US 11,704,428 B2
System and method for implementing data sovereignty safeguards in a distributed services network architecture
Richard D. Shriver, Tinton Falls, NJ (US); Edward T. Pieluc, Jr., Howell, NJ (US); Daniel J. McDonald, Whitehouse Station, NJ (US); Hugh Beverly Appling, Hickory, NC (US); David Alan Hammaker, Oakland Park, FL (US); and Zheng Sun, Greenacres, FL (US)
Assigned to OPEN TEXT HOLDINGS, INC., Menlo Park, CA (US)
Filed by Open Text Holdings, Inc., San Mateo, CA (US)
Filed on Jun. 27, 2022, as Appl. No. 17/850,613.
Application 17/850,613 is a continuation of application No. 16/997,568, filed on Aug. 19, 2020, granted, now 11,403,415.
Application 16/997,568 is a continuation of application No. 15/956,045, filed on Apr. 18, 2018, granted, now 10,803,191, issued on Oct. 13, 2020.
Claims priority of provisional application 62/486,757, filed on Apr. 18, 2017.
Prior Publication US 2022/0327229 A1, Oct. 13, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/62 (2013.01); H04L 9/40 (2022.01); H04L 67/1095 (2022.01); H04L 67/306 (2022.01); H04L 67/10 (2022.01); H04W 4/021 (2018.01)
CPC G06F 21/6218 (2013.01) [H04L 63/20 (2013.01); H04L 67/1095 (2013.01); H04L 67/306 (2013.01); G06F 2221/2111 (2013.01); H04L 63/102 (2013.01); H04L 67/10 (2013.01); H04W 4/021 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method, comprising:
receiving, at a node of a distributed service system, a request for a service from a user of an enterprise, the service provided by the distributed service system and implemented on the node, the request received through an interface of the service;
determining, by a data sovereignty module on the node, whether the user is subject to data sovereignty enforcement;
responsive to the user being subject to the data sovereignty enforcement, identifying, by the data sovereignty module on the node, a region associated with the user;
determining, by the data sovereignty module on the node based on the region thus identified, whether the node on which the service is implemented is data sovereign for the region;
responsive to the node on which the service is implemented not being data sovereign for the region, determining a response based on a response configuration of the data sovereignty module, wherein the response includes a location of an other node of the distributed service system that is data sovereign for the region and that implements a corresponding service of the distributed service system; and
communicating the response to the user.