Data custodian and curation system

US 10,721,220 B2
Filed: 09/25/2015
Issued: 07/21/2020
Est. Priority Date: 06/14/2011
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a processor;

memory coupled to the processor;

a data repository stored in the memory, the data repository comprising a plurality of private data sets corresponding to different data providers;

an encryption key repository stored in the memory, the encryption key repository comprising a plurality of encryption keys corresponding to the plurality of private data sets; and

instructions stored in the memory, the instructions being executable by the processor to;

access a first private data set in the data repository, wherein the first private data set is associated with a first access condition and is associated with a first data provider;

access a second private data set in the data repository, wherein the second private data set is associated with a second access condition, wherein the second private data set is associated with a second data provider different from the first data provider, andwherein the second private data set is maintained separately from and outside of the first private data set;

derive a new private data set from the first private data set and the second private data set, wherein the new private data set comprises a portion of the first private data set and a portion of the second private data set, and wherein the new private data set resides in the data repository;

make the new private data set available in a marketplace;

establish at least one entitlement for accessing the new private data set via the marketplace; and

control access to the new private data set based on the at least one entitlement such that access to the portion of the first private data set included in the new private data set is associated with the first access condition and access to the portion of the second private data set included in the new private data set is associated with the second access condition, wherein controlling access to the new private data set comprises requesting at least one encryption key from the encryption key repository.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data custodian and curation system may store data from a data supplier in encrypted form and may allow users to consume the data when the consumers obtain access to the data through an agreement. The curation system may manage access to the data, even allowing a consumer to use the data as if it were their own, but may track each usage of the data to implement a payment scheme or various usage restrictions. The curation system may encrypt downstream uses of the data and operate as a digital rights management system for the data. The custodian and curation system may operate as a cloud service that may contain encrypted data from many data providers but where the data providers may individually control access to their data in a managed system at any granular level.

Citations

20 Claims

1. A system comprising:
- a processor;
  
  memory coupled to the processor;
  
  a data repository stored in the memory, the data repository comprising a plurality of private data sets corresponding to different data providers;
  
  an encryption key repository stored in the memory, the encryption key repository comprising a plurality of encryption keys corresponding to the plurality of private data sets; and
  
  instructions stored in the memory, the instructions being executable by the processor to;
  
  access a first private data set in the data repository, wherein the first private data set is associated with a first access condition and is associated with a first data provider;
  
  access a second private data set in the data repository, wherein the second private data set is associated with a second access condition, wherein the second private data set is associated with a second data provider different from the first data provider, andwherein the second private data set is maintained separately from and outside of the first private data set;
  
  derive a new private data set from the first private data set and the second private data set, wherein the new private data set comprises a portion of the first private data set and a portion of the second private data set, and wherein the new private data set resides in the data repository;
  
  make the new private data set available in a marketplace;
  
  establish at least one entitlement for accessing the new private data set via the marketplace; and
  
  control access to the new private data set based on the at least one entitlement such that access to the portion of the first private data set included in the new private data set is associated with the first access condition and access to the portion of the second private data set included in the new private data set is associated with the second access condition, wherein controlling access to the new private data set comprises requesting at least one encryption key from the encryption key repository.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the new private data set is associated with an access condition that defines a limited number of accesses to the portion of the first private data set.
  - 3. The system of claim 1, wherein the new private data set is encrypted with an encryption key associated with the first private data set.
  - 4. The system of claim 1, wherein the instructions configured to control access to the new private data set comprise instructions configured to cause the processor to decrypt the first private data set using an encryption key corresponding to the new private data set.
  - 5. The system of claim 4, further comprising instructions configured to cause the processor to use the encryption key to access the portion of the first private data set from within the new private data set.
  - 6. The system of claim 1, further comprising instructions configured to cause the processor to create a billable event associated with accessing the portion of the first private data set.
  - 7. The system of claim 1, wherein the at least one entitlement for accessing the new private data set is established between a data owner of the first private data set and a data user.

8. A processor-implemented method, comprising:
- accessing a first private data set in a data repository, wherein the first private data set is associated with a first access condition and is associated with a first data provider, and wherein the data repository comprises a plurality of private data sets corresponding to different data providers;
  
  accessing a second private data set in the data repository, wherein the second private data set is associated with a second access condition, wherein the second private data set is associated with a second data provider different from the first data provider, and wherein the second private data set is maintained separately from and outside of the first private data set;
  
  deriving a new private data set from the first private data set and the second private data set, wherein the new private data set comprises a portion of the first private data set merged with a portion of the second private data set, and wherein the new private data set resides in the data repository;
  
  making the new private data set available in a marketplace;
  
  establishing at least one entitlement for accessing the new private data set via the marketplace; and
  
  controlling access to the new private data set based on the at least one entitlement such that access to the portion of the first private data set included in the new private data set is associated with the first access condition and access to the portion of the second private data set included in the new private data set is associated with the second access condition, wherein controlling access to the new private data set comprises requesting at least one encryption key from an encryption key repository that comprises a plurality of encryption keys corresponding to the plurality of private data sets.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein deriving the new private data set comprises deriving a data set associated with an access condition that defines a limited number of accesses to the portion of the first private data set.
  - 10. The method of claim 8, wherein deriving the new private data set comprises deriving a data set that is encrypted with an encryption key associated with the first private data set.
  - 11. The method of claim 8, wherein controlling access to the portion of the first private data set comprises preventing unauthorized access to the portion of the first private data set by requiring use of an encryption key associated with the first private data set to access the new private data set.
  - 12. The method of claim 11, further comprising using the encryption key to access the portion of the first private data set from within the new private data set.
  - 13. The method of claim 8, further comprising creating a billable event associated with accessing the portion of the first private data set.
  - 14. The method of claim 8, wherein the at least one entitlement for accessing the new private data set is established between a data owner of the first private data set and a data user.

15. A computer-program product for use at a computer system, the computer-program product comprising one or more computer storage devices having stored thereon computer-executable instructions that, when executed at a processor, cause the computer system to perform a method, including the following:
- access a first private data set in a data repository, wherein the first private data set is associated with a first access condition and is associated with a first data provider, and wherein the data repository comprises a plurality of private data sets corresponding to different data providers;
  
  access a second private data set in the data repository, wherein the second private data set is associated with a second access condition, wherein the second private data set is associated with a second data provider different from the first data provider, and wherein the second private data set is maintained separately from and outside of the first private data set;
  
  derive a new private data set from the first private data set and the second private data set, wherein the new private data set comprises a portion of the first private data set transformed with a portion of the second private data set, and wherein the new private data set resides in the data repository;
  
  make the new private data set available for remote access through a marketplace;
  
  establish at least one entitlement for accessing the new private data set via the marketplace; and
  
  control remote access to the new private data set through the marketplace based on the at least one entitlement such that access to the portion of the first private data set included in the new private data set is associated with the first access condition and access to the portion of the second private data set included in the new private data set is associated with the second access condition, wherein controlling access to the new private data set comprises requesting at least one encryption key from an encryption key repository that comprises a plurality of encryption keys corresponding to the plurality of private data sets.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-program product of claim 15, wherein the new private data set is associated with an access condition that defines a limited number of accesses to the portion of the first private data set.
  - 17. The computer-program product of claim 15, wherein the new private data set is encrypted with an encryption key associated with the first private data set.
  - 18. The computer-program product of claim 15, wherein controlling access to the new private data set comprises preventing unauthorized access to the portion of the first private data set by requiring use of an encryption key associated with the first private data set to access the new private data set;
    - andfurther comprising computer-executable instructions that, when executed, cause the computer system to use the encryption key to access the portion of the first private data set from within the new private data set.
  - 19. The computer-program product of claim 15, further comprising computer-executable instructions that, when executed, cause the computer system to create a billable event associated with accessing the portion of the first private data set.
  - 20. The computer-program product of claim 15, wherein the at least one entitlement for accessing the new private data set is established between a data owner of the first private data set and a data user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Sivaramakrishnan, Hari, Dsouza, Roy, Novik, Lev, Bice, Nino, Robinson, David
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Torres-Diaz, Lizbeth

Application Number

US14/866,774
Publication Number

US 20160021087A1
Time in Patent Office

1,761 Days
Field of Search

713150-192, 726 1- 33
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06Q 20/085   involving remote charge det...

G06Q 2220/12   Usage or charge determination

G06Q 30/0201   Market modelling; Market an...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/105   Multiple levels of security

H04L 9/14   using a plurality of keys o...

Data custodian and curation system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Data custodian and curation system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links