Security mechanism providing access control for locally-held data
First Claim
1. A method of controlling access to data, comprising:
- in response to a request from a requester for access to data stored in an encoded form on a first data processing apparatus, sending a request from a decoding controller on the first data processing apparatus to a second data processing apparatus to determine attributes of a decoding process for accessing the encoded data;
in response to said request to the second data processing apparatus, receiving said determined attributes at said decoding controller;
performing the decoding process in accordance with the determined attributes.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and data processing apparatuses are provided which enable controlling, from one data processing apparatus, access to data held (for example on a queue) at another data processing apparatus. When a requester wishes to access data held at a local data processing apparatus, a request must be sent to a remote data processing apparatus to determine the security attributes of the data (for example, retrieving queue attributes from a database). The requestor cannot access the data until the security attributes are fully determined at the local data processing apparatus, and since communication with a remote system is required to make this determination the remote apparatus is able to log the requests for data access. The security attributes are preferably an identifier of a cryptor used in compression, a compressor used in compression and an authenticator for authenticating the requestor. The determination of security attributes is preferably required to be repeated for each requester session, with the attributes being deleted from the local data processing apparatus at the end of a session and the requestor being unable to view or save the attributes. This enables session-specific access control.
-
Citations
14 Claims
-
1. A method of controlling access to data, comprising:
-
in response to a request from a requester for access to data stored in an encoded form on a first data processing apparatus, sending a request from a decoding controller on the first data processing apparatus to a second data processing apparatus to determine attributes of a decoding process for accessing the encoded data;
in response to said request to the second data processing apparatus, receiving said determined attributes at said decoding controller;
performing the decoding process in accordance with the determined attributes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer program product comprising machine-readable recording medium having recorded thereon computer program code implementing functions for controlling the operation of a data processing apparatus on which the program code runs to perform the following steps of a method for controlling access to encoded data:
-
in response to a request from a requester for access to data stored in an encoded form on a first data processing apparatus, sending a request from a decoding controller on the first data processing apparatus to a second data processing apparatus to determine attributes of a decoding process for accessing the encoded data;
in response to said request to the second data processing apparatus, receiving said determined attributes at said decoding controller;
performing the decoding process in accordance with the determined attributes.
-
-
11. A first data processing apparatus including:
-
a processing unit;
data storage means;
communication means for sending and receiving communications from data processing systems connectable to said first data processing apparatus via a network; and
a decoding controller, responsive to a request from a requestor for access to data stored in an encoded form in said data storage means, for sending a request via said communication means to a second data processing apparatus to determine attributes of a decoding process for accessing the encoded data and for receiving said determined attributes via said communication means;
wherein the decoding controller is adapted to control the operation of the processing unit to perform the decoding process in accordance with the determined attributes.
-
-
12. A data processing apparatus, including:
-
a processing unit;
data storage means storing attributes of one or more decoding processes, which processes are associated with specific data stored in an encoded form on the data processing apparatus; and
an access controller component, for retrieving the stored attributes from the memory in response to a request from a remote data processing apparatus, and for sending the retrieved attributes to the data processing apparatus. - View Dependent Claims (13, 14)
-
Specification