Search

US-12619747-B2 - System and method for secure data consumption by machine learning models

US12619747B2US 12619747 B2US12619747 B2US 12619747B2US-12619747-B2

Abstract

In response to receiving a request to generate an Application Programming Interface (API) program configured to extract data from an endpoint storage, the API program is generated based on the request by generating a software script configured to accept a data request to extract data from the endpoint storage, interface with the endpoint storage, and extract a requested piece of data from the endpoint storage. An NFT minting processor is used to generate an NFT for the API program, wherein the NFT stores one or more security rules defining usage of the API program. The NFT is then allocated to a requesting ML model allowing the ML model to use the API program to extract data from the endpoint storage.

Inventors

  • Shailendra Singh
  • Krishna Mamadapur
  • Jigesh Rajendra Safary

Assignees

  • BANK OF AMERICA CORPORATION

Dates

Publication Date
20260505
Application Date
20240930

Claims (20)

  1. 1 . A system comprising: a blockchain network comprising one or more Non-Fungible Token (NFT) minting processors configured to generate NFTs; a memory configured to store one or more security rules defining usage of an Application Programming Interface (API) program configured to extract data from an endpoint storage; and a processor communicatively coupled to the blockchain network and the memory, the processor configured to: receive a request to generate the API program configured to extract data from the endpoint storage, wherein the request at least comprises an identity of the endpoint storage; generate the API program based on the request, wherein generating the API program comprises generating a software script that is configured to accept a data request to extract data from the endpoint storage, interface with the endpoint storage, and extract a requested piece of data from the endpoint storage; obtain the one or more security rules defining usage of the API program; cause the one or more NFT minting processors of the blockchain network to generate an NFT that uniquely identifies the API program, wherein the NFT stores the one or more security rules associated with the API program; store the NFT in a data file on the blockchain network; receive a request from a machine learning (ML) model to use the API program for extracting data from the endpoint storage; and access the NFT associated with the API program from data file on the blockchain network; and allocate the NFT associated with the API program to the ML model allowing the ML model to use the API program to extract the requested data from the endpoint storage.
  2. 2 . The system of claim 1 , wherein the processor is further configured to: in response to receiving the request from the ML model to use the API program, extract, from the data file, the one or more security rules associated with the NFT of the API program; generate a smart contract that implements usage of the API program according to the one or more security rules; and store the smart contract in the blockchain network.
  3. 3 . The system of claim 2 , wherein the processor is further configured to: transmit the smart contract to the ML model; receive an approval of the smart contract from the ML model; and in response to receiving the approval of the smart contract, allocate the NFT associated with the API program to the ML model.
  4. 4 . The system of claim 2 , wherein the processor is further configured to: transmit the smart contract to the ML model; receive a request to update a particular security rule included in the smart contract; update the particular security rule to generate an updated smart contract; transmit the updated smart contract to the ML model; receive an approval of the updated smart contract from the ML model; and in response to receiving the approval of the updated smart contract, allocate the NFT associated with the API program to the ML model.
  5. 5 . The system of claim 2 , wherein the processor is further configured to: detect that the ML model has accessed the API program and initiated a data interaction for extracting data from the endpoint storage using the API program; in response to detecting that the ML model has accessed the API program, access the smart contract from the blockchain network; and run the smart contract to monitor the data interaction and implement the one or more security rules in the smart contract.
  6. 6 . The system of claim 5 , wherein: the smart contract includes a particular security rule that specifies that the ML model is not authorized to extract a particular piece of data from the endpoint storage; and the processor is further configured to: detect, based on monitoring the data interaction using the smart contract, that the API program is used to extract the particular piece of data from the endpoint storage; and in response to detecting that the API program is used to extract the particular piece of data from the endpoint storage, withdraw allocation of the NFT associated with the API program to the ML model to stop further use of the API program by the ML model.
  7. 7 . The system of claim 1 , wherein the one or more security rules define usage of the API program relating to one or more of a type of data that can be extracted from the endpoint storage, a time period of usage of data extracted from the endpoint storage, a number of times data can be extracted from the endpoint storage, an encryption type of data extracted from the endpoint storage, an endpoint URL where the endpoint storage is to be accessed, an extraction protocol to be used to extract data from the endpoint storage, or identities on one or more ML models that are authorized to use the API program.
  8. 8 . A method comprising: receive a request to generate an API program configured to extract data from an endpoint storage, wherein the request at least comprises an identity of the endpoint storage; generate the API program based on the request, wherein generating the API program comprises generating a software script that is configured to accept a data request to extract data from the endpoint storage, interface with the endpoint storage, and extract a requested piece of data from the endpoint storage; obtain one or more security rules defining usage of the API program; cause one or more NFT minting processors of a blockchain network to generate an NFT that uniquely identifies the API program, wherein the NFT stores the one or more security rules associated with the API program; store the NFT in a data file on the blockchain network; receive a request from a machine learning (ML) model to use the API program for extracting data from the endpoint storage; and access the NFT associated with the API program from data file on the blockchain network; and allocate the NFT associated with the API program to the ML model allowing the ML model to use the API program to extract the requested data from the endpoint storage.
  9. 9 . The method of claim 8 , wherein the processor is further configured to: in response to receiving the request from the ML model to use the API program, extract, from the data file, the one or more security rules associated with the NFT of the API program; generate a smart contract that implements usage of the API program according to the one or more security rules; and store the smart contract in the blockchain network.
  10. 10 . The method of claim 9 , wherein the processor is further configured to: transmit the smart contract to the ML model; receive an approval of the smart contract from the ML model; and in response to receiving the approval of the smart contract, allocate the NFT associated with the API program to the ML model.
  11. 11 . The method of claim 9 , wherein the processor is further configured to: transmit the smart contract to the ML model; receive a request to update a particular security rule included in the smart contract; update the particular security rule to generate an updated smart contract; transmit the updated smart contract to the ML model; receive an approval of the updated smart contract from the ML model; and in response to receiving the approval of the updated smart contract, allocate the NFT associated with the API program to the ML model.
  12. 12 . The method of claim 9 , wherein the processor is further configured to: detect that the ML model has accessed the API program and initiated a data interaction for extracting data from the endpoint storage using the API program; in response to detecting that the ML model has accessed the API program, access the smart contract from the blockchain network; and run the smart contract to monitor the data interaction and implement the one or more security rules in the smart contract.
  13. 13 . The method of claim 12 , wherein: the smart contract includes a particular security rule that specifies that the ML model is not authorized to extract a particular piece of data from the endpoint storage; and the processor is further configured to: detect, based on monitoring the data interaction using the smart contract, that the API program is used to extract the particular piece of data from the endpoint storage; and in response to detecting that the API program is used to extract the particular piece of data from the endpoint storage, withdraw allocation of the NFT associated with the API program to the ML model to stop further use of the API program by the ML model.
  14. 14 . The method of claim 8 , wherein the one or more security rules define usage of the API program relating to one or more of a type of data that can be extracted from the endpoint storage, a time period of usage of data extracted from the endpoint storage, a number of times data can be extracted from the endpoint storage, an encryption type of data extracted from the endpoint storage, an endpoint URL where the endpoint storage is to be accessed, an extraction protocol to be used to extract data from the endpoint storage, or identities on one or more ML models that are authorized to use the API program.
  15. 15 . A non-transitory computer-readable medium storing instructions that when executed by a processor causes the processor to: receive a request to generate an API program configured to extract data from an endpoint storage, wherein the request at least comprises an identity of the endpoint storage; generate the API program based on the request, wherein generating the API program comprises generating a software script that is configured to accept a data request to extract data from the endpoint storage, interface with the endpoint storage, and extract a requested piece of data from the endpoint storage; obtain one or more security rules defining usage of the API program; cause one or more NFT minting processors of a blockchain network to generate an NFT that uniquely identifies the API program, wherein the NFT stores the one or more security rules associated with the API program; store the NFT in a data file on the blockchain network; receive a request from a machine learning (ML) model to use the API program for extracting data from the endpoint storage; and access the NFT associated with the API program from data file on the blockchain network; and allocate the NFT associated with the API program to the ML model allowing the ML model to use the API program to extract the requested data from the endpoint storage.
  16. 16 . The non-transitory computer-readable medium of claim 15 , wherein the processor is further configured to: in response to receiving the request from the ML model to use the API program, extract, from the data file, the one or more security rules associated with the NFT of the API program; generate a smart contract that implements usage of the API program according to the one or more security rules; and store the smart contract in the blockchain network.
  17. 17 . The non-transitory computer-readable medium of claim 16 , wherein the processor is further configured to: transmit the smart contract to the ML model; receive an approval of the smart contract from the ML model; and in response to receiving the approval of the smart contract, allocate the NFT associated with the API program to the ML model.
  18. 18 . The non-transitory computer-readable medium of claim 16 , wherein the processor is further configured to: transmit the smart contract to the ML model; receive a request to update a particular security rule included in the smart contract; update the particular security rule to generate an updated smart contract; transmit the updated smart contract to the ML model; receive an approval of the updated smart contract from the ML model; and in response to receiving the approval of the updated smart contract, allocate the NFT associated with the API program to the ML model.
  19. 19 . The non-transitory computer-readable medium of claim 16 , wherein the processor is further configured to: detect that the ML model has accessed the API program and initiated a data interaction for extracting data from the endpoint storage using the API program; in response to detecting that the ML model has accessed the API program, access the smart contract from the blockchain network; and run the smart contract to monitor the data interaction and implement the one or more security rules in the smart contract.
  20. 20 . The non-transitory computer-readable medium of claim 19 , wherein: the smart contract includes a particular security rule that specifies that the ML model is not authorized to extract a particular piece of data from the endpoint storage; and the processor is further configured to: detect, based on monitoring the data interaction using the smart contract, that the API program is used to extract the particular piece of data from the endpoint storage; and in response to detecting that the API program is used to extract the particular piece of data from the endpoint storage, withdraw allocation of the NFT associated with the API program to the ML model to stop further use of the API program by the ML model.

Description

TECHNICAL FIELD The present disclosure relates generally to network communication, and more specifically to a system and method for secure data consumption by machine learning models. BACKGROUND Presently there is no control over how an API program is used by a consumer (e.g., an AI model) of the API program. For example, there is no control over what and how much data is extracted from an endpoint node using the API program. In some cases, an endpoint node may store sensitive data (e.g., Personal Identifiable Information (PII) or other sensitive information). An AI/ML model may intentionally or unintentionally access/extract such sensitive data from the endpoint node. Presently, there is no control over and/or tracking relating to who accessed the sensitive data, what sensitive data was accessed, and/or how much sensitive data was accessed and/or extracted from an endpoint node. This may lead to unintentional and unauthorized disclosure of sensitive data. Further, since there is no tracking relating to access of sensitive data, there is no accountability associated with exposure of sensitive data. SUMMARY The system and method implemented by the system as disclosed in the present disclosure provide technical solutions to the technical problems discussed above by providing secure data access and extraction from an endpoint node. For example, the disclosed system and methods provide the practical application of monitoring and controlling data access and extraction from an endpoint node. As described according to embodiments of the present disclosure the disclosed techniques leverage non-fungible token (NFT) technology and smart contract technology associated with blockchain networks to implement monitoring, tracking and controlling of data access and extraction from endpoint nodes. For example, in response to receiving a request to generate an API program configured to extract data from an endpoint node/storage, an API manager generates the API program based on the request, wherein generating the API program includes generating a software script that is configured to accept a data request to extract data from the endpoint node, interface with the endpoint node, and extract a requested piece of data from the endpoint node. The API manager generates an NFT using an NFT minting server/processor, wherein the NFT uniquely identifies the API program and stores one or more security rules that define usage of the API program relating to accessing and extracting data from the endpoint node. Additionally, a smart contract is generated that implements the one or more security rules. The NFT associated with the API program along with the one or more security rules and the smart contract is stored in a data file on the blockchain network. In response to receiving a request from an AI/ML model to use the API program for accessing and/or extracting data from the endpoint node, the API manager accesses the NFT associated with the API program from the data file on the blockchain network and allocates the NFT to the AI/ML model allowing the AI/ML model to use the API program to access and/or extract data from the endpoint node. When a data access or data extraction using the API program is detected, the smart contract is run to determine whether the data access/extraction satisfies all security rules associated with the API program. In response to detecting a violation of one or more security rules, the API manager may withdraw allocation of the NFT to stop any further usage of the API program. By monitoring and controlling data access to an endpoint node using NFTs and smart contracts, the disclosed system and method avoid intentional or unintentional exposure of sensitive data stored at an endpoint node. For example, by monitoring a data access of the endpoint node and checking that the data access satisfies one or more data security rules of data access specified for data accesses from the endpoint node, the disclosed system and method reduces or completely avoids exfiltration, theft, or exposure of sensitive data. Since NFTs cannot be modified easily, this greatly reduces the possibility of bad actors tampering with the NFT. Further, by recording information relating to data interactions including data accesses to the endpoint node using the API program associated with the NFT in a blockchain in a verifiable and immutable manner, the system and method disclosed herein avoid tampering history of the data accesses by a malicious actor/entity. This raises the data security associated with data accesses to the endpoint node and raises general data security of the network. Thus, by improving data security of data accesses from endpoint nodes, the disclosed system and method generally improve the technology associated with data security of data interactions in a computing infrastructure. The disclosed system and method provide the additional practical application of improving processing efficiency of processors and computers wi