Cloud key directory for federating data exchanges
First Claim
1. At a computer system including at least one processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for providing attribute-based data access, the method comprising:
- an act of receiving a data request, the data request specifying one or more search data attributes describing requested data that is to be found in an anonymous directory, wherein the anonymous directory is configured to provide access to secured data of one or more clients according to corresponding access controls defined by each of the one or more clients, the secured data including a particular portion of data that is associated with a particular client and that is encrypted using multi-authority attribute-based encryption that associates the particular portion of data with one or more encryption data attributes and that enables the particular portion of data to be provided if conditions in the corresponding access controls are met;
an act of determining that the particular portion of data should be provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes of the data request is determined to be relevant to at least one of the encryption data attributes; and
an act of providing the particular portion of data in response to the data request.
3 Assignments
0 Petitions
Accused Products
Abstract
Embodiments are directed to providing attribute-based data access. In an embodiment, a data request specifies one or more search data attributes describing requested data that is to be found in an anonymous directory. The anonymous directory is configured to provide access to secured data according to access controls defined one or more clients. The secured data includes data that is associated with a particular client and that is encrypted using multi-authority attribute-based encryption, which associates the data with one or more encryption data attributes and that enables the data to be provided if conditions in the corresponding access controls are met. The particular portion of data is provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes is determined to be relevant to at least one of the encryption data attributes.
-
Citations
20 Claims
-
1. At a computer system including at least one processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for providing attribute-based data access, the method comprising:
-
an act of receiving a data request, the data request specifying one or more search data attributes describing requested data that is to be found in an anonymous directory, wherein the anonymous directory is configured to provide access to secured data of one or more clients according to corresponding access controls defined by each of the one or more clients, the secured data including a particular portion of data that is associated with a particular client and that is encrypted using multi-authority attribute-based encryption that associates the particular portion of data with one or more encryption data attributes and that enables the particular portion of data to be provided if conditions in the corresponding access controls are met; an act of determining that the particular portion of data should be provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes of the data request is determined to be relevant to at least one of the encryption data attributes; and an act of providing the particular portion of data in response to the data request. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product for implementing a method for providing attribute-based data access, the computer program product comprising one or more hardware storage devices having stored thereon computer-executable instructions that, when executed by one or more processors of the computing system, cause the computing system to perform the method, the method comprising:
-
an act of receiving a data request, the data request specifying one or more search data attributes describing requested data that is to be found in an anonymous directory, wherein the anonymous directory is configured to provide access to secured data of one or more clients according to corresponding access controls defined by each of the one or more clients, the secured data including a particular portion of data that is associated with a particular client and that is encrypted using multi-authority attribute-based encryption that associates the particular portion of data with one or more encryption data attributes and that enables the particular portion of data to be provided if conditions in the corresponding access controls are met; an act of determining that the particular portion of data should be provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes of the data request is determined to be relevant to at least one of the encryption data attributes; and an act of providing the particular portion of data in response to the data request. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer system comprising the following:
-
one or more processors; system memory; and one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, causes the computing system to perform a method for providing attribute-based data access, the method comprising the following; an act of receiving a data request, the data request specifying one or more search data attributes describing requested data that is to be found in an anonymous directory, wherein the anonymous directory is configured to provide access to secured data of one or more clients according to corresponding access controls defined by each of the one or more clients, the secured data including a particular portion of data that is associated with a particular client and that is encrypted using multi-authority attribute-based encryption that associates the particular portion of data with one or more encryption data attributes and that enables the particular portion of data to be provided if conditions in the corresponding access controls are met; an act of determining that the particular portion of data should be provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes of the data request is determined to be relevant to at least one of the encryption data attributes; and an act of providing the particular portion of data in response to the data request. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification