| 发明名称 | Transparent control of access invoking real-time analysis of the query history | ||
| 摘要 | The invention relates to a method for granting an inquirer querying a repository access to the repository, a communication protocol between a client and a server, and a system for controlling access of at least one inquirer to a repository. The repository typically stores event data relating to traceable products. The aspects according to teaching disclosed herein may be for example implemented as security extensions for existing repositories providing a finer granularity of access rights and means to prevent an exposure of data sets considered sensitive. The security extensions disclosed herein may be implemented to protect access to any kind of client/server application wherein the server is exposing sensitive data. | ||
| 申请公布号 | US9015812(B2) | 申请公布日期 | 2015.04.21 |
| 申请号 | US201313899874 | 申请日期 | 2013.05.22 |
| 申请人 | Hasso-Plattner-Institut fur Softwaresystemtechnik GmbH | 发明人 | Plattner Hasso;Schapranow Matthieu-Patrick |
| 分类号 | H04L29/06;G06F21/62;G06Q10/08;G06F17/30 | 主分类号 | H04L29/06 |
| 代理机构 | Fountainhead Law Group P.C. | 代理人 | Fountainhead Law Group P.C. |
| 主权项 | 1. A method for granting access to a repository for use in a supply chain, a product tracking system, a medical care environment or a power grid, the repository storing data, the data being sensitive business data pertaining to one or more supply chains, event data pertaining to one or more traceable products, medical data pertaining to one or more patients, or measurement data pertaining to one or more measurements, and wherein an access control server (ACS) is connected to the repository via a link; the access control server (ACS) performing the steps of: receiving (200) from an individual one of a plurality of inquirers a query regarding a set of data, including receiving (100) from an access control client (ACC) connected to the access control server (ACS) via a network the query submitted by the individual inquirer; transmitting (500) an encrypted result set (Rsp R) to the individual inquirer, including: generating (450) a key, the key being a symmetrical key (SymKey), the key being unknown to the access control client (ACC), andencrypting (460) the result stet (Rsp R) using the symmetrical key (SymKey); receiving (600) a request for permission to view the result set (Rsp R); generating (700) a permission; forwarding (715) the key (SymKey) and the permission to the access control client (ACC); and filtering (800) the result set (Rsp R) according to the permission, the filtering step being performed by the access control client (ACC) and comprising removing and/or replacing selected content from the result set (Rsp R) while maintaining an integrity of the result set (Rsp R). | ||
| 地址 | Potsdam DE | ||