US20230409220A1 - Data block-based system and methods for predictive models - Google Patents

Data block-based system and methods for predictive models Download PDF

Info

Publication number
US20230409220A1
US20230409220A1 US18/231,689 US202318231689A US2023409220A1 US 20230409220 A1 US20230409220 A1 US 20230409220A1 US 202318231689 A US202318231689 A US 202318231689A US 2023409220 A1 US2023409220 A1 US 2023409220A1
Authority
US
United States
Prior art keywords
data
rules
analytic
module
blocks
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
US18/231,689
Inventor
Robert L. Grossman
Matthew C. Swort
James E. Heath
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
IronNet Cybersecurity Inc
Original Assignee
IronNet Cybersecurity Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by IronNet Cybersecurity Inc filed Critical IronNet Cybersecurity Inc
Priority to US18/231,689 priority Critical patent/US20230409220A1/en
Assigned to FERROUS INVESTORS LP reassignment FERROUS INVESTORS LP SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: IRONCAD LLC, IronNet Cybersecurity, Inc.
Publication of US20230409220A1 publication Critical patent/US20230409220A1/en
Assigned to FERROUS INVESTORS LP, ITC GLOBAL ADVISORS, LLC reassignment FERROUS INVESTORS LP SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: IRONCAD LLC, IronNet Cybersecurity, Inc.
Assigned to IRONCAD LLC, IronNet Cybersecurity, Inc. reassignment IRONCAD LLC RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: FERROUS INVESTORS LP, AS SECURED PARTY
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/064Management of blocks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/0604Improving or facilitating administration, e.g. storage management
    • G06F3/0605Improving or facilitating administration, e.g. storage management by facilitating the interaction with a user or administrator
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/0614Improving the reliability of storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0653Monitoring storage devices or systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/067Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/02Knowledge representation; Symbolic representation
    • G06N5/022Knowledge engineering; Knowledge acquisition
    • G06N5/025Extracting rules from data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/02Knowledge representation; Symbolic representation
    • G06N5/027Frames
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0637Modes of operation, e.g. cipher block chaining [CBC], electronic codebook [ECB] or Galois/counter mode [GCM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • the present disclosure relates to cybersecurity, fraud and risk systems. More particularly, the disclosure relates to systems, methods and architecture for the collection and use of data, and the processing of data for analytic models and workflows.
  • Embodiments of the present invention provide systems and methods for the collection and use of data, and the processing of data for analytic models and workflows.
  • the embodiments herein log each time data is collected, accessed or processed.
  • a system for data sharing with a plurality of users, from an organization or a consortium of organizations, and checking rule compliance is provided.
  • the system comprises: a block-based storage system containing data blocks; a first module coupled to the block-based storage system for creating and reading the data blocks; a second module adapted and configured to manage at least one of logging of data collection, data access by at least one of the plurality of users, data access by the system, and an execution of workflows; and a third module adapted and configured to ensure the system is compliant with a plurality of rules.
  • the data blocks within the block-based storage system comprise at least one of data storage blocks and data provenance blocks.
  • the plurality of rules are at least one of data collection rules, data sharing rules, privacy rules and regulatory requirements.
  • the first module is adapted and configured to be a centralized ledger.
  • the plurality of users are all from the same organization or the same consortium of organizations.
  • the third module is adapted and configured to enable at least one of the plurality of users from within the organization or the consortium of organizations to check whether data collection is compliant with at least one of the plurality of rules.
  • third module is adapted and configured to enable at least one of the plurality of users, outside of the organization or the consortium of organizations, with confirmation of whether at least of one of access to and processing of the data by the system, data sharing, building of models, use of scores and other outputs from models and workflows is compliant with at least one of the plurality of rules.
  • the first module is adapted and configured to use a block chain.
  • the third module is adapted and configured so that at least one of the plurality of users are outside of an organization or consortium of organizations.
  • the third module is adapted and configured to enable at least one of the plurality of users within an organization or the consortium of organizations to check whether data collection is compliant with at least one of the plurality of rules.
  • the third module is adapted and configured to enable at least one of the plurality of users, outside of the organization or the consortium of organizations, to check whether data collection is compliant with at least one of the plurality of rules.
  • the third module is adapted and configured so that at least one of the plurality of users, from within the organization or the consortium of organizations, with confirmation of whether at least one of access to and processing of the data blocks by the system, data sharing, building of models, use of scores and other outputs from models and workflows is consistent with at least one of the plurality of rules.
  • the third module is adapted and configured to provide at least one of the plurality of users outside of the organization or the consortium of organizations with confirmation of whether at least one of access to and processing of the data blocks by the system, data sharing, building of models, use of scores and other outputs from models and workflows is compliant with at least one of the plurality of rules.
  • the second module is adapted and configured to check that data collection is consistent with at least one of the plurality of rules. In an embodiment, the second module is adapted and configured to check that the use of scores and other outputs from models and workflows is compliant with at least one of the plurality of rules. In an embodiment, the second module is adapted and configured to check that access to and processing of the data modules by the system is compliant with the at least one of the plurality of rules. In an embodiment, the second module is adapted and configured to check whether at least one of data sharing and building of models is consistent with at least one of the plurality of rules. In an embodiment, a log of access to the data blocks by the system is saved to the first module.
  • the third module is adapted and configured to enable at least one of the plurality of users outside the organization or the consortium of organizations with confirmation whether data collection is compliant with at least one of the plurality of rules. In an embodiment, the third module is adapted and configured to enable at least one of the plurality of users from within the organization or the consortium of organizations to check whether at least of one of access to and processing of the data blocks by the system, data sharing, building of models, use of scores and other outputs from models and workflows is compliant with at least one of the plurality of rules.
  • FIG. 1 is a block diagram of a system according to embodiments of the present invention
  • FIG. 2 is a diagram of the structure of an encrypted data block such as data storage blocks and data provenance blocks within a system according to embodiments of the present invention
  • FIG. 3 illustrates a data block according to embodiments of the present invention
  • FIG. 4 illustrates how the Data and Model Policy Block (DMPB) module logs relevant data according to embodiments of the present invention
  • FIG. 5 is a block diagram of a contract checker being used to access encrypted provenance blocks according to an embodiment of the present invention
  • FIG. 6 illustrates the identity, authorization and access management (IAM) module for both user access and system access to the data blocks and provenance blocks according to embodiments of the present invention
  • FIG. 7 illustrates a method for model and analytic scoring logging and auditing according to embodiments of the present invention.
  • FIG. 8 illustrates software modules for checking that an entity's (e.g., a company, organization, or group) internal policies and external policies are being supported according to embodiments of the present invention.
  • entity's e.g., a company, organization, or group
  • Embodiments of the invention include i) automated processes for recording information at a granular level; ii) methods for checking/verifying that data is used and processed is consistent with an entity's internal policies and/or external regulations, and iii) methods for producing reports to authorized users (e.g., individuals and organizations) with information related to items i) and ii).
  • Embodiments also include systems for capturing required data in an immutable fashion so that users outside of an entity (e.g., public, third parties) can check and audit that internal policies and other regulatory policies and frameworks are followed.
  • policies and frameworks may include ensuring that: i) data is collected appropriately; ii) data is appropriately processed to be used as inputs to fraud or risk models; iii) inputs are processed by fraud and risk models and workflows to produce scores (e.g., risk scores) appropriately; and iv) scores are used by fraud and risk systems appropriately.
  • a system is provided such that members of a consortium can also check and audit these four processes.
  • a consortium may, for example, check that user location data is not used for ad targeting or that user data is not used to build risk models.
  • An example of a workflow for a risk model is when a user risk model is used to produce a score about the user's overall risk; a separate transaction risk model is used to produce a score about the risk of a particular transaction; both of the scores, plus additional inputs, are used as input to a third risk model that produces a third score that integrates the scores from the two models; and, the third score is used as input to a fourth model, that rescales the score and applies certain business rules, such as ignoring small dollar transactions that may unnecessarily inconvenience the user compared to the potential reduction in risk to the organization.
  • Examples of other outputs of models beyond scores include the confidence level associated with the score and certain explanatory codes or strings that can be used to help explain to the user why the score was particularly high or low.
  • Embodiments herein utilize distributed data objects (e.g., data storage blocks) in order to capture all the relevant collected and processed data at a scale and level of granularity required.
  • Distributed data objects e.g. provenance blocks
  • “cell level access methods” are provided that ensure users are given access to precisely the data that they are authorized to view at the granularity required.
  • analytic processing of data is expressed in workflow languages and immutable logs of the workflows are created by the embodiments using provenance blocks which are used to capture the internal processing of data, model inputs, model outputs, and system alerts and notifications at the scale and granularity required.
  • provenance blocks with blockchain or centralized ledgers according to embodiments herein provide access to public and consortium members to precisely the data they are authorized to see.
  • FIG. 1 is an overview of a system 100 according to an embodiment of the present invention.
  • the system 100 consists of a plurality of layers, with modules and components in layers communicating to the layers above or below using application programming interfaces (APis).
  • Layer 1 is a distributed data block-based secure storage layer that includes one or more data storage blocks 101 and one or more data provenance blocks 102 in a data lake (not shown).
  • Layer 2 is an infrastructure or management module 103 coupled to Layer 1 for managing the data storage blocks 101 and data provenance blocks 102 .
  • the data block system management module 103 of Layer 2 includes a Data and Model Provenance Blocks (hereinafter “DMPB”) module 103 a .
  • DMPB Data and Model Provenance Blocks
  • Layer 2 includes a centralized ledger 103 b .
  • the management module 103 is adapted and configured to store and/or manage one or more of the following: immutable cryptographically signed logs, claims, and other assertions about user access, data access, data provenance, data processing and related events.
  • immutable cryptographically signed logs claims, and other assertions about user access, data access, data provenance, data processing and related events.
  • DMPB herein is used throughout this disclosure to describe the data and model provenance blocks that contain information about how data is processed, and, in particular, how data is processed to produce fraud and risk models.
  • DMPB module 103 a uses blockchain so that a mechanism can be provided to members of the public who have contributed their own data and interacted with the system can check how their data is used by the system 100 and that this use is consistent with the required policies and regulations.
  • the user Once a user registers with the system 100 , the user is assigned a random string of letters and numbers (i.e., the block chain user ID) that is associated with all user related data in data storage blocks 101 and all provenance related data in data provenance blocks 102 . Since the data storage blocks 101 and data provenance blocks 102 may be immutable and cannot be changed once they are written, the system 100 may provide the user with the necessary information about what data of theirs was collected and how it was used.
  • Layer 3 is a logging module 104 that includes an identity, authorization and access management (IAM) module 403 .
  • the logging module 104 communicates to the DMPB module in Layer 2 via API calls.
  • the IAM module 403 provides: a) identity access management; b) role based and attribute-based access controls; c) fine-grained cell-based access controls; and d) data provenance and auditing.
  • the IAM module 104 writes immutable cryptographically signed logs about user access, data access, data provenance, data processing and related events to Layer 2.
  • Layer 4 is a rule (e.g.
  • Layer 5 is a fraud and analytics module 106 that provides functionality for building and deploying risk and fraud models with data provided by layer 1, with identify and access management provided by Layer 2, and with rules (e.g. data sharing, privacy rules, and regulatory requirements) checking provided by Layer 3.
  • Embodiments of the identity, authorization and access management TAM module 403 of Layer 3 and the rule analytics module 105 of Layer 4 may be provided with either a centralized ledger 102 or DMPB module in Layer 2.
  • a public governance model for Layer 2 data blocks can be used, or a consortium or federated governance model for a centralized ledger can be used so that access to the data is limited, for example, to partners providing data for the fraud and risk models or to partners deploying the risk and fraud models developed by the system.
  • FIG. 2 illustrates the operation of the management module 103 of Layer 2 in FIG. 1 .
  • the completion of each step e.g., assertions or claims
  • the management module 103 provides all the information necessary to check that fraud, risk and other models are collecting and processing data appropriately as required by the rules (e.g., internal policies and external policies and regulations).
  • users e.g., User 1, User 2 . . . User n
  • data and model provenance assertions/claims are written by the IAM module 104 of Layer 3, as also illustrated in FIG. 2 .
  • Data storage blocks 101 are the smallest, most granular piece of information that is to be stored within the system 100 . All data storage blocks 101 are cryptographically bound to the visibility and sharing restrictions in accordance with policies defined by the user such as encrypted data block 301 . Data storage blocks 101 are then encrypted for processing and persistence using encryption header 302 and encrypted payload 303 . In an embodiment, data storage blocks 101 are centralized. In another embodiment, data storage blocks 101 are geographically distributed within all applicable geographic regions to enable high-availability, failover, locality-based speed of response, and consistency of user experience. Visibility of data storage blocks 101 is cryptographically attached to each data storage block 101 . Access to these data storage blocks 101 requires the appropriate authorizations for secure data sharing based on user access visibility assessed through a Smart Contract associated with contract checker 204 .
  • Data provenance blocks 102 are a record of all interactions with data storage blocks 101 . They also provide an immutable record of how fraud and risk models are built and how they are used to process and to score user data.
  • a data storage block 101 is created by a user within an organization, who or what created it, when it was accessed, who or what accessed it, why it was accessed, and where it was used are stored.
  • Provenance blocks are used for patterns of life, attribution, pedigree, and lineage of the data blocks. This is a continuous process for appending immutable transaction details to the data block for its lifetime.
  • Provenance records unless otherwise prohibited by law or customer policy, are retained after data blocks are deleted for analysis.
  • FIG. 3 illustrates the structure of an embodiment of an encrypted data block 301 such as data storage block 101 or data provenance block 102 , which may be utilized in Layer 1 of FIG. 1 .
  • Encrypted data block 301 includes an encryption header 302 .
  • the encryption header 302 contains the information necessary so that each encrypted data block 301 may be part of a distributed block-based storage system that may include a plurality of data storage blocks 101 and data provenance blocks 102 .
  • the encrypted data block 301 also includes an encrypted payload 303 , whose encrypted key is provided in the encryption header 302 .
  • the encrypted payload 303 is comprised of two parts: 1) a crypto header 303 a , which contains provenance related information, and the associated payload 305 .
  • the crypto header 303 a contains a cryptographic signature that is used to verify the integrity of the data storage block 30 , so that it is immutable. This is necessary so that the encrypted data block 301 itself can be audited by the Regulatory and Provenance Analytics of the rule analytics module 105 .
  • the payload 303 b contains the actual data being managed by the encrypted data block 301 . This may include the original data and/or provenance information about the data generated by the system 100 .
  • the payload 305 may contain several different types of data, that includes, but is not limited to: data collected for analysis by the system, cleaned, aggregated, and transformed data that are inputs to analytic models; the outputs of analytic models, which may be the inputs of other analytic models that are part of an analytic workflow. Scores produced by analytic models or analytic workflows; analytic models themselves in a serialized or other format so that they can be stored in one or more data storage blocks 101 . Rules that are used for post-processing analytic models and analytic workflows before they are passed to other external interfaces and components. These rules are also in a serialized or other format so that they can be stored in one or more data storage blocks 101 .
  • Provenance records in data provenance blocks 102 are created by the system for a number of different reasons and purposes, including, but not limited to when new data storage block 101 is created, updated, or deleted.
  • data is only deleted or changed when required by the rules such as regulations or policy.
  • Data is immutable and changes to data are made by appending the changes to the current state of the data, or using another mechanism for creating and maintain immutable data, so that there is a complete audit chain of all changes to the data under one or more of the following conditions: when data storage blocks 101 are access by any user or system process; or when a policy requirement of a regulation changes the access rules for data.
  • a regulation change may be, for example, that provenance records can be hidden after a requirement to purge data following a request for the right to be forgotten.
  • the provenance & data block manager 201 continuously evaluates data storage blocks 101 for changes in customer policy and enforces regulatory modifications required for access to the data storage blocks 101 . If a data block policy is updated for any reason, it is tracked via data provenance block 102 for later analysis.
  • the provenance & data block manager 201 is also adapted and configured to provide auditing and precision data deletions periodically or as desired.
  • Centralized Ledger 202 is an immutable storage mechanism for the provenance & data block manager 201 .
  • Centralized ledger 202 supports continuous auditing and transparency for the life of provenance block 102 and data storage block 101 .
  • the encryption manager 203 provides functionality to associate inbound data storage block 101 and provenance block 102 with the appropriate encryption tokens and supports alignment of users and/or processes access through the contract checker 204 (e.g., Smart Contract Controller Gateway) or to the encryption tokens required for access to the data within the data storage block 101 .
  • the contract checker 204 is the entry point from the organization 205 to the management module 103 . It facilitates authentication and authorization for each user or process that is to be granted access. It is the policy determination point which verifies the user and/or process identity, location, and access privileges.
  • FIG. 4 illustrates how the logging module 104 logs all relevant data.
  • the logging module 104 logs both user access 406 and system access 405 . Both are authenticated and authorized using the identity, authorization and access management (IAM module) 403 . Based upon the IAM module 403 , reads and writes are permitted on the data storage block 101 and data provenance block 102 .
  • the rules analytics module 105 accesses the data provenance blocks 102 to check that the appropriate policies and regulations are enforced. Note, data storage block 101 and data provenance block 102 are not part of the logging module 104 , as can be seen in FIG. 4 .
  • FIG. 5 illustrates how smart contracts allow users and organizations to verify directly that internal entity policies and third-party regulations are being followed, without an entity's participation or the participation from other third parties.
  • organization 205 e.g., user group, entity, system process etc.
  • a contract checker 204 can use a contract checker 204 to access encrypted data blocks 301 .
  • the provenance data within the encrypted data block 301 may be accessed and analyzed by the rules analytics module 105 , 801 , with the results returned to the requester. This is because the necessary provenance data has been stored in immutable provenance blocks 102 by the model and analytics logging module 402 , as shown in FIG. 7 .
  • FIG. 6 shows how the fine-grained identity and access management (IAM) is handled by the IAM module 403 for both user access 406 and system access 405 to data storage block 101 and data provenance block 102 .
  • User and system identity is first authenticated with the authentication services 603 . Once authenticated the access to a particular field of data storage block 101 or data provenance block 102 is provided by the authorization service 604 .
  • Data may be from multiple data sources 605 a - n , but access is provided to precisely the data source 605 a - n and to precisely only the authorized fields within the data sources as needed.
  • the authorization to access data is fine grained or, what is sometimes called cell based, and authorization is not provided to entire datasets, unless the user or system process is authorized to access the entire dataset.
  • the data and provenance blocks are encrypted as shown in FIG. 3 and only decrypted when the user or system is authorized to access a particular field or fields.
  • FIG. 7 is a flow chart of a method for model and analytic scoring, logging and auditing according to an embodiment of the present invention.
  • Provenance records are kept of the workflows used for the following steps.
  • Step 701 collects data from multiple sources 605 a - n .
  • Step 2 cleans and normalizes the data.
  • Step 3 computes features (e.g., features for aggregating or transforming data).
  • Step 704 uses the features as inputs to models and workflows.
  • Step 705 uses the scores produced by the models and workflows in step 704 as inputs to the post-processing rules to produce the final scores and other outputs.
  • the processing steps 701 through 705 may be implemented or expressed in different ways.
  • each workflow is to express each workflow as a directed acyclic graph (DAG), in which each node of the graph is a software program or application called, and with a directed edge between two nodes indicating how the outputs from one node are used as the inputs to another node.
  • DAG directed acyclic graph
  • each software program or application is labeled with a unique label and available in an environment or framework that allows its execution.
  • the software program or application may be in a Docker container or other container, which provides a virtualized environment that encapsulates software applications and all the required libraries and configuration files.
  • the software program or application may be part of a serverless framework.
  • a container is a packaging of software and the necessary software libraries and configuration files so that the container may be run using a cloud-computing platform as a service execution model that uses virtualization to: i) support the execution of programs within containers, and ii) the ability of containers to communicate with other containers, as specified in appropriate configuration files.
  • a serverless framework is another cloud-computing execution model in which the cloud service provider runs the server or servers executing the software code, and dynamically manages the allocation of machine resources required to run the server or servers.
  • each node in each workflow corresponding to a software program or application is assigned a unique label and this information is persisted in an immutable provenance block 102 .
  • each workflow is assigned a unique label and also persisted in immutable provenance blocks.
  • provenance information persists in the provenance blocks 102 capturing the data source 605 n and the processing workflow steps 701 , 702 , . . . , 705 . This enables the logging module 402 to associate an immutable provenance record with each score or other output produced by the fraud and risk analytics module 106 of FIG. 2 .
  • the rules module 105 can review the compliance of the scoring either record by record as the scoring is done, or periodically by examining batches of scored data and their associated provenance record.
  • a single provenance record that contains the totality of information characterizing the data source 605 n and the processing 701 , 702 , . . . , 705 can be associated and used to provide the immutable provenance information for each single score or for a batch of scores produced by the fraud and risk analytics system 106 .
  • the clean and normalized data from step 702 is directly used by the analytic models and workflow step 704 and does not need necessarily to compute features in step 703 . This is the case, for example, with deep learning models.
  • FIG. 8 illustrates software modules for checking that an entity's internal policies and external policies required by users, data suppliers, and third-party regulatory agencies, industry best practices, and others are being supported. For example, a particular user may not have given permission for his or her historical purchases be used to score fraud and risk models.
  • module 802 developed a fraud or risk model using data available in the datamart 702
  • module 801 would verify that this user's historical purchases, or data derived from this user's historical purchases, would not be used as part of the training data from datamart 702 by module 802 to build any models.
  • provenance blocks 102 could be analyzed to be sure that the user's historical purchases were not used to build any models.
  • provenance records 102 could be analyzed for any user of interest to check whether any model deployed by module 803 used data from the user being audited to ensure this data was consistent with the user's preferences at that time as provided by the user data 401 , and as recorded in the relevant immutable data provenance block 101 .
  • audit reports 806 can be produced over batches of data, as well as alerts 804 and real-time monitoring records 805 for individual records being scored, as provided by the model and analytics logging data 402 .
  • the subject matter described herein can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structural means disclosed in this specification and structural equivalents thereof, or in combinations of them.
  • the subject matter described herein can be implemented as one or more computer program products, such as one or more computer programs tangibly embodied in an information carrier (e.g., in a machine readable storage device), or embodied in a propagated signal, for execution by, or to control the operation of, data processing apparatus (e.g., a programmable processor, a computer, or multiple computers).
  • a computer program (also known as a program, software, software application, or code) can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment.
  • a computer program does not necessarily correspond to a file.
  • a program can be stored in a portion of a file that holds other programs or data, in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub programs, or portions of code).
  • a computer program can be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network.
  • processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processor of any kind of digital computer.
  • a processor will receive instructions and data from a read only memory or a random access memory or both.
  • the essential elements of a computer are a processor for executing instructions and one or more memory devices for storing instructions and data.
  • a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto optical disks, or optical disks.
  • Information carriers suitable for embodying computer program instructions and data include all forms of nonvolatile memory, including by way of example semiconductor memory devices, (e.g., EPROM, EEPROM, and flash memory devices); magnetic disks, (e.g., internal hard disks or removable disks); magneto optical disks; and optical disks (e.g., CD and DVD disks).
  • semiconductor memory devices e.g., EPROM, EEPROM, and flash memory devices
  • magnetic disks e.g., internal hard disks or removable disks
  • magneto optical disks e.g., CD and DVD disks
  • optical disks e.g., CD and DVD disks.
  • the processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.
  • the subject matter described herein can be implemented in a computing system that includes a back end component (e.g., a data server), a middleware component (e.g., an application server), or a front end component (e.g., a client computer mobile device, wearable device, having a graphical user interface or a web browser through which a user can interact with an implementation of the subject matter described herein), or any combination of such back end, middleware, and front end components.
  • the components of the system can be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network (“LAN”) and a wide area network (“WAN”), e.g., the Internet.
  • LAN local area network
  • WAN wide area network

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Human Computer Interaction (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Evolutionary Computation (AREA)
  • Artificial Intelligence (AREA)
  • Mathematical Physics (AREA)
  • Medical Informatics (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Systems and methods for recording information at a granular level; checking and verifying that data is used and processed is consistent with an entity's internal policies and/or external regulations; and producing reports to authorized users (e.g., individuals and organizations) with information are provided. The system and methods capture required data in an immutable fashion so that users outside of an entity (e.g., public, third parties) can check and audit that internal policies and other regulatory policies and frameworks are followed.

Description

  • This application is a continuation of U.S. application Ser. No. 17/990,601, filed Nov. 18, 2022, for DATA BLOCK-BASED SYSTEM AND METHODS FOR PREDICTIVE MODELS, which is a continuation of U.S. application Ser. No. 16/855,027, filed Apr. 22, 2020, for DATA BLOCK-BASED SYSTEM AND METHODS FOR PREDICTIVE MODELS, both of which are incorporated in their entirety herein by reference.
  • FIELD OF THE DISCLOSURE
  • The present disclosure relates to cybersecurity, fraud and risk systems. More particularly, the disclosure relates to systems, methods and architecture for the collection and use of data, and the processing of data for analytic models and workflows.
  • BACKGROUND OF THE DISCLOSURE
  • Building and deploying cybersecurity, fraud and risk models using conventional systems and methods have a number of challenges in trying to ensure that relevant and data sharing policies, as well as all required regulatory requirements are followed. Applying known machine learning techniques to build and deploy fraud and risk models requires collecting the required data, cleaning and transforming the data to build the required features, either directly through feature engineering or indirectly through deep learning, estimating the parameters of the models, and then deploying the models into operational systems to process and score the data, either in batch or in near real time. There are policies and regulatory requirements about what data is collected and how users are informed, what data is shared and with whom, what data is used to build models, what data is used as the inputs to models to produce scores, and what actions are taken by systems based upon the scores. Users whose data is collected, members of data sharing consortium, customers that buy collected or processed data, and customers that buy models or scores, and users whose interactions with systems are determined in part by models and scores, each of whom have an interest in verifying claims that data, models, scores and actions are all compliant with relevant policies and regulatory requirements. This task is quite difficult given how data is collected in conventional systems, in conjunction with how models are typically built and integrated into user facing systems.
  • Conventional systems and methods have three primary disadvantages. First, regarding collection and use of data, data collection, data access, and used for analytic models is not currently captured in a way that provides a complete custody or “provenance chain.” Regarding processing of data for analytic models and workflows, methods of cleaning, processing and aggregating data for fraud and risk analysis is not captured in a way that provides a complete custody or provenance chain. This data may be needed to produce “features” or used as inputs to models or workflows and is subject to audit or to continuous checking of regulatory requirements, privacy rules, or data sharing rules. Regarding inspection and auditing of data use and data processing, conventional methods and systems rely on manual creation and maintenance of reports of the data flows that collect data and the ways that data models and scores are used by internal processes and systems. These reports further rely on manual updates as different data sources are used or as the system is changed. These reports are then used when regulatory disclosures, audit reports and similar reporting is required. The manual nature of such reporting inserts time delay and is also a source of error that will propagate throughout the system. In practice, it is common that models and workflows are changed, but the documentation that is used for compliance purposes is not changed which leads to a gap between the documentation that is consistent with the policies and regulations and the model that has drifted from and therefore no longer compliant with the policies and regulations.
  • BRIEF SUMMARY OF THE DISCLOSURE
  • Embodiments of the present invention provide systems and methods for the collection and use of data, and the processing of data for analytic models and workflows. The embodiments herein log each time data is collected, accessed or processed. In an embodiment, a system for data sharing with a plurality of users, from an organization or a consortium of organizations, and checking rule compliance is provided. The system comprises: a block-based storage system containing data blocks; a first module coupled to the block-based storage system for creating and reading the data blocks; a second module adapted and configured to manage at least one of logging of data collection, data access by at least one of the plurality of users, data access by the system, and an execution of workflows; and a third module adapted and configured to ensure the system is compliant with a plurality of rules.
  • In an embodiment, the data blocks within the block-based storage system comprise at least one of data storage blocks and data provenance blocks. In an embodiment, the plurality of rules are at least one of data collection rules, data sharing rules, privacy rules and regulatory requirements. In an embodiment, the first module is adapted and configured to be a centralized ledger. In an embodiment, the plurality of users are all from the same organization or the same consortium of organizations. In an embodiment, the third module is adapted and configured to enable at least one of the plurality of users from within the organization or the consortium of organizations to check whether data collection is compliant with at least one of the plurality of rules. In an embodiment, third module is adapted and configured to enable at least one of the plurality of users, outside of the organization or the consortium of organizations, with confirmation of whether at least of one of access to and processing of the data by the system, data sharing, building of models, use of scores and other outputs from models and workflows is compliant with at least one of the plurality of rules. In an embodiment, the first module is adapted and configured to use a block chain. In an embodiment, the third module is adapted and configured so that at least one of the plurality of users are outside of an organization or consortium of organizations. In an embodiment, the third module is adapted and configured to enable at least one of the plurality of users within an organization or the consortium of organizations to check whether data collection is compliant with at least one of the plurality of rules. In an embodiment, the third module is adapted and configured to enable at least one of the plurality of users, outside of the organization or the consortium of organizations, to check whether data collection is compliant with at least one of the plurality of rules. In an embodiment, the third module is adapted and configured so that at least one of the plurality of users, from within the organization or the consortium of organizations, with confirmation of whether at least one of access to and processing of the data blocks by the system, data sharing, building of models, use of scores and other outputs from models and workflows is consistent with at least one of the plurality of rules. In an embodiment, the third module is adapted and configured to provide at least one of the plurality of users outside of the organization or the consortium of organizations with confirmation of whether at least one of access to and processing of the data blocks by the system, data sharing, building of models, use of scores and other outputs from models and workflows is compliant with at least one of the plurality of rules.
  • In an embodiment, the second module is adapted and configured to check that data collection is consistent with at least one of the plurality of rules. In an embodiment, the second module is adapted and configured to check that the use of scores and other outputs from models and workflows is compliant with at least one of the plurality of rules. In an embodiment, the second module is adapted and configured to check that access to and processing of the data modules by the system is compliant with the at least one of the plurality of rules. In an embodiment, the second module is adapted and configured to check whether at least one of data sharing and building of models is consistent with at least one of the plurality of rules. In an embodiment, a log of access to the data blocks by the system is saved to the first module. In an embodiment, the third module is adapted and configured to enable at least one of the plurality of users outside the organization or the consortium of organizations with confirmation whether data collection is compliant with at least one of the plurality of rules. In an embodiment, the third module is adapted and configured to enable at least one of the plurality of users from within the organization or the consortium of organizations to check whether at least of one of access to and processing of the data blocks by the system, data sharing, building of models, use of scores and other outputs from models and workflows is compliant with at least one of the plurality of rules.
  • These and other capabilities of the disclosed subject matter will be more fully understood after a review of the following figures, detailed description, and claims. It is to be understood that the phraseology and terminology employed herein are for the purpose of description and should not be regarded as limiting.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • The present disclosure is illustrated and described herein with reference to the various drawings, in which like reference numbers are used to denote like system components, as appropriate, and in which:
  • FIG. 1 is a block diagram of a system according to embodiments of the present invention,
  • FIG. 2 is a diagram of the structure of an encrypted data block such as data storage blocks and data provenance blocks within a system according to embodiments of the present invention;
  • FIG. 3 illustrates a data block according to embodiments of the present invention;
  • FIG. 4 illustrates how the Data and Model Policy Block (DMPB) module logs relevant data according to embodiments of the present invention;
  • FIG. 5 is a block diagram of a contract checker being used to access encrypted provenance blocks according to an embodiment of the present invention;
  • FIG. 6 illustrates the identity, authorization and access management (IAM) module for both user access and system access to the data blocks and provenance blocks according to embodiments of the present invention;
  • FIG. 7 illustrates a method for model and analytic scoring logging and auditing according to embodiments of the present invention; and
  • FIG. 8 illustrates software modules for checking that an entity's (e.g., a company, organization, or group) internal policies and external policies are being supported according to embodiments of the present invention.
  • DETAILED DESCRIPTION OF THE DISCLOSURE
  • Embodiments of the invention include i) automated processes for recording information at a granular level; ii) methods for checking/verifying that data is used and processed is consistent with an entity's internal policies and/or external regulations, and iii) methods for producing reports to authorized users (e.g., individuals and organizations) with information related to items i) and ii). Embodiments also include systems for capturing required data in an immutable fashion so that users outside of an entity (e.g., public, third parties) can check and audit that internal policies and other regulatory policies and frameworks are followed. These policies and frameworks may include ensuring that: i) data is collected appropriately; ii) data is appropriately processed to be used as inputs to fraud or risk models; iii) inputs are processed by fraud and risk models and workflows to produce scores (e.g., risk scores) appropriately; and iv) scores are used by fraud and risk systems appropriately. In an embodiment, a system is provided such that members of a consortium can also check and audit these four processes. A consortium may, for example, check that user location data is not used for ad targeting or that user data is not used to build risk models.
  • An example of a workflow for a risk model is when a user risk model is used to produce a score about the user's overall risk; a separate transaction risk model is used to produce a score about the risk of a particular transaction; both of the scores, plus additional inputs, are used as input to a third risk model that produces a third score that integrates the scores from the two models; and, the third score is used as input to a fourth model, that rescales the score and applies certain business rules, such as ignoring small dollar transactions that may unnecessarily inconvenience the user compared to the potential reduction in risk to the organization. Examples of other outputs of models beyond scores include the confidence level associated with the score and certain explanatory codes or strings that can be used to help explain to the user why the score was particularly high or low.
  • There are several benefits and advantages of the embodiments provided herein, including but not limited to, the following examples. Embodiments herein utilize distributed data objects (e.g., data storage blocks) in order to capture all the relevant collected and processed data at a scale and level of granularity required. Distributed data objects (e.g. provenance blocks) are provided that contain provenance information about the data, how and when it is accessed, and how and when it is processed and “cell level access methods” are provided that ensure users are given access to precisely the data that they are authorized to view at the granularity required. In addition, analytic processing of data is expressed in workflow languages and immutable logs of the workflows are created by the embodiments using provenance blocks which are used to capture the internal processing of data, model inputs, model outputs, and system alerts and notifications at the scale and granularity required. Further, distributed data and provenance blocks with blockchain or centralized ledgers according to embodiments herein provide access to public and consortium members to precisely the data they are authorized to see.
  • FIG. 1 is an overview of a system 100 according to an embodiment of the present invention. The system 100 consists of a plurality of layers, with modules and components in layers communicating to the layers above or below using application programming interfaces (APis). Layer 1 is a distributed data block-based secure storage layer that includes one or more data storage blocks 101 and one or more data provenance blocks 102 in a data lake (not shown). Layer 2 is an infrastructure or management module 103 coupled to Layer 1 for managing the data storage blocks 101 and data provenance blocks 102. In an embodiment, the data block system management module 103 of Layer 2 includes a Data and Model Provenance Blocks (hereinafter “DMPB”) module 103 a. In an embodiment, Layer 2 includes a centralized ledger 103 b. The management module 103 is adapted and configured to store and/or manage one or more of the following: immutable cryptographically signed logs, claims, and other assertions about user access, data access, data provenance, data processing and related events. (Note, the acronym DMPB herein is used throughout this disclosure to describe the data and model provenance blocks that contain information about how data is processed, and, in particular, how data is processed to produce fraud and risk models.)
  • In an embodiment, DMPB module 103 a uses blockchain so that a mechanism can be provided to members of the public who have contributed their own data and interacted with the system can check how their data is used by the system 100 and that this use is consistent with the required policies and regulations. Once a user registers with the system 100, the user is assigned a random string of letters and numbers (i.e., the block chain user ID) that is associated with all user related data in data storage blocks 101 and all provenance related data in data provenance blocks 102. Since the data storage blocks 101 and data provenance blocks 102 may be immutable and cannot be changed once they are written, the system 100 may provide the user with the necessary information about what data of theirs was collected and how it was used.
  • Layer 3 is a logging module 104 that includes an identity, authorization and access management (IAM) module 403. The logging module 104 communicates to the DMPB module in Layer 2 via API calls. The IAM module 403 provides: a) identity access management; b) role based and attribute-based access controls; c) fine-grained cell-based access controls; and d) data provenance and auditing. The IAM module 104 writes immutable cryptographically signed logs about user access, data access, data provenance, data processing and related events to Layer 2. Layer 4 is a rule (e.g. regulatory and policy) analytics module 105 that is adapted and configured to provide real-time processing and auditing, including: a) continuous checking of data sharing rules; b) continuous checking of privacy rules, c) continuous checking of regulatory requirements; and d) real-time auditing of the continuous checking of steps a), b) and c). Layer 5 is a fraud and analytics module 106 that provides functionality for building and deploying risk and fraud models with data provided by layer 1, with identify and access management provided by Layer 2, and with rules (e.g. data sharing, privacy rules, and regulatory requirements) checking provided by Layer 3.
  • Embodiments of the identity, authorization and access management TAM module 403 of Layer 3 and the rule analytics module 105 of Layer 4 may be provided with either a centralized ledger 102 or DMPB module in Layer 2. A public governance model for Layer 2 data blocks can be used, or a consortium or federated governance model for a centralized ledger can be used so that access to the data is limited, for example, to partners providing data for the fraud and risk models or to partners deploying the risk and fraud models developed by the system.
  • FIG. 2 illustrates the operation of the management module 103 of Layer 2 in FIG. 1 . As the various steps required to build fraud and risk models are completed by the system 100, the completion of each step (e.g., assertions or claims) is written by Layer 3 to a DMPB 103 a or to a centralized ledger 103 b in Layer 2, depending upon a desired governance model. The management module 103 provides all the information necessary to check that fraud, risk and other models are collecting and processing data appropriately as required by the rules (e.g., internal policies and external policies and regulations). As data is accessed by users (e.g., User 1, User 2 . . . User n) within an organization 205, as data is processed to produce models, and as scores produced by models are processed, data and model provenance assertions/claims are written by the IAM module 104 of Layer 3, as also illustrated in FIG. 2 .
  • Whenever data is collected or accessed, appropriate checks are made to ensure that all required conditions and regulations are satisfied, and the appropriate assertions/claims would be recorded by Layer 4. Data storage blocks 101 are the smallest, most granular piece of information that is to be stored within the system 100. All data storage blocks 101 are cryptographically bound to the visibility and sharing restrictions in accordance with policies defined by the user such as encrypted data block 301. Data storage blocks 101 are then encrypted for processing and persistence using encryption header 302 and encrypted payload 303. In an embodiment, data storage blocks 101 are centralized. In another embodiment, data storage blocks 101 are geographically distributed within all applicable geographic regions to enable high-availability, failover, locality-based speed of response, and consistency of user experience. Visibility of data storage blocks 101 is cryptographically attached to each data storage block 101. Access to these data storage blocks 101 requires the appropriate authorizations for secure data sharing based on user access visibility assessed through a Smart Contract associated with contract checker 204.
  • Data provenance blocks 102 are a record of all interactions with data storage blocks 101. They also provide an immutable record of how fraud and risk models are built and how they are used to process and to score user data. When a data storage block 101 is created by a user within an organization, who or what created it, when it was accessed, who or what accessed it, why it was accessed, and where it was used are stored. Provenance blocks are used for patterns of life, attribution, pedigree, and lineage of the data blocks. This is a continuous process for appending immutable transaction details to the data block for its lifetime. Provenance records, unless otherwise prohibited by law or customer policy, are retained after data blocks are deleted for analysis.
  • FIG. 3 illustrates the structure of an embodiment of an encrypted data block 301 such as data storage block 101 or data provenance block 102, which may be utilized in Layer 1 of FIG. 1 . Encrypted data block 301 includes an encryption header 302. The encryption header 302 contains the information necessary so that each encrypted data block 301 may be part of a distributed block-based storage system that may include a plurality of data storage blocks 101 and data provenance blocks 102. The encrypted data block 301 also includes an encrypted payload 303, whose encrypted key is provided in the encryption header 302.
  • The encrypted payload 303 is comprised of two parts: 1) a crypto header 303 a, which contains provenance related information, and the associated payload 305. The crypto header 303 a contains a cryptographic signature that is used to verify the integrity of the data storage block 30, so that it is immutable. This is necessary so that the encrypted data block 301 itself can be audited by the Regulatory and Provenance Analytics of the rule analytics module 105. Finally, the payload 303 b contains the actual data being managed by the encrypted data block 301. This may include the original data and/or provenance information about the data generated by the system 100. The payload 305 may contain several different types of data, that includes, but is not limited to: data collected for analysis by the system, cleaned, aggregated, and transformed data that are inputs to analytic models; the outputs of analytic models, which may be the inputs of other analytic models that are part of an analytic workflow. Scores produced by analytic models or analytic workflows; analytic models themselves in a serialized or other format so that they can be stored in one or more data storage blocks 101. Rules that are used for post-processing analytic models and analytic workflows before they are passed to other external interfaces and components. These rules are also in a serialized or other format so that they can be stored in one or more data storage blocks 101.
  • Creation of provenance records. Provenance records in data provenance blocks 102 are created by the system for a number of different reasons and purposes, including, but not limited to when new data storage block 101 is created, updated, or deleted. In an embodiment, data is only deleted or changed when required by the rules such as regulations or policy. Data is immutable and changes to data are made by appending the changes to the current state of the data, or using another mechanism for creating and maintain immutable data, so that there is a complete audit chain of all changes to the data under one or more of the following conditions: when data storage blocks 101 are access by any user or system process; or when a policy requirement of a regulation changes the access rules for data. A regulation change may be, for example, that provenance records can be hidden after a requirement to purge data following a request for the right to be forgotten.
  • Returning to FIG. 2 , the provenance & data block manager 201 continuously evaluates data storage blocks 101 for changes in customer policy and enforces regulatory modifications required for access to the data storage blocks 101. If a data block policy is updated for any reason, it is tracked via data provenance block 102 for later analysis. The provenance & data block manager 201 is also adapted and configured to provide auditing and precision data deletions periodically or as desired. Centralized Ledger 202 is an immutable storage mechanism for the provenance & data block manager 201. Centralized ledger 202 supports continuous auditing and transparency for the life of provenance block 102 and data storage block 101. The encryption manager 203 provides functionality to associate inbound data storage block 101 and provenance block 102 with the appropriate encryption tokens and supports alignment of users and/or processes access through the contract checker 204 (e.g., Smart Contract Controller Gateway) or to the encryption tokens required for access to the data within the data storage block 101. The contract checker 204 is the entry point from the organization 205 to the management module 103. It facilitates authentication and authorization for each user or process that is to be granted access. It is the policy determination point which verifies the user and/or process identity, location, and access privileges.
  • FIG. 4 illustrates how the logging module 104 logs all relevant data. The logging module 104 logs both user access 406 and system access 405. Both are authenticated and authorized using the identity, authorization and access management (IAM module) 403. Based upon the IAM module 403, reads and writes are permitted on the data storage block 101 and data provenance block 102. The rules analytics module 105 accesses the data provenance blocks 102 to check that the appropriate policies and regulations are enforced. Note, data storage block 101 and data provenance block 102 are not part of the logging module 104, as can be seen in FIG. 4 .
  • FIG. 5 illustrates how smart contracts allow users and organizations to verify directly that internal entity policies and third-party regulations are being followed, without an entity's participation or the participation from other third parties. For example, as illustrated in FIG. 5 , organization 205 (e.g., user group, entity, system process etc.) can use a contract checker 204 to access encrypted data blocks 301. As long as the user or system request has access to the relevant data, as determined by the IAM module 403, the provenance data within the encrypted data block 301 may be accessed and analyzed by the rules analytics module 105, 801, with the results returned to the requester. This is because the necessary provenance data has been stored in immutable provenance blocks 102 by the model and analytics logging module 402, as shown in FIG. 7 .
  • FIG. 6 shows how the fine-grained identity and access management (IAM) is handled by the IAM module 403 for both user access 406 and system access 405 to data storage block 101 and data provenance block 102. User and system identity is first authenticated with the authentication services 603. Once authenticated the access to a particular field of data storage block 101 or data provenance block 102 is provided by the authorization service 604. Data may be from multiple data sources 605 a-n, but access is provided to precisely the data source 605 a-n and to precisely only the authorized fields within the data sources as needed. In other words, the authorization to access data is fine grained or, what is sometimes called cell based, and authorization is not provided to entire datasets, unless the user or system process is authorized to access the entire dataset. The data and provenance blocks are encrypted as shown in FIG. 3 and only decrypted when the user or system is authorized to access a particular field or fields.
  • FIG. 7 is a flow chart of a method for model and analytic scoring, logging and auditing according to an embodiment of the present invention. Provenance records are kept of the workflows used for the following steps. Step 701 collects data from multiple sources 605 a-n. Step 2 cleans and normalizes the data. Step 3 computes features (e.g., features for aggregating or transforming data). Step 704 uses the features as inputs to models and workflows. Step 705 uses the scores produced by the models and workflows in step 704 as inputs to the post-processing rules to produce the final scores and other outputs. The processing steps 701 through 705 may be implemented or expressed in different ways.
  • One of the common implementations is to express each workflow as a directed acyclic graph (DAG), in which each node of the graph is a software program or application called, and with a directed edge between two nodes indicating how the outputs from one node are used as the inputs to another node. Each software program or application is labeled with a unique label and available in an environment or framework that allows its execution. For example, in an embodiment, the software program or application may be in a Docker container or other container, which provides a virtualized environment that encapsulates software applications and all the required libraries and configuration files. Alternately, in another implementation, the software program or application may be part of a serverless framework. In this context, a container is a packaging of software and the necessary software libraries and configuration files so that the container may be run using a cloud-computing platform as a service execution model that uses virtualization to: i) support the execution of programs within containers, and ii) the ability of containers to communicate with other containers, as specified in appropriate configuration files. In this context, a serverless framework is another cloud-computing execution model in which the cloud service provider runs the server or servers executing the software code, and dynamically manages the allocation of machine resources required to run the server or servers.
  • In this way, each node in each workflow corresponding to a software program or application is assigned a unique label and this information is persisted in an immutable provenance block 102. In addition, each workflow is assigned a unique label and also persisted in immutable provenance blocks. In this way, provenance information persists in the provenance blocks 102 capturing the data source 605 n and the processing workflow steps 701, 702, . . . , 705. This enables the logging module 402 to associate an immutable provenance record with each score or other output produced by the fraud and risk analytics module 106 of FIG. 2 . Given these provenance records, the rules module 105 can review the compliance of the scoring either record by record as the scoring is done, or periodically by examining batches of scored data and their associated provenance record. As an alternative implementation, a single provenance record that contains the totality of information characterizing the data source 605 n and the processing 701, 702, . . . , 705 can be associated and used to provide the immutable provenance information for each single score or for a batch of scores produced by the fraud and risk analytics system 106. In some implementations, the clean and normalized data from step 702 is directly used by the analytic models and workflow step 704 and does not need necessarily to compute features in step 703. This is the case, for example, with deep learning models.
  • FIG. 8 illustrates software modules for checking that an entity's internal policies and external policies required by users, data suppliers, and third-party regulatory agencies, industry best practices, and others are being supported. For example, a particular user may not have given permission for his or her historical purchases be used to score fraud and risk models. In this case, when the module 802 developed a fraud or risk model using data available in the datamart 702, module 801 would verify that this user's historical purchases, or data derived from this user's historical purchases, would not be used as part of the training data from datamart 702 by module 802 to build any models. In addition, as part of an audit analysis of historical scores, provenance blocks 102 could be analyzed to be sure that the user's historical purchases were not used to build any models. Similarly, provenance records 102 could be analyzed for any user of interest to check whether any model deployed by module 803 used data from the user being audited to ensure this data was consistent with the user's preferences at that time as provided by the user data 401, and as recorded in the relevant immutable data provenance block 101. In this way, audit reports 806 can be produced over batches of data, as well as alerts 804 and real-time monitoring records 805 for individual records being scored, as provided by the model and analytics logging data 402.
  • The subject matter described herein can be implemented in digital electronic circuitry, or in computer software, firmware, or hardware, including the structural means disclosed in this specification and structural equivalents thereof, or in combinations of them. The subject matter described herein can be implemented as one or more computer program products, such as one or more computer programs tangibly embodied in an information carrier (e.g., in a machine readable storage device), or embodied in a propagated signal, for execution by, or to control the operation of, data processing apparatus (e.g., a programmable processor, a computer, or multiple computers). A computer program (also known as a program, software, software application, or code) can be written in any form of programming language, including compiled or interpreted languages, and it can be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment. A computer program does not necessarily correspond to a file. A program can be stored in a portion of a file that holds other programs or data, in a single file dedicated to the program in question, or in multiple coordinated files (e.g., files that store one or more modules, sub programs, or portions of code). A computer program can be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network.
  • The processes and logic flows described in this specification, including the method steps of the subject matter described herein, can be performed by one or more programmable processors executing one or more computer programs to perform functions of the subject matter described herein by operating on input data and generating output. The processes and logic flows can also be performed by, and apparatus of the subject matter described herein can be implemented as, special purpose logic circuitry, e.g., an FPGA (field programmable gate array) or an ASIC (application specific integrated circuit).
  • Processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processor of any kind of digital computer. Generally, a processor will receive instructions and data from a read only memory or a random access memory or both. The essential elements of a computer are a processor for executing instructions and one or more memory devices for storing instructions and data. Generally, a computer will also include, or be operatively coupled to receive data from or transfer data to, or both, one or more mass storage devices for storing data, e.g., magnetic, magneto optical disks, or optical disks. Information carriers suitable for embodying computer program instructions and data include all forms of nonvolatile memory, including by way of example semiconductor memory devices, (e.g., EPROM, EEPROM, and flash memory devices); magnetic disks, (e.g., internal hard disks or removable disks); magneto optical disks; and optical disks (e.g., CD and DVD disks). The processor and the memory can be supplemented by, or incorporated in, special purpose logic circuitry.
  • The subject matter described herein can be implemented in a computing system that includes a back end component (e.g., a data server), a middleware component (e.g., an application server), or a front end component (e.g., a client computer mobile device, wearable device, having a graphical user interface or a web browser through which a user can interact with an implementation of the subject matter described herein), or any combination of such back end, middleware, and front end components. The components of the system can be interconnected by any form or medium of digital data communication, e.g., a communication network. Examples of communication networks include a local area network (“LAN”) and a wide area network (“WAN”), e.g., the Internet.
  • It is to be understood that the disclosed subject matter is not limited in its application to the details of construction and to the arrangements of the components set forth in the following description or illustrated in the drawings. The disclosed subject matter is capable of other embodiments and of being practiced and carried out in various ways. Also, it is to be understood that the phraseology and terminology employed herein are for the purpose of description and should not be regarded as limiting. As such, those skilled in the art will appreciate that the conception, upon which this disclosure is based, may readily be utilized as a basis for the designing of other structures, methods, and systems for carrying out the several purposes of the disclosed subject matter. It is important, therefore, that the claims be regarded as including such equivalent constructions insofar as they do not depart from the spirit and scope of the disclosed subject matter.
  • Although the disclosed subject matter has been described and illustrated in the foregoing exemplary embodiments, it is understood that the present disclosure has been made only by way of example, and that numerous changes in the details of implementation of the disclosed subject matter may be made without departing from the spirit and scope of the disclosed subject matter, which is limited only by the claims which follow.

Claims (20)

What is claimed is:
1. A system for data sharing with a plurality of users and for checking rule compliance, the system comprising:
at least one processor;
a plurality of data storage blocks stored in a block-based storage system, wherein data included in the plurality of data storage blocks are used in at least one of building an analytic model and an analytic workflow;
a plurality of data provenance blocks stored in the block-based storage system, wherein at least one of the plurality of data provenance blocks stores provenance data related to building one of an analytic model and an analytic workflow or related to using one of an analytic model and an analytic workflow to score data and produce outputs;
a management module coupled to the block-based storage system and configured to run on one of the at least one processor to create and read the data storage blocks and the data provenance blocks of the block-based storage system; and
a logging module coupled to the management module, and configured to run on one of the at least one processor to manage at least one of logging of using at least a portion of the data stored in the data storage blocks to build an analytic model or an analytic workflow, and logging of the using of at least a portion of the data stored in the data storage blocks to score that data using one of an analytic model and an analytic workflow to produce outputs, wherein the logging module is further configured to store the logging data in the data provenance blocks of the block-based storage system.
2. The system of claim 1, further comprising a rules analytic module coupled to the logging module and configured to run on one of the at least one processor to read the created data provenance blocks, and check each data provenance block for compliance with each of a plurality of rules.
3. The system of claim 2, wherein the plurality of rules are at least one of data collection rules, data sharing rules, privacy rules and regulatory requirements.
4. The system of claim 2, wherein the plurality of users are all from the same organization or the same consortium of organizations.
5. The system of claim 4, wherein the rules analytic module is configured to enable at least one of the plurality of users from within the organization or the consortium of organizations to check whether data collection is compliant with at least one of the plurality of rules.
6. The system of claim 4, wherein the rules analytic module is configured to enable at least one of the plurality of users within the organization or the consortium of organizations with confirmation of whether data collection is compliant with at least one of the plurality of rules.
7. The system of claim 4, wherein the rules analytic module is configured to enable at least one of the plurality of users within the organization or the consortium of organizations to check whether data collection is compliant with at least one of the plurality of rules.
8. The system of claim 4, wherein the rules analytic module is configured to provide at least one of the plurality of users with confirmation of whether at least one of access to and processing of the data blocks by the system, data sharing, building of models, use of scores and other outputs from models and workflows is consistent with at least one of the plurality of rules.
9. The system of claim 4, wherein the rules analytic module is configured to provide at least one of the plurality of users with confirmation of whether at least one of access to and processing of the data blocks by the system, data sharing, building of models, use of scores and other outputs from models and workflows is compliant with at least one of the plurality of rules.
10. The system of claim 2, wherein the rules analytic module is configured so that at least one of the plurality of users are outside of an organization or consortium of organizations.
11. The system of claim 2, wherein the rules analytic module is configured to provide at least one of the plurality of users outside of the organization or the consortium of organizations with confirmation of whether at least one of access to and processing of the data by the system, data sharing, building of models, use of scores and other outputs from models and workflows is consistent with at least one of the plurality of rules.
12. The system of claim 10, wherein the rules analytic module is configured to provide at least one of the plurality of users outside of the organization or the consortium of organizations with confirmation of whether at least one of access to and processing of the data by the system, data sharing, building of models, use of scores and other outputs from models and workflows is compliant with at least one of the plurality of rules.
13. The system of claim 10, wherein the rules analytic module is configured to enable at least one of the plurality of users outside of the organization or the consortium of organizations to check whether data collection is compliant with at least one of the plurality of rules.
14. The system of claim 10, wherein the rules analytic module is configured to provide at least one of the plurality of users outside the organization or the consortium of organizations with confirmation of whether data collection is compliant with at least one of the plurality of rules.
15. The system of claim 2, wherein the rules analytic module is configured to check that access to and processing of the data storage blocks by the system is compliant with the at least one of the plurality of rules.
16. The system of claim 2, wherein the rules analytic module is configured to check whether at least one of data sharing and building of an analytic model is compliant with at least one of the plurality of rules.
17. The system of claim 1, wherein the management module includes a centralized ledger.
18. The system of claim 1, wherein the management module is adapted and configured to use a block chain.
19. The system of claim 1, wherein a log of access to the data blocks by the system is saved to the management module.
20. The system of claim 1, wherein said data provenance blocks comprise immutable records of interactions with said data storage blocks.
US18/231,689 2020-04-22 2023-08-08 Data block-based system and methods for predictive models Pending US20230409220A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US18/231,689 US20230409220A1 (en) 2020-04-22 2023-08-08 Data block-based system and methods for predictive models

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/855,027 US11507291B2 (en) 2020-04-22 2020-04-22 Data block-based system and methods for predictive models
US17/990,601 US11861200B2 (en) 2020-04-22 2022-11-18 Data block-based system and methods for predictive models
US18/231,689 US20230409220A1 (en) 2020-04-22 2023-08-08 Data block-based system and methods for predictive models

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US17/990,601 Continuation US11861200B2 (en) 2020-04-22 2022-11-18 Data block-based system and methods for predictive models

Publications (1)

Publication Number Publication Date
US20230409220A1 true US20230409220A1 (en) 2023-12-21

Family

ID=78222272

Family Applications (3)

Application Number Title Priority Date Filing Date
US16/855,027 Active 2040-07-04 US11507291B2 (en) 2020-04-22 2020-04-22 Data block-based system and methods for predictive models
US17/990,601 Active 2040-05-23 US11861200B2 (en) 2020-04-22 2022-11-18 Data block-based system and methods for predictive models
US18/231,689 Pending US20230409220A1 (en) 2020-04-22 2023-08-08 Data block-based system and methods for predictive models

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US16/855,027 Active 2040-07-04 US11507291B2 (en) 2020-04-22 2020-04-22 Data block-based system and methods for predictive models
US17/990,601 Active 2040-05-23 US11861200B2 (en) 2020-04-22 2022-11-18 Data block-based system and methods for predictive models

Country Status (2)

Country Link
US (3) US11507291B2 (en)
WO (1) WO2021216321A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11507291B2 (en) 2020-04-22 2022-11-22 IronNet Cybersecurity, Inc. Data block-based system and methods for predictive models
US20220035939A1 (en) * 2020-08-03 2022-02-03 Jpmorgan Chase Bank, N.A. Method and system for dynamic data masking
US11636469B2 (en) * 2021-06-08 2023-04-25 DIA Association Data access management with non-fungible tokens
US11968307B2 (en) * 2021-09-27 2024-04-23 International Bisuness Machines Corporation Private ledger partitions in blockchain networks
US12034832B1 (en) * 2023-05-22 2024-07-09 Atofia Llc Systems and methods for data encryption, decryption, and authentication

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200045111A1 (en) * 2014-06-04 2020-02-06 Pure Storage, Inc. Storage system communication for data resiliency
US20180285839A1 (en) * 2017-04-04 2018-10-04 Datient, Inc. Providing data provenance, permissioning, compliance, and access control for data storage systems using an immutable ledger overlay network
US11257073B2 (en) * 2018-01-31 2022-02-22 Salesforce.Com, Inc. Systems, methods, and apparatuses for implementing machine learning models for smart contracts using distributed ledger technologies in a cloud based computing environment
US11176101B2 (en) * 2018-02-05 2021-11-16 Bank Of America Corporation System and method for decentralized regulation and hierarchical control of blockchain architecture
US11507291B2 (en) 2020-04-22 2022-11-22 IronNet Cybersecurity, Inc. Data block-based system and methods for predictive models

Also Published As

Publication number Publication date
US11861200B2 (en) 2024-01-02
US20210333995A1 (en) 2021-10-28
WO2021216321A1 (en) 2021-10-28
US20230095468A1 (en) 2023-03-30
US11507291B2 (en) 2022-11-22

Similar Documents

Publication Publication Date Title
US11861200B2 (en) Data block-based system and methods for predictive models
US11397744B2 (en) Systems and methods for data storage and processing
US10705801B2 (en) Data processing systems for identity validation of data subject access requests and related methods
US10430740B2 (en) Data processing systems for calculating and communicating cost of fulfilling data subject access requests and related methods
US11886398B2 (en) Data supply chain
US20210377310A1 (en) Method, system, apparatus and program for secure distributed data management using collaborative artificial intelligence
US20200211305A1 (en) Authorized access evaluation and remediation system
Ghavami Big data management: Data governance principles for big data analytics
US20230070625A1 (en) Graph-based analysis and visualization of digital tokens
Shaikh et al. BIoMT modular infrastructure: the recent challenges, issues, and limitations in blockchain hyperledger‐enabled e‐healthcare application
US10776517B2 (en) Data processing systems for calculating and communicating cost of fulfilling data subject access requests and related methods
US11455598B2 (en) Automated conflict resolution
US20220382727A1 (en) Blockchain based reset for new version of an application
Kummar et al. Blockchain based big data solutions for Internet of Things (IoT) and smart cities
US20240275847A1 (en) Data exchange and computer-implemented crediting protocol
AU2021253009B2 (en) Contextual integrity preservation
Short et al. A field test of a federated learning/federated analytic blockchain network implementation in an HPC environment
Hicks Transparency, compliance, and contestability when code is (n’t) law
US12079283B2 (en) Behavior driven graph expansion
Arun Kumar Developing Business-Business Private Block-Chain Smart Contracts Using Hyper-Ledger Fabric for Security, Privacy and Transparency in Supply Chain
US20210117919A1 (en) Last-mile deliver coordination
Parlak Blockchain-based Immutable Evidence and Decentralized Loss Adjustment for Autonomous Vehicle Accidents in Insurance
Wen et al. An introduction of transaction session‐induced security scheme using blockchain technology: Understanding the features of Internet of Things–based financial security systems
US11563558B2 (en) Behavior driven graph expansion
Meersman et al. On the Move to Meaningful Internet Systems: OTM 2012: Confederated International Conferences: CoopIS, DOA-SVI, and ODBASE 2012, Rome, Italy, September 10-14, 2012. Proceedings, Part II

Legal Events

Date Code Title Description
STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

AS Assignment

Owner name: FERROUS INVESTORS LP, DISTRICT OF COLUMBIA

Free format text: SECURITY INTEREST;ASSIGNORS:IRONNET CYBERSECURITY, INC.;IRONCAD LLC;REEL/FRAME:065194/0555

Effective date: 20231011

AS Assignment

Owner name: ITC GLOBAL ADVISORS, LLC, DISTRICT OF COLUMBIA

Free format text: SECURITY INTEREST;ASSIGNORS:IRONNET CYBERSECURITY, INC.;IRONCAD LLC;REEL/FRAME:066759/0535

Effective date: 20240221

Owner name: FERROUS INVESTORS LP, DISTRICT OF COLUMBIA

Free format text: SECURITY INTEREST;ASSIGNORS:IRONNET CYBERSECURITY, INC.;IRONCAD LLC;REEL/FRAME:066759/0535

Effective date: 20240221

Owner name: IRONCAD LLC, VIRGINIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:FERROUS INVESTORS LP, AS SECURED PARTY;REEL/FRAME:066759/0501

Effective date: 20240221

Owner name: IRONNET CYBERSECURITY, INC., VIRGINIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:FERROUS INVESTORS LP, AS SECURED PARTY;REEL/FRAME:066759/0501

Effective date: 20240221