METHOD, SYSTEM, AND PROGRAM PRODUCT FOR CONTROLLING ACCESS TO PERSONAL ATTRIBUTES ACROSS ENTERPRISE DOMAINS

US 20080027939A1
Filed: 07/31/2006
Published: 01/31/2008
Est. Priority Date: 07/31/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for controlling access to personal attributes across enterprise domains, comprising:

locating the personal attributes among the enterprise domains;

organizing the personal attributes into a set of profiles based on services associated with the enterprise domains;

obtaining at least one access control policy governing sharing of the personal attributes; and

controlling access to the personal attributes based on the at least one access control policy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, the present invention provides a method, system, and program product for managing personal attributes across enterprise domains. Specifically, under the present invention, personal attributes for an end-user will be located among the enterprise domains. Once located, the personal attributes will be grouped into a set of profiles based on associated services (e.g., medical, insurance, etc.). The end-user can log into the system to see his/her personal attributes and to provide input regarding how access to the personal attributes should be controlled. Specifically, based on the end-user'"'"'s input (and possibly other factors such as applicable legislation) an access control policy will be generated and used to control access to the personal attributes. In addition, any transactions involving the personal attributes will be recorded so that auditing can take place.

Citations

20 Claims

1. A method for controlling access to personal attributes across enterprise domains, comprising:
- locating the personal attributes among the enterprise domains;
  
  organizing the personal attributes into a set of profiles based on services associated with the enterprise domains;
  
  obtaining at least one access control policy governing sharing of the personal attributes; and
  
  controlling access to the personal attributes based on the at least one access control policy.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising associating the at least one access control policy with the enterprise domains.
  - 3. The method of claim 1, further comprising recording transactions involving the personal attributes.
  - 4. The method of claim 3, further comprising auditing the recorded transactions.
  - 5. The method of claim 1, the personal attributes pertaining to an end-user.
  - 6. The method of claim 1, the obtaining comprising generating the at least one access control policy based on input received from an end-user.

7. A system for controlling access to personal attributes across enterprise domains, comprising:
- an attribute discovery system for locating the personal attributes among the enterprise domains;
  
  an attribute organization system for organizing the personal attributes into a set of profiles based on services associated with the enterprise domains;
  
  an access control system for generating at least one access control policy governing sharing of the personal attributes; and
  
  a policy enforcement system for controlling access to the personal attributes based on the at least one access control policy.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The system of claim 7, wherein the access control system further associates the at least one access control policy with the enterprise domains.
  - 9. The system of claim 7, further comprising an audit system for recording transactions involving the personal attributes.
  - 10. The system of claim 7, the personal attributes pertaining to an end-user.
  - 11. The system of claim 7, the at least one access control policy being defined based on input received from an end-user.

12. A program product stored on a computer readable medium for controlling access to personal attributes across enterprise domains, the computer readable medium comprising program code for causing a computer system to perform the following steps:
- locating the personal attributes among the enterprise domains;
  
  organizing the personal attributes into a set of profiles based on services associated with the enterprise domains;
  
  obtaining at least one access control policy governing sharing of the personal attributes; and
  
  controlling access to the personal attributes based on the at least one access control policy.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The program product of claim 12, the computer useable medium further comprising program code for causing the computer system to perform the following step:
    - associating the access control policies with the enterprise domains.
  - 14. The program product of claim 12, the computer useable medium further comprising program code for causing the computer system to perform the following step:
    - recording transactions involving the personal attributes.
  - 15. The program product of claim 14, the computer useable medium further comprising program code for causing the computer system to perform the following step:
    - auditing the recorded transactions.
  - 16. The program product of claim 12, the personal attributes pertaining to an end-user.
  - 17. The program product of claim 12, the computer useable medium further comprising program code for causing the computer system to perform the following step:
    - generating the at least one access control policy based on input received from an end-user.

18. A method for deploying an application for controlling access to personal attributes across enterprise domains, comprising:
- providing a computer infrastructure being operable to;
  
  locate the personal attributes among the enterprise domains;
  
  organize the personal attributes into a set of profiles based on services associated with the enterprise domains;
  
  obtain at least one access control policy governing sharing of the personal attributes; and
  
  control access to the personal attributes based on the at least one access control policy.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, the computer infrastructure being further associate the at least one access control policy with the enterprise domains.
  - 20. The method of claim 19, the computer infrastructure being further operable to audit the recorded transactions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Chen, Jiayue, Rajlich, Luke T., Gordon, Josephine R., Eisinger, Jacob D., Nagaratnam, Nataraj, Kuehr-McLaren, David G., Chalasani, Nanchariah R.

Application Number

US11/461,038
Publication Number

US 20080027939A1
Time in Patent Office

Days
Field of Search
US Class Current

707/9
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06F 2221/2101   Auditing as a secondary aspect

G06Q 10/10   Office automation; Time man...

METHOD, SYSTEM, AND PROGRAM PRODUCT FOR CONTROLLING ACCESS TO PERSONAL ATTRIBUTES ACROSS ENTERPRISE DOMAINS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, SYSTEM, AND PROGRAM PRODUCT FOR CONTROLLING ACCESS TO PERSONAL ATTRIBUTES ACROSS ENTERPRISE DOMAINS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links