CLOUD KEY DIRECTORY FOR FEDERATING DATA EXCHANGES
First Claim
1. At a computer system including at least one processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for facilitating data transfer using an anonymous directory, the method comprising:
- an act of instantiating an anonymous directory that stores data in one or more client-specific directories for a plurality of different clients, wherein the anonymous directory is further configured to provide data access according to access controls defined and managed by the client;
an act of receiving a data request from a user that identifies the user and specifies a portion of data that is to be returned to the user;
an act of determining which of the client'"'"'s data is to be returned to the user based on the client'"'"'s specified access controls, the access controls granting access to specified data in one or more client-specific directories, based on the user'"'"'s identity; and
an act of providing the determined data to the user.
2 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to facilitating data transfer using an anonymous directory and to providing attribute-based data access to identified users. In an embodiment, a computer system instantiates an anonymous directory that stores data in various client-specific directories for different clients. The anonymous directory is configured to provide data access according to access controls defined and managed by the client. The computer system receives a data request from a user that identifies the user and specifies a portion of data that is to be returned to the user. The computer system determines which of the client'"'"'s data is to be returned to the user based on the client'"'"'s specified access controls. The access controls grant access to specified data in some of the client-specific directories, based on the user'"'"'s identity. The computer system then provides the determined data to the user.
-
Citations
20 Claims
-
1. At a computer system including at least one processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for facilitating data transfer using an anonymous directory, the method comprising:
-
an act of instantiating an anonymous directory that stores data in one or more client-specific directories for a plurality of different clients, wherein the anonymous directory is further configured to provide data access according to access controls defined and managed by the client; an act of receiving a data request from a user that identifies the user and specifies a portion of data that is to be returned to the user; an act of determining which of the client'"'"'s data is to be returned to the user based on the client'"'"'s specified access controls, the access controls granting access to specified data in one or more client-specific directories, based on the user'"'"'s identity; and an act of providing the determined data to the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer program product for implementing a method for providing attribute-based data access to identified users, the computer program product comprising one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by one or more processors of the computing system, cause the computing system to perform the method, the method comprising:
-
an act of receiving encrypted data from a client that is to be stored in a client-specific directory, the data being encrypted using multi-authority attribute-based encryption, such that the client specifies access rights to the encrypted data by allowing identified users to access data with certain specified attributes; an act of receiving a data request from a user, wherein the data request includes the user'"'"'s identity and specifies one or more data attributes, wherein data that includes those attributes is to be returned to the user; an act of determining which portions of data have attributes that match the requested attributes specified by the user and are identified as being allowable to release to the identified user; and an act of sending to the user those portions of data whose attributes match the requested attributes specified by the user. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A computer system comprising the following:
-
one or more processors; system memory; one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, causes the computing system to perform a method for providing attribute-based data access to identified users, the method comprising the following; an act of receiving encrypted data from a client that is to be stored in a client-specific directory, the data being encrypted using multi-authority attribute-based encryption, such that the client specifies access rights to the encrypted data by allowing identified users to access data with certain specified attributes; an act of receiving a data request from a user, wherein the data request includes the user'"'"'s identity and specifies one or more data attributes, wherein data that includes those attributes is to be returned to the user; an act of sending the received data request to a plurality of different authorities requesting specific attributes; an act of receiving attributes from at least one of the authorities; an act of allowing the user access to the data corresponding to the attributes returned by the authorities; an act of preventing access to the data corresponding to the attributes not returned by the authorities; an act of determining which portions of data have attributes that match the requested attributes specified by the user and are identified as being allowable to release to the identified user, based on the attributes returned by the authorities; and an act of sending to the user those portions of data whose attributes match the requested attributes specified by the user;
-
Specification