Managing exchanges of sensitive data
First Claim
Patent Images
1. A method of automatically enabling exchanges of sensitive data between a first application and a second application in accordance with a set of predetermined policy requirements comprising:
- establishing a secure connection across a network between the first application and a certifying authority utilizing a processing device;
receiving, from the certifying authority, the set of policy commitments of the first application through the secure connection across the network, wherein the set of policy commitments of the first application includes data handling policies that the first application commits to utilize in handling and protecting the set of sensitive data of the second application;
generating, by the certifying authority, a certified set of policy commitments from the set of policy commitments;
providing across the network the set of certified policy commitments for the first application for authentication by the second application and for automatically determining whether the set of certified policy commitments including the data handling policies satisfies the set of predetermined policy requirements by the second application; and
providing a public key of the certifying authority upon request to the second application.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, system or computer usable program product for managing exchanges of sensitive data including utilizing a processor to request a service across a network from an application, the service requiring a disclosure of a first set of sensitive data by the application; providing a set of certified policy commitments regarding the first set of sensitive data to the application for a determination of acceptability; and upon a positive determination, receiving the service including the disclosure of the first set of sensitive data.
63 Citations
20 Claims
-
1. A method of automatically enabling exchanges of sensitive data between a first application and a second application in accordance with a set of predetermined policy requirements comprising:
-
establishing a secure connection across a network between the first application and a certifying authority utilizing a processing device; receiving, from the certifying authority, the set of policy commitments of the first application through the secure connection across the network, wherein the set of policy commitments of the first application includes data handling policies that the first application commits to utilize in handling and protecting the set of sensitive data of the second application; generating, by the certifying authority, a certified set of policy commitments from the set of policy commitments; providing across the network the set of certified policy commitments for the first application for authentication by the second application and for automatically determining whether the set of certified policy commitments including the data handling policies satisfies the set of predetermined policy requirements by the second application; and providing a public key of the certifying authority upon request to the second application. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer usable program product comprising a non-transitory computer usable storage medium including computer usable code for use in automatically enabling exchanges of sensitive data between a first application and a second application in accordance with a set of predetermined policy requirements, the computer usable program product comprising code for performing the steps of:
-
establishing a secure connection across a network between the first application and a certifying authority utilizing a processing device; receiving, from the certifying authority, the set of policy commitments of the first application through the secure connection across the network, wherein the set of policy commitments of the first application includes data handling policies that the first application commits to utilize in handling and protecting the set of sensitive data of the second application; generating, by the certifying authority, a certified set of policy commitments from the set of policy commitments; providing across the network the set of certified policy commitments for the first application for authentication by the second application and for automatically determining whether the set of certified policy commitments including the data handling policies satisfies the set of predetermined policy requirements by the second application; and providing a public key of the certifying authority upon request to the second application. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A data processing system for use in automatically enabling exchanges of sensitive data between a first application and a second application in accordance with a set of predetermined policy requirements comprising:
-
a processing device; and a memory storing program instructions which when executed by the processing device execute the steps of; establishing a secure connection across a network between the first application and a certifying authority utilizing the processing device; receiving, from the certifying authority, the set of policy commitments of the first application through the secure connection across the network, wherein the set of policy commitments of the first application includes data handling policies that the first application commits to utilize in handling and protecting the set of sensitive data of the second application; generating, by the certifying authority, a certified set of policy commitments from the set of policy commitments; providing across the network the set of certified policy commitments for the first application for authentication by the second application and for automatically determining whether the set of certified policy commitments including the data handling policies satisfies the set of predetermined policy requirements by the second application; and providing a public key of the certifying authority upon request to the second application. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification