PRIVACY PROTECTION SYSTEM
First Claim
1. A system for enforcing at least one privacy policy in relation to user data, the system comprising:
- a user system;
a broker system; and
a service provider system,wherein the user system is operable to;
encrypt the user data using a symmetric encryption algorithm and an encryption key generated in dependence on said at least one privacy policy and a master key associated with the user system; and
transmit the encrypted user data to the service provider in the form of a digital container that includes the encrypted user data and said at least one privacy policy; and
wherein the broker system is operable to;
receive a request from the service provider to access the user data, the request including said at least one privacy policy;
verify that the request complies with said at least one privacy policy; and
if so, regenerate the encryption key in dependence on the master key and at least one privacy policy supplied by the service provider;
whereby the service provider system is able to decrypt the user data using a symmetric decryption algorithm and the regenerated encryption key.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system is disclosed for enforcing at least one privacy policy in relation to user data, the system comprising: a user system, a broker system, and a service provider system, the user system being operable to: encrypt the user data using a symmetric encryption algorithm and an encryption key generated in dependence on said at least one privacy policy and a master key associated with the user system; and transmit the encrypted user data to the service provider in the form of a digital container that includes the encrypted user data and said at least one privacy policy; and the broker system being operable to: receive a request from the service provider to access the user data, the request including said at least one privacy policy; verify that the request complies with said at least one privacy policy; and if so, regenerate the encryption key in dependence on the master key and at least one privacy policy supplied by the service provider, whereby the service provider system is able to decrypt the user data using a symmetric decryption algorithm and the regenerated encryption key.
-
Citations
60 Claims
-
1. A system for enforcing at least one privacy policy in relation to user data, the system comprising:
-
a user system; a broker system; and a service provider system, wherein the user system is operable to; encrypt the user data using a symmetric encryption algorithm and an encryption key generated in dependence on said at least one privacy policy and a master key associated with the user system; and transmit the encrypted user data to the service provider in the form of a digital container that includes the encrypted user data and said at least one privacy policy; and wherein the broker system is operable to; receive a request from the service provider to access the user data, the request including said at least one privacy policy; verify that the request complies with said at least one privacy policy; and if so, regenerate the encryption key in dependence on the master key and at least one privacy policy supplied by the service provider; whereby the service provider system is able to decrypt the user data using a symmetric decryption algorithm and the regenerated encryption key.
-
-
2. A user computer system for use in a system for enforcing at least one privacy policy in relation to user data, the user computer system comprising:
-
encryption key generation means for generating an encryption key in dependence on a master key and in dependence on privacy policy data representing the or each privacy policy; encryption means for carrying out symmetric encryption of the user data with the encryption key to form encrypted user data; and combiner means for combining the encrypted user data and privacy policy data to form a digital container for secure transmission of the user data. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A broker computer system for use in a system for enforcing at least one privacy policy in relation to user data, the broker computer system comprising:
-
storage means for storing a master key; network interface means for receiving a request to decrypt encrypted user data from a requesting system, the request including privacy policy data representing the or each privacy policy; verification means for verifying that the request complies with the or each privacy policy; and encryption key generation means, operable when the verification means determines that the request does comply with the or each privacy policy, for generating an encryption key, in dependence on the master key and in dependence on the privacy policy data, for transmission to the requesting system. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A service provider system for use in a system for enforcing at least one privacy policy in relation to user data, the service provider computer system comprising:
-
network interface means operable to; receive from a user computer system a digital container including encrypted user data and privacy policy data representing the or each privacy policy; transmit to a broker computer system a request to decrypt the encrypted user data in the digital container, the request including the privacy policy data from the digital container; and receive the encryption key from the broker computer system; and decryption means for carrying out symmetric decryption of the encrypted user data with the encryption key. - View Dependent Claims (25, 26, 27, 28, 29)
-
-
30. A system for enforcing at least one privacy policy in relation to user data, the system including:
-
a user computer system comprising; encryption key generation means for generating an encryption key in dependence on a master key and in dependence on privacy policy data representing the or each privacy policy; encryption means for carrying out symmetric encryption of the user data with the encryption key to form encrypted user data; and combiner means for combining the encrypted user data and privacy policy data to form a digital container for secure transmission of the user data; a broker computer system and comprising; storage means for storing a master key; network interface means for receiving a request to decrypt encrypted user data from a requesting system, the request including privacy policy data representing the or each privacy policy; verification means for verifying that the request complies with the or each privacy policy; and encryption key generation means, operable when the verification means determines that the request does comply with the or each privacy policy, for generating an encryption key, in dependence on the master key and in dependence on the privacy policy data, for transmission to the requesting system; a service provider computer system comprising; network interface means operable to; receive from a user computer system a digital container including encrypted user data and privacy policy data representing the or each privacy policy; transmit to a broker computer system a request to decrypt the encrypted user data in the digital container, the request including the privacy policy data from the digital container; and receive the encryption key from the broker computer system; and decryption means for carrying out symmetric decryption of the encrypted user data with the encryption key.
-
-
31. A method of enforcing at least one privacy policy in relation to user data, the method comprising:
-
at a user system; encrypting the user data using a symmetric encryption algorithm and an encryption key generated in dependence on said at least one privacy policy and a master key associated with the user system; and transmitting the encrypted user data to a service provider in the form of a digital container that includes the encrypted user data and said at least one privacy policy; and at a broker system; receiving a request from the service provider to access the user data, the request including said at least one privacy policy; verifying that the request complies with said at least one privacy policy; and if so, regenerating the encryption key in dependence on the master key and at least one privacy policy supplied by the service provider; whereby the service provider system is able to decrypt the user data using a symmetric decryption algorithm and the regenerated encryption key.
-
-
32. A method for use by a user computer apparatus in a system for enforcing at least one privacy policy in relation to user data, the method comprising the steps of:
-
generating an encryption key in dependence on a master key and in dependence on privacy policy data representing the or each privacy policy; carrying out symmetric encryption of the user data with the encryption key to form encrypted user data; and combining the encrypted user data and privacy policy data to form a digital container for secure transmission of the user data. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A method for use by a broker computer apparatus in a system for enforcing at least one privacy policy in relation to user data, the method comprising:
-
storing a master key; receiving a request to decrypt encrypted user data from a requesting system, the request including privacy policy data representing the or each privacy policy; verifying that the request complies with the or each privacy policy; and when it has been verified that the request does comply with the or each privacy policy, generating an encryption key, in dependence on the master key and in dependence on the privacy policy data, for transmission to the requesting system. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53)
-
-
54. A method for use by a service provider apparatus in a system for enforcing at least one privacy policy in relation to user data, the method comprising:
-
receiving from a user computer system a digital container including encrypted user data and privacy policy data representing the or each privacy policy; transmitting to a broker computer system a request to decrypt the encrypted user data in the digital container, the request including the privacy policy data from the digital container; receiving the encryption key from the broker computer system; and carrying out symmetric decryption of the encrypted user data with the encryption key. - View Dependent Claims (55, 56, 57, 58, 59)
-
-
60. (canceled)
Specification