Auditable privacy policies in a distributed hierarchical identity management system
First Claim
Patent Images
1. A method of obtaining authenticated approval of a policy from a user at a membersite in an identity management network, the method comprising:
- transmitting a digital request for acceptance of the policy through a data network;
receiving, through the data network, a digitally signed acceptance of the policy in response to the transmission of the request; and
determining that the received acceptance is digitally signed by an entity in the identity management network made authoritative to sign on behalf of the user by a trusted authority in the identity management network.
5 Assignments
0 Petitions
Accused Products
Abstract
A set of methods, and systems, for enabling the audit tracking of user agreement with policies, such as privacy policies in an authenticated fashion is disclosed herein. The method and system make use of third party signatures of privacy policies to show user approval of the policy as it pertains to released data.
-
Citations
21 Claims
-
1. A method of obtaining authenticated approval of a policy from a user at a membersite in an identity management network, the method comprising:
-
transmitting a digital request for acceptance of the policy through a data network;
receiving, through the data network, a digitally signed acceptance of the policy in response to the transmission of the request; and
determining that the received acceptance is digitally signed by an entity in the identity management network made authoritative to sign on behalf of the user by a trusted authority in the identity management network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 10, 11)
-
-
8. (canceled)
-
9. (canceled)
-
12. A method of providing authenticated user approval of a digital policy at a node in an identity management network, the method comprising:
-
receiving, through a data network, a request to approve the digital policy;
obtaining approval of the policy from the user;
signing the policy on behalf of the user using a digital signature; and
transmitting the signed policy and a digital delegation from a trusted authority in the identity management network indicating that the digital signature is authoritative for the user. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification