| 主权项 |
1. A data storage system for controlling access to data, comprising:
(a) a data user facility operated by a data user, the data user facility being configured for the data user to:
(i) create a request to access data in a data storage facility,(ii) attach a data user digital signature to the request to access data by signing the digital signature using a private key belonging to the data user, and(iii) send both the digitally signed request to access data and the data user's public key to a data owner; (b) a data owner facility operated by a data owner, the data owner facility being configured for the data owner to:
(i) create permission conditions for accessing the data in the data storage facility,(ii) receive the digitally signed request to access data and the data user's public key from the data user,(iii) verify that the public key belongs to the data user though a PKI cryptographic handshake;(iv) verify the digital signature on request using the data user's public key;(v) compare the permission conditions with the digitally signed request to access data to determine whether the request to access data meets the permission conditions and should therefore be granted, and if the request to access data is granted, therefore:(vi) attach the data owner's public key,(vii) attach usage conditions, and(viii) attach a digital signature to the digitally signed request, including attachments by signing the document using a private key belonging to the data owner, thereby creating a portable data access token, wherein the portable data access token comprises the request and the digital signatures of both the data user and the data owner, and(ix) send the portable data access token to the data user; and (c) a data storage and management facility operated by a third party data holder; the data storage and management facility being configured for the third party data holder to:
(i) receive the request from the data user,(ii) receive the portable data access token from the data user;(iii) receive from the data user the public key belonging to the user and verify through a PKI cryptographic handshake that the public key belongs to the user;(iv) verify the data user's digital signature in the data access token using the data user's public key, thereby establishing the data user's right to use the token,(v) identify the resource accessed by the request and retrieve the digital signature this resource bears, and(vi) extract the owner's public key from the data access token and use this public key to verify both the data owner's signature on the data access token and the digital signature on the accessed resource, wherein, in the event both these signatures can be verified with the same public key, establish that the data access token can be used to access the resource;(vii) verify the request to access data is contained in the portable data access token, or is a logical subset of a request contained in the data access token, thereby establishing that the data user is making a data request that is authorized by the portable data access token and therefore also authorized by the data owner; and then,(viii) verify that usage conditions in the data access token are met,(ix) grant the data user access to the requested data, alternatively carry out the request the user is making.
|
