Preference editor to facilitate privacy controls over user identities

US 10,402,591 B1
Filed: 06/06/2017
Issued: 09/03/2019
Est. Priority Date: 05/27/2008
Status: Active Grant

First Claim

Patent Images

1. A system, comprising at least one processor programmed to provide:

an identity selector configured to provide a selection of at least one user identity from a plurality of user identities for a single user; and

a privacy preference editor configured to generate at least one privacy preference relative to the one or more of the selected user identities;

wherein the privacy preference editor is configured to selectively associate the at least one privacy preference to at least one information card;

wherein the identity selector retrieves and determines which of the at least one information card satisfy identity requirements of a security policy, enables the user to select one of the at least one information card determined to satisfy the security policy, and requests an issuance of a security token from an identity provider, in reference to the at least one information card selected by the user;

wherein the privacy preference editor is configured for generating at least one user-authored privacy preference ruleset; and

based on the at least one generated user-authored privacy preference ruleset that is used by a privacy engine to evaluate the acceptability of a relying party'"'"'s privacy policy.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A privacy preference editor enables a user to institute privacy preferences relative to user identity information on a card-based and category-based basis. An identity selector furnishes information cards representative of user identities. The editor allows the user to set a privacy preference for each information card. Any proposed disclosure of an information card invokes its corresponding privacy preference. In turn, an agent engine evaluates the invoked privacy preference against the privacy policy of a relying party seeking the card information. The editor also permits the user to create information categories, populate the categories with a group of relevant user identity attributes, and set a privacy preference to the category. In this way, a category-specific privacy preference can be invoked by using the attribute required by the security policy as an index to the appropriate categorized group where the required attribute resides.

Citations

20 Claims

1. A system, comprising at least one processor programmed to provide:
- an identity selector configured to provide a selection of at least one user identity from a plurality of user identities for a single user; and
  
  a privacy preference editor configured to generate at least one privacy preference relative to the one or more of the selected user identities;
  
  wherein the privacy preference editor is configured to selectively associate the at least one privacy preference to at least one information card;
  
  wherein the identity selector retrieves and determines which of the at least one information card satisfy identity requirements of a security policy, enables the user to select one of the at least one information card determined to satisfy the security policy, and requests an issuance of a security token from an identity provider, in reference to the at least one information card selected by the user;
  
  wherein the privacy preference editor is configured for generating at least one user-authored privacy preference ruleset; and
  
  based on the at least one generated user-authored privacy preference ruleset that is used by a privacy engine to evaluate the acceptability of a relying party'"'"'s privacy policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the privacy preference editor is configured to selectively associate the at least one privacy preference to at least one of at least one categorized group of user identity attributes, and a respective user identity attribute in a one-to-one correspondence.
  - 3. The system of claim 1, wherein the privacy preference editor further includes:
    - a process having a first operating mode and a second operating mode;
      
      the first mode being configured to provide a respective privacy preference for each user identity; and
      
      the second operating mode being configured to associate at least one user identity attribute with the respective privacy preference.
  - 4. The system of claim 3, wherein the second operating mode configured further to:
    - provide at least one category, populate each category with at least one user identity attribute to form a respective category-specific group, and associate each category with a respective privacy preference.
  - 5. The system of claim 3, further comprises an interface for enabling a user to interact with the privacy preference editor to direct the first operating mode and the second operating mode.
  - 6. The system of claim 5, wherein the interface is configured for enabling the user, in respect of the first operating mode, to selectively assign a privacy preference to each user identity;
    - and for enabling the user, in respect of the second operating mode, to selectively conduct operations to determine at least one category, assign at least one attribute to each category, and establish a privacy preference for each category.
  - 7. The system of claim 1, wherein the identity selector is operative for providing a plurality of information cards;
    - the privacy preference editor is configured for selectively associating at least one information card with a respective privacy preference; and
      
      the privacy preference editor is configured for selectively determining at least one categorized group of attributes, and for selectively determining a privacy preference for each category.
  - 8. The system of claim 1, wherein each user identity having a respective plurality of user identity attributes, and wherein the privacy preference indicates how the privacy of at least one of the plurality of user identity attributes of the one or more selected user identities is treated when the at least one user attribute is provided to a third party.

9. A method, comprising:
- providing, by an identity selector, at least one indication of at least one user identity of a plurality of user identities for a single user; and
  
  generating at least one privacy preference, by a privacy preference editor, relative to the at least one indication of at least one user identity, using the determination;
  
  wherein the privacy preference editor is configured to selectively associate the at least one privacy preference to at least one information card;
  
  wherein the identity selector retrieves and determines which of the at least one information card satisfy identity requirements of a security policy, enables the user to select one of the at least one information card determined to satisfy the security policy, and requests an issuance of a security token from an identity provider, in reference to the at least one information card selected by the user;
  
  wherein the privacy preference editor is configured for generating at least one user-authored privacy preference ruleset; and
  
  based on the at least one generated user-authored privacy preference ruleset that is used by a privacy engine to evaluate the acceptability of a relying party'"'"'s privacy policy.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, wherein the generating further includes:
    - defining at least one category;
      
      populating each category with at least one user identity attribute to form a respective group; and
      
      associating each category with a respective privacy preference.
  - 11. The method of claim 9, wherein the generating further includes:
    - providing at least one category;
      
      a user selectively mapping at least one user identity attribute to a relevant category; and
      
      the user selectively assigning a privacy preference to each category.
  - 12. The method of claim 9, further comprises:
    - the providing further includes providing a plurality of information cards; and
      
      associating each information card with a privacy preference.
  - 13. The method of claim 9, wherein the generating further includes selectively associating the at least one privacy preference to at least one of at least one categorized group of user identity attributes, and a respective user identity attribute in a one-to-one correspondence.
  - 14. The method of claim 9, wherein each user identity having a respective plurality of user identity attributes wherein the privacy preference indicates how the privacy of at least one user attribute of at least one of the plurality of user identity attributes is treated when the at least one user attribute is provided to a third party.

15. A non-transitory computer-readable medium having computer-executable instructions for execution by at least one processor, that, when executed, cause the at least one processor to:
- receive a privacy preference specification relative to an indication of at least one user identity of a plurality of user identities for a single user; and
  
  generate at least one privacy preference relative to the at least one indication of at least one user identity;
  
  associate the at least one privacy preference to at least one information card;
  
  retrieve and determine which of the at least one information card satisfy identity requirements of a security policy, enables the user to select one of the at least one information card determined to satisfy the security policy, and requests an issuance of a security token in reference to the at least one information card selected by the user;
  
  generate at least one user-authored privacy preference ruleset; and
  
  based on the at least one generated user-authored privacy preference ruleset that is used by a privacy engine to evaluate the acceptability of a relying party'"'"'s privacy policy.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the instructions further cause the processor to:
    - define at least one category;
      
      populate each category with at least one user identity attribute to form a respective group; and
      
      associate each category with a respective privacy preference.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the instructions further cause the processor to:
    - provide at least one category;
      
      enable a user to selectively map at least one user identity attribute to a relevant category; and
      
      enable the user to selectively assign a privacy preference to each category.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the instructions further cause the processor to:
    - receive an indication of at least one information card; and
      
      associate each information card indication with a privacy preference.
  - 19. The non-transitory computer-readable medium of claim 15, wherein each user identity having a respective plurality of user identity attributes wherein the privacy preference indicates how the privacy of at least one user attribute of at least one of the plurality of user identity attributes is treated when the at least one user attribute is provided to a third party.
  - 20. The non-transitory computer-readable medium of claim 15, wherein the instructions further cause the processor to selectively associate the at least one privacy preference to at least one of at least one categorized group of user identity attributes, and a respective user identity attribute in a one-to-one correspondence.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Open Invention Network LLC
Inventors
Ahn, Gail-Joon
Primary Examiner(s)
Lagor, Alexander

Application Number

US15/614,895
Time in Patent Office

819 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/604   Tools and structures for ma...

G06F 21/6245   Protecting personal data, e...

G06F 21/6263   during internet communicati...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

Preference editor to facilitate privacy controls over user identities

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Preference editor to facilitate privacy controls over user identities

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links