System, method, and business methods for enforcing privacy preferences on personal-data exchanges across a network
First Claim
1. A system to enforce privacy preferences on exchanges of personal data comprising of one or more computers connected to one or more networks through one or more network interfaces, each computer having one or more memories and one or more central processing units (CPUs), the system further comprising:
- one or more data-subject rule sets that has one or more subject constraints on one or more private, subject data releases;
a receiving process that receives a request message from a data-requester over the network interfaces, the request message having one or more requests for one or more of the private, subject data releases pertaining to a subject, and a requester privacy statement for each of the respective private data; and
a release process that compares the requester privacy statement to the subject constraints and releases the private, subject data release in a response message to the requester only if the subject constraints are satisfied.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method, and business method is used to enforce privacy preferences on exchanges of personal data over a computer network. There are one or more data-subject (subject) rule sets that have one or more subject constraints on one or more private, subject data releases. A receiving process receives a request message from a data-requester (requester) over a network interfaces. The request message has one or more requests for one or more of the private, subject data releases pertaining to a subject, and a requester privacy statement for each of the respective private data. A release process compares the requester privacy statement to the subject constraints (authorization rules) and releases the private, subject data release in a response message to the requester only if the subject constraints are satisfied.
-
Citations
47 Claims
-
1. A system to enforce privacy preferences on exchanges of personal data comprising of one or more computers connected to one or more networks through one or more network interfaces, each computer having one or more memories and one or more central processing units (CPUs), the system further comprising:
-
one or more data-subject rule sets that has one or more subject constraints on one or more private, subject data releases;
a receiving process that receives a request message from a data-requester over the network interfaces, the request message having one or more requests for one or more of the private, subject data releases pertaining to a subject, and a requester privacy statement for each of the respective private data; and
a release process that compares the requester privacy statement to the subject constraints and releases the private, subject data release in a response message to the requester only if the subject constraints are satisfied. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method to enforce privacy preferences on exchanges of personal data, comprising the steps
specifying one or more data-subject rule sets, the data-subject rule set having one or more subject constraints on one or more private, subject data releases; -
receiving a request message from a data-requester, the request message having one or more requests for one or more of the data releases pertaining to the subject, and a requester privacy statement for each of the respective private, subject data release;
comparing the requester privacy declaration to the subject constraints; and
releasing the private, subject data release in a response message to the requester only if the subject constraints are satisfied. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A system of doing business of enforcing privacy preferences on exchanges of personal data comprising:
-
a trusted third-party acting as a personal-data-service (PDS) on behalf of a data-subject and providing one or more computers connected to one or more networks through one or more network interfaces, each computer having one or more memories and one or more central processing units, to host subject data and policies, receive and process requests for such data and release as well as authorize release of such data; and
one or more third-parties holding additional data about the data-subject on one or more computers connected to one or more networks through one or more network interfaces, each computer having one or more memories and one or more central processing units, the system further comprising;
one or more data-subject (subject) rule sets hosted by the PDS that has one or more subject constraints on one or more private, subject data releases, such data being hosted by the PDS or one or more said third-parties;
a receiving process executed by the PDS that receives a request message from a data-requester (requester) over the network interfaces, the request message having one or more requests for one or more of the data releases pertaining to the subject, and a requester privacy statement for each of the respective private data; and
a release process executed by the PDS that compares the requester privacy declaration to the subject constraints (authorization rules) and, if the subject constraints are satisfied, gathers, releases and authorizes release of such data, whether hosted by the PDS or one or more third parties, in a response message to the requester. - View Dependent Claims (39)
-
-
40. A method of doing business of enforcing privacy preferences on exchanges of personal data, the method comprising the steps of:
-
selecting and using a trusted third-party to act as a personal-data-service (PDS) on behalf of a data-subject;
specifying data profiles containing private subject data, that is owned by the data subject, with the PDS;
specifying one or more data-subject rule sets with the PDS that has one or more subject constraints on one or more private, subject data releases, such data being hosted by the PDS or one or more third-parties;
receiving of a request message, by the PDS, from a data-requester (requester), the request message having one or more requests for one or more of the data releases pertaining to the subject, and a requester privacy statement for each of the respective private data;
comparing, by the PDS, the requester privacy declaration to the subject constraints;
gathering and releasing the data from the data stored with the PDS as well as data owned and stored with one or more third parties, as well as authorizing release of such data held by one or more third parties, in a response message to the requester only if the subject constraints are satisfied. - View Dependent Claims (41)
-
-
42. A system of doing business of enforcing privacy preferences on exchanges of personal data comprising one or more third-parties owning and holding data about the data-subject on one or more computers connected to one or more networks through one or more network interfaces, each computer having one or more memories and one or more central processing units, the system further comprising:
-
one or more data-subject rule sets hosted by each such third-party that has one or more subject constraints on one or more private, subject data releases, such data being hosted by each of the said third-parties;
a receiving process executed by each of the said third-parties that receives a request message from a data-requester over the network interfaces, the request message having one or more requests for one or more of the data releases pertaining to the subject held by said third parties, and a requester privacy statement for each of the respective private data; and
a release process executed by the each of the said third-parties that compares the requester privacy declaration to the subject constraints (authorization rules) and, if the subject constraints are satisfied, gathers and releases such data in a response message to the requester. - View Dependent Claims (43, 44)
-
-
45. A method of doing business of enforcing privacy preferences on exchanges of personal data, said method comprising the steps of:
-
specifying one or more data-subject rule sets that has one or more subject constraints on one or more private, subject data releases, such subject data being owned and hosted by one or more third-parties;
receiving of a request message, by any of the third-parties, from a data-requester (requester), the request message having one or more requests for one or more of the data releases pertaining to the subject that is held by said third-party, and a requester privacy statement for each of the respective private data;
comparing, by said third-party receiving the request, the requester privacy declaration to the subject constraints; and
releasing the data, from the subject-data owned and stored by said third-party receiving the data request, in a response message to the requester only if the subject constraints are satisfied. - View Dependent Claims (46, 47)
-
Specification