Secure system and method for enforcement of privacy policy and protection of confidentiality
First Claim
1. A data repository system that can securely guarantee a privacy policy of a user, comprising:
- an initialization system, wherein the initialization system includes;
a system for providing the user with a privacy policy of the data repository and a mechanism for validating the privacy policy of the data repository, and a system for collecting user data from the user, wherein the user data comprises a description of validity tokens authorizing a third party access to a subset of the user data from the data repository; and
a referral system for providing the third party access to the subset of the user data, including;
a system for checking that a privacy policy of the third party is compatible with the privacy policy of the user, and a system for digitally encoding the subset of data.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention includes various systems, architectures, frameworks and methodologies that can securely enforce a privacy policy. A method is include for securely guaranteeing a privacy policy between two enterprises, comprising: creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first entity will be enforced by the privacy rules engine of the first enterprise; sending the message to a second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.
72 Citations
27 Claims
-
1. A data repository system that can securely guarantee a privacy policy of a user, comprising:
-
an initialization system, wherein the initialization system includes;
a system for providing the user with a privacy policy of the data repository and a mechanism for validating the privacy policy of the data repository, and a system for collecting user data from the user, wherein the user data comprises a description of validity tokens authorizing a third party access to a subset of the user data from the data repository; and
a referral system for providing the third party access to the subset of the user data, including;
a system for checking that a privacy policy of the third party is compatible with the privacy policy of the user, and a system for digitally encoding the subset of data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of controlling user data in a data repository subject to a privacy policy of the user, comprising:
-
providing the user with a privacy policy of the data repository, a public signature key, and a site of a validator;
communicating with the validitor to validate the public signature key;
validitating the privacy policy of the data repository with the public signature key;
submitting the privacy policy of the user to the data repository;
checking to determine if the privacy policy of the user matches the privacy policy of the data repository; and
sending user data from the user to the data repository, wherein the user data includes a description of validity tokens that authorizes a third party access to a subset of the user data from the data repository. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
-
20. A program product stored on a recordable medium for providing a data repository that can securely guarantee a privacy policy of a user, the program product comprising:
-
means for providing the user with a privacy policy of the data repository, and for providing a mechanism for validating the privacy policy of the data repository, and means for collecting user data from the user, wherein the user data comprises a description of validity tokens authorizing a third party access to a subset of the user data from the data repository;
means for checking that a privacy policy of the third party is compatible with the privacy policy of the user; and
means for digitally encoding the subset of data to be transmitted to the third party. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
Specification