US-12619626-B2 - Methods and systems for the execution of analysis and/or services against multiple data sources while maintaining isolation of original data source

Abstract

Methods and systems for data are disclosed. A system implementation includes a data module for storing data received from an external source. The data module includes a file system for unstructured data, a database for structured data, a transform for operating upon unstructured or structured data, a data broker for receiving data having a first format and providing the data in a second format, a data network for communications within the data module, and a processing module for performing operations upon data. The processing module further includes a process broker and a process container. The process container is for providing one or more instances of processes during a runtime operation. The system further includes an inter-process network for communications within the processing module and an internal gateway for the data module to communicate with the processing module.

Inventors

• Vivek Vishnoi
• Steven Sanghoon Lee

Assignees

• Vivek Vishnoi
• Steven Sanghoon Lee

Dates

Publication Date

20260505

Application Date

20231023

Claims (20)

1. 1 . A machine implemented method of processing data, the method comprising: identifying a configuration for responding to a request for results-data, the identifying comprising: determining a requisite number of isolated environments to respond to the request; determining a number of necessary process modules comprising one or more applicable processes; determining the need for an interceptor, the interceptor for providing isolation for one or more of the process modules; determining an appropriate number of data modules and/or submodules, the modules and submodules for implementing the configuration for responding to the request; the configuration for: receiving acknowledged receipt of the requested data, processing, and/or results; disassembling the instantiations such that source data and/or source entity is secure and not revealed; preserving an assembly plan that includes the ability to generate the results-data but not the source-data, and not identify the source; wherein at least one process module implemented by using a process-container comprising one or more processes, each process comprising a domain specific atomic process, the process module comprising an algorithm that is for: solving a specific problem and producing a desired set of results data.
2. 2 . The method of claim 1 , further comprising: receiving a request for results-data; instantiating the configuration by instantiating at least one identified module; configuring at least one module of the specified modules and/or submodules; storing the configuration as an assembly plan, wherein the stored assembly plan when implemented is effective to generate desired results-data.
3. 3 . The method of claim 1 , further comprising: executing a process of a process module of the configuration; generating requested results-data; delivering the requested results-data.
4. 4 . The method of claim 1 , wherein a requestor making the request for results-data has need for results, data and/or processing from a data-source; the requestor comprising a results-participant and/or device; the requestor and the data-source comprising separate entities; the step of identifying based upon determined requirements of the requestor and one or more source entities.
5. 5 . The method of claim 1 , wherein the configuration comprises a set of parameters used to instantiate a system comprising the isolated environments, process modules, data modules, and submodules.
6. 6 . The method of claim 1 , further comprising: receiving a set of parameters via an interface, the parameters for: instantiating a system implementation, and generating an iteration of the system implementation for processing data iteratively thereby generating iterative results-data.
7. 7 . The method of claim 1 , further comprising performing iterative improvements on the recipe to obtain different results.
8. 8 . The method of claim 1 , further comprising: receiving a request for results-data; determining a configuration comprising one or more instantiated data modules appropriate to respond to the request for results-data; instantiating the data module; receiving source-data into the data module, executing a configured and instantiated process upon the requested data, applying appropriate policies to the derived results-data, and checking the compliance of the results-data with a set of parameters that were predetermined by a plurality of separate entities having a need to transact.
9. 9 . The method of claim 1 , further comprising: requesting approval for release of results-data from a data-source, wherein data, processing, and/or results provided and/or made available to the requestor may include minimal processing or alteration such that the output or results-data is substantially similar to the source-data.
10. 10 . The method of claim 1 , wherein at least one of: output, data, processing, and/or results comprises significantly modified or processed data and/or results.
11. 11 . The method of claim 1 , further comprising: performing multiple iterations of all or a portion of the steps.
12. 12 . The method of claim 1 , the method returning to any previous step of the method and iterating from that step.
13. 13 . The method of claim 1 , further comprising: releasing the desired results-data to a source entity and/or a requestor entity.
14. 14 . The method of claim 1 , the process module comprising a process for: aggregating multiple data records describing characteristics or behaviors of specific subjects, merging into a database and organizing the data records according to broad groups based on similarities across multiple data fields, allowing the identification of common behaviors or characteristics of these groups.
15. 15 . The method of claim 1 , further comprising: generating a database of a set of preferences in a region according to demographic groups such as age and income level, removing all personally identifiable information and not sharing any original source data.
16. 16 . The method of claim 1 , the process module comprising a process for: finding a correlation between a small set of data records that partially describe a specific individual, and a larger database that contains more comprehensive information about the characteristics and behaviors of aggregated groups of people, allowing the extrapolated prediction of characteristics and behaviors of the individual based upon the correlated group.
17. 17 . The method of claim 1 , the process module comprising a process for: taking a specific desired data outcome, aggregating data records from multiple disparate databases containing uncorrelated data records, and applying an optimization algorithm for determining which data records when combined in the algorithm most closely match the desired data outcome.
18. 18 . The method of claim 1 , further comprising: the determining steps performed by a machine by using a set of input parameters.
19. 19 . A computer readable medium with instructions thereon, which when executed, the instructions perform the steps of: identifying a configuration for responding to a request for results-data, the identifying comprising: determining a requisite number of isolated environments to respond to the request; determining a number of necessary process modules comprising one or more applicable processes; determining the need for an interceptor, the interceptor for providing isolation for one or more of the process modules; determining an appropriate number of data modules and/or submodules, the modules and submodules for implementing the configuration for responding to the request; the configuration for: receiving acknowledged receipt of the requested data, processing, and/or results; disassembling the instantiations such that source data and/or source entity is secure and not revealed; preserving an assembly plan that includes the ability to generate the results-data but not the source-data, and not identify the source; wherein at least one process module implemented by using a process-container comprising one or more processes, each process comprising a domain specific atomic process, the process module comprising an algorithm that is for: solving a specific problem and producing a desired set of results data.
20. 20 . A system comprising a configuration for responding to a request for results-data, the configuration comprising: a requisite number of isolated environments to respond to the request; a number of necessary process modules comprising one or more applicable processes; an interceptor, the interceptor for providing isolation for one or more of the process modules; an appropriate number of data modules and/or submodules, the modules and submodules for implementing the configuration for responding to the request; the configuration for receiving acknowledged receipt of the requested data, processing, and/or results; the system further comprising an assembly plan that includes the ability to generate the results-data but not the source-data, and not identify the source; wherein the instantiations are configured for disassembly such that source data and/or source entity is secure and not revealed; wherein at least one process module implemented by using a process-container comprising one or more processes, each process comprising a domain specific atomic process, the process module comprising an algorithm that is for: solving a specific problem and producing a desired set of results data.

Description

CROSS REFERENCE TO RELATED APPLICATIONS This application is a continuation of U.S. patent application Ser. No. 18/079,437; entitled “METHODS AND SYSTEMS FOR THE EXECUTION OF ANALYSIS AND/OR SERVICES AGAINST MULTIPLE DATA SOURCES WHILE MAINTAINING ISOLATION OF ORIGINAL DATA SOURCE,” filed Dec. 12, 2022; which is a continuation of U.S. patent application Ser. No. 16/720,473, entitled “METHODS AND SYSTEMS FOR THE EXECUTION OF ANALYSIS AND/OR SERVICES AGAINST MULTIPLE DATA SOURCES WHILE MAINTAINING ISOLATION OF ORIGINAL DATA SOURCE,” filed Dec. 19, 2019, which claims the benefit of U.S. Provisional Patent Application No. 62/782,297, entitled “METHODS AND SYSTEMS FOR THE EXECUTION OF ANALYSIS AND/OR SERVICES AGAINST MULTIPLE DATA SOURCES WHILE MAINTAINING ISOLATION OF ORIGINAL DATA SOURCE,” filed Dec. 19, 2018. All of the foregoing disclosures are incorporated by reference herein in their entirety. FIELD The present disclosure relates to data services. BACKGROUND Across the global economy, enterprises have come to the realization that leveraging their data is critical to surviving and prospering in an increasingly digital world. Big data can be used to drive productivity, enhance existing revenue, and even create entire new lines of business, based on new business models. Research tells us that enterprises that leverage customer behavioral data outperform peers by 85 percent in sales growth and more than 25 percent in gross margin. The use of data must be seen as strategic. SUMMARY Methods and systems for the execution of analysis and/or services against multiple data sources while maintaining isolation of original data source are provided. In an example embodiment, a system implementation includes a data module for storing data received from an external source. The data module includes a file system for unstructured data, a database for structured data, a transform for operating upon unstructured or structured data, a data broker for receiving data having a first format and providing the data in a second format, a data network for communications within the data module, and a processing module for performing operations upon data. The processing module further includes a process broker and a process container. The process container is for providing one or more instances of processes during a runtime operation. The system further includes an inter-process network for communications within the processing module and an internal gateway for the data module to communicate with the processing module. According to an aspect, a system includes an external gateway coupled to the data module. The external gateway is configured for receiving data from an external source. The system includes one or more isolated-type data-network configured for allowing communications between elements of the data module, a process network for allowing communications between elements of the process module, and a filter for filtering results output by the process module. According to an aspect, the system includes a virtual machine implementation, and a container implementation. The container implementation comprises a building block for instantiating one or more system elements. The system elements include one or more of: a gateway, a router, a firewall, an isolated network, a subnet, a proxy, a network protocol element, a process module, a transform, a file system, a database, a broker, or a filter. One or more data modules and one or more process modules are isolated from each other by using one or more gateways and one or more networks. The network elements include: a router, a router subnet, a component subnet. The router may be implemented by using a container implementation. According to an aspect, the isolation provided by the system is a result of the instantiation and/or configuration of, one or more isolated-type virtual network segments, one or more containers and/or more one or more subnets. The system is configured for on-demand and/or dynamic instantiation and/or destruction of one or more modules and/or submodules, thereby having a smaller attack window such that the system and/or data for the system are only accessible during a small time window after instantiation and before destruction of the system. According to an aspect, a configurator for the system only keeps a record of a system-instantiation recipe for the instantiation and/or destruction of the instantiation of the system, such that a system instantiation is selectively replicated and/or iterated even after the system is no longer instantiated or has been destroyed. The system-instantiation recipe has a set of instructions allowing for the replication of a specific set of previously generated results without actually storing the previously generated results. In an example embodiment, a method of isolating data receives from a first entity, a first data set, stores the first data set by using a first data module, provides by using an internal gateway the first data se