Managing exchanges of sensitive data

US 10,270,757 B2
Filed: 01/29/2018
Issued: 04/23/2019
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method of automatically enabling exchanges of sensitive data between a first application and a second application in accordance with a set of predetermined policy requirements comprising:

establishing a secure connection across a network between the first application and a certifying authority utilizing a processing device;

receiving, from the certifying authority, the set of policy commitments of the first application through the secure connection across the network, wherein the set of policy commitments of the first application includes data handling policies that the first application commits to utilize in handling and protecting the set of sensitive data of the second application;

generating, by the certifying authority, a certified set of policy commitments from the set of policy commitments;

providing across the network the set of certified policy commitments for the first application for authentication by the second application and for automatically determining whether the set of certified policy commitments including the data handling policies satisfies the set of predetermined policy requirements by the second application; and

providing a public key of the certifying authority upon request to the second application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system or computer usable program product for managing exchanges of sensitive data including utilizing a processor to request a service across a network from an application, the service requiring a disclosure of a first set of sensitive data by the application; providing a set of certified policy commitments regarding the first set of sensitive data to the application for a determination of acceptability; and upon a positive determination, receiving the service including the disclosure of the first set of sensitive data.

63 Citations

20 Claims

1. A method of automatically enabling exchanges of sensitive data between a first application and a second application in accordance with a set of predetermined policy requirements comprising:
- establishing a secure connection across a network between the first application and a certifying authority utilizing a processing device;
  
  receiving, from the certifying authority, the set of policy commitments of the first application through the secure connection across the network, wherein the set of policy commitments of the first application includes data handling policies that the first application commits to utilize in handling and protecting the set of sensitive data of the second application;
  
  generating, by the certifying authority, a certified set of policy commitments from the set of policy commitments;
  
  providing across the network the set of certified policy commitments for the first application for authentication by the second application and for automatically determining whether the set of certified policy commitments including the data handling policies satisfies the set of predetermined policy requirements by the second application; and
  
  providing a public key of the certifying authority upon request to the second application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising verifying the set of policy commitments of the first application.
  - 3. The method of claim 1 wherein the first application is located at a first node and a first node identifier is provided with the set of certified policy commitments.
  - 4. The method of claim 3 wherein the first node identifier is stored in a memory and wherein multiple applications commonly share the first node identifier.
  - 5. The method of claim 3 wherein the first node identifier is a public key.
  - 6. The method of claim 5 further comprising challenging the first application to provide a response using a private key corresponding to the public key for authentication of the first application.
  - 7. The method of claim 1 wherein the predetermined set of policy requirements of the second application are selected from a standard set of policies.

8. A computer usable program product comprising a non-transitory computer usable storage medium including computer usable code for use in automatically enabling exchanges of sensitive data between a first application and a second application in accordance with a set of predetermined policy requirements, the computer usable program product comprising code for performing the steps of:
- establishing a secure connection across a network between the first application and a certifying authority utilizing a processing device;
  
  receiving, from the certifying authority, the set of policy commitments of the first application through the secure connection across the network, wherein the set of policy commitments of the first application includes data handling policies that the first application commits to utilize in handling and protecting the set of sensitive data of the second application;
  
  generating, by the certifying authority, a certified set of policy commitments from the set of policy commitments;
  
  providing across the network the set of certified policy commitments for the first application for authentication by the second application and for automatically determining whether the set of certified policy commitments including the data handling policies satisfies the set of predetermined policy requirements by the second application; and
  
  providing a public key of the certifying authority upon request to the second application.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer usable program product of claim 8 further comprising verifying the set of policy commitments of the first application.
  - 10. The computer usable program product of claim 8 wherein the first application is located at a first node and a first node identifier is provided with the set of certified policy commitments.
  - 11. The computer usable program product of claim 10 wherein the first node identifier is stored in a memory and wherein multiple applications commonly share the first node identifier.
  - 12. The computer usable program product of claim 10 wherein the first node identifier is a public key.
  - 13. The computer usable program product of claim 12 further comprising challenging the first application to provide a response using a private key corresponding to the public key for authentication of the first application.
  - 14. The computer usable program product of claim 8 wherein the predetermined set of policy requirements of the second application are selected from a standard set of policies.

15. A data processing system for use in automatically enabling exchanges of sensitive data between a first application and a second application in accordance with a set of predetermined policy requirements comprising:
- a processing device; and
  
  a memory storing program instructions which when executed by the processing device execute the steps of;
  
  establishing a secure connection across a network between the first application and a certifying authority utilizing the processing device;
  
  receiving, from the certifying authority, the set of policy commitments of the first application through the secure connection across the network, wherein the set of policy commitments of the first application includes data handling policies that the first application commits to utilize in handling and protecting the set of sensitive data of the second application;
  
  generating, by the certifying authority, a certified set of policy commitments from the set of policy commitments;
  
  providing across the network the set of certified policy commitments for the first application for authentication by the second application and for automatically determining whether the set of certified policy commitments including the data handling policies satisfies the set of predetermined policy requirements by the second application; and
  
  providing a public key of the certifying authority upon request to the second application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The data processing system of claim 15 further comprising verifying the set of policy commitments of the first application.
  - 17. The data processing system of claim 15 wherein the first application is located at a first node and a first node identifier is provided with the set of certified policy commitments.
  - 18. The data processing system of claim 17 wherein the first node identifier is stored in the memory and wherein multiple applications commonly share the first node identifier.
  - 19. The data processing system of claim 17 wherein the first node identifier is a public key.
  - 20. The data processing system of claim 15 wherein the predetermined set of policy requirements of the second application are selected from a standard set of policies.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TrustArc, Inc.
Original Assignee
TrustArc, Inc.
Inventors
Guinan, Daniel J.
Primary Examiner(s)
Avery, Jeremiah L

Application Number

US15/882,009
Publication Number

US 20180212952A1
Time in Patent Office

449 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

Managing exchanges of sensitive data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Managing exchanges of sensitive data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links