Claims:1. A method for secured data access in a data marketplace, the method comprising a processor implemented steps of:
registering, using a DMP (data marketplace) network, comprising of a security framework, a data product module, a security module, a data product, a security policy, a log monitor, and a secured viewer, an application and a user for obtaining a registered data marketplace application and a set of one or more registered users;
authenticating, by using the DMP network, the registered data marketplace application for obtaining a secured data marketplace application;
authenticating, by using the secured data marketplace application and the security framework:
(i) one or more users from the set of authenticated and unauthenticated registered users; and
(ii) one or more of secured applications for secured accessing of the data marketplace network;
based on the one or more of authenticated registered users and secured applications, performing:
(i) generating pre-authentication details based on the data marketplace application;
(ii) storing the pre-authentication details generated into the security framework for authenticating the registered user; and
(iii) generating information pertaining to a set of authenticated registered user and a set of unauthenticated registered users;
based on the information, performing at least one of:
(i) refraining, one or more unauthenticated registered users from the set of unauthenticated registered users, from accessing the data marketplace application, and updating the security framework with unauthenticated registered users details;
(ii) establishing, a connection between one or more authenticated registered users from the set of authenticated registered users and one or more data products;
(iii) creating an application interface programming (API) based on a network being established between the security module and the data product module;
(iv) invalidating, one or more relevant access keys stored in the data marketplace application, for refraining unauthorized data access in the data marketplace application; and
(v) enabling or disabling, one or more authenticated registered users from the set of authenticated registered users, from sharing access to the created APIs to other authenticated registered users, based on a network being established between the security module and the data product module.

2. The method of claim 1, wherein the step of creating the API comprises deploying said API on the data marketplace network and mapping data in the DMP network, on least one of the DMP network or outside to control unauthorized access of data.

3. The method of claim 1, wherein the step of establishing a connection between one or more authenticated registered users and one or more data products is preceded by fetching data from the DMP network and displaying the fetched data in the secured viewer for secured user access in data marketplace.

4. The method of claim 1, further comprising automatically creating, using the API, multiple APIs based on location of data in the DMP network and the security policy for secure sharing of the automatically created APIs and performing validations of data in the DMP network.

5. The method of claim 1, wherein the step of invalidating one or more relevant access keys stored in the data marketplace application for refraining unauthorized data access comprises performing access violations checks using the log monitor for identifying one or more relevant access keys to be invalidated.

6. The method of claim 1, wherein the step of generating information pertaining to a set of authenticated registered users and a set of unauthenticated registered users is preceded by performing one of:
(i) authenticating, by encrypting the one or more of relevant access keys, registered user details for verifying one or more of authenticated registered users from a set of authenticated and unauthenticated registered users for accessing the secured viewer;
(ii) decrypting, the one or more of relevant access keys for assigning the one or more of decrypted access keys to the one or more of authenticated registered users; and
(iii) checking that the one or more relevant access keys are assigned to the one or more authenticated registered user for refraining unauthorized data product access.

7. The method of claim 1, wherein the step of sharing access to the created APIs is preceded by granting by the one or more authenticated registered users from the set of authenticated registered users to other authenticated registered users, secured access permission of the data product and generation of the one or more of relevant access keys for the API.

8. The method of claim 1, wherein the step of sharing access to the created APIs further comprises sharing of the one or more of relevant access keys to one or more authenticated registered users from the set of authenticated registered users.

9. A system comprising:
a memory storing instructions;
one or more communication interfaces; and
one or more hardware processors coupled to the memory via the one or more communication interfaces, wherein the one or more hardware processors are configured by the instructions to:
register using a DMP (data marketplace) network, comprising of a security framework, a data product module, a security module, a data product, a secured viewer, a security policy, a log monitor, and a secured viewer, an application and a user for obtaining a registered data marketplace application and a set of one or more registered users;
authenticate by using the DMP network, the registered data marketplace application for obtaining a secured data marketplace application;
authenticate by using the secured data marketplace application and the security framework:
(i) one or more users from the set of authenticated and unauthenticated registered users; and
(ii) one or more of secured applications for secured accessing of the data marketplace network;
based on the one or more of authenticated registered users and secured applications, perform:
(i) generate pre-authentication details based on the data marketplace application;
(ii) store the pre-authentication details generated into the security framework for authenticating the registered user; and
(iii) generate information pertaining to a set of authenticated registered user and a set of unauthenticated registered users;
based the information, perform at least one of:
(i) refrain one or more unauthenticated registered users from the set of unauthenticated registered users from accessing the data marketplace application and update the data marketplace application with unauthenticated registered users details;
(ii) establish a connection between one or more authenticated registered users from the set of authenticated registered users and one or more data products;
(iii) create an application interface programming (API) based on a network being established between the security module and the data product module;
(iv) invalidate one or more relevant access keys stored in the data marketplace application, for refraining unauthorized data access pertaining to the data marketplace application; and
(v) enable or disable one or more authenticated registered users from the set of authenticated registered users, from sharing access to the created APIs to other authenticated registered users, based on a network being established between the security module and the data product module.

10. The system of claim 9, wherein the API is created by deploying the API on the data marketplace network and mapping data in the DMP network, on least one of the DMP network or outside to control unauthorized access of data.

11. The system of claim 9, wherein one or more hardware processors are further configured to fetch data from the DMP network and display the fetched data in the secured viewer for secured user access in data marketplace prior to establish the connection between one or more authenticated registered users and one or more data products.

12. The system of claim 9, wherein the one or more hardware processors are further configured to automatically create, using the API, multiple APIs based on location of data in the DMP network and the security policy for secure sharing of the automatically created APIs and performing validations of data in the DMP network.

13. The system of claim 9, wherein one or more hardware processors are further configured to invalidate one or more relevant access keys stored in the data marketplace application for refraining unauthorized data access to further perform access violations checks using the log monitor for identifying one or more relevant access keys to be invalidated.

14. The system of claim 9, wherein one or more hardware processors are further configured to:
(i) authenticate by encrypting the one or more of relevant access keys, registered user details for verifying one or more of authenticated registered users from a set of authenticated and unauthenticated registered users for accessing the secured viewer;
(ii) decrypt the one or more of relevant access keys for assigning the one or more of decrypted access keys to the one or more of authenticated registered users; and
(iii) check that the one or more relevant access keys are assigned to the one or more authenticated registered user for refraining unauthorized data product access.

15. The system of claim 9, wherein the one or more hardware processors are further configured to grant by the one or more authenticated registered users from the set of authenticated registered users to other authenticated registered users, secured access permission of the data product and generation of the one or more of relevant access keys for the API prior to share access to the created APIs.

16. The system of claim 9, wherein the one or more hardware processors are further configured to share access to the created APIs by further sharing of the one or more of relevant access keys to one or more authenticated registered users from the set of authenticated users.
, Description:FORM 2

THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003

COMPLETE SPECIFICATION
(See Section 10 and Rule 13)

Title of perform:
SYSTEMS AND METHODS FOR SECURED DATA ACCESS IN
A DATA MARKETPLACE

Applicant:
Tata Consultancy Services Limited
A company Incorporated in India under the Companies Act, 1956
Having address:
Nirmal Building, 9th Floor,
Nariman Point, Mumbai 400021,
Maharashtra, India

The following specification particularly describes the invention and the manner in which it is to be performed.

TECHNICAL FIELD
[0001] The present application generally relates to the secured data access in a data marketplace. More particularly, the present application relates to systems and methods for secured data access in a data marketplace.

BACKGROUND
[0002] A data marketplace is an online venue where users can buy and sell data. Data Marketplace is a platform that facilitates various entities in monetizing data and may provide infrastructure for data storage services. It can also be a platform where end users can discover and shape, analyze and publish data. The data in a data marketplace platform may include business data, personal data, research data, market data, demographics data etc. This data may be used by various entities such as government agencies, universities, corporate world and various banking giants. With the growth of big data, which are large and complex data sets, structured or unstructured, the data marketplaces have proliferated in growth. A data market platform which offers a variety of data may be accessed by a wide variety of large number of users at a time which may often lead to security compromise in one way or the other. Hence security is paramount in a data marketplace for secured verification of identities or users information in order to facilitate secured buying, selling or exchange of data. The data owners must be able to securely share their data without any compromising the confidential information of individuals. The data suppliers must take the onus for legally auditing and enforcing the data licenses as the data marketplace supports creation and definition of data licenses.
[0003] Poor security in a data marketplace may result in unauthorized data access, loss of secured and vital data which may lead to a big financial loss for an organization or an individual. Hence there is a need for technology that provides for an integrated reliable security framework which may enforce a strict privacy compliance, establish a sound data governance framework, access revocation in case of violations, data usage control according to terms and conditions, preventive and corrective access controls, data resale under the owner’s purview and secured access sharing. Further, there is a need for technology that provides a complete oversight and control with respect to users or customers that access data or data products as well as governing the related applications and the control or use of the data once exchanged.
SUMMARY
[0004] The following presents a simplified summary of some embodiments of the disclosure in order to provide a basic understanding of the embodiments. This summary is not an extensive overview of the embodiments. It is not intended to identify key/critical elements of the embodiments or to delineate the scope of the embodiments. Its sole purpose is to present some embodiments in a simplified form as a prelude to the more detailed description that is presented below.
[0005] Systems and methods of the present disclosure enable secure data access in a data marketplace. In an embodiment of the present disclosure, there is provided a method for secured data access in a data marketplace, the method comprising: registering, using a DMP (data marketplace) network, comprising of a security framework, a data product module, a security module, a data product, a security policy, a log monitor, and a secured viewer, an application and a user for obtaining a registered data marketplace application and a set of one or more registered users; authenticating, by using the DMP network, the registered data marketplace application for obtaining a secured data marketplace application; authenticating, by using the secured data marketplace application and the security framework: (i) one or more users from the set of authenticated and unauthenticated registered users; and (ii) one or more of secured applications for secured accessing of the data marketplace network; based on the one or more of authenticated registered users and secured applications, performing: (i) generating pre-authentication details based on the data marketplace application; (ii) storing the pre-authentication details generated into the security framework for authenticating the registered user; and (iii) generating information pertaining to a set of authenticated registered user and a set of unauthenticated registered users; based the information, performing at least one of: (i) refraining, one or more unauthenticated registered users from the set of unauthenticated registered users, from accessing the data marketplace application, and updating the security framework with unauthenticated registered users details; (ii) establishing, a connection between one or more authenticated registered users from the set of authenticated registered users and one or more data products; (iii) creating an application interface programming (API) based on a network being established between the security module and the data product module; (iv) invalidating, one or more relevant access keys stored in the data marketplace application, for refraining unauthorized data access in the data marketplace application; and (v) enabling or disabling, one or more authenticated registered users from the set of authenticated registered users, from sharing access to the created APIs to other authenticated registered users, based on a network being established between the security module and the data product module; creating the API by deploying said API on the data marketplace network and mapping data in the DMP network, on least one of the DMP network or outside to control unauthorized access of data; establishing a connection between one or more authenticated registered users and one or more data products by fetching data from the DMP network and displaying the fetched data in the secured viewer for secured user access in data marketplace; automatically creating, using the API, multiple APIs based on location of data in the DMP network and the security policy for secure sharing of the automatically created APIs and performing validations of data in the DMP network; invalidating one or more relevant access keys stored in the data marketplace application for refraining unauthorized data access by performing access violations checks using the log monitor for identifying one or more relevant access keys to be invalidated; generating information pertaining to a set of authenticated registered users and a set of unauthenticated registered users by performing one of: (i) authenticating, by encrypting the one or more of relevant access keys, registered user details for verifying one or more of authenticated registered users from a set of authenticated and unauthenticated registered users for accessing the secured viewer; (ii) decrypting the one or more of relevant access keys for assigning the one or more of decrypted access keys to the one or more of authenticated registered users; and (iii) checking that the one or more relevant access keys are assigned to the one or more authenticated registered user for refraining unauthorized data product access; sharing access to the created APIs by granting by the one or more authenticated registered users from the set of authenticated registered users to other authenticated registered users, secured access permission of the data product and generation of the one or more of relevant access keys for the API; and sharing access to the created APIs by sharing of the one or more of relevant access keys to one or more authenticated registered users from the set of authenticated registered users.
[0006] In an embodiment of the present disclosure, there is provided a system for secured data access in a data marketplace, the system comprising one or more processors; one or more data storage devices operatively coupled to the one or more processors and configured to store instructions configured for execution by the one or more processors to: register using a DMP (data marketplace) network, comprising of a security framework, a data product module, a security module, a data product, a secured viewer, a security policy, a log monitor, and a secured viewer, an application and a user for obtaining a registered data marketplace application and a set of one or more registered users; authenticate by using the DMP network, the registered data marketplace application for obtaining a secured data marketplace application; authenticate by using the secured data marketplace application and the security framework: (i) one or more users from the set of authenticated and unauthenticated registered users; and (ii) one or more of secured applications for secured accessing of the data marketplace network; based on the one or more of authenticated registered users and secured applications, perform: (i) generate pre-authentication details based on the data marketplace application; (ii) store the pre-authentication details generated into the security framework for authenticating the registered user; and (iii) generate information pertaining to a set of authenticated registered user and a set of unauthenticated registered users; based the information, perform at least one of: (i) refrain one or more unauthenticated registered users from the set of unauthenticated registered users from accessing the data marketplace application and update the data marketplace application with unauthenticated registered users details; (ii) establish a connection between one or more authenticated registered users from the set of authenticated registered users and one or more data products; (iii) create an application interface programming (API) based on a network being established between the security module and the data product module; (iv) invalidate one or more relevant access keys stored in the data marketplace application, for refraining unauthorized data access pertaining to the data marketplace application; and (v) enable or disable one or more authenticated registered users from the set of authenticated registered users, from sharing access to the created APIs to other authenticated registered users, based on a network being established between the security module and the data product module; creating the API by deploying said API on the data marketplace network and mapping data in the DMP network, on least one of the DMP network or outside to control unauthorized access of data; to fetch data from the DMP network and display the fetched data in the secured viewer for secured user access in data marketplace prior to establish the connection between one or more authenticated registered users and one or more data products; automatically create, using the API, multiple APIs based on location of data in the DMP network and the security policy for secure sharing of the automatically created APIs and performing validations of data in the DMP network; to invalidate one or more relevant access keys stored in the data marketplace application for refraining unauthorized data access to further perform access violations checks using the log monitor for identifying one or more relevant access keys to be invalidated; generate information pertaining to a set of authenticated registered users and a set of unauthenticated registered users by performing one of: (i) authenticate by encrypting the one or more of relevant access keys, registered user details for verifying one or more of authenticated registered users from a set of authenticated and unauthenticated registered users for accessing the secured viewer; (ii) decrypt the one or more of relevant access keys for assigning the one or more of decrypted access keys to the one or more of authenticated registered users; and (iii) check that the one or more relevant access keys are assigned to the one or more authenticated registered user for refraining unauthorized data product access; grant by the one or more authenticated registered users from the set of authenticated registered users to other authenticated registered users, secured access permission of the data product and generation of the one or more of relevant access keys for the API prior to share access to the created APIs; and share access to the created APIs by further sharing of the one or more of relevant access keys to one or more authenticated registered users from the set of authenticated users.

BRIEF DESCRIPTION OF THE DRAWINGS
[0007] The embodiments herein will be better understood from the following detailed description with reference to the drawings, in which:
[0008] Fig. 1 illustrates a block diagram or an architecture of a system for a secured data access in a data marketplace according to an embodiment of the present disclosure;
[0009] Fig. 2 is an architecture illustrating the components of a system for a secured data access in a data marketplace according to an embodiment of the present disclosure;
[0010] Fig. 3 is a flowchart illustrating the steps involved for secured data access in a data marketplace according to an embodiment of the present disclosure;
[0011] Fig. 4 is a flowchart illustrating the steps involved in a data product activation in the data marketplace network according to an embodiment of the present disclosure;
[0012] Fig. 5 is a flowchart illustrating the steps involved in a secured process of buying of a data product by an authenticated user according to an embodiment of the present disclosure;
[0013] Fig. 6 is a flowchart illustrating the steps involved in a secured accessing of data in a data marketplace according to an embodiment of the present disclosure;
[0014] Fig. 7 is a flowchart illustrating the steps involved in access revocation of a data product in a data marketplace according to an embodiment of the present disclosure;
[0015] Fig. 8 is a flowchart illustrating the steps involved in secured data sharing or downloading from the DMP network according to an embodiment of the present disclosure;
[0016] Fig. 9 is a flowchart illustrating the steps involved in a secured resale of a data product in a data marketplace under the control of a data owner according to an embodiment of the present disclosure; and
[0017] Fig. 10 is an architecture illustrating secured user authentication and registration in a security framework of data marketplace network according to an embodiment of the present disclosure.

DETAILED DESCRIPTION OF THE EMBODIMENTS
[0018] The embodiments herein and the various features and advantageous details thereof are explained more fully with reference to the non-limiting embodiments that are illustrated in the accompanying drawings and detailed in the following description. The examples used herein are intended merely to facilitate an understanding of ways in which the embodiments herein may be practiced and to further enable those of skill in the art to practice the embodiments herein. Accordingly, the examples should not be construed as limiting the scope of the embodiments herein.
[0019] The embodiments of the present disclosure provides systems and methods of secured data access in a data marketplace. A data marketplace offers a very large volume of data for selling and buying. There are multiple users accessing the data marketplace. The users will include all types of data providers, and the data marketplace system actively sourcing new kinds of data has to be secured. The traditional systems and methods have provided for a secured environment by protecting servers against external and internal attacks, allowing data owners to set rules around accessing and putting data usage agreements in place. However, none of the traditional systems and methods controlling data usage according to terms and conditions, ensured data control and the usage control and providing for access to the APIs after terms and conditions negotiations. Hence there is a need for securing data access in a data marketplace that provides for access revocations in case of usage violations, secured sharing of access keys, persistent data controls and corrective access control by analyzing usage logs.
[0020] Referring now to the drawings, and more particularly to FIG. 1 through 10, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments and these embodiments are described in the context of the following exemplary system and/or method.
[0021] FIG. 1 illustrates an exemplary block diagram of a system 100 for a secured data access in a data marketplace according to an embodiment of the present disclosure. In an embodiment, the system 100 includes one or more processors 104, communication interface device(s) or input/output (I/O) interface(s) 106, and one or more data storage devices or memory 102 operatively coupled to the one or more processors 104. The one or more processors 104 that are hardware processors can be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the processor(s) is configured to fetch and execute computer-readable instructions stored in the memory. In an embodiment, the system 100 can be implemented in a variety of computing systems, such as laptop computers, notebooks, hand-held devices, workstations, mainframe computers, servers, a network cloud and the like.
[0022] The I/O interface device(s) 106 can include a variety of software and hardware interfaces, for example, a web interface, a graphical user interface, and the like and can facilitate multiple communications within a wide variety of networks N/W and protocol types, including wired networks, for example, LAN, cable, etc., and wireless networks, such as WLAN, cellular, or satellite. In an embodiment, the I/O interface device(s) can include one or more ports for connecting a number of devices to one another or to another server.
[0023] The memory 102 may include any computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes. In an embodiment, one or more modules (not shown) of the system 100 can be stored in the memory 102.
[0024] According to an embodiment of the present disclosure, referring to FIG 2, the architecture and components of the security framework 211 of a data marketplace may now be understood in detail. The data product module 201 is used by a registered authenticated user to create a data product for selling or reselling or exchange. A data product may be created in the data product module 201. The security module 204 establishes a communication with the data product module 201 upon successful API creation and the data product module 201 may then activate the data product. The DMP application 202 is the home of the data marketplace. The DMP application 202 may facilitate various features such as a data product search, user registration, supporting user login to buy or sell a data product in the DMP network and activation of data products etc. It may further support an option to view data product details and a notification window that may display notification regarding one or more relevant access keys or access violations by one or more registered authenticated users. A secured viewer 203 may be used for accessing the data by a registered authenticated user buying a data product. A secured viewer 203 may further establish a communication with an external or internal storage device for retrieving or sending of data. A security module 204 may facilitate an API creation, one or more relevant access keys creation requests and also supporting performing of encryption or decryption for secured access and may also further support signing of messages and one or more of relevant access keys. An identity manager 205 may manage user attributes, user policies, user keystores etc. The identity manager 205 may further support user authentication, single sign-on between various DMP modules and secured authentication and authorization of information between various DMP modules. The identity providers are configured using the IDP configuration 205A. The user and the roles management 205B maintains the user records and roles of the DMP users. The service provider configuration 205C maintains the registered data market applications and services. For example, the service provider configuration 205C contains metadata such as service provider name, url, key, identity provider details, for applications, services that are needed for validation purposes. The local authenticator 205D is configured to perform authentication when the DMP application 202 uses local authentication. The Single SignOn (SSO) 205E performs single signin function for the DMP application 202. The Policy Management 205F manages all access control related policies. The data access manager 206 is configured to manage APIs, access keys, user policies and may further control the API accesses through gateways. An API repository 206A maintains an API created by one or more registered authenticated users and auto created APIs. An API Gateway 206B controls the access of APIs. An API key manager 206C manages one or more relevant access keys generated for one or more of the registered authenticated users. According to an embodiment of the present disclosure, whenever an API is created its details such as API name, API url, input and output parameters are stored in the API repository. The one or more relevant access keys may be generated by the registered authenticated user or auto generated in case of auto creation of API. The one or more relevant access are also stored in the API key manager database. Whenever the DMP application 202 invokes the API on user’s behalf, the API gateway intercepts the API request to validate the access key and other rules. This way API gateway controls the access to the API. A log monitor 207 monitor access logs of one or more of the registered authenticated users on the DMP network and inform one or more of the registered authenticated users in case of any access violations. The one or more registered authenticated users may configure the log monitor 207 with a system monitor and may accordingly get notified and inform about access violations. The log monitor 207 may also display information about all legitimate accesses. An external and internal data storage components, 208 and 209 respectively, store the data across the DMP network. The secured viewer 203 may establish a communication with external or internal data storage components 208 and 209 respectively for data. A security framework 211 provides identity management, exchanging identity and authorization information among different systems efficiently and securely, and incorporating access and usage controls to ensure data access is according to the agreed terms and conditions. A user / API / Metadata database 210 maintains data related to user, API and metadata. The one or more applications in the DMP network will need to be registered with the security framework 211. Upon successful registration, the security framework 211 will issue an application key to the applications. The Federated authentication 212 is configured to perform authentication in case of an external identity provider.
[0025] FIG 3, with reference to FIG 1, illustrates an exemplary flow diagram of a method for securing data access in a data marketplace according to an embodiment of the present disclosure. In an embodiment the system 100 comprises one or more data storage devices of the memory 102 operatively coupled to the one or more hardware processors 104 and is configured to store instructions for execution of steps of the method by the one or more processors 104. In an embodiment of the present disclosure, the term “user” may be associated with a buyer, a seller or a broker any other person accessing the DMP network 214. The steps of the method of the present disclosure will now be explained with reference to the components of the system 100 as depicted in FIG. 1 and the flow diagram. In the embodiments of the present disclosure, the hardware processors 104 when configured the instructions performs one or more methodologies described herein. In an embodiment of the present disclosure, at step 301, the one or more hardware processors 104 registers an application and a user for obtaining a registered data marketplace application 202 and a set of one or more registered users using a Data Marketplace (DMP) network. In an embodiment of the present disclosure, referring to FIG. 10, the user registers with the DMP network 214. The DMP network 214 upon receiving the user details, verifies the details either online or offline and upon verification may generate one or more user keys. Upon generation, the user keys may be issued by the DMP network 214 to one or more of the registered authenticated users through email or through any link which may be downloaded by the user. In an embodiment of the present disclosure, one or more of an application in the DMP network 214 may be registered with the security framework 211. According to an embodiment of the present disclosure, referring to FIG. 10 again, registration of one or more of the applications may be performed by an admin user registering the application. A portal may also be provided to the application owners for performing registration. Upon successful registration, the security framework 211 may generate an application key to the registered applications. The authentication may select local or federated authentication mechanism. The authentication may further select the user attributes for performing authorization exchange information. The registered application may further select the generated application key by the security framework 211 for performing authentication to the security framework 211. The registered user may then register the user keys with the registered DMP application 202. Referring to FIG. 3 again with reference to FIG. 1, at step 302, the one or more hardware processors 104 perform an authentication of the registered data marketplace application 202 for obtaining a secured registered data marketplace application 202 by using the DMP network 214. At step 303, one or more of the registered users and the secured registered applications may be authenticated by using the secured data marketplace application 202 and the security framework 211. According to an embodiment of the present disclosure, one or more users from the set of authenticated and unauthenticated registered users may be authenticated. In an embodiment of the present disclosure, the registered user logs into the registered DMP application 202. The registered DMP application 202 may then redirect the registered user either to the SSO 205E login page if the user logins with a local authenticator 205D and to federator authenticator login page, if the registered user selects to login with a federated authenticator such as Google. Upon successful registration, the one or more of authenticated registered users may be tagged with a private user identifier which in turn is associated with a federated user identifier. For example, each federated authenticated user will have a private user id that is maintained in the DMP network 214 and a federated user id maintained in the Federated Identity provider side. When user is authenticated, the DMP application 202 fetches federated user id from the authentication response and creates the private user identifier and maps to the federated user identifier. Below example of the authentication response may be considered.

RES_IPff/oC4EXgccuPlgOhBty5Buf3h4=VwDSiIy+L+RvEgHCUvV0ETTA1uU4MqCSmk8qmPwh2KMcKcCpiz4TFv6D3z3F644YiHTWuJ1Dhu2ZWOU3SPUhWZG32uRgdlw3AmH25frrhAlQnAOr2eQLxDaFxVKemSm7lxDOMnsuoOWLYjnZv+7fICPM71loY84bpDif+/7DYHIMBxOQTXZLsuqCS0v2KDvT1LvRDFBjXoae4vxnZ1cBsM/kmerMtiO976iCmrgBc+WskubvkFf1rgC3J/lphYgsIcOi45EqSRJjBIkoumaMtReAy2oRMAAhVGbOQZhjH0Z8d3MoXPS2yrLdJsui80hGmVGiZLb4OuPExEzuLTSfLA==MIIEszCCA5ugAwIBAgIBDTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJJTjELMAkGA1UECAwCVFMxDDAKBgNVBAcMA0hZRDEMMAoGA1UECgwDVENTMQwwCgYDVQQLDANDVE8xEzARBgNVBAMMCnRjc19kbXBfY2ExGjAYBgkqhkiG9w0BCQEWC3h4eEB0Y3MuY29tMB4XDTE2MDgxODA4NDk1M1oXDTI2MDgxNjA4NDk1M1owbjELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAlRTMQwwCgYDVQQKDANUQ1MxDDAKBgNVBAsMA0NUTzEWMBQGA1UEAwwNMTcyLjI1LjE0OS44NTEeMBwGCSqGSIb3DQEJARYPeXl5QGRtcC50Y3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6jriTn2y3agPJg/ZvQzfLSzzQW50sXQInt+vebYIcKPcnc0w0RCBGbNEYlk0yoqrS2FGdhB4SQm2hoUQHXpb/WgXD0qs1mvf+8+ZoIh+iQga4x6e8VZvn6GNhaSQWUU4cgTYG/O0sGVCSB7hUJ5BF2OBabJOQsKOxleqCv2sG4gXj4fdnWiotxjQthGG1iHVwfKwkVMrb2LkpXi6OTTdS1TBOow7dx/o4H+X2/AUso7GDUPu6GzRi2Y27DDI9rt7hfqCVhevH2WDCpGz5YFjAlUgeBCxrffGr8ysRBH+qt4763c0qs4Mwf31qQVREGw/yKcNWG/kwte5AByE/mh0BQIDAQABo4IBUzCCAU8wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU97LoQxLLmXpSySnEHKUbzz1ky8AwgacGA1UdIwSBnzCBnIAUji/FXtL2Y4sDROb5CSqkyV9LqXOheaR3MHUxCszAJBgNVBAYTAklOMQswCQYDVQQIDAJUUzEMMAoGA1UEBwwDSFlEMQwwCgYDVQQKDANUQ1MxDDAKBgNVBAsMA0NUTzETMBEGA1UEAwwKdGNzX2RtcF9jYTEaMBgGCSqGSIb3DQEJARYLeHh4QHRjcy5jb22CCQC7xHTiuFIlpDATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwDwYDVR0RBAgwBocErBmVVTANBgkqhkiG9w0BAQsFAAOCAQEA7WdRT154Z6Prwt7XYVLSv0lmZmALhvdj56lpERsmmdy+nmeYFueZAwxo3UicGuLPXWlMZOwypbMFH7YlVv42qZFq8Ge/yiFta4d++xLE2AaHnkfERJrHBbN+a/jMLBPAocDrVKUx/MpSrWeJZ12Xc0nCtFkPavmSQuE2fkof/5V3THESn50WXvhuB0pSWNmJS+qBQGAtYue5QX1T/C8mPVnjkQ2UtwEqV4j5qmV3IkbJ1D4xcbn3P1N7HaXzb/JnivWJJE9SdvgxCzBLWx0fb0qcwjV4tOzuuTziV2CQTEH4s9vjrp4CQz4Vl5xyXuT9lt4vl8+0WMrmlT7bk81XCQ==RES_IPFEzbgi2EwFIjW2WqPzva0qslMQc=e6U62UPXGe+gjCNJ+gjr2n+BjZPcw0aOntB38fc8xlGz398nMTcDGNfvqUq5xpH+BHmMzpGJrm1p37PMn8r5iMyslddY+Z7ZhaTKIuH/f/yf+HWVUXanziE44UX06oja9PwceTgkuUlbISSnfY5csxr7QNDtvWTgXn9Pncj3jilx0Xz8scfCaRxxr9oHlPdZthNq4US2TFBbK5icMV+r47Aiy/Oo5ofkrIIj1MRJfhDsxdWsTUaM8ICxF/t+2Y8p49Ti6zPHY0RVz3SJ0ms1UgH3lNf/5cuxT0x9wGYD7IHc2U3XbFaG2UVSt/aVARJ1mBn1vKfRORnrciLoqugJcQ==MIIEszCCA5ugAwIBAgIBDTANBgkqhkiG9w0BAQsFADB1MQswCQYDVQQGEwJJTjELMAkGA1UECAwCVFMxDDAKBgNVBAcMA0hZRDEMMAoGA1UECgwDVENTMQwwCgYDVQQLDANDVE8xEzARBgNVBAMMCnRjc19kbXBfY2ExGjAYBgkqhkiG9w0BCQEWC3h4eEB0Y3MuY29tMB4XDTE2MDgxODA4NDk1M1oXDTI2MDgxNjA4NDk1M1owbjELMAkGA1UEBhMCSU4xCzAJBgNVBAgMAlRTMQwwCgYDVQQKDANUQ1MxDDAKBgNVBAsMA0NUTzEWMBQGA1UEAwwNMTcyLjI1LjE0OS44NTEeMBwGCSqGSIb3DQEJARYPeXl5QGRtcC50Y3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6jriTn2y3agPJg/ZvQzfLSzzQW50sXQInt+vebYIcKPcnc0w0RCBGbNEYlk0yoqrS2FGdhB4SQm2hoUQHXpb/WgXD0qs1mvf+8+ZoIh+iQga4x6e8VZvn6GNhaSQWUU4cgTYG/O0sGVCSB7hUJ5BF2OBabJOQsKOxleqCv2sG4gXj4fdnWiotxjQthGG1iHVwfKwkVMrb2LkpXi6OTTdS1TBOow7dx/o4H+X2/AUso7GDUPu6GzRi2Y27DDI9rt7hfqCVhevH2WDCpGz5YFjAlUgeBCxrffGr8ysRBH+qt4763c0qs4Mwf31qQVREGw/yKcNWG/kwte5AByE/mh0BQIDAQABo4IBUzCCAU8wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU97LoQxLLmXpSySnEHKUbzz1ky8AwgacGA1UdIwSBnzCBnIAUji/FXtL2Y4sDROb5CSqkyV9LqXOheaR3MHUxCzAJBgNVBAYTAklOMQswCQYDVQQIDAJUUzEMMAoGA1UEBwwDSFlEMQwwCgYDVQQKDANUQ1MxDDAKBgNVBAsMA0NUTzETMBEGA1UEAwwKdGNzX2RtcF9jYTEaMBgGCSqGSIb3DQEJARYLeHh4QHRjcy5jb22CCQC7xHTiuFIlpDATBgNVHSUEDDAKBggrBgEFBQcDATALBgNVHQ8EBAMCBaAwDwYDVR0RBAgwBocErBmVVTANBgkqhkiG9w0BAQsFAAOCAQEA7WdRT154Z6Prwt7XYVLSv0lmZmALhvdj56lpERsmmdy+nmeYFueZAwxo3UicGuLPXWlMZOwypbMFH7YlVv42qZFq8Ge/yiFta4d++xLE2AaHnkfERJrHBbN+a/jMLBPAocDrVKUx/MpSrWeJZ12Xc0nCtFkPavmSQuE2fkof/5V3THESn50WXvhuB0pSWNmJS+qBQGAtYue5QX1T/C8mPVnjkQ2UtwEqV4j5qmV3IkbJ1D4xcbn3P1N7HaXzb/JnivWJJE9SdvgxCzBLWx0fb0qcwjV4tOzuuTziV2CQTEH4s9vjrp4CQz4Vl5xyXuT9lt4vl8+0WMrmlT7bk81XCQ==DMP_Buyer_001@dmp.comhttps://dmp.tcs.com/java-saml/index.jspurn:oasis:names:tc:SAML:2.0:ac:classes:PasswordDMP_Buyer_001@dmp.comBUYER001BrokerActive
The registered authenticated details may then be shared with the registered DMP application 202 within the DMP network 214 and may be verified by the DMP application 202. The authenticated registered user details may then be generated by the secured registered DMP application 202 and the one or more of authenticated registered users may be requested to provide the user id local in case local authentication, federated in case of federated authentication. At step 304, the one or more hardware processors 104 generate pre-authentication details of the one or more registered authenticated users and registered unauthenticated users, and store the pre-authentication details generated into the security framework 211 for authenticating the one or more registered user and generates information pertaining to a set of authenticated registered users and a set of unauthenticated registered users based on the one or more authenticated registered users and secured applications obtained in the step 303.
[0026] According to an embodiment of the present disclosure, referring to FIG. 4, a data product activation in the DMP network 214 may now be understood in detail. At step 401, a registered authenticated user (interested in selling the data product) may first login in the DMP application 202, gets authenticated by the identity manager 205 at step 402, a component of the security framework 211 and creates a data product in the DMP data product module 201 at step 403. At step 404, the DMP application 202 and the data product module 201 communicate for passing the user authentication assertion, for example, user name, email id, roles to the data product module 201. At step 405, the data product module 201 verifies the authentication assertion, for example, verification may be done by reading the assertion checks for signature in the assertion matches with the identity provider’s signature and authenticates the user. At step 406, the user selects “create data product” to create a data product option. At step 407, the user may then specify terms and conditions, data type, domain and data section comprising of category, sub-category, number of instances, metadata, periodicity (hourly / weekly / monthly), granularity of data, pricing, contractual-negotiable or non-negotiable details etc. When the data product is created, the status may be displayed as “IN-CAPTURE” mode. The user may then activate the data product for selling at step 408 and create an application programming interface (API) for the data product activated. The user may then specify details of data storage end points, access type, data product id in the API creation request. The security module 204 in the security framework 211 may then receive the API creation request in data manager from the data product module 201 at step 409. At step 410, the security module 204 may then communicate with the DMP application 202 at backend to notify the DMP application 202 upon successful API creation and the data product is activated. In an embodiment of the present disclosure, the API may abstract actual data and data location from the user. The API may be deployed on the DMP network 214 but the actual data may reside on the DMP platform storage or outside of it. The API controls the number of hits, limited or unlimited access.
[0027] According to an embodiment of the present disclosure, referring to FIG. 5, secured purchase of a data product by a user over the DMP network 214 may now be understood in detail. At step 501, a registered authenticated user (interested in buying the data product) logs into the DMP application 202, gets authenticated by the identity manager 205 at step 502. The registered authenticated user creates a purchase order for buying the data product post negotiation of terms and conditions by selecting the data product module 201 at step 503. At step 504, the DMP application 202 and the data product module 201 communicate for passing the user authentication assertion, for example, verification may be done by reading the assertion checks for signature in the assertion matches with the identity provider’s signature and authenticates the user to the data product module 201. At step 505, the data product module 201 sends a secured access creation request for the data product, verifies the authentication assertion and authenticates the user. The user selects “buy data product” to buy a data product option at step 506. At step 507, the security module 204 may then generate one or more relevant access keys, associates the relevant access key with the registered authenticated user (interested in buying the data product) the data product id and MAC of the user’s device or system by communicating with the data product module 201. The security module 204 may then encrypt the one of more relevant access keys with a key and sends a notification to the registered authenticated user (interested in selling the data product). The registered authenticated user (interested in selling the data product) may have an allocated private key in the DMP application 202 for secured accessing of the data product. The registered authenticated user (interested in selling the data product) may then sign the encrypted access key with the private key in the DMP application 202. In an embodiment of the disclosure, the security module 204 may create an access policy based on the contract terms and conditions and network it with the data product id. The access policy is created based on a policy template for the data product. Various products and user attributes such as data product id, buyer id and other relevant attributes such as data residing location may form a part of the access policy. The API details may also form a part of the access policy. The security module 204 may communicate with the registered authenticated user (interested in buying the data product) having one or more access keys and data product details. At step 508, the security module 204 establishes connection with data access manager 206, creates one or more relevant access keys, performs encryption and sends a notification to the registered authenticated user (interested in selling the data product). At step 509, for a secured data product access, the verification of the one or more relevant access keys may be performed by the registered authenticated user’s (interested in buying the data product) session which verifies the signature with the user’s (interested in selling the data product) public key. The registered authenticated user (interested in selling the data product) may sign the encrypted access key with the private key in the DMP application 202 and communicates with the registered authenticated user to share the one or more relevant access keys.
[0028] In an embodiment of the present disclosure, referring to FIG. 3 again, finally at step 305, for a secured data access, data sharing and data product delegation, the one or more hardware processors 104 refrain one or more unauthenticated registered users from the set of unauthenticated registered users from accessing the data marketplace application 202 and update the security framework 211 with unauthenticated registered users details, establish a connection between one or more authenticated registered users from the set of authenticated registered users and one or more data products, create an application interface programming (API) based on a network being established between the security module 204 and the data product module 201 and invalidate one or more relevant access keys stored in the data marketplace application 202 for refraining unauthorized data access in the data marketplace application 202. According to an embodiment of the present disclosure, referring to FIG 6, secured accessing of data may now be considered in detail. The term ‘secured viewer’ or ‘security viewer’ may be used interchangeably hereinafter. At step 601, the user (interested in buying any data product) may first login to the DMP application 202, gets authenticated by the identity manager 205 at step 602, and then clicks on the notification, selects the purchased data products and access the secured data by using the link provided in the notification at step 603. At step 604, the DMP application 202 may then direct the user (interested in buying any data product) to a secured viewer 203 by passing the relevant details such as authenticated details of the user, the encrypted access key and the signatures (using private key of the user interested in buying the data product). At step 605, the secured viewer 203 may then verify the authentication details to ensure integrity of the user details. The secured viewer 203, after the successful verification of the authentication details, may verify the signatures with the public key of the registered authenticated user (interested in buying any data product) and performs decryption of one or more of the relevant access keys with the key generated for the encryption. Upon performance successful decryption, the secured viewer 203 may further validate further that one or more of the access keys belongs to the user buying the data product at step 606 and checks the data product’s status. In an embodiment of the present disclosure for a secured data access, the secured browser or viewer 203 from the security viewer displays the API to access the data at step 607. The user buying the data product may then invoke the API to access the data. The secured browser or viewer 203 may then send the API request to the data access manager 206. The data access manager 206 may perform validation of the one or more relevant access keys and user allocation of the one or more of the relevant access keys. The data access manager 206 may then fetch the data from the data storage of the DMP network 214 and communicates it to the secured browser or viewer 203. At step 608, the data may then be displayed to the user buying the data product by the secured browser or viewer 203. If the data is in the form of a report like PDF, the API may return a URL of the report. The report content may then generated using the secured viewer 203 in the security framework 211 and control permissions based on the access policy associated with the data product. The data product usage details may also be further updated in the database of the DMP network 214.
[0029] According to an embodiment of the present disclosure, referring to FIG. 7, the access revocation of a data product may now be considered in detail. At step 701, a registered authenticated user selling the data product logs into the DMP application 202 and gets authenticated by the identity manager 205 at step 702. The DMP application 202 displays one or more of the relevant access keys delegated to one or more the registered authenticated users buying the data product. In case of any unauthorized usage of data or any unauthorized access to the data product, the registered authenticated user selling the data product may invalidate one or more relevant access keys. At step 703, the registered authenticated user selling the data product may select monitor the access using a log monitor 207. The registered authenticated user may configure the log monitor 207 to a system monitor and inform specific access violations. The log monitor 207 upon configuration displays access logs or access violations or any unauthorized accesses as well as legitimated accesses made by the registered authenticated user at step 704. An auditing mechanism running at the background may inform the registered authenticated user selling the data product about access violations. At step 705, the user selling the data product selects access violations and verifies that it is indeed an access violation. At step 706, a notification screen of the log monitor 207 contains access violation details, one or more of the relevant access keys and an option to revoke one or more of the relevant access keys in case of any unauthorized actions like data usage violations or non-compliance with the data licensing terms and conditions by the one or more registered authenticated users. At step 707, the revocation request may be sent to the security module 204 and one or more of the relevant access keys allocated to a registered authenticated user is invalidated in case of any access violations. Finally, at step 708, the security module 204 sends a response to the registered authenticated user selling the data product regarding the revocation.
[0030] According to an embodiment of the present disclosure, referring to FIG 8, the process of secured data sharing or downloading from the DMP network 214 may now be considered in detail. At step 801, a registered authenticated user buying the data product or downloading data from the DMP network 214 logs into the DMP application 202 and gets authenticated by the identity manager 205 at step 802. The user may select or access the relevant data at step 803 at step 804 copy, download or save the data based upon the access permissions. At step 805, if the user buying the data meets data copy/download conditions, the user determines whether or not has accesses to download data in plain or encrypted form. At step 806, in case of limited or restricted permissions with respect to downloading, data usage etc. the user may be allowed to download or make copies only in the encrypted form. The user may further need the secured viewer 203 to view the actual decrypted data in an offline mode. The user buying or attempting to download or copy the data may then have to select the one or more of the relevant private keys delegated and the DMP application 202 performs the decryption of the data using the one or more of the relevant private keys shared by the user and may further verify the signature using the other user’s (selling the data product or data) one or more of the relevant public keys. Steps 807 and 808 may be performed independently of steps 801 to 806 and may be regarded as mutually exclusive. At step 807, if the user buying has unrestricted permissions, the user may be able to download, copy or save the data in a plain text form without any permissions or restrictions. In an embodiment of the present disclosure, the user may or download the data but may still be able to view it offline anytime later. At step 808, in case of an unrestricted access, the user may be allowed copying or downloading of the data. Finally at step 809, the user buying selects the one or more relevant private keys and the DMP application 202 decrypts data using the one or more of relevant private keys of the user buying and verifies the signature using the one or more of relevant public keys of the user selling.
[0031] According to an embodiment of the present disclosure, referring to FIG. 9, resale of data product may now be considered. The present disclosure facilitates secured data resale or data re-delegation under the data owner’s purview. In case of data resale in the DMP network 214 the registered authenticated user buying may be allowed to delegate the data product secured access to another authenticated user with new data product activation. The delegated data product then becomes a child data product. The system 100 or the proposed method of the may then permit the delegated product to be sold to another authenticated user. However the system 100 or the proposed method of the still permits the data owner to track the usage of the delegated product. The new authenticated user who has interest (or shown interest) in buying may be permitted to use the same process for the data product activation, buy order and data access. At step 901, the registered authenticated user selling the data product may first delegate the data product to the registered authenticated user buying. At step 902, the user buying may then login to the DMP application 202 as a registered authenticated user selling. The identity manager 205 may then authenticate the new user at step 903. At step 904, the DMP application 202 may then communicate with the identity manager 205 to generate and pass authentication assertion to the data product module 201. At step 905, the data product module 201 may then perform verification of the authorized assertion and permits the registered authenticated user (interested in selling). At step 906, the permitted user may select the “delegated product for activation” option for activating a data product. At step 907, the data product module 201 performs the activation of the data product with new terms and conditions with respect to data or data product usage, restrictions, permissions etc. In an embodiment of the present disclosure, at step 908, the activated data product may then become a child to the delegated data product. The data product module 201 may further establish a connection with the security module 204 and may send an API creation request to the security module 204 at step 909. Finally at step 910, the security module 204 may then create the API for the activated product and may finally send the response back to the data product module 201. The data product module 201 activates the data product with the new terms and conditions.
[0032] The written description describes the subject matter herein to enable any person skilled in the art to make and use the embodiments. The scope of the subject matter embodiments is defined by the claims and may include other modifications that occur to those skilled in the art. Such other modifications are intended to be within the scope of the claims if they have similar elements that do not differ from the literal language of the claims or if they include equivalent elements with insubstantial differences from the literal language of the claims.
[0033] It is to be understood that the scope of the protection is extended to such a program and in addition to a computer-readable means having a message therein; such computer-readable storage means contain program-code means for implementation of one or more steps of the method, when the program runs on a server or mobile device or any suitable programmable device. The hardware device can be any kind of device which can be programmed including e.g. any kind of computer like a server or a personal computer, or the like, or any combination thereof. The device may also include means which could be e.g. hardware means like e.g. an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or a combination of hardware and software means, e.g. an ASIC and an FPGA, or at least one microprocessor and at least one memory with software modules located therein. Thus, the means can include both hardware means and software means. The method embodiments described herein could be implemented in hardware and software. The device may also include software means. Alternatively, the embodiments may be implemented on different hardware devices, e.g. using a plurality of CPUs.
[0034] The embodiments herein can comprise hardware and software elements. The embodiments that are implemented in software include but are not limited to, firmware, resident software, microcode, etc. The functions performed by various modules described herein may be implemented in other modules or combinations of other modules. For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can comprise, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
[0035] The illustrated steps are set out to explain the exemplary embodiments shown, and it should be anticipated that ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and relationships thereof are appropriately performed. Alternatives (including equivalents, extensions, variations, deviations, etc., of those described herein) will be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments. Also, the words “comprising,” “having,” “containing,” and “including,” and other similar forms are intended to be equivalent in meaning and be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items, or meant to be limited to only the listed item or items. It must also be noted that as used herein and in the appended claims, the singular forms “a,” “an,” and “the” include plural references unless the context clearly dictates otherwise.
[0036] Furthermore, one or more computer-readable storage media may be utilized in implementing embodiments consistent with the present disclosure. A computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer-readable storage medium may store instructions for execution by one or more processors, including instructions for causing the processor(s) to perform steps or stages consistent with the embodiments described herein. The term “computer-readable medium” should be understood to include tangible items and exclude carrier waves and transient signals, i.e., be non-transitory. Examples include random access memory (RAM), read-only memory (ROM), volatile memory, nonvolatile memory, hard drives, CD ROMs, DVDs, BLU-RAYs, flash drives, disks, and any other known physical storage media.
[0037] It is intended that the disclosure and examples be considered as exemplary only, with a true scope and spirit of disclosed embodiments being indicated by the following claims.