Access control protocol for user profile management

US 20020143961A1
Filed: 03/14/2001
Published: 10/03/2002
Est. Priority Date: 03/14/2001
Status: Abandoned Application

First Claim

Patent Images

1. In an electronic device, a method, comprising the steps of:

providing a user profile holding information regarding a user;

establishing a first set of permissions for the user profile, wherein said first set of permissions specifies who may access the user profile;

establishing a second set of permissions for a selected sub-division of the user profile, wherein said second set of permissions specifies who may access the sub-division; and

wherein in order for a party to access the selected sub-division, the party must be specified by the first set of permissions as having access to the user profile and must be specified by the second set of permissions as having access to the selected sub-division.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A customer profile access protocol with flexible access control capabilities is provided. The protocol facilitates secure and privacy enabled access to user profile data. The user profile data may be accessed by clients, such as other users, service providers and system administrators. The user profile data may be used by service providers and system administrators. The user profile data may be used by service providers to customize services provided to users. Permissions that control profile access may be established under user control. The user may specify different permissions for different grains of information within the user profile. For example, a first set of permissions may be associated with the entire user profile whereas a second set of permissions may be associated with a particular field in the user profile. Clients may be grouped such that permissions may be associated with a single group or combinations of groups specified by algebraic set operators.

Citations

26 Claims

1. In an electronic device, a method, comprising the steps of:
- providing a user profile holding information regarding a user;
  
  establishing a first set of permissions for the user profile, wherein said first set of permissions specifies who may access the user profile;
  
  establishing a second set of permissions for a selected sub-division of the user profile, wherein said second set of permissions specifies who may access the sub-division; and
  
  wherein in order for a party to access the selected sub-division, the party must be specified by the first set of permissions as having access to the user profile and must be specified by the second set of permissions as having access to the selected sub-division.
- View Dependent Claims (2, 3, 8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19)
- - 2. The method of claim 1, wherein the sub-division is a field.
  - 3. The method of claim 1, wherein the first set of permissions specifies what type of access to the user profile is granted to those who may access the user profile.
  - 8. The method of claim 1, wherein the second set of permissions specifies who may access the user profile.
  - 9. The method of claim 1, wherein one of the first set of permissions and the second set of permissions contains a list of parties that may access the user profile and the sub-division, respectively.
  - 10. The method of claim 1, wherein defined groups of parties are provided and wherein at least one of the first set of permissions and the second set of permissions specifies one of the groups as having access.
  - 11. The method of claim 1, wherein the user specifies at least one of the first set of permissions and the second set of permissions.
  - 12. The method of claim 1, wherein at least one of the first set of permissions and the second set of permissions is established by default.
  - 13. The method of claim 1, further comprising the step of establishing a third set of permissions for an additional one of the sub-divisions in the user profile, wherein said third set of permissions specifies who may access the additional sub-division.
  - 14. The method of claim 12, wherein the sub-division of the user profile are organized hierarchically and wherein the sub-division contains the additional subdivision.
  - 15. The method of claim 1, wherein defined groups are provided and wherein at least one of the first set of permissions and the second set of permissions specifies who may have access as an access set, said access set resulting from a set algebraic operation performed on at least two of the groups.
  - 17. The method of claim 16, wherein the service providers in the selected group all provide a common category of service.
  - 18. The method of claim 16, wherein at least one group contains other groups that constitute subsets of the group, and said groups containing logically related service providers.
  - 19. The method of claim 16, wherein the user profiles are accessible via a centralized repository and wherein the authorized information in the user profile may be accessed by service providers that did not directly solicit the accessible information from the user.

4. The method of claim 4, wherein at least one party is granted read access to the user profile, indicating that the party may read information in the user profile.
- View Dependent Claims (5, 6, 7)
- - 5. The method of claim 4, wherein at least one party is granted write access to the user profile, indicating that the party may write information into the user profile.
  - 6. The method of claim 4, wherein at least one party is granted availability access to the user profile, indicating that the party may find out whether the user profile is available.
  - 7. The method of claim 4, wherein at least one party is granted delete access to the user profile, indicating that the user may delete information in the user profile.

16. A method, comprising the steps of:
- providing user profiles that hold information regarding users and are accessible via a network;
  
  specifying groups of service providers for providing services to the users, each group containing a set of service providers; and
  
  granting access permission for authorized information in a selected user profile to a selected one of the groups so that the service providers in the selected group may access the authorized information.

20. In an electronic device, a method, comprising the steps of:
- providing a user profile having various fields, wherein at least one of said fields has associated permissions;
  
  setting the permissions relative to a given service provider so as to prevent access to at least one selected field and grant access to at least one given field in the user profile so as to support an anonymous transaction between the given service provider and the user by withholding an identity of the user.
- View Dependent Claims (21, 22, 23, 24, 25)
- - 21. The method of claim 20, wherein the user profile contains a name field holding a name of the user and wherein the selected field is the name field.
  - 22. The method of claim 20, wherein the user profile contains an address field holding an address field holding an address of the user and wherein the selected field is the address field.
  - 23. The method of claim 20, wherein the permissions are set to block access to multiple ones of the fields by the given service provider.
  - 24. The method of claim 20, wherein the user profile contains a payment field holding information regarding a payment mechanism and wherein the given field is the payment field.
  - 25. The method of claim 20, wherein the user profile contains a credit card field holding credit card number and wherein the select field is a credit card field.

26. In an electronic device, a method, comprising the steps of:
- providing a user profile holding information regarding a user in fields;
  
  providing a protocol that enables the getting and setting of the following;
  
  (i) fields in the user profile;
  
  (ii) access permissions for the fields in the user profile;
  
  (iii) members of groups that have access permissions to selected ones of the fields in the user profile;
  
  (iv) group access permissions that specify access information regarding groups;
  
  (v) permissions access permissions that specify permissions for the access permissions; and
  
  (vi) a schema definition for the user profile.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kargo Ooo (RIAL Gruppa Kompaniy)
Original Assignee
Kargo Ooo (RIAL Gruppa Kompaniy)
Inventors
Eskin, Eleazar, Zhong, Zhi-Da, Siegel, Eric Victor, Chaffee, Alexander Day

Application Number

US09/808,911
Publication Number

US 20020143961A1
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

H04L 63/102   Entity profiles

H04L 67/306   User profiles

H04L 69/329   in the application layer [O...

Access control protocol for user profile management

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Access control protocol for user profile management

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links