Methods and apparatus for mediating access to derivatives of sensitive data
First Claim
1. A method for processing a data request from a client for sensitive data, the data request comprising a client identifier and an indication of the intended use of the sensitive data by the client, the method comprising the steps of:
- receiving the data request from the client;
providing the client identifier and the indicated use to an access manager, wherein the access manager assesses a risk of providing access to the sensitive data for said indicated use;
if the access manager grants access for the indicated use, receiving one or more keys with corresponding computing restrictions;
computing a result using a hardware protected computation block; and
providing said result to said client, wherein said provided result comprises a derivative of said sensitive data, wherein at least one of said steps is performed by at least one hardware device.
9 Assignments
0 Petitions
Accused Products
Abstract
Access control systems are provided that mediate access to derivatives of sensitive data. A method is provided for processing a data request from a client, the data request comprising a client identifier and an indication of the intended use of the data, by receiving the data request from the client; providing the client identifier and indicated use to an access manager, wherein the access manager assesses a risk of providing access to the data for the indicated use; if the access manager grants access for the indicated use, receiving one or more keys with corresponding computing restrictions from the access manager; computing a result; and providing the result to the client, wherein the provided result comprises the derivative of sensitive data. The access manager grants the access for the indicated use, for example, based on a risk score.
15 Citations
25 Claims
-
1. A method for processing a data request from a client for sensitive data, the data request comprising a client identifier and an indication of the intended use of the sensitive data by the client, the method comprising the steps of:
-
receiving the data request from the client; providing the client identifier and the indicated use to an access manager, wherein the access manager assesses a risk of providing access to the sensitive data for said indicated use; if the access manager grants access for the indicated use, receiving one or more keys with corresponding computing restrictions; computing a result using a hardware protected computation block; and providing said result to said client, wherein said provided result comprises a derivative of said sensitive data, wherein at least one of said steps is performed by at least one hardware device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for processing a data request from a client for sensitive data, the data request comprising a client identifier and an indication of the intended use of the sensitive data by the client, the system comprising:
-
a memory; and at least one hardware device, coupled to the memory, operative to implement the following steps; receive the data request from the client; provide the client identifier and the indicated use to an access manager, wherein the access manager assesses a risk of providing access to the sensitive data for said indicated use; if the access manager grants access for the indicated use, receive one or more keys with corresponding computing restrictions; compute a result using a hardware protected computation block; and provide said result to said client, wherein said provided result comprises a derivative of said sensitive data. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification