Sustained data protection
Abstract
Among other things, one or more techniques and/or systems are provided for sustained data protection. In particular, a data protector may define a set of access levels associated with content within data using a set of access policies (e.g., a partial access level to inventory data for an inventory server, a full access level to inventory data and billing data for a shopping website server, etc.). The data protector may secure (e.g., encrypt) the data to create protected data, so that clients may be unable to access content of the protected data without obtaining access through the data protector. In this way, the data protector may selectively provide clients with access to content within the protected data according to respective access levels for the different clients (e.g., access to inventory data, but not billing data, may be provided to the inventory server by the data protector).
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method for sustained data protection, comprising:
receiving, at a data protector, protected data from a client requesting access to content within the protected data; determining, by the data protector, whether a first time-constraint for accessing a portion of the protected data is met according to a first set of access policies; upon determining that the client has met the first time-constraint for accessing the portion of protected data, extracting, by the data protector, the portion of the protected data; and providing, from the data protector, the extracted content to the client.
2 . The method of claim 1 , comprising:
receiving, at a data protector, the protected data from a second client requesting access to content within the protected data; determining, by the data protector, whether a second-time constraint for accessing a portion of the protected data is met according to a second set of access policies; upon determining that the second client has met the second time-constraint for accessing the portion of protected data, extracting, by the data protector, the portion of the protected data; and providing, from the data protector, the extracted content to the second client.
3 . The method of claim 2 , wherein the first set of access policies and the second set of access policies are different than the first access policies.
4 . The method of claim 3 , further comprising determining an access policy applicable to a requesting client upon receiving a request for the protected data from the requesting client.
5 . The method of claim 1 , further comprising:
determining, by the data protector, whether at least one additional criteria of the first set of access policies is met by the client; upon determining that the client has met the first time-constraint for accessing the portion of protected data and the at least one additional criteria of the first set of access policies, extracting, by the data protector, the portion of the protected data; and providing, from the data protector, the extracted content to the client.
6 . The method of claim 5 , wherein the at least one additional criteria of the first set of access policies comprises any one or more of:
determining whether a client machine has rights to access a portion of the content within the protected data; determining whether a client application has rights to access a portion of the content within the protected data; determining whether the client is acting on behalf of another client that has rights to access a portion of the content within the protected data.
7 . The method of claim 1 , wherein at least one of the receiving, the determining, and the providing occurring external to a data retrieval storage layer.
8 . The method of claim 1 , wherein the providing content within the protected data comprises decrypting the protected data.
9 . The method of claim 1 , the protected data corresponding to social network data.
10 . A method for sustained data protection, comprising:
receiving, at a data protector, data from a first client requesting protection of the data; specifying one or more access levels associated with content within the data using a set of access policies; securing the data to create protected data, comprising:
evaluating the first client against a set of write permission to determine whether the first client has permission to protect one or more portions of the data; and
upon determining that the first client has permission to protect a first portion of the data, including the first portion of the data within the protected data; and
providing the protected data to the first client.
11 . The method of claim 10 , further comprising:
receiving, at the data protector, the protected data from a second client requesting access to the content within the protected data; determining, by the data protector, an access level to the protected data for the second client based upon evaluating the second client against the set of access policies; extracting, by the data protector, at least some of the content within the protected data according to the access level to generate extracted content; and providing, from the data protector, the extracted content to the second client.
12 . The method of claim 11 , wherein evaluating the second client against the set of access policies comprises determining whether a time-constraint for accessing the content is met.
13 . The method of claim 12 , wherein the specifying one or more access levels comprises:
specifying a first access level for a first portion of content within the data; and specifying a second access level for a second portion of content within the data, the second portion of content different than the first portion of content.
14 . The method of claim 10 , wherein the securing the data comprises encrypting the data using an encryption key unavailable to one or more clients.
15 . The method of claim 10 , wherein the data to create protected data further comprises excluding the first portion of the data from the protected data upon determining that if the first client does not have permission to secure the first portion the data.
16 . A system for sustained data protection, comprising:
a data protector configured to:
define a set of access levels associated with content within data received from a client using a set of access policies;
secure one or more portions of the data that the client has permission to protect to create protected data, comprising:
evaluate whether the client against a set of write permission to determine whether the client has permission to secure one or more portions of the data; and
upon determining that the client has permission to secure a first portion of the data, include the first portion of the data as protected data; and
provide the protected data to the client;
17 . The system of claim 16 , where the data protector is configured to:
receive the protected data from a second client requesting access to the content within the protected data; determine an access level to the protected data for the second client based upon evaluating the second client against the set of access policies; extract at least some of the content within the protected data according to the access level to generate extracted content; and provide the extracted content to the second client.
18 . The system of claim 17 , wherein the data protector configured to:
provide the client with access to less than all the content within the protected data based upon the access level comprising a partial access level.
19 . The system of claim 18 , the set of access policies specifying access permissions associated with at least one of:
one or more time-constraints; one or more user identifiers; one or more client application identifiers; and one or more client machine identifiers.
20 . The system of claim 16 , the data protector implemented within a data protection layer external to a data retrieval storage layer and configured to be distributed among one or more clients within a distributed computing environment.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.