CLOUD KEY DIRECTORY FOR FEDERATING DATA EXCHANGES

US 20150169890A1
Filed: 12/15/2014
Published: 06/18/2015
Est. Priority Date: 06/17/2011
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed to providing attribute-based data access. In an embodiment, a data request specifies one or more search data attributes describing requested data that is to be found in an anonymous directory. The anonymous directory is configured to provide access to secured data according to access controls defined one or more clients. The secured data includes data that is associated with a particular client and that is encrypted using multi-authority attribute-based encryption, which associates the data with one or more encryption data attributes and that enables the data to be provided if conditions in the corresponding access controls are met. The particular portion of data is provided based on determining that the conditions in the corresponding access controls are met, and that at least one of the search data attributes is determined to be relevant to at least one of the encryption data attributes.

3 Citations

View as Search Results

40 Claims

1-20. -20. (canceled)

21. At a computer system including at least one processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for providing attribute-based data access, the method comprising:
- receiving a data request, the data request specifying one or more search data attributes describing requested data that is to be found in an anonymous directory, wherein the anonymous directory is configured to provide access to secured data of one or more clients according to access controls, the secured data for at least one client including a first portion of data that is unencrypted and readable by the anonymous directory and a second portion of data that is encrypted and unreadable by the anonymous directory, the second portion of data being encrypted using multi-authority attribute-based encryption that associates the second portion of data with one or more encryption data attributes, the anonymous directory being configured to provide the first and second portions of data if conditions in the access controls are met;
  
  determining that the first and second portions of data should be provided based on determining that the conditions in the access controls are met, and that at least one of the search data attributes of the data request is determined to be relevant to at least one of the encryption data attributes; and
  
  providing the first and second portions of data in response to the data request.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The computer-implemented method of claim 21, wherein the anonymous directory is configured to enable discovery of the secured data for at least one client, based on a threshold number of encryption data attributes being requested in the data request.
  - 23. The computer-implemented method of claim 21, wherein the access controls correspond to each client.
  - 24. The computer-implemented method of claim 23, wherein the access controls are defined by the corresponding client.
  - 25. The computer-implemented method of claim 21, wherein the access controls define which secured data is to be provided in response to data requests, based on one or more of user identity or user type of a requesting user.
  - 26. The computer-implemented method of claim 21, wherein a client is enabled to dynamically change which of their secured data is provided in response to data requests by changing a corresponding access control.
  - 27. The computer-implemented method of claim 21, wherein the anonymous directory is configured to enable requests for secured data without a prior knowledge of what secured data is available through the anonymous directory and without a prior knowledge of the one or more clients.

28. A computer program product comprising one or more hardware storage devices having stored thereon computer-executable instructions that, when executed by one or more processors of a computer system, cause the computer system to provide attribute-based data access, including at least the following:
- receiving a data request, the data request specifying one or more search data attributes describing requested data that is to be found in an anonymous directory, wherein the anonymous directory is configured to provide access to secured data of one or more clients according to access controls, the secured data for at least one client including a first portion of data that is unencrypted and readable by the anonymous directory and a second portion of data that is encrypted and unreadable by the anonymous directory, the second portion of data being encrypted using multi-authority attribute-based encryption that associates the second portion of data with one or more encryption data attributes, the anonymous directory being configured to provide the first and second portions of data if conditions in the access controls are met;
  
  determining that the first and second portions of data should be provided based on determining that the conditions in the access controls are met, and that at least one of the search data attributes of the data request is determined to be relevant to at least one of the encryption data attributes; and
  
  providing the first and second portions of data in response to the data request
- View Dependent Claims (29, 30, 31, 32, 33, 34)
- - 29. The computer program product of claim 28, wherein the anonymous directory is configured to enable discovery of the secured data for at least one client, based on a threshold number of encryption data attributes being requested in the data request.
  - 30. The computer program product of claim 28, wherein the access controls correspond to each client.
  - 31. The computer program product of claim 30, wherein the access controls are defined by the corresponding client.
  - 32. The computer program product of claim 28, wherein the access controls define which secured data is to be provided in response to data requests, based on one or more of user identity or user type of a requesting user.
  - 33. The computer program product of claim 28, wherein a client is enabled to dynamically change which of their secured data is provided in response to data requests by changing a corresponding access control.
  - 34. The computer program product of claim 28, wherein the anonymous directory is configured to enable requests for secured data without a prior knowledge of what secured data is available through the anonymous directory and without a prior knowledge of the one or more clients.

35. A computer system, comprising:
- one or more processors; and
  
  one or more hardware storage devices having stored thereon computer-executable instructions that, when executed by one or more processors of a computer system, cause the computer system to provide attribute-based data access, including at least the following;
  
  receiving a data request, the data request specifying one or more search data attributes describing requested data that is to be found in an anonymous directory, wherein the anonymous directory is configured to provide access to secured data of one or more clients according to access controls, the secured data for at least one client including a first portion of data that is unencrypted and readable by the anonymous directory and a second portion of data that is encrypted and unreadable by the anonymous directory, the second portion of data being encrypted using multi-authority attribute-based encryption that associates the second portion of data with one or more encryption data attributes, the anonymous directory being configured to provide the first and second portions of data if conditions in the access controls are met;
  
  determining that the first and second portions of data should be provided based on determining that the conditions in the access controls are met, and that at least one of the search data attributes of the data request is determined to be relevant to at least one of the encryption data attributes; and
  
  providing the first and second portions of data in response to the data request.
- View Dependent Claims (36, 37, 38, 39, 40)
- - 36. The computer system of claim 35, wherein the anonymous directory is configured to enable discovery of the secured data for at least one client, based on a threshold number of encryption data attributes being requested in the data request.
  - 37. The computer system of claim 35, wherein the access controls correspond to each client.
  - 38. The computer system of claim 37, wherein the access controls are defined by the corresponding client.
  - 39. The computer system of claim 35, wherein the access controls define which secured data is to be provided in response to data requests, based on one or more of user identity or user type of a requesting user.
  - 40. The computer system of claim 35, wherein a client is enabled to dynamically change which of their secured data is provided in response to data requests by changing a corresponding access control.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
D'Souza, Roy Peter, Pandey, Omkant

Granted Patent

US 9,224,005 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/256   in federated or virtual dat...

G06F 16/27   Replication, distribution o...

G06F 16/951   Indexing; Web crawling tech...

G06F 16/9535   Search customisation based ...

G06F 16/9538   Presentation of query results

G06F 21/6218   to a system of files or obj...

G06F 21/6254   by anonymising data, e.g. d...

H04L 63/0421   Anonymous communication, i....

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/104   Grouping of entities

H04L 9/0894   Escrow, recovery or storing...

H04L 9/321   involving a third party or ...

CLOUD KEY DIRECTORY FOR FEDERATING DATA EXCHANGES

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

3 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

CLOUD KEY DIRECTORY FOR FEDERATING DATA EXCHANGES

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

3 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links