US2017083721A1PendingUtilityA1

Sustained data protection

46
Assignee: MICROSOFT TECHNOLOGY LICENSING LLCPriority: Jan 13, 2012Filed: Dec 1, 2016Published: Mar 23, 2017
Est. expiryJan 13, 2032(~5.5 yrs left)· nominal 20-yr term from priority
G06F 21/6218G06F 21/10
46
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Among other things, one or more techniques and/or systems are provided for sustained data protection. In particular, a data protector may define a set of access levels associated with content within data using a set of access policies (e.g., a partial access level to inventory data for an inventory server, a full access level to inventory data and billing data for a shopping website server, etc.). The data protector may secure (e.g., encrypt) the data to create protected data, so that clients may be unable to access content of the protected data without obtaining access through the data protector. In this way, the data protector may selectively provide clients with access to content within the protected data according to respective access levels for the different clients (e.g., access to inventory data, but not billing data, may be provided to the inventory server by the data protector).

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for sustained data protection, comprising:
 receiving, at a data protector, protected data from a client requesting access to content within the protected data;   determining, by the data protector, whether a first time-constraint for accessing a portion of the protected data is met according to a first set of access policies;   upon determining that the client has met the first time-constraint for accessing the portion of protected data, extracting, by the data protector, the portion of the protected data; and   providing, from the data protector, the extracted content to the client.   
     
     
         2 . The method of  claim 1 , comprising:
 receiving, at a data protector, the protected data from a second client requesting access to content within the protected data;   determining, by the data protector, whether a second-time constraint for accessing a portion of the protected data is met according to a second set of access policies;   upon determining that the second client has met the second time-constraint for accessing the portion of protected data, extracting, by the data protector, the portion of the protected data; and   providing, from the data protector, the extracted content to the second client.   
     
     
         3 . The method of  claim 2 , wherein the first set of access policies and the second set of access policies are different than the first access policies. 
     
     
         4 . The method of  claim 3 , further comprising determining an access policy applicable to a requesting client upon receiving a request for the protected data from the requesting client. 
     
     
         5 . The method of  claim 1 , further comprising:
 determining, by the data protector, whether at least one additional criteria of the first set of access policies is met by the client;   upon determining that the client has met the first time-constraint for accessing the portion of protected data and the at least one additional criteria of the first set of access policies, extracting, by the data protector, the portion of the protected data; and   providing, from the data protector, the extracted content to the client.   
     
     
         6 . The method of  claim 5 , wherein the at least one additional criteria of the first set of access policies comprises any one or more of:
 determining whether a client machine has rights to access a portion of the content within the protected data;   determining whether a client application has rights to access a portion of the content within the protected data;   determining whether the client is acting on behalf of another client that has rights to access a portion of the content within the protected data.   
     
     
         7 . The method of  claim 1 , wherein at least one of the receiving, the determining, and the providing occurring external to a data retrieval storage layer. 
     
     
         8 . The method of  claim 1 , wherein the providing content within the protected data comprises decrypting the protected data. 
     
     
         9 . The method of  claim 1 , the protected data corresponding to social network data. 
     
     
         10 . A method for sustained data protection, comprising:
 receiving, at a data protector, data from a first client requesting protection of the data;   specifying one or more access levels associated with content within the data using a set of access policies;   securing the data to create protected data, comprising:
 evaluating the first client against a set of write permission to determine whether the first client has permission to protect one or more portions of the data; and 
 upon determining that the first client has permission to protect a first portion of the data, including the first portion of the data within the protected data; and 
   providing the protected data to the first client.   
     
     
         11 . The method of  claim 10 , further comprising:
 receiving, at the data protector, the protected data from a second client requesting access to the content within the protected data;   determining, by the data protector, an access level to the protected data for the second client based upon evaluating the second client against the set of access policies;   extracting, by the data protector, at least some of the content within the protected data according to the access level to generate extracted content; and   providing, from the data protector, the extracted content to the second client.   
     
     
         12 . The method of  claim 11 , wherein evaluating the second client against the set of access policies comprises determining whether a time-constraint for accessing the content is met. 
     
     
         13 . The method of  claim 12 , wherein the specifying one or more access levels comprises:
 specifying a first access level for a first portion of content within the data; and   specifying a second access level for a second portion of content within the data, the second portion of content different than the first portion of content.   
     
     
         14 . The method of  claim 10 , wherein the securing the data comprises encrypting the data using an encryption key unavailable to one or more clients. 
     
     
         15 . The method of  claim 10 , wherein the data to create protected data further comprises excluding the first portion of the data from the protected data upon determining that if the first client does not have permission to secure the first portion the data. 
     
     
         16 . A system for sustained data protection, comprising:
 a data protector configured to:
 define a set of access levels associated with content within data received from a client using a set of access policies; 
 secure one or more portions of the data that the client has permission to protect to create protected data, comprising: 
 evaluate whether the client against a set of write permission to determine whether the client has permission to secure one or more portions of the data; and 
 upon determining that the client has permission to secure a first portion of the data, include the first portion of the data as protected data; and 
   provide the protected data to the client;   
     
     
         17 . The system of  claim 16 , where the data protector is configured to:
 receive the protected data from a second client requesting access to the content within the protected data;   determine an access level to the protected data for the second client based upon evaluating the second client against the set of access policies;   extract at least some of the content within the protected data according to the access level to generate extracted content; and   provide the extracted content to the second client.   
     
     
         18 . The system of  claim 17 , wherein the data protector configured to:
 provide the client with access to less than all the content within the protected data based upon the access level comprising a partial access level.   
     
     
         19 . The system of  claim 18 , the set of access policies specifying access permissions associated with at least one of:
 one or more time-constraints;   one or more user identifiers;   one or more client application identifiers; and   one or more client machine identifiers.   
     
     
         20 . The system of  claim 16 , the data protector implemented within a data protection layer external to a data retrieval storage layer and configured to be distributed among one or more clients within a distributed computing environment.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.