Access to data stored in a cloud
First Claim
1. A method for accessing data stored in a cloud, the method comprising:
- inquiring a rights application about whether access to the data by an accessing entity is allowed, the data stored by a provider of the cloud where a server application and an application server hosting the server application are subject to control of the cloud provider, the accessing entity comprising at least one of a client application, a server application, or a user wishing to access the data using the client application, the server application or the client application and the server application;
informing, by the rights application, a rights server of the inquired access, the rights server not subject to control of the cloud provider and comprising a rights policy which defines at least the following access rights;
(i) access rights of users, user groups or the users and the user groups, and (ii) access rights of both the client and server applications;
providing, by the rights server, an item of access information that is configured to be used to determine whether the access is allowed according to the access rights of the accessing entity according to the rights policy; and
accessing the data only when access is allowed according to the access information, the data not being able to be viewed without the item of access information;
where the informing and providing are configured to be performed when the accessing entity corresponds to the server application and when the accessing entity corresponds to the client application.
2 Assignments
0 Petitions
Accused Products
Abstract
It is proposed that known digital rights management (EDRM: Enterprise Digital Rights Management) be extended such that control over the access to data stored in a cloud remains with the user or originator of the data. This requires the access information to be coordinated between a rights application in the cloud and a rights server in the region of the user (that is to say outside the cloud). A rights policy can be used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. In this context, the access comprises a wide variety of actions which can be performed with the data. In particular, it is advantageous that a server application is provided with (temporally limited) access to a portion of the data in order to index said data, for example, without the server being able to access the complete contents of the data in the process. By way of example, the approach for works for document management and for databases that have been relocated in the cloud. The invention can be used for any type of distributed data processing in which the data are intended to be protected against unauthorized access operations.
20 Citations
31 Claims
-
1. A method for accessing data stored in a cloud, the method comprising:
-
inquiring a rights application about whether access to the data by an accessing entity is allowed, the data stored by a provider of the cloud where a server application and an application server hosting the server application are subject to control of the cloud provider, the accessing entity comprising at least one of a client application, a server application, or a user wishing to access the data using the client application, the server application or the client application and the server application; informing, by the rights application, a rights server of the inquired access, the rights server not subject to control of the cloud provider and comprising a rights policy which defines at least the following access rights;
(i) access rights of users, user groups or the users and the user groups, and (ii) access rights of both the client and server applications;providing, by the rights server, an item of access information that is configured to be used to determine whether the access is allowed according to the access rights of the accessing entity according to the rights policy; and accessing the data only when access is allowed according to the access information, the data not being able to be viewed without the item of access information; where the informing and providing are configured to be performed when the accessing entity corresponds to the server application and when the accessing entity corresponds to the client application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A system for accessing data stored in a cloud, the system comprising:
-
a provider of the cloud comprising a computer network storing the data; an entity that accesses the data, the entity comprising at least one of a client application, a server application, or a user wishing to access the data using the client application, the server application or the client application and the server application; at least one rights application; and a rights server provided on a computer, the rights server not subject to the control of the cloud provider and comprising a rights policy that is configured to define at least the following access rights;
access rights of users, user groups or the users and the user groups, and access rights of the client and server applications to operate on the data stored in the computer network of the provider of the cloud;wherein the rights application is configured to be inquired about whether access to the data by a accessing entity is allowed both when the accessing entity corresponds to the client application and when the accessing entity corresponds to the server application; wherein the rights application is configured to inform the rights server of the inquired access both when the accessing entity corresponds to the client application and when the accessing entity corresponds to the server application; wherein the rights server is configured to be provided an item of access information that is configured to be used to determine whether the access is allowed according to the access rights of the accessing entity both when the accessing entity corresponds to the client application and when the accessing entity corresponds to the server application; and wherein the cloud is configured to provide access to the data of the computer network only when access is allowed according to the access information.
-
-
31. A rights server for accessing data stored in a cloud, the rights server comprising:
-
a memory configured to store a rights policy configured to define at least the following access rights;
access rights of users, access rights of a client application, and access rights of a server application;a processor configured to be provided an item of access information that is configured to be used to determine whether access to the data is allowed according to the access rights of an accessing entity, the processor configured to inquire a rights application about whether the access to the data is allowed such that the cloud is configured to provide access to the data only when access is allowed according to the access information, the item provided and the rights application inquired both when the accessing entity corresponds to the client application and when the accessing entity corresponds to the server application; wherein the server application and an application server hosting the server application are subject to control of a provider of the cloud; wherein the rights server is not subject to the control of the provider of the cloud.
-
Specification