Method for providing access control for data items in a data repository in which storage space used by identical content is shared
First Claim
1. A method for providing access control for data items in a data repository in which storage space used by identical content is shared, the method comprising:
- determining a digital fingerprint from a data item using a hash function that produces digital fingerprints having a pseudorandom distribution;
depositing the data item in the data repository in response to a request by a depositing client program acting on behalf of a user or group of users, the depositing includingcomparing the determined digital fingerprint from the deposited data item to digital fingerprints of data items already stored in the data repository;
determining from the comparing of digital fingerprints, without comparing the entire contents of the deposited data item to the entire contents of a data item already stored, whether a stored data item is identical to the deposited data item; and
storing the deposited data item in the data repository if the deposited data item is not identical with any stored data item;
wherein the stored data item identical to the deposited data item is associated with an access authorization credential in response to an access authorization request by a depositing client program;
wherein the access authorization credential is associated with a named object that comprises a diaital fingerprint;
wherein the stored data item identical to the deposited data item from the data repository is retrieved in response to a request from a retrieving client program by;
using the access authorization credential to select the stored named object;
retrieving the stored named object from a database; and
using the diaital fingerprint from the retrieved named object to return the stored data item identical to the deposited data item;
wherein the user or group of users is one of a plurality of users or groups of users associated with the data repository;
wherein the access authorization credential is uniquely associated with the user or group of users;
wherein the access authorization credential does not include the digital fingerprint or any other component determined solely from the content of the stored data item identical to the deposited data item; and
wherein the data repository uses the access authorization credential to determine that the retrieving client program is authorized to retrieve the stored data item identical to the deposited data item.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for providing naming and access control of data items in a data repository, the method comprising having a first client program deposit a data item in the data repository, the depositing including determining a digital fingerprint from the data item, and storing the data item in the data repository at a location or locations associated with the fingerprint, having the first client program specify an object name for an object that comprises a set of data items, storing in the repository an association between the name and the set of data items, and allowing the client program to retrieve a data item from the set of data items by specifying the object name and without providing the digital fingerprint of any data item or composite of data items.
-
Citations
14 Claims
-
1. A method for providing access control for data items in a data repository in which storage space used by identical content is shared, the method comprising:
-
determining a digital fingerprint from a data item using a hash function that produces digital fingerprints having a pseudorandom distribution; depositing the data item in the data repository in response to a request by a depositing client program acting on behalf of a user or group of users, the depositing including comparing the determined digital fingerprint from the deposited data item to digital fingerprints of data items already stored in the data repository; determining from the comparing of digital fingerprints, without comparing the entire contents of the deposited data item to the entire contents of a data item already stored, whether a stored data item is identical to the deposited data item; and storing the deposited data item in the data repository if the deposited data item is not identical with any stored data item; wherein the stored data item identical to the deposited data item is associated with an access authorization credential in response to an access authorization request by a depositing client program; wherein the access authorization credential is associated with a named object that comprises a diaital fingerprint; wherein the stored data item identical to the deposited data item from the data repository is retrieved in response to a request from a retrieving client program by; using the access authorization credential to select the stored named object; retrieving the stored named object from a database; and using the diaital fingerprint from the retrieved named object to return the stored data item identical to the deposited data item; wherein the user or group of users is one of a plurality of users or groups of users associated with the data repository; wherein the access authorization credential is uniquely associated with the user or group of users; wherein the access authorization credential does not include the digital fingerprint or any other component determined solely from the content of the stored data item identical to the deposited data item; and wherein the data repository uses the access authorization credential to determine that the retrieving client program is authorized to retrieve the stored data item identical to the deposited data item. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
Specification