Policy-based secure information disclosure
First Claim
1. A data storage system for creating and utilizing access policies for stored information related to a user, the system comprising:
- an identification component, utilizing one or more processors, to create the access policies based at least in part on one or more conditions including at least one of a current state of the user, a current environment of the user, or specific information withheld by the user;
a communication component, utilizing a communication network, to obtain an override request from the user, the override request indicating a requisite number of digital keys to apply to an access policy of the access policies;
an overrider component, utilizing the one or more processors, to change the access policy of the access policies to indicate the requisite number of digital keys in response to obtaining the override request from the user;
the communication component, utilizing the communication network, to obtain a request from a requestor to view the stored information, the request including one or more valid keys;
a policy component, utilizing the communication network, to regulate access to the stored information in response to the request and based at least in part upon a particular access policy that corresponds to the one or more conditions present at a time of obtaining the request, the policy component to deny access in response to determining that a count of the one or more valid keys included in the request is fewer than the requisite number of digital keys; and
the policy component to generate a response including at least one of granting access to at least a portion of the stored information or requesting more information from the requestor.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for storing data and retrieving data from a smart storage device is provided, where smart storage includes processing capabilities along with the ability to store information. In one aspect, a method includes detecting via bidirectional settings one or more capabilities of rules enforcement logic associated with a storage device and selecting a set of criteria and policies to be downloaded from a host or a management server that are to be downloaded onto the storage device. This includes dynamically generating conditional context aware policies syntax based on user settings or network policy and downloading a set of policies onto the storage device for future policy enforcement.
-
Citations
20 Claims
-
1. A data storage system for creating and utilizing access policies for stored information related to a user, the system comprising:
-
an identification component, utilizing one or more processors, to create the access policies based at least in part on one or more conditions including at least one of a current state of the user, a current environment of the user, or specific information withheld by the user; a communication component, utilizing a communication network, to obtain an override request from the user, the override request indicating a requisite number of digital keys to apply to an access policy of the access policies; an overrider component, utilizing the one or more processors, to change the access policy of the access policies to indicate the requisite number of digital keys in response to obtaining the override request from the user; the communication component, utilizing the communication network, to obtain a request from a requestor to view the stored information, the request including one or more valid keys; a policy component, utilizing the communication network, to regulate access to the stored information in response to the request and based at least in part upon a particular access policy that corresponds to the one or more conditions present at a time of obtaining the request, the policy component to deny access in response to determining that a count of the one or more valid keys included in the request is fewer than the requisite number of digital keys; and the policy component to generate a response including at least one of granting access to at least a portion of the stored information or requesting more information from the requestor. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of retaining information and storing the information on a storage device utilizing a processor, the method comprising:
-
gathering a continuous record of contextual information relating to a user, environmental information, and a response of the user to an environment; selecting a portion of the contextual information for storing by determining whether measurements of the contextual information are within a tolerance, wherein one or more portions of the contextual information associated with the measurements within the tolerance are selected and one or more disregarded portions of the contextual information associated with the measurements outside of the tolerance are disregarded; storing the one or more selected portions of the contextual information to the storage device; creating an access policy based at least partly on the contextual information, the access policy including at least a key and a current state of the user; and obtaining, using a communication network, an override request from the user, the override request indicating a requisite number of digital keys to apply to the access policy. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. One or more computer-readable storage devices containing instructions that, when executed by one or more processors, cause the one or more processors to perform acts comprising:
-
gathering a continuous record of contextual information relating to a user, the contextual information including location information, environmental information, a response of the user to an environment, an input of the user, and actions of the user; creating an access policy based at least in part on the contextual information, the contextual information including at least a key and current state of the user; obtaining, using a communication network, an override request from the user, the override request indicating a requisite number of digital keys to apply to the access policy; changing the requisite number of digital keys specified by the access policy in response to a change to at least one of the key or the current state of the user; obtaining a request from a requestor to view information utilizing the communication network, the request including one or more valid keys; determining whether to release the stored information to the requestor based at least in part upon the access policy that corresponds to one or more existing conditions present at a time of the request, the determining based, at least in part, on whether the one or more valid keys equals or exceeds the requisite number of digital keys; and generating a response for the requestor, including at least one of granting access to at least a portion of the stored information or requesting more information from the requestor.
-
Specification