Secure system and method for enforcement of privacy policy and protection of confidentiality

US 20040054918A1
Filed: 08/30/2002
Published: 03/18/2004
Est. Priority Date: 08/30/2002
Status: Active Grant

First Claim

Patent Images

1. A method for securely guaranteeing a privacy policy between two enterprises, comprising:

creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise;

signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first enterprise will be enforced by the privacy rules engine of the first enterprise;

sending the message to a second enterprise; and

running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention includes various systems, architectures, frameworks and methodologies that can securely enforce a privacy policy. A method is include for securely guaranteeing a privacy policy between two enterprises, comprising: creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first entity will be enforced by the privacy rules engine of the first enterprise; sending the message to a second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.

Citations

22 Claims

1. A method for securely guaranteeing a privacy policy between two enterprises, comprising:
- creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise;
  
  signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first enterprise will be enforced by the privacy rules engine of the first enterprise;
  
  sending the message to a second enterprise; and
  
  running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein if the privacy policy of the first enterprise matches the set of privacy rules for the third party:
    - encrypting the data requested by the first enterprise; and
      
      sending the encrypted requested data from the second enterprise to the first enterprise.
  - 3. The method of claim 1, wherein:
    - the certifying step includes the preliminary act of registering the first enterprise with a trusted agency; and
      
      the second enterprise checks the trusted agency to verify the certification.
  - 4. The method of claim 1, wherein both the first and second enterprises include a secure coprocessor.
  - 5. The method of claim 1, wherein both the first and second enterprises each includes a hardware device built with a cryptographic identifier that allows the hardware device of the first enterprise and the hardware device of the second enterprise to recognize and certify each other.
  - 6. The method of claim 1, wherein the first enterprise comprises a merchant system, the second enterprise comprises a financial institution system, and the data comprises credit card information regarding an individual.
  - 7. The method of claim 1, wherein the first enterprise comprises a service provider, the second enterprise comprises a vehicle, and the data comprises information derived from the vehicle.
  - 8. The method of claim 7 wherein the information comprises identification information and one of location and diagnostic information.

9. An automotive telematics system having a privacy protection framework, comprising:
- at least one sensor for collecting sensor data from at least one vehicle; and
  
  a data protection manager for managing the sensor data, wherein the data protection manager includes;
  
  a system for receiving data requests for sensor data from at least one application; and
  
  a privacy engine that ensures that each application requesting data has a privacy policy that complies with a privacy policy of the privacy engine.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 10. The automotive telematics system of claim 9, further comprising:
    - a system for authenticating a data request made by at least one application;
  - 11. The automotive telematics system of claim 9, further comprising:
    - a system for storing each data request in a data log; and
      
      a system for auditing said data log.
  - 12. The automotive telematics system of claim 9, wherein, at least one application resides in one of the vehicle and a computing system outside of the vehicle.
  - 13. The automotive telematics system of claim 9, wherein requests for data by a first application from a second application are processed by the privacy engine to assure that the privacy policy of the first application complies with the privacy policy of the second application.
  - 14. The automotive telematics system of claim 9, wherein data requests are one of event and subscription based.
  - 15. The automotive telematics system of claim 9, wherein:
    - the privacy engine includes a plurality of privacy policies;
      
      the data protection manager associates sensor data with one of the plurality of privacy policies; and
      
      the privacy engine ensures that each request for sensor data complies with an associated privacy policy.
  - 16. The automotive telematics system of claim 9, wherein:
    - the privacy engine includes a plurality of privacy policies;
      
      each of the privacy policies is corresponds to a different type of application; and
      
      the privacy engine ensures that each application requesting data complies with a privacy policy.
  - 17. The automotive telematics system of claim 9, wherein the data protection manager comprises a secure coprocessor.
  - 18. The automotive telematics system of claim 9, wherein the data protection manager is implemented as a virtual blackboard that allows sensor data to be accessed locally and remotely.
  - 19. The automotive telematics system of claim 9, wherein the data protection manager further comprises an application registry for registering applications.

20. A method for securely guaranteeing a privacy policy for credit card transactions, comprising:
- building a plurality of data processing devices that can recognize each other using cryptography;
  
  programming a privacy policy into each of the data processing devices;
  
  certifying that each of the data processing devices are equipped with privacy policy enforcement means;
  
  distributing the data processing devices to a merchant and a financial institution;
  
  issuing a credit card to an end user from the financial institution, wherein the end user is assigned a privacy policy in the data processing device of the financial institution;
  
  making a credit card purchase from the merchant by the end-user; and
  
  requesting data from the financial institution'"'"'s data processing device by the merchant'"'"'s data processing device, wherein the type of data that can be provided to the merchant'"'"'s data processing device regarding the end user is governed by the assigned privacy policy of the end user.
- View Dependent Claims (21, 22)
- - 21. The method of claim 20, wherein the plurality of data processing devices comprise secure coprocessors.
  - 22. The method of claim 20, wherein the plurality of data processing devices can communicate with each other using private key/public key pairs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Slingshot IOT LLC
Original Assignee
International Business Machines Corporation
Inventors
Perez, Ronald, Duri, Sastry S., Schonberg, Edith G., Liu, Xuan, Tresser, Charles P., Singh, Moninder, Moskowitz, Paul A., Tang, Jung-Mu, Gruteser, Marco O.

Granted Patent

US 7,401,352 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

G06Q 20/383   Anonymous user system

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 2209/84   Vehicles

H04L 63/0428   wherein the data content is...

H04L 63/104   Grouping of entities

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Secure system and method for enforcement of privacy policy and protection of confidentiality

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Secure system and method for enforcement of privacy policy and protection of confidentiality

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links