Data custodian and curation system
First Claim
1. A system comprising:
- a data repository comprising a plurality of private data sets, each of said private data sets being available for purchase in a data marketplace, a private data set, from said plurality of private data sets, comprising a set of data groups, including a first data group, each of said data groups being encrypted using a separate encryption key, including data in the first data group being encrypted with an encryption key for the first data group, said data repository storing said first data group in a first table, said first table including a first portion of data, said data repository storing a derived portion of data in a second table, said derived portion of data derived from said first portion of data by combining said first portion of data with a second portion of data, said second portion of data accessed from a location outside the first data group, said first portion of data encrypted using said encryption key, said derived portion of data also encrypted using said encryption key to prevent unauthorized access to said derived portion of data due to said derived portion of data being derived from said first portion of data; and
a data curation system for controlling access to private data sets available for purchase in said data marketplace, said data curation system comprising a subscriber database, said subscriber database comprising a subscriber profile for a subscriber and a data owner profile for an owner of said first data group, said subscriber database further comprising a entitlement granting said subscriber access to said encryption key, said encryption key allowing said subscriber to decrypt said first data group and for use in decrypting said derived portion of data.
2 Assignments
0 Petitions
Accused Products
Abstract
A data custodian and curation system may store data from a data supplier in encrypted form and may allow users to consume the data when the consumers obtain access to the data through an agreement. The curation system may manage access to the data, even allowing a consumer to use the data as if it were their own, but may track each usage of the data to implement a payment scheme or various usage restrictions. The curation system may encrypt downstream uses of the data and operate as a digital rights management system for the data. The custodian and curation system may operate as a cloud service that may contain encrypted data from many data providers but where the data providers may individually control access to their data in a managed system at any granular level.
38 Citations
30 Claims
-
1. A system comprising:
-
a data repository comprising a plurality of private data sets, each of said private data sets being available for purchase in a data marketplace, a private data set, from said plurality of private data sets, comprising a set of data groups, including a first data group, each of said data groups being encrypted using a separate encryption key, including data in the first data group being encrypted with an encryption key for the first data group, said data repository storing said first data group in a first table, said first table including a first portion of data, said data repository storing a derived portion of data in a second table, said derived portion of data derived from said first portion of data by combining said first portion of data with a second portion of data, said second portion of data accessed from a location outside the first data group, said first portion of data encrypted using said encryption key, said derived portion of data also encrypted using said encryption key to prevent unauthorized access to said derived portion of data due to said derived portion of data being derived from said first portion of data; and a data curation system for controlling access to private data sets available for purchase in said data marketplace, said data curation system comprising a subscriber database, said subscriber database comprising a subscriber profile for a subscriber and a data owner profile for an owner of said first data group, said subscriber database further comprising a entitlement granting said subscriber access to said encryption key, said encryption key allowing said subscriber to decrypt said first data group and for use in decrypting said derived portion of data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method comprising:
-
presenting a plurality of data sets available for purchase in a data marketplace, each of said data sets being owned by a data owner and stored in a data store, said data marketplace presenting conditions for becoming entitled to use each of said data sets, a first data set including a first data group stored in a first table and a portion of derived data stored in a second table, said first data group including a first portion of data, said derived portion of data derived from said first portion of data by combing said first portion of data with a second portion of data, said second portion of data from a location outside of said first data set, a portion of said first table containing said first portion of data encrypted using an encryption key for said first data set and a portion of said second table containing said derived data set also encrypted using said encryption key for said first data set to prevent unauthorized access to said derived portion of data due to said derived portion of data being derived from said first portion of data; establishing a first entitlement between a data user and said data owner, said first entitlement allowing said data user to access said first data set, said first entitlement based on said data user satisfying said presented conditions for becoming entitled to use said first data set; receiving a request for one of;
said first portion of data and said derived portion of data from said data user, said request comprising a reference to said first entitlement;evaluating said first entitlement to determine that said data user has access to said one of;
said first portion of data and said derived portion of data; anddecrypting said first data set using said encryption key. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A system comprising:
-
a data repository comprising a plurality of private data sets, each of said private data sets being available for purchase in a data marketplace, a private data set from among said plurality of private data sets comprising a set of data groups, including a first data group, said data repository storing said first data group in a first table, said first data group including a first portion of data, said data repository storing a derived portion of data in a second table, said derived portion of data derived from said first portion of data by combining said first portion of data with a second portion of data, said second portion of data accessed outside of the private data set, a portion of said first table containing said first portion of data encrypted using an encryption key for said private data set, a portion of said second table containing said derived data also encrypted using said encryption key to prevent unauthorized access to said derived portion of data due to said derived portion of data being derived from said first portion of data; each of said private data sets being owned by a separate data owner; an encryption key repository comprising separate encryption keys for each private data set including said encryption key for said one of said private data sets; a data curation system for controlling access to data available for purchase in said data marketplace, said data curation system comprising; a subscriber database comprising entitlements, said entitlements granting subscribers access to private data sets owned by data owners; said data curation system that; grants entitlements to subscribers for accessing private data sets based on subscribers satisfying conditions for becoming entitled to access said private data sets; receives a first request from a first subscriber comprising a first entitlement and a request for one of;
said first portion of data or said derived portion of data;validates said first entitlement; and returns said encryption key for said first private data set to said first data subscriber. - View Dependent Claims (18)
-
-
19. At a computer system, the computer system including system memory and a processor, a method comprising:
-
the processor accessing a first data set, the first data set associated with a first access condition for controlling access to the first data set; and the processor generating a derived data set including another version of the first data set or a derivative version of the first data set by combining the first data set with a second separate data set, wherein the second separate data set is maintained separately from and outside of the first data set and is associated with a second access condition for controlling access to the second separate data set, the derived data set associated with both the first access condition and the second access condition; and wherein unauthorized access to the derived data set is prevented by requiring both the first access condition and the second access condition to be met prior to entitling use of the derived data set. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A computer program product for use at a computer system, said computer program product for implementing a method, said computer program product comprising one or more computer storage devices having stored thereon computer-executable instructions that, when executed at a processor, cause said computer system to perform the method, including the following:
-
access a first data set, the first data set associated with a first access condition for controlling access to the first data set; and generating a derived data set including another version of the first data set or a derivative version of the first data set by combining the first data set with a second separate data set, wherein the second separate data set is maintained separately from and outside of the first data set and is associated with a second access condition for controlling access to the second separate data set, the derived data set associated with both the first access condition and the second access condition; and wherein unauthorized access to the derived data set is prevented by requiring both the first access condition and the second access condition to be met prior to entitling use of the derived data set. - View Dependent Claims (25, 26, 27)
-
-
28. A system, the system comprising:
-
one or more processors; system memory; and one or more computer storage devices having stored thereon computer-executable instructions representing a curation system, the curation system configured to; access a first data set, the first data set associated with a first access condition for controlling access to the first data set; and generate a derived data set including another version of the first data set or a derivative version of the first data set by combining the first data set with a second separate data set, wherein the second separate data set is maintained separately from and outside of the first data set and is associated with a second access condition for controlling access to the second separate data set, the derived data set associated with both the first access condition and the second access condition; and wherein unauthorized access to the derived data set is prevented by requiring both the first access condition and the second access condition to be met prior to entitling use of the derived data set. - View Dependent Claims (29, 30)
-
Specification