Access to user data protected by status of applications access rights on central protection server separately from user authentication status

摘要

Data is associated with a user and is accessible to a plurality of applications operating on one or more devices. Each protected application (PA), using different respective authentication mechanisms, authenticates a user for access to the data. Each application is provided with access to a central protection server, e.g. Asset Register AR. For each application, the server maintains a respective status reflecting whether or not the application is allowed continued access to the data, e.g. whether or not its Globally Unique Instance Identifier (GUIID) is locked. This status is separate from any authentication status associated with the authentication mechanisms. At predetermined times, e.g. during authentication, start-up or wake-up from sleep, the server is polled or queried to determine whether or not to allow an application continued access to the data, e.g. by sending a Lock Enquiry Message, LEM. If the determination is negative then the application is prevented from accessing the data. Also disclosed is a method of registering an application with the server, associating the application with a user record and maintaining the applications status, e.g. updating the status.