Some content of this application is unavailable at the moment.
If this situation persist, please contact us atFeedback&Contact
1. (WO2018004702) SENSITIVE DATA SERVICE ACCESS
Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

CLAIMS

1. A system for accessing data, comprising:

an interface to receive a request to access data and requestor information; and a processor to:

determine whether the data comprises sensitive data configured to have an assigned access policy and an assigned storage policy; and

in the event that the data comprises sensitive data configured to have the assigned access policy and the assigned storage policy:

determine whether access is allowed based at least in part on the requestor information; and

in the event that access is allowed:

retrieve the data based on information provided by a token; and provide the data.

2. The system of claim 1, wherein the requestor information comprises one or more of the following: an IP address, a location context, or a client organization information.

3. The system of claim 1, wherein the data comprises a data class, an attribute, or a relationship definition.

4. The system of claim 1, wherein the assigned access policy comprises a data location context.

5. The system of claim 1, wherein the assigned access policy comprises information on one or more security groups allowing or denying data access.

6. The system of claim 5, wherein a security group of the one or more security groups is associated with one or more of the following: an IP address, a location context, or a client organization information.

7. The system of claim 1, wherein a requestor security group is determined based at least in part on the requestor information.

8. The system of claim 1, wherein a data location context of the data is retrieved.

9. The system of claim 1, wherein the assigned access policy has a data location context matching a data location context of the requested data.

10. The system of claim 1, wherein the processor is further to determine that the data comprises sensitive data is configured to have the assigned access policy in the event that a stored access policy has a stored access policy data location context that matches a requested data location context.

11. The system of claim 1, wherein the requestor information is evaluated to determine whether a requestor belongs to a security group that has allowed data access.

12. The system of claim 1, wherein the token comprises identifying information on a data storage center.

13. The system of claim 1, wherein the token comprises identifying information on a data location within a data storage center.

14. The system of claim 1, wherein retrieving the data comprises decrypting a stored sensitive data.

15. The system of claim 1 , wherein accessing data comprises one of the following: modifying, deleting, or storing data.

16. The system of claim 1, wherein the data is transferred from a storage location to a new data storage location.

17. A method for accessing data, comprising:

receiving a request to access data and requestor information;

determining, using a processor, whether the data comprises sensitive data configured to have an assigned access policy and an assigned storage policy; and

in the event that the data comprises sensitive data configured to have an assigned access policy and an assigned storage policy:

determining whether access is allowed based at least in part on the requestor information; and

in the event that access is allowed:

retrieving the data based on information provided by a token; and providing the data.

18. A computer program product for accessing data, the computer program product being embodied in a non-transitory computer readable storage medium and comprising computer instructions for:

receiving a request to access data and requestor information;

determining, using a processor, whether the data comprises sensitive data configured to have an assigned access policy and an assigned storage policy; and

in the event that the data comprises sensitive data configured to have an assigned access policy and an assigned storage policy:

determining whether access is allowed based at least in part on the requestor information; and

in the event that access is allowed:

retrieving the data based on information provided by a token; and providing the data.