| 发明名称 |
Cloud key directory for federating data exchanges |
| 摘要 |
Methods, systems, and computer program products for providing attribute-based data access. Embodiments include receiving a data request specifying search data attributes describing requested data that is to be found in an anonymous directory. The anonymous directory provides access to secured data of clients according to access controls, including secured data comprising a first portion that is unencrypted and readable by the anonymous directory and a second portion that is encrypted and unreadable by the anonymous directory. The second portion is encrypted using multi-authority attribute-based encryption that associates the second portion with encryption data attributes. The anonymous directory provides the first acid second portions of data f conditions in the access controls are met. The first and second portions of data are provided, based on determining that the conditions in the access controls are met, and that at least one data attribute is relevant to at least one encryption data attribute. |
| 申请公布号 |
US9224005(B2) |
申请公布日期 |
2015.12.29 |
| 申请号 |
US201414570808 |
申请日期 |
2014.12.15 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
D'Souza Roy Peter;Pandey Omkant |
| 分类号 |
G06F7/04;G06F21/62;H04L9/08;H04L9/32;G06F17/30 |
主分类号 |
G06F7/04 |
| 代理机构 |
|
代理人 |
Mehta Aneesh;Barker Doug;Minhas Micky |
| 主权项 |
1. At a computer system including at least one processor and a memory, in a computer networking environment including a plurality of computing systems, a computer-implemented method for providing attribute-based data access, the method comprising:
receiving a data request, the data request specifying one or more search data attributes describing requested data that is to be found in an anonymous directory, wherein the anonymous directory is configured to provide access to secured data of one or more clients according to access controls, the secured data for at least one client including a first portion of data that is unencrypted and readable by the anonymous directory and a second portion of data that is encrypted and unreadable by the anonymous directory, the second portion of data being encrypted using multi-authority attribute-based encryption that associates the second portion of data with one or more encryption data attributes, the anonymous directory being configured to provide the first and second portions of data if conditions in the access controls are met; determining that the first and second portions of data should be provided based on determining that the conditions in the access controls are met, and that at least one of the search data attributes of the data request is determined to be relevant to at least one of the encryption data attributes; and providing the first and second portions of data in response to the data request. |
| 地址 |
Redmond WA US |
