Secure system and method for enforcement of privacy policy and protection of confidentiality

US 20040054919A1
Filed: 08/30/2002
Published: 03/18/2004
Est. Priority Date: 08/30/2002
Status: Active Grant

First Claim

Patent Images

1. A data repository system that can securely guarantee a privacy policy of a user, comprising:

an initialization system, wherein the initialization system includes;

a system for providing the user with a privacy policy of the data repository and a mechanism for validating the privacy policy of the data repository, and a system for collecting user data from the user, wherein the user data comprises a description of validity tokens authorizing a third party access to a subset of the user data from the data repository; and

a referral system for providing the third party access to the subset of the user data, including;

a system for checking that a privacy policy of the third party is compatible with the privacy policy of the user, and a system for digitally encoding the subset of data.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention includes various systems, architectures, frameworks and methodologies that can securely enforce a privacy policy. A method is include for securely guaranteeing a privacy policy between two enterprises, comprising: creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first entity will be enforced by the privacy rules engine of the first enterprise; sending the message to a second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.

72 Citations

View as Search Results

27 Claims

1. A data repository system that can securely guarantee a privacy policy of a user, comprising:
- an initialization system, wherein the initialization system includes;
  
  a system for providing the user with a privacy policy of the data repository and a mechanism for validating the privacy policy of the data repository, and a system for collecting user data from the user, wherein the user data comprises a description of validity tokens authorizing a third party access to a subset of the user data from the data repository; and
  
  a referral system for providing the third party access to the subset of the user data, including;
  
  a system for checking that a privacy policy of the third party is compatible with the privacy policy of the user, and a system for digitally encoding the subset of data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The data repository system of claim 1, wherein the mechanism for validating the privacy policy includes providing to the user a public signature key and means to access at least one validator.
  - 3. The data repository system of claim 2, wherein the means to access comprises is selected from the group consisting of a web site, printed material, and a telephone.
  - 4. The data repository system of claim 2, wherein the validator is a guarantor of hardware for the data repository system, the public signature key is a key generated by the hardware, and the validator can validate the key.
  - 5. The data repository system of claim 2, wherein the validator is a guarantor of hardware for the data repository system, the public signature key is a key generated by the hardware, and validity of the key can be established from the group consisting of a consumer group and a publication in printed media.
  - 6. The data repository system of claim 4, wherein the guarantor of hardware is a provider of the hardware.
  - 7. The data repository system of claim 4, wherein the privacy policy of the data repository is signed with the public signature key of the data repository.
  - 8. The data repository system of claim 4, wherein the privacy policy of the data repository is signed with the public signature key of a reputable guarantor.
  - 9. The data repository system of claim 4, wherein the user data is collected in a filled personal data form that is digitally encoded.
  - 10. The data repository system of claim 1, wherein the referral system further includes a system for requesting a validity token from the third party.
  - 11. The data repository system of claim 1, wherein the referral system digitally signs the subset of data.
  - 12. The data repository system of claim 1, wherein the referral system digitally encrypts the subset of data.

13. A method of controlling user data in a data repository subject to a privacy policy of the user, comprising:
- providing the user with a privacy policy of the data repository, a public signature key, and a site of a validator;
  
  communicating with the validitor to validate the public signature key;
  
  validitating the privacy policy of the data repository with the public signature key;
  
  submitting the privacy policy of the user to the data repository;
  
  checking to determine if the privacy policy of the user matches the privacy policy of the data repository; and
  
  sending user data from the user to the data repository, wherein the user data includes a description of validity tokens that authorizes a third party access to a subset of the user data from the data repository.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, further comprising:
    - requesting a subset of data from a third party to the user;
      
      checking that a privacy policy of the third party is compatible with the privacy policy of the user;
      
      providing a validity token to the third party from the user;
      
      requesting from the data repository a validity token from the third party; and
      
      providing to the third party the requested subset of data.
  - 15. The method of claim 13, wherein the validator is a guarantor of hardware for the data repository system, the public signature key is a key generated by the hardware, and the key is validated by one from the group consisting of the validator, a consumer group, and a publication in printed media.
  - 16. The method of claim 15, wherein the guarantor of hardware is a provider of the hardware.
  - 17. The method of claim 13, wherein the step of sending user data from the user to the data repository includes the steps of:
    - securely sending to the user from the data repository a data form that is compatible with the privacy policy of the user and of the data repository;
      
      filling out the data form in a manner that is compatible with the privacy policy of the user and of the data repository; and
      
      including in the filled out data form the description of the validity tokens; and
      
      securely sending the filled out data form to the data repository.
  - 18. The method of claim 14, wherein the step of providing a validity token to the third party from the user, includes:
    - providing a public key/private key encryption pair;
      
      sending an encoded message to the third party signed with the public key, wherein the encoded message includes a password and validation information;
      
      providing the data repository with the private key; and
      
      passing the encoded message to the data repository from the third party, along with the location of the private key.
  - 19. The method of claim 13, wherein the step of providing the user with the privacy policy of the data repository includes the step of signing the privacy with a public signature key of one selected from the group consisting of a reputable guarantor and the data repository.

20. A program product stored on a recordable medium for providing a data repository that can securely guarantee a privacy policy of a user, the program product comprising:
- means for providing the user with a privacy policy of the data repository, and for providing a mechanism for validating the privacy policy of the data repository, and means for collecting user data from the user, wherein the user data comprises a description of validity tokens authorizing a third party access to a subset of the user data from the data repository;
  
  means for checking that a privacy policy of the third party is compatible with the privacy policy of the user; and
  
  means for digitally encoding the subset of data to be transmitted to the third party.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The program product of claim 20, wherein the mechanism for validating the privacy policy includes providing to the user a public signature key and a site of at least validator.
  - 22. The program product of claim 21, wherein the validator is a provider of hardware for the data repository, the public signature key is a key generated by the hardware, and the validator can validate the public signature key.
  - 23. The program product of claim 22, wherein the privacy policy of the data repository is signed with the public signature key.
  - 24. The program product of claim 23, wherein the user data is collected in a filled personal data form that is digitally encoded.
  - 25. The program product of claim 20, further comprising means for requesting a validity token from the third party.
  - 26. The program product of claim 20, further comprising means for digitally signing the subset of data.
  - 27. The program product of claim 20, further comprising means for digitally encrypting the subset of data

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Perez, Ronald, Duri, Sastry S., Schonberg, Edith G., Liu, Xuan, Tresser, Charles P., Singh, Moninder, Moskowitz, Paul A.

Granted Patent

US 7,353,532 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06Q 20/389   Keeping log of transactions...

G06Q 20/4016   involving fraud or risk lev...

G06Q 40/02   Banking, e.g. interest calc...

Secure system and method for enforcement of privacy policy and protection of confidentiality

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Secure system and method for enforcement of privacy policy and protection of confidentiality

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others