System and method for defining a privacy zone within a network
First Claim
1. A non-transitory computer-readable medium containing instructions for controlling a data processing system to perform a method, the data processing system having an asset platform and an offering platform, the offering platform being operatively connected to the asset platform across a network, the instructions comprising:
- instructions for causing the offering platform to receive a request for an offering to be deployed to an asset, the asset being operatively connected to the asset platform, wherein;
the asset platform and an asset platform manager are disposed on an asset platform computer system in the data processing system;
the offering, the offering platform and an offering platform privacy manager are disposed on an offering platform computer system in the data processing system; and
the offering comprises a front-end offering logic hosted on the asset platform computer system and a back-end offering logic hosted on the offering platform computer system, the front-end offering logic being operatively configured to collect at least one data element associated with the asset and transfer said data element to the back-end offering logic;
instructions for causing the offering platform privacy manager to identify a privacy policy associated with the offering, wherein the privacy policy independently defines at least an access list and a time to live for each of the at least one data element;
instructions for causing the offering platform privacy manager to deploy the front-end offering logic to the asset platform such that the front-end offering logic is operatively configured to communicate with the asset; and
instructions for causing the asset platform manager to generate a data element collection filter configured to control the transfer and the access of the at least one data element in accordance with the privacy policy, said data element collection filter being disposed between the front end offering logic and the back end offering logic, wherein the at least one data element is used by the back end offering logic for processing the request for the offering, and wherein the data element collection filter inhibits transfer of the at least one data element to the offering platform after determining that the at least one data element is not identified in the privacy policy.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and articles of manufacture are provided for defining a privacy zone between an asset platform and an offering platform within a network. A request is received from a customer for an offering to be deployed in association with an asset hosted on the asset platform. The offering has back-end offering logic and front-end offering logic that is operatively configured to collect and transfer a data element associated with the asset to the back-end offering logic. A privacy policy associated with the offering is identified. The front-end offering logic is deployed to the asset platform such that the front-end offering logic is operatively configured to communicate with the asset. A data element collection filter is then generated between the front-end offering logic and the back-end offering logic to control the transfer and the access of the data element in accordance with the privacy policy.
-
Citations
24 Claims
-
1. A non-transitory computer-readable medium containing instructions for controlling a data processing system to perform a method, the data processing system having an asset platform and an offering platform, the offering platform being operatively connected to the asset platform across a network, the instructions comprising:
-
instructions for causing the offering platform to receive a request for an offering to be deployed to an asset, the asset being operatively connected to the asset platform, wherein;
the asset platform and an asset platform manager are disposed on an asset platform computer system in the data processing system;
the offering, the offering platform and an offering platform privacy manager are disposed on an offering platform computer system in the data processing system; and
the offering comprises a front-end offering logic hosted on the asset platform computer system and a back-end offering logic hosted on the offering platform computer system, the front-end offering logic being operatively configured to collect at least one data element associated with the asset and transfer said data element to the back-end offering logic;instructions for causing the offering platform privacy manager to identify a privacy policy associated with the offering, wherein the privacy policy independently defines at least an access list and a time to live for each of the at least one data element; instructions for causing the offering platform privacy manager to deploy the front-end offering logic to the asset platform such that the front-end offering logic is operatively configured to communicate with the asset; and instructions for causing the asset platform manager to generate a data element collection filter configured to control the transfer and the access of the at least one data element in accordance with the privacy policy, said data element collection filter being disposed between the front end offering logic and the back end offering logic, wherein the at least one data element is used by the back end offering logic for processing the request for the offering, and wherein the data element collection filter inhibits transfer of the at least one data element to the offering platform after determining that the at least one data element is not identified in the privacy policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable medium containing instructions for controlling a data processing system to perform a method, the data processing system having an asset platform and an offering platform, said offering platform being operatively connected to the asset platform across a network, the instructions comprising:
-
instructions for causing the offering platform to receive, from a customer, a request for an offering to be deployed to an asset, the asset being operatively connected to the asset platform, wherein;
the asset platform and an asset platform manager are disposed on an asset platform computer system in the data processing system;
the offering, the offering platform, and an offering platform privacy manager are disposed on an offering platform computer system in the data processing system; and
the offering comprises a back-end offering logic hosted on the offering platform computer system and a front-end offering logic hosted on the asset platform computer system, the front-end offering logic being operatively configured to collect a plurality of data elements associated with the asset and transfer said plurality of data elements to the back-end offering logic;instructions for causing the offering platform privacy manager to identify a privacy policy associated with the offering that dictates transfer of and access to the plurality of data elements in the data processing system; instructions for causing the offering platform privacy manager to present a graphical representation of a hierarchical tree structure representing the privacy policy on a display to the customer, wherein the hierarchical tree structure includes a plurality of segments respectively representing the plurality of data elements of the privacy policy, and wherein the hierarchical tree structure includes a plurality of sub-segments respectively representing a plurality of parameters of the plurality of data elements of the privacy policy; instructions for causing the offering platform privacy manager to deploy the front-end offering logic to the asset platform such that the front-end offering logic is operatively configured to communicate with the asset; instructions for causing the asset platform manager to generate a data element collection filter configured to control the transfer and the access of the plurality of data elements in accordance with the privacy policy, said data element collection filter being disposed between the front end offering logic and the back end offering logic, wherein the plurality of data elements are used by the back end offering logic for processing the request for the offering; and instructions for causing the data processing system to receive a change to the privacy policy including setting differing access lists and times-to-live for differing ones of plurality of data elements, wherein the instructions for causing the data processing system to receive a change to the privacy policy include instructions for receiving a change to the graphical representation of the hierarchical tree structure via the display, and wherein the data element collection filter is generated in accordance with the change to the privacy policy. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A data processing system, comprising:
-
an asset platform computer system comprising an asset platform operatively connected to a customer asset, a first memory to store the asset platform and a processor to run the asset platform, the asset platform including an asset platform manager; and an offering platform computer system comprising an offering, an offering platform operatively connected to the asset platform across a network, a second memory to store the offering platform and a processor to run the offering platform, the offering platform having a privacy manager, the offering comprising a front-end offering logic and a back-end offering logic, the front-end offering logic being operatively configured to collect at least one data element associated with the customer asset and transfer said data element to the back-end offering logic, wherein the offering platform; receives a request for the offering to be deployed to the customer asset, identifies a privacy policy associated with the offering that defines the at least one data element for use in processing the request for the offering, deploys the front-end offering logic to the asset platform such that the front-end offering logic is operatively configured to communicate with the asset, and requests one of the privacy manager and the asset platform manager to generate a data element collection filter configured to control the transfer and the access of the at least one data element in accordance with the privacy policy including inhibiting transfer of any data elements not identified on the privacy policy, said data element collection filter being disposed between the front-end offering logic and the back-end offering logic wherein the at least one data element is used by the back end offering logic for processing the request for the offering. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A non-transitory computer-readable medium containing instructions for controlling a data processing system to perform a method, the data processing system having an asset platform and an offering platform, said offering platform being operatively connected to the asset platform across a network, the instructions comprising:
-
instructions for receiving, at an offering platform computer system, first and second requests from respective first and second customers for an offering to be deployed to first and second assets of the first and second customers, the first and second assets being respectively operatively connected to first and second asset platforms, the offering comprising a front-end offering logic and a back-end offering logic, the front-end offering logic being operatively configured to collect at least one data element associated with each of the first and second customer assets and transfer the data elements to the back-end offering logic; instructions for identifying, by the offering platform computer system, a privacy policy associated with the offering; instructions for deploying, by the offering platform computer system, the front-end offering logic to the first and second asset platforms such that the front-end offering logic is operatively configured to communicate with the first and second assets; instructions for providing, during the deploying, the front-end offering logic with first and second application programming interfaces that respectively allow the front-end offering logic to communicate with the first and second assets of the first and second asset platforms; and instructions for generating, by the first and second asset platforms, a data element collection filter between the front-end offering logic and the back-end offering logic, said filter being configured to control the transfer and the access of the data elements in accordance with the privacy policy, wherein the at least one data element is used by the back end offering logic for processing the request for the offering.
-
Specification