Believably trustworthy enforcement of privacy enhancing technologies in data processing

US 20060129821A1
Filed: 12/13/2004
Published: 06/15/2006
Est. Priority Date: 12/13/2004
Status: Abandoned Application

First Claim

Patent Images

1. A system, comprising:

a first computer that is in communication with a second computer, wherein the first computer comprises a privacy enhancing technology; and

a certifier for ensuring that the privacy enhancing technology is being implemented on the first computer, wherein a certification is communicated to the second computer regarding the implementation of the privacy enhancing technology on the first computer.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for trustworthy enforcement of privacy enhancing technologies within a data processing system enable data processing systems to communicate a believable statement that privacy is being protected in a trustworthy fashion. The invention includes providing for trustworthy enforcement of privacy enhancing technologies by establishing a standardized scheme for a privacy certification and routine inspection of data processing systems implementing privacy enhancing technologies. The regime of certification and inspection may be coupled with other technologies such as cryptography, tamper-evident computing, and runtime security enforcement.

36 Citations

View as Search Results

36 Claims

1. A system, comprising:
- a first computer that is in communication with a second computer, wherein the first computer comprises a privacy enhancing technology; and
  
  a certifier for ensuring that the privacy enhancing technology is being implemented on the first computer, wherein a certification is communicated to the second computer regarding the implementation of the privacy enhancing technology on the first computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the first computer comprises hardware and wherein the privacy enhancing technology provides security for the hardware.
  - 3. The system of claim 1, wherein the first computer comprises software and wherein the privacy enhancing technology provides security for the software.
  - 4. The system of claim 1, wherein the privacy enhancing technology provides cryptographically-protected data.
  - 5. The system of claim 1, wherein the privacy enhancing technology provides tamper-evident software.
  - 6. The system of claim 1, wherein the privacy enhancing technology provides tamper-evident hardware.
  - 7. The system of claim 1, wherein the privacy enhancing technology provides runtime security enforcement.
  - 8. The system of claim 1, wherein the certifier communicates the certification to the second computer.
  - 9. The system of claim 1, wherein the certifier is a third-party certifier.
  - 10. The system of claim 1, wherein the certifier is local to one of the first computer and the second computer.
  - 11. The system of claim 1, wherein the first computer is a server and the second computer is a client of the first computer.
  - 12. The system of claim 1, wherein the second computer is a server and the first computer is a client of the second computer.

13. A system, comprising:
- first privacy enhancing technology by providing cryptographically-protected data;
  
  second privacy enhancing technology by providing secure software;
  
  third privacy enhancing technology by providing secure hardware; and
  
  a certifier for ensuring that the first, second, and third privacy enhancing technologies are being implemented on the system.
- View Dependent Claims (14, 15)
- - 14. The system of claim 13, wherein the certifier provides a certification regarding the implementation of the first, second, and third privacy enhancing technologies to a computer in communication with the system.
  - 15. The system of claim 13, wherein at least one of the first, second, and third privacy enhancing technologies provides runtime security enforcement.

16. A method comprising:
- verifying that software on a computer comprises privacy enhancing technology;
  
  verifying that hardware on the computer comprises privacy enhancing technology; and
  
  sending a certification indicating that the hardware and software on the computer comprises privacy enhancing technology.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 17. The method of claim 16, wherein the certification is encrypted.
  - 18. The method of claim 16, wherein sending the certification comprises sending the certification to a client of the computer.
  - 19. The method of claim 16, wherein sending the certification comprises sending the certification from a client of the computer to the computer.
  - 20. The method of claim 16, wherein the computer comprises cryptographically-protected data.
  - 21. The method of claim 16, wherein the computer comprises tamper-evident software.
  - 22. The method of claim 16, wherein the computer comprises tamper-evident hardware.
  - 23. The method of claim 16, wherein the computer comprises runtime security enforcement.
  - 24. The method of claim 16, further comprising providing the certification from a third-party certifier.
  - 25. The method of claim 16, further comprising receiving data at the computer, wherein the certification comprises a condition regarding a use of the data.
  - 26. The method of claim 25, wherein the condition is deletion of the data.
  - 27. The method of claim 25, further comprising verifying compliance with the condition.

28. A computer-readable medium having computer-executable instructions for performing steps, comprising:
- verifying that software on a computer comprises privacy enhancing technology;
  
  verifying that hardware on the computer comprises privacy enhancing technology; and
  
  preparing a certification indicating that the hardware and software on the computer comprises privacy enhancing technology.
- View Dependent Claims (29)
- - 29. The computer-readable medium of claim 28, having further computer-executable instructions for performing the step of sending the certification to a second computer.

30. A method, comprising:
- sending a request from a first computer for a certification regarding implementation of a privacy enhancing technology on a second computer; and
  
  receiving the certification at the first computer.
- View Dependent Claims (31, 32, 33, 34, 35, 36)
- - 31. The method of claim 30, further comprising verifying at the first computer the authenticity of the certification.
  - 32. The method of claim 30, further comprising:
    - establishing a condition regarding use of data located on the first computer; and
      
      sending the data from the first computer to the second computer.
  - 33. The method of claim 32, wherein the condition comprises deletion of the data.
  - 34. The method of claim 32, wherein the condition requires private information included in the data to remain private.
  - 35. The method of claim 30, wherein the first computer is a server and the second computer is a client of the first computer.
  - 36. The method of claim 30, wherein the second computer is a server and the first computer is a client of the second computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Jowtiff Bros AB LLC (Intellectual Ventures LLC)
Original Assignee
Microsoft Corporation
Inventors
Zugenmaier, Alf, Hohl, Adolf, Erlingsson, Ulfar, Aura, Tuomas

Application Number

US11/010,540
Publication Number

US 20060129821A1
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/64 Protecting data integrity, ...

Believably trustworthy enforcement of privacy enhancing technologies in data processing

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

36 Citations

36 Claims

Specification

Use Cases

Quick Links

Others

Believably trustworthy enforcement of privacy enhancing technologies in data processing

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

36 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others