Method for secured access to data in a network
First Claim
1. A method for secured access to data in a network including an information center and a plurality of data area access systems in which permission to store said data and to define, at the information center, access rights of third parties to said data is limited to the owner of rights to said data, said method comprising the steps of:
- a) in each case storing the data only once in one of said data area access systems not accessible to the owner of the rights;
thenb) registering the presence of data of a certain type in each data area access system at said information center, followed by the owner of the rights to the stored data, defining access rights of third parties to said data at said information center;
c) transmitting a list of the data present of a certain type, specifying the data area access system storing said data, from said information center to a requesting data area access system for which the access rights of said requesting data area access system correspond to the access rights defined at said information center for said data, and after a request of a requesting data area access system for data of said certain type wherein a data area access system storing data responds to a request for certain data of a certain type by a requesting data area access system by verifying the access rights through an inquiry to the information center as to whether the requesting data area access system has access rights to the certain data of a certain type; and
thend) directly transmitting said data of said certain type by said data area access system storing said data to said requesting data area access system subject to said data area access system storing said data having received a confirmation from said information center.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for secured access to data in a network has the effect that data protection rights are respected, especially personal data present in a network with distributed memories. The method is based on the granting of access rights, with the possibility of revocation, to the data available in the network, and the storage of data within the network only after authorization by the owner of the rights to the data. When certain data are requested, only the references of those data records to which the requesting party also has the access rights can be given. Identification of the data is not possible without access rights. Should certain data be accessed, the access rights may be verified before data access is permitted.
-
Citations
37 Claims
-
1. A method for secured access to data in a network including an information center and a plurality of data area access systems in which permission to store said data and to define, at the information center, access rights of third parties to said data is limited to the owner of rights to said data, said method comprising the steps of:
-
a) in each case storing the data only once in one of said data area access systems not accessible to the owner of the rights;
thenb) registering the presence of data of a certain type in each data area access system at said information center, followed by the owner of the rights to the stored data, defining access rights of third parties to said data at said information center; c) transmitting a list of the data present of a certain type, specifying the data area access system storing said data, from said information center to a requesting data area access system for which the access rights of said requesting data area access system correspond to the access rights defined at said information center for said data, and after a request of a requesting data area access system for data of said certain type wherein a data area access system storing data responds to a request for certain data of a certain type by a requesting data area access system by verifying the access rights through an inquiry to the information center as to whether the requesting data area access system has access rights to the certain data of a certain type; and
thend) directly transmitting said data of said certain type by said data area access system storing said data to said requesting data area access system subject to said data area access system storing said data having received a confirmation from said information center. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A system comprising:
-
a) a plurality of data area access systems, each having a secure data memory associated therewith; b) an information center, wherein (i) said system is configured and adapted such that entry of a piece of data into said system comprises a writing of said piece of data to a respective one of said secure data memories that can only be effected by an authorized user of the data area access system associated with the respective secure data memory and in conjunction with the authorization of an authorized user of said information center, (ii) said information center is configured and adapted for storing information that defines respective access rights for each piece of data entered into the system, (iii) said system is configured and adapted such that display and modification of the information defining the access rights to said entered piece of data is restricted to said authorized user of said information center, in conjunction with whose authorization said entry was effected, and (iv) said system is configured and adapted such that access to any piece of data entered into the system is restricted to those authorized users of the system having appropriate access rights as defined by said information for the piece of data to be accessed; c) said system is configured and adapted such that in each case the data is stored only once in one of said data area access systems not accessible to the owner of the rights; and d) one or more of said data area access systems are operable in a mode in which an authorized user of said information center who is not an authorized user of the respective data area access system can display and modify that part of said information defining access rights that is not restricted from display and modification by them, yet cannot access any pieces of data entered into the system. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A system comprising:
-
a) a plurality of data area access systems, each having a secure data memory associated therewith; and b) an information center, wherein c) said system is configured and adapted such that entry of a piece of data into said system comprises a writing of said piece of data to a respective one of said secure data memories that can only be effected by an authorized user of the data area access system associated with the respective secure data memory and in conjunction with the authorization of an authorized user of said information center, d) said information center is configured and adapted for storing information that defines respective access rights for each piece of data entered into the system, e) said system is configured and adapted such that in each case the data is stored only once in one of said data area access systems not accessible to the owner of the rights, and f) said system is configured and adapted such that display and modification of the information defining the access rights to said entered piece of data is restricted to said authorized user of said information center, in conjunction with whose authorization said entry was effected. - View Dependent Claims (36)
-
-
37. A system comprising:
-
a) a plurality of data area access systems, each having a secure data memory associated therewith; and b) an information center, wherein c) said system is configured and adapted such that entry of a piece of data into said system comprises a writing of said piece of data to a respective one of said secure data memories that can only be effected by an authorized user of the data area access system associated with the respective secure data memory and in conjunction with the authorization of an authorized user of said information center, d) said information center is configured and adapted for storing information that defines respective access rights for each piece of data entered into the system, e) said system is configured and adapted such that in each case the data is stored only once in one of said data area access systems not accessible to the owner of the rights, and f) said system is configured and adapted such that access to any piece of data entered into the system is restricted to those authorized users of the data area access systems having appropriate access rights as defined by said information for the piece of data to be accessed.
-
Specification