Abstract: Digital rights management is extended such that control over the access to data stored in a cloud remains with the originator of the data. The access information is coordinated between a rights application in the cloud and a rights server outside the cloud. A rights policy is used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. The access limits actions that can be performed with the data, such as a server application being provided with access to index said data without being able to access the complete contents of the data in the process. The access extension may be used for any type of distributed data processing in which the data are intended to be protected against unauthorized access operations.

Abstract: Digital rights management is extended such that control over the access to data stored in a cloud remains with the originator of the data. The access information is coordinated between a rights application in the cloud and a rights server outside the cloud. A rights policy is used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. The access limits actions that can be performed with the data, such as a server application being provided with access to index said data without being able to access the complete contents of the data in the process. The access extension may be used for any type of distributed data processing in which the data are intended to be protected against unauthorized access operations.

Abstract: Digital rights management is extended such that control over the access to data stored in a cloud remains with the originator of the data. The access information is coordinated between a rights application in the cloud and a rights server outside the cloud. A rights policy is used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. The access limits actions that can be performed with the data, such as a server application being provided with access to index said data without being able to access the complete contents of the data in the process. The access extension may be used for any type of distributed data processing in which the data are intended to be protected against unauthorized access operations.

Abstract: Digital rights management is extended such that control over the access to data stored in a cloud remains with the originator of the data. The access information is coordinated between a rights application in the cloud and a rights server outside the cloud. A rights policy is used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. The access limits actions that can be performed with the data, such as a server application being provided with access to index said data without being able to access the complete contents of the data in the process. The access extension may be used for any type of distributed data processing in which the data are intended to be protected against unauthorized access operations.

Abstract: Digital rights management is extended such that control over the access to data stored in a cloud remains with the originator of the data. The access information is coordinated between a rights application in the cloud and a rights server outside the cloud. A rights policy is used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. The access limits actions that can be performed with the data, such as a server application being provided with access to index said data without being able to access the complete contents of the data in the process. The access extension may be used for any type of distributed data processing in which the data are intended to be protected against unauthorized access operations.

Abstract: It is proposed that known digital rights management (EDRM: Enterprise Digital Rights Management) be extended such that control over the access to data stored in a cloud remains with the user or originator of the data. This requires the access information to be coordinated between a rights application in the cloud and a rights server in the region of the user (that is to say outside the cloud). A rights policy can be used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. In this context, the access comprises a wide variety of actions which can be performed with the data. In particular, it is advantageous that a server application is provided with (temporally limited) access to a portion of the data in order to index said data, for example, without the server being able to access the complete contents of the data in the process.

Abstract: A method is provided for cryptographic protection of an application associated with an application owner and executed in an external data processing center having a security module that stores private cryptographic material of the application owner. A first secure channel between the security module and application owner and a second secure channel between the application owner and the application are used for transmitting a cryptographic key. The cryptographic key is automatically made available to the secure module and the application via the secure channels, without the data processing center service operator being able to access said key. The application can authenticate itself using the key so that the cryptographic material can be transmitted to the application via a channel protected by the cryptographic key. The application data can be encrypted using the cryptographic material such that the application data cannot be accessed by the data processing center service operator.

Abstract: It is proposed that known digital rights management (EDRM: Enterprise Digital Rights Management) be extended such that control over the access to data stored in a cloud remains with the user or originator of the data. This requires the access information to be coordinated between a rights application in the cloud and a rights server in the region of the user (that is to say outside the cloud). A rights policy can be used for fine-grained regulation of the access for users (user groups), computers (client, server) and validity periods. In this context, the access comprises a wide variety of actions which can be performed with the data. In particular, it is advantageous that a server application is provided with (temporally limited) access to a portion of the data in order to index said data, for example, without the server being able to access the complete contents of the data in the process.

Abstract: A method and a device for operating a technical installation using data from a third party are provided, the data being protected against unauthorized use. A first and a second rights object are used for protecting the data, the first rights object specifying an authorized use of the data with a variable not defined in respect of its value and the second rights object defining a value for the variable.

Abstract: A method is provided for cryptographic protection of an application associated with an application owner and executed in an external data processing center having a security module that stores private cryptographic material of the application owner. A first secure channel between the security module and application owner and a second secure channel between the application owner and the application are used for transmitting a cryptographic key. The cryptographic key is automatically made available to the secure module and the application via the secure channels, without the data processing center service operator being able to access said key. The application can authenticate itself using the key so that the cryptographic material can be transmitted to the application via a channel protected by the cryptographic key. The application data can be encrypted using the cryptographic material such that the application data cannot be accessed by the data processing center service operator.

Abstract: A method for processing rights granted to an operator of a device or a group of devices using a rights object, wherein the method comprises at least the steps of receiving a rights object from the computer of a third party, generating at least one derived rights object based on the rights object received from the computer of the third party, and forwarding the at least one derived rights object to the device or individual devices from the group of devices. A system is provided which operates in accordance with the method. An apparatus that performs the method is also provided.

Abstract: A method and a system for combining data with an apparatus which is provided for processing the data includes the following steps: (a) determining an identifier associated with the apparatus; (b) generating a first key by using the identifier and a second secret key, which is independent of the identifier; (c) generating a decryption algorithm to be used for the second key and providing the decryption algorithm to the apparatus; (d) encrypting a rights object, which allows access to the data, using the first key and the second secret key; (e) transmitting the data and the rights object to the apparatus; (f) decrypting the rights object with the apparatus by using the identifier associated with the apparatus and the decryption algorithm associated with the apparatus; and (g) decrypting the data using a key selected by a rights owner and included in the decrypted rights object.

Abstract: A method for processing rights granted to an operator of a device or a group of devices using a rights object, wherein the method comprises at least the steps of receiving a rights object from the computer of a third party, generating at least one derived rights object based on the rights object received from the computer of the third party, and forwarding the at least one derived rights object to the device or individual devices from the group of devices. A system is provided which operates in accordance with the method. An apparatus that performs the method is also provided.

Abstract: The invention discloses a method and a system for combining data with an apparatus which is provided for processing the data, with the following steps: (a) determining an identifier associated with the apparatus; (b) generating a first key by using the identifier and a second secret key, which is independent of the identifier; (c) generating a decryption algorithm to be used for the second key and providing the decryption algorithm to the apparatus; (d) encrypting a rights object, which allows access to the data, using the first key and the second secret key; (e) transmitting the data and the rights object to the apparatus; (f) decrypting the rights object with the apparatus by using the identifier associated with the apparatus and the decryption algorithm associated with the apparatus; and (g) decrypting the data using a key selected by a rights owner and included in the decrypted rights object.

Abstract: A method and a device for operating a technical installation using data from a third party are provided, the data being protected against unauthorized use. A first and a second rights object are used for protecting the data, the first rights object specifying an authorized use of the data with a variable not defined in respect of its value and the second rights object defining a value for the variable.