Data management and encryption in a distributed computing system
US-2024305442-A1 · Sep 12, 2024 · US
Verifiable trust for data through wrapper composition
US9537650B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9537650-B2 |
| Application number | US-83240010-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 8, 2010 |
| Priority date | Dec 15, 2009 |
| Publication date | Jan 3, 2017 |
| Grant date | Jan 3, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a gamut of trust ranging with guarantees such as, but not limited to, confidentiality, privacy, anonymity, tamper detection, integrity, etc. Verifiable trust is provided through families of techniques that are referred to as wrapper composition. Multiple concentric and/or lateral transform wrappers or layers can wholly or partially transform data, metadata or both to mathematical transform (e.g., encrypt, distribute across storage, obscure) or otherwise introduce lack of visibility to some or all of the data, metadata or both.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for hosting data, comprising: receiving, on a hosted data platform comprising at least one computing device that comprises at least one processor, at least one of data or metadata associated with the data, where the data, the metadata or both are protected by a composite wrapper formed from at least one mathematical transformation of the data, the metadata or both, by a mathematical transformation component separate from the hosted data platform, including at least a first mathematical transformation defining a first wrapper for the data, the metadata or both based on a first set of criteria and a second mathematical transformation defining a second wrapper for the data, the metadata or both based on a second set of criteria; receiving a request for access to the data, metadata or both as protected by the composite wrapper based on a set of capabilities included in the request, the set of capabilities generated by an access information generator separate from the hosted data platform and the mathematical transformation component; and based on the set of capabilities, determining at least one access privilege for the data, metadata or both based on evaluating visibility through the first wrapper and independently evaluating visibility through the second wrapper, such that access can be granted through only the first wrapper, only the second wrapper or through both the first and second wrapper. 2. The method of claim 1 , wherein the receiving includes receiving the at least one of the data or metadata protected by the composite wrapper formed from the at least one mathematical transformation including at least the first mathematical transformation defining the first wrapper that wraps less than all of the data, the metadata or both based on the first set of criteria; and wherein the determined at least one access privilege permits access to the data, metadata or both protected by the second wrapper and not the first wrapper. 3. The method of claim 1 , wherein the receiving includes receiving the at least one of the data or metadata protected by the composite wrapper formed from the at least one mathematical transformation including at least the first mathematical transformation defining the first wrapper that wraps the data, the metadata or both based on the first set of criteria, and at least the second mathematical transformation defining the second wrapper that wraps the data metadata or both as wrapped by the first wrapper. 4. The method of claim 1 , wherein the receiving includes receiving the at least one of the data or metadata protected by the composite wrapper formed from the at least one mathematical transformation including at least the first mathematical transformation defining the first wrapper that wraps less than all of the data, the metadata or both based on the first set of criteria and at least the second mathematical transformation defining the second wrapper that wraps all the data, metadata or both. 5. The method of claim 4 , wherein the second wrapper wraps all the data, metadata or both as partially wrapped by the first wrapper. 6. The method of claim 1 , wherein the receiving includes receiving the data, the metadata or both protected by the composite wrapper composed by complementary wrappers including at least the first and second wrapper for satisfying complementary trust or security criteria. 7. The method of claim 1 , further comprising: if a status of the data, the metadata or both changes to a new status, automatically adding at least one additional wrapper appropriate to a new set of criteria associated with the new status. 8. The method of claim 1 , further comprising: if a status of the data, the metadata or both changes to a new status, automatically removing at least one additional wrapper appropriate to a new set of criteria associated with the new status. 9. The method of claim 1 , further comprising: if a status of the data, the metadata or both changes to a new status, the determining at least one access privilege includes determining access privileges based on unlimited capabilities granted by an entity generating the capabilities. 10. The method of claim 1 , wherein if a confidentiality class of the data, the metadata or both changes to a more sensitive class, automatically adding at least one additional wrapper appropriate to the more sensitive class to the data, the metadata or both. 11. The method of claim 1 , further comprising: if a status of the data, the metadata or both changes to a new status, changing at least one of the first wrapper or the second wrapper appropriate to a new set of criteria associated with the new status. 12. The method of claim 11 , wherein if the status of the data, the metadata or both changes to the new status, the changing includes modifying at least one of the first wrapper or the second wrapper appropriate to the new set of criteria associated with the new status. 13. The method of claim 11 , wherein if the status of the data, the metadata or both changes to the new status, the changing includes redacting at least some of the data, metadata, or both based on at least one of the first wrapper or the second wrapper appropriate to the new set of criteria associated with the new status. 14. The method of claim 11 , wherein if the status of the data, the metadata or both changes to the new status, the changing includes deleting at least one of the first wrapper or the second wrapper. 15. The method of claim 1 , further comprising: if the data, the metadata or both changes, augmenting the metadata with change metadata describing at least one change to the data, the metadata or both. 16. The method of claim 1 , further comprising: if the data, the metadata or both changes, encoding change metadata describing at least one change to the data, the metadata or both in the first wrapper. 17. The method of claim 16 , further comprising: if the data, the metadata or both changes, augmenting the metadata with change metadata describing at least one change to the data, the metadata or both. 18. The method of claim 1 , wherein the receiving includes receiving the data, the metadata or both protected by the composite wrapper formed at least in part from at least one mathematical algorithm enabling at least one of the first and second wrapper to at least partially decompose after satisfaction of at least one implicitly or explicitly defined condition. 19. The method of claim 18 , wherein the receiving includes receiving the data, the metadata or both protected by the composite wrapper formed at least in part from at least one mathematical algorithm enabling at least one of the first and second wrapper to allow full access to the data, the metadata or both after satisfaction of the at least one implicitly or explicitly defined condition. 20. The method of claim 1 , wherein the receiving includes receiving the data, the metadata or both protected by the composite wrapper formed at least in part from at least one mathematical algorithm enabling selective opacity over the data, the metadata or both. 21. The method of claim 1 , wherein the receiving includes receiving the data, the metadata or both protected by the composite wrapper formed at least in part from at least one mathematical algorithm including the first and second mathematical transformations forming the first and second wrappers based on first and second sets of criteria, respectively, the first or second set of criteria including at least one of
Assignees
Inventors
Classifications
Restricted operating environment · CPC title
for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS] · CPC title
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
Query execution · CPC title
for solving equations {, e.g. nonlinear equations, general mathematical optimization problems (optimization specially adapted for a specific administrative, business or logistic context G06Q10/04)} · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9537650B2 cover?
- A digital escrow pattern for data services can include selective access for obscured data at a remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. Based on the pattern, a “trustworthy envelope” for any kind of payload enables curtained access through a variety of decorations or seals placed on the envelope that allow for a g…
- Who is the assignee on this patent?
- Auradkar Rahul V, D'Souza Roy Peter, Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0435. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 03 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).