Search

US-12619594-B1 - Systems and methods for rule-based database management and tagging

US12619594B1US 12619594 B1US12619594 B1US 12619594B1US-12619594-B1

Abstract

A method comprises generating a ciphertext rule defining a column tag when at least a subset of digits in a ciphertext stored in a column of a table matches predefined ciphertext digits associated with at least one of a first purpose, a first type, or a first sensitivity of column data in the column, generating, by the rule application, a table rule defining a table tag when the table includes the column that is tagged with the column tag, wherein the table tag labels the table as being associated with at least one of a second purpose, a second type, or a second sensitivity of table data in the table, and tagging, by a tag application executing at the database management system, the column with the column tag based on the ciphertext rule and the table with the table tag based on the table rule.

Inventors

  • Terri BLY

Assignees

  • T-MOBILE INNOVATIONS LLC

Dates

Publication Date
20260505
Application Date
20241212

Claims (19)

  1. 1 . A method implemented in a communication network to perform database management and tagging, wherein the method comprises: maintaining, at a data store in the communication network, ciphertext data including mappings between predefined ciphertext digits and one or more data attributes, wherein the one or more data attributes comprise at least one of an identification of an encryption key, an identification of an encryption attribute, or an identification of a type of data; identifying, by a rule application executing at a database management system in the communication network, a term associated with data elements at one or more tables in one or more databases of the communication network, wherein the one or more tables each comprise one or more columns; generating, by the rule application, a cleartext rule for the term, wherein the cleartext rule defines a first column tag based on a format in which data associated with the term is stored in the one or more columns; generating, by the rule application, a ciphertext rule for the term, wherein the ciphertext rule defines a second column tag when at least a subset of digits in a ciphertext stored in the one or more columns matches the predefined ciphertext digits, and wherein the ciphertext comprises encrypted data; generating, by the rule application, a table rule defining a table tag for each of the one or more tables based on the second column tag of the one or more columns at the one or more tables; tagging, by a tag application executing at the database management system, a column at a table with the second column tag based on the ciphertext rule and the ciphertext included in the column by storing the second column tag in association with the column in the data store; tagging, by the tag application, the table with the table tag based on the table rule and the second column tag of the column in the table by storing the table tag in association with the table in the data store; and responding, by the tag application, to a database query using the table tag and the second column tag.
  2. 2 . The method of claim 1 , wherein the data elements comprise the one or more columns, one or more rows, and one or more samples of data from the one or more tables, and wherein the samples of data comprise encrypted data as the ciphertext.
  3. 3 . The method of claim 1 , further comprising generating, by the rule application, a metadata rule for the term, wherein the metadata rule defines column names of one or more columns at the one or more tables.
  4. 4 . The method of claim 3 , wherein the column at the one or more tables is tagged with the second column tag further based on the metadata rule and a column name of the column.
  5. 5 . The method of claim 1 , wherein responding, by the tag application, to the database query using the table tag and the second column tag comprises: searching, by the tag application, table tags stored in the data store to determine that the table stores data indicated in the database query; searching, by the tag application, column tags stored in the data store to determine that the column stores the data indicated in the database query; and obtaining, by the tag application, a response to the database query based on data obtained from the table and the column.
  6. 6 . A database management system, comprising: a data store comprising ciphertext data including mappings between predefined ciphertext digits and one or more data attributes, wherein the one or more data attributes comprise at least one of an identification of an encryption key, an identification of an encryption attribute, or an identification of a type of data; one or more non-transitory memories; one or more processors coupled to the one or more memories; a rule application stored at one or more of the one or more memories, which when executed by one or more of the one or more processors, causes the rule application to be configured to: identify a term associated with data elements at one or more tables in one or more databases, wherein the one or more tables each comprise one or more columns; generate a cleartext rule for the term, wherein the cleartext rule defines a first column tag based on a format in which data associated with the term is stored in the one or more columns; generate a ciphertext rule for the term defining a second column tag when at least a subset of digits in a ciphertext stored in the one or more columns matches the predefined ciphertext digits associated with a type of data, wherein the ciphertext comprises encrypted data; generate a table rule defining a table tag for each of the one or more tables based on the second column tag when the one or more table includes the one or more columns that are tagged with the second column tag; and a tag application stored at one or more of the one or more memories, which when executed by one or more of the one or more processors, causes the tag application to be configured to: tag a column at a table with the second column tag based on the ciphertext rule and the ciphertext included in the column by storing the second column tag in association with the column in the data store; tag the table with the table tag after the column is tagged with the column tag based on the table rule and the second column tag of the column in the table by storing the table tag in association with the table in the data store; and responding to a database query using the table tag and the second column tag.
  7. 7 . The database management system of claim 6 , wherein the rule application is further configured to generate a metadata rule defining possible column names for the column storing a predefined type of data.
  8. 8 . The database management system of claim 6 , wherein the ciphertext includes a plurality of digits, and wherein the subset of digits in the ciphertext is a suffix of the ciphertext or a prefix of the ciphertext.
  9. 9 . The database management system of claim 8 , wherein the ciphertext includes an identifier of an encryption key and an identifier of an encryption algorithm performed on underlying data to obtain the ciphertext.
  10. 10 . The database management system of claim 6 , wherein the ciphertext rule indicates that when the ciphertext in the one or more columns includes the predefined ciphertext digits as a suffix of the ciphertext, the one or more columns store data elements of the type of data, and the one or more columns are to be tagged with the second column tag.
  11. 11 . The database management system of claim 6 , wherein the table tag indicates at least one of customer data or employee data.
  12. 12 . The database management system of claim 6 , wherein the table tag is a label or metadata describing at least one of a purpose, type, or sensitivity of data in the table.
  13. 13 . The database management system of claim 6 , wherein the second column tag is a label or metadata describing at least one of a purpose, type, or sensitivity of data in the column.
  14. 14 . A method, comprising: maintaining, at a data store, ciphertext data including mappings between predefined ciphertext digits and one or more data attributes, wherein the one or more data attributes comprise at least one of an identification of an encryption key, an identification of an encryption attribute, or an identification of a type of data; identifying, by a rule application executing at a database management system, a term associated with data elements at one or more tables in one or more databases of the communication network, wherein the one or more tables each comprise one or more columns; generating, by the rule application, a cleartext rule for the term, wherein the cleartext rule defines a first column tag based on a format in which data associated with the term is stored in the one or more columns; generating, by the rule application, a ciphertext rule for the term defining a second column tag when at least a subset of digits in a ciphertext stored in the one or more columns matches the predefined ciphertext digits associated with at least one of a first purpose, a first type, or a first sensitivity of column data in the one or more columns; generating, by the rule application, a table rule defining a table tag for each of the one or more tables based on the second column tag when the one or more tables include the one or more columns that are tagged with the second column tag, wherein the table tag labels the one or more tables as being associated with at least one of a second purpose, a second type, or a second sensitivity of table data in the table; tagging, by a tag application executing at the database management system, a column at a table with the second column tag based on the ciphertext rule and the ciphertext included in the column by storing the second column tag in association with the column in the data store; tagging, by the tag application, the table with the table tag based on the table rule and the second column tag of the column in the table by storing the table tag in association with the table in the data store; and responding, by the tag application, to a database query using the table tag and the second column tag.
  15. 15 . The method of claim 14 , wherein the one or more data attributes comprise at least an identification of the first purpose, the first type, or the first sensitivity of the column data.
  16. 16 . The method of claim 14 , further comprising: maintaining, in the data store, the second column tag in association with the column; and maintaining, in the data store, the table tag in association with the table.
  17. 17 . The method of claim 14 , further comprising generating, by the rule application, a metadata rule defining column names of at least one column storing the column data of at least one of the first purpose, the first type, or the first sensitivity.
  18. 18 . The method of claim 17 , wherein the column is tagged with the second column tag based on the ciphertext rule and further based on the metadata rule.
  19. 19 . The method of claim 14 , wherein responding, by the tag application, to the database query using the table tag and the second column tag: searching, by the tag application, table tags stored in the data store to determine that the table stores data indicated in the database query; and searching, by the tag application, column tags stored in the data store to determine that the column stores the data indicated in the database query.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS None. STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT Not applicable. REFERENCE TO A MICROFICHE APPENDIX Not applicable. BACKGROUND Database management platforms have been introduced to enhance data quality, governance, and observability across enterprise data platforms. The database management platforms may be used for a variety of purposes to enable seamless workflows, automate data monitoring, and resolve quality issues with minimal manual intervention. For example, applications data management platforms may perform data quality checks, anomaly detection, and compliance monitoring, to help businesses enforce governance policies and extract actionable insights efficiently. SUMMARY In an embodiment, a method implemented in a communication network to perform database management and tagging is disclosed. The method comprises maintaining, at a data store in the communication network, ciphertext data including mappings between predefined ciphertext digits and one or more data attributes, in which the one or more data attributes comprise at least one of an identification of an encryption key, an identification of an encryption attribute, or an identification of a type of data, and identifying, by a rule application executing at a database management system in the communication network, a term associated with data elements at one or more tables in one or more databases of the communication network, in which the one or more tables each comprise one or more columns. The method further comprises generating, by the rule application, a cleartext rule for the term, in which the cleartext rule defines a first column tag based on a format in which data associated with the term is stored in the one or more columns, generating, by the rule application, a ciphertext rule for the term, in which the ciphertext rule defines a second column tag when at least a subset of digits in a ciphertext stored in the one or more columns matches the predefined ciphertext digits, and generating, by the rule application, a table rule defining a table tag for each of the one or more tables based on the second column tag of the one or more columns at the one or more tables. The method further comprises tagging, by a tag application executing at the database management system, a column at a table with the second column tag based on the ciphertext rule and the ciphertext included in the column by storing the second column tag in association with the column in the data store, tagging, by the tag application, the table with the table tag based on the table rule and the second column tag of the column in the table by storing the table tag in association with the table in the data store, and responding, by the tag application, to a database query using the table tag and the second column tag. In yet another embodiment, a database management system is disclosed. The database management system includes one or more non-transitory memories, one or more processors coupled to the one or more memories, a rule application stored at one or more of the one or more memories, and a tag application stored at one or more of the one or more memories. The rule application, when executed by one or more of the one or more processors, causes the rule application to be configured to generate a ciphertext rule defining a column tag when at least a subset of digits in a ciphertext stored in a column of a table matches predefined ciphertext digits associated with a type of data, and generate a table rule defining a table tag for the table when the table includes the column that is tagged with the column tag. The tag application, when executed by one or more of the one or more processors, causes the tag application to be configured to tag the column at the table with the column tag based on the ciphertext rule when the column includes one or more data elements each including different ciphertext, wherein each of the different ciphertext includes the subset of digits matching the predefined ciphertext digits, and tag the table with the table tag after the column is tagged with the column tag. In yet another embodiment, a method is disclosed. The method comprises generating, by a rule application executing at a database management system, a ciphertext rule defining a column tag when at least a subset of digits in a ciphertext stored in a column of a table matches predefined ciphertext digits associated with at least one of a first purpose, a first type, or a first sensitivity of column data in the column, generating, by the rule application, a table rule defining a table tag when the table includes the column that is tagged with the column tag, in which the table tag labels the table as being associated with at least one of a second purpose, a second type, or a second sensitivity of table data in the table, tagging, by a tag application executing at the database management system, the column with the column tag based o