US 12,481,779 B2
Query processing system and method
Divya Singh, Tokyo (JP); Satoshi Katsunuma, Tokyo (JP); Toshihiko Kashiyama, Tokyo (JP); Mika Takata, Tokyo (JP); and Prashant Kumar Sharma, Tokyo (JP)
Assigned to HITACHI, LTD., Tokyo (JP)
Filed by Hitachi, Ltd., Tokyo (JP)
Filed on Sep. 11, 2023, as Appl. No. 18/244,407.
Claims priority of application No. 2022-145621 (JP), filed on Sep. 13, 2022.
Prior Publication US 2024/0086564 A1, Mar. 14, 2024
Int. Cl. G06F 21/00 (2013.01); G06F 21/62 (2013.01)
CPC G06F 21/6227 (2013.01) 10 Claims
OG exemplary drawing
 
1. A query processing system comprising:
an interface device configured to receive a query;
a storage device configured to store data flow policy information of a data flow policy; and
a processor connected to the interface device and the storage device,
wherein the data flow policy is a policy that defines a first restriction on data transfer within a country or between countries and includes specific data items, among a plurality of data items, that are permitted and/or prohibited to be transferred within the country or between the countries,
wherein the processor is configured to:
execute a hierarchy checker to identify one or more data items within the query as target input/output (I/O) data by analyzing the query,
execute a data flow policy checker to execute a data flow policy check on the identified one or more data items,
when a result of the data flow policy check is true, execute an organization rule checker to execute an organization rule check on the target I/O data according to the query,
when a result of the organization rule check is false, return a result indicating that the query is a compliance violation, and
when the result of the data flow policy check is false, return a result indicating that the query is the compliance violation without executing the organization rule checker to execute the organization rule check, and
wherein for the identified one or more data items, the data flow policy check is a determination as to whether the identified one or more data items comply with the data flow policy information,
wherein for the target I/O data, the organization rule check is a determination as to whether the target I/O data complies with an organization rule indicated by organization rule information of an organization that manages the target I/O data,
wherein the organization rule is a rule that defines a second restriction imposed, based on a plurality of conditions, on the target I/O data permitted to be shared outside the organization,
wherein the processor is configured to select the hierarchy checker, which executes at least the data flow policy checker, or a naive checker, which executes at least the organization rule checker,
wherein in processing executed by the hierarchy checker, whether to execute the organization rule checker depends on the result of the data flow policy check,
wherein, in processing executed by the naive checker, whether to execute the data flow policy checker is independent of the result of the organization rule check, and
wherein when the naive checker is executed and the naive checker causes the data flow policy checker to execute, the naive checker causes the data flow policy checker and the organization rule checker to be executed in parallel.