one or more networks 31.
  • one or more databases 34 may be used or referred to by one or more embodiments of the invention. It should be understood by one having ordinary skill in the art that databases 34 may be arranged in a wide variety of architectures and using a wide variety of data access and manipulation means.
  • one or more databases 34 may comprise a relational database system using a structured query language (SQL), while others may comprise an alternative data storage technology such as those referred to in the art as "NoSQL” (for example, Hadoop Cassandra, Google BigTable, and so forth).
  • SQL structured query language
  • variant database architectures such as column-oriented databases, in- memory databases, clustered databases, distributed databases, or even flat file data repositories may be used according to the invention. It will be appreciated by one having ordinary skill in the art that any combination of known or future database technologies may be used as appropriate, unless a specific database technology or a specific arrangement of components is specified for a particular embodiment herein. Moreover, it should be appreciated that the term "database'' as used herein may refer to a physical database machine, a cluster of machines acting as a single database system, or a logical database within an overall database management system.
  • database'' it should be construed to mean any of these senses of the word, all of which are understood as a plain meaning of the term “database” by those having ordinary skill in the art.
  • security systems 36 and configuration systems 35 may make use of one or more security systems 36 and configuration systems 35.
  • Security and configuration management are common information technology (IT) and web functions, and some amount of each are generally associated with any IT or web systems. It should be understood by one having ordinary skill in the art that any configuration or security subsystems known in the art now or in the future may be used in conjunction with embodiments of the invention without limitation, unless a specific security 36 or configuration system 35 or approach is specifically required by the description of any specific embodiment
  • Fig. 10 shows an exemplary overview of a computer system 40 as may be used in any of the various locations throughout the system. It is exemplary of any computer that may execute code to process data. Various modifications and changes may be made to computer system 40 without departing from the broader scope of the system and method disclosed herein.
  • Central processor unit (CPU) 41 is connected to bus 42, to which bus is also connected memory 43, nonvolatile memory 44, display 47, input/output (I/O) unit 48, and network interface card (NIC) 53.
  • I/O unit 48 may, typically, be connected to keyboard 49, pointing device 50, hard disk 52, and real-time clock 51.
  • NIC 53 connects to network 54, which may be the Internet or a local network, which local network may or may not have connections to the Internet,
  • power supply unit 45 connected, in this example, to a main alternating current (AC) supply 46.
  • AC alternating current
  • functionality for implementing systems or methods of the present invention may be distributed among any number of client and/or server components.
  • various software modules may be implemented for performing various functions in connection with the present invention, and such modules may be variously implemented to run on server and/or client

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Un système destiné à un système pour système de commutation basé sur la réglementation pour routage de message électronique a été développé. Une mémoire de stockage de données sécurisées reçoit et gère des règles de politique d'informations et de réglementation d'informations codifiantes de programmation. Un module de routage de niveau de charge utile de message sensible à la politique d'informations et à la réglementation d'informations récupère toute la programmation de règles de réglementation d'informations de politique d'informations et de réglementation d'informations en cours à partir de la mémoire de stockage de données à accès étroitement réglementé et applique toute la programmation de règles basées sur la réglementation et la politique sur la base d'un contenu de charge utile à partir de chaque message lié au réseau. Il envoie ensuite le message de réseau à un routeur de réception conforme aux règles pour une livraison finale à l'entité de réception.
PCT/US2018/028019 2017-04-17 2018-04-17 Système de commutation basé sur la réglementation pour routage de message électronique Ceased WO2018195112A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP18788373.1A EP3613228A4 (fr) 2017-04-17 2018-04-17 Système de commutation basé sur la réglementation pour routage de message électronique

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US15/489,716 US20170230285A1 (en) 2015-10-28 2017-04-17 Regulation based switching system for electronic message routing
US15/489,716 2017-04-17

Publications (1)

Publication Number Publication Date
WO2018195112A1 true WO2018195112A1 (fr) 2018-10-25

Family

ID=63856879

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2018/028019 Ceased WO2018195112A1 (fr) 2017-04-17 2018-04-17 Système de commutation basé sur la réglementation pour routage de message électronique

Country Status (2)

Country Link
EP (1) EP3613228A4 (fr)
WO (1) WO2018195112A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115348340A (zh) * 2022-08-15 2022-11-15 中国人民解放军战略支援部队信息工程大学 一种数据转发方法、装置、设备和存储介质

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102022122964A1 (de) 2022-09-09 2024-03-14 Trumpf Laser Gmbh Vorrichtung und Verfahren zum Bearbeiten eines Materials
DE102022122968A1 (de) 2022-09-09 2024-03-14 Trumpf Laser- Und Systemtechnik Gmbh Transparentes Bauteil mit einer funktionalisierten Oberfläche

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070012161A1 (en) * 2005-07-11 2007-01-18 Lyles Cosmos M Stringed instrument that maintains relative tune
WO2011011942A1 (fr) * 2009-07-28 2011-02-03 中兴通讯股份有限公司 Procédé pour la mise en œuvre de règle et de commande de facturation dans un scénario d’itinérance
US20140040975A1 (en) * 2009-01-28 2014-02-06 Headwater Partners I Llc Virtualized Policy & Charging System

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8850057B2 (en) * 2007-09-20 2014-09-30 Intel Corporation Healthcare semantic interoperability platform
US20150381571A1 (en) * 2014-06-27 2015-12-31 Poctor Inc. System and method for securely managing medical interactions
US10797992B2 (en) * 2015-07-07 2020-10-06 Cisco Technology, Inc. Intelligent wide area network (IWAN)

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070012161A1 (en) * 2005-07-11 2007-01-18 Lyles Cosmos M Stringed instrument that maintains relative tune
US20140040975A1 (en) * 2009-01-28 2014-02-06 Headwater Partners I Llc Virtualized Policy & Charging System
WO2011011942A1 (fr) * 2009-07-28 2011-02-03 中兴通讯股份有限公司 Procédé pour la mise en œuvre de règle et de commande de facturation dans un scénario d’itinérance

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3613228A4 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115348340A (zh) * 2022-08-15 2022-11-15 中国人民解放军战略支援部队信息工程大学 一种数据转发方法、装置、设备和存储介质
CN115348340B (zh) * 2022-08-15 2024-03-08 中国人民解放军战略支援部队信息工程大学 一种数据转发方法、装置、设备和存储介质

Also Published As

Publication number Publication date
EP3613228A4 (fr) 2021-01-06
EP3613228A1 (fr) 2020-02-26

Similar Documents

Publication Publication Date Title
US20170230285A1 (en) Regulation based switching system for electronic message routing
US10979458B2 (en) Data loss prevention (DLP) policy enforcement based on object metadata
JP6476339B6 (ja) クラウド・コンピューティング・サービス(ccs)上に保存された企業情報をモニター、コントロール、及び、ドキュメント当たりの暗号化を行うシステム及び方法
US10614233B2 (en) Managing access to documents with a file monitor
US20230080528A1 (en) Smart data protection
US10110635B1 (en) Device policy composition and management system
US10367744B1 (en) Systems and methods for network traffic routing to reduce service congestion at a server
US11455388B1 (en) System and method for end-to-end data trust management with real-time attestation
AU2018391625A1 (en) Re-encrypting data on a hash chain
US11178105B2 (en) Secure enclave-based guest firewall
US20160357591A1 (en) Scalable policy management in an edge virtual bridging (evb) environment
US11729221B1 (en) Reconfigurations for network devices
US20190139133A1 (en) System for periodically updating backings for resource requests
CA3088147C (fr) Isolation de donnees dans des chaines de hachage distribuees
US20210099492A1 (en) System and method for regulated message routing and global policy enforcement
WO2018195112A1 (fr) Système de commutation basé sur la réglementation pour routage de message électronique
US10491513B2 (en) Verifying packet tags in software defined networks
US10594703B2 (en) Taint mechanism for messaging system
US8738935B1 (en) Verified erasure of data implemented on distributed systems
US20210133340A1 (en) System and Method for Protecting Information
US12483599B2 (en) Regulation-based electronic message routing
US20240348655A1 (en) Regulation-based electronic message routing
Indhumathil et al. Third-party auditing for cloud service providers in multicloud environment
Lata et al. Cyber security techniques in cloud environment: comparative analysis of public, private and hybrid cloud
US9619840B2 (en) Backing management

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18788373

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2018788373

Country of ref document: EP

Effective date: 20191118