Providing Security for Queries to Electronic Product Code Information Services

US 20080189758A1
Filed: 02/01/2007
Published: 08/07/2008
Est. Priority Date: 02/01/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for protecting data residing in a repository of an electronic product code information service against undesired data disclosure, the method comprising:

defining one or more disclosure policies for an item tagged with an electronic product code, the item having associated data stored in the repository, the one or more disclosure policies describing one or more of;

who is permitted to query the repository for information, what type of information is permitted to be obtained from the repository in response to a query, and under what condition the repository can be queried; and

enforcing the one or more disclosure policies in response to a received query from a party by only disclosing a subset of the data from the repository, the subset being determined in accordance with the defined one or more disclosure policies.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus, including computer program products, implementing and using techniques for protecting data residing in a repository of an electronic product code information service against undesired data disclosure. One or more disclosure policies are defined for an item tagged with an electronic product code. The item has associated data stored in the repository. The disclosure policies describe one or more of: who is permitted to query the repository for information, what type of information is permitted to be obtained from the repository in response to a query, and under what condition the repository can be queried. The disclosure policies are enforced in response to a received query from a party by only disclosing a subset of the data from the repository, the subset being determined in accordance with the defined one or more disclosure policies. A web-based tool for defining disclosure policies is also described.

77 Citations

View as Search Results

20 Claims

1. A computer-implemented method for protecting data residing in a repository of an electronic product code information service against undesired data disclosure, the method comprising:
- defining one or more disclosure policies for an item tagged with an electronic product code, the item having associated data stored in the repository, the one or more disclosure policies describing one or more of;
  
  who is permitted to query the repository for information, what type of information is permitted to be obtained from the repository in response to a query, and under what condition the repository can be queried; and
  
  enforcing the one or more disclosure policies in response to a received query from a party by only disclosing a subset of the data from the repository, the subset being determined in accordance with the defined one or more disclosure policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the one or more disclosure policies are based on master data for the item, the master data describing one or more aspects of a business vocabulary for the item, including one or more of:
    - business entities, terminology, definitions and classifications used to describe business information.
  - 3. The method of claim 1, wherein enforcing the one or more disclosure policies includes refusing to respond to the received query.
  - 4. The method of claim 1, wherein enforcing the one or more disclosure policies includes responding to the received query with less information than specified in the query.
  - 5. The method of claim 1, wherein defining one or more disclosure policies includes:
    - defining a role to be associated with one or more querying parties; and
      
      associating one or more disclosure policies with the role.
  - 6. The method of claim 1, wherein defining one or more disclosure policies includes:
    - defining the one or more disclosure policies on an entity object level, wherein each entity object includes a pre-defined mapping to data attributes in the repository.
  - 7. The method of claim 1, wherein enforcing the one or more disclosure policies is done transparently without the querying party being aware that the one or more disclosure policies is applied to the query.
  - 8. The method of claim 1, further comprising:
    - receiving a query from a party, the query pertaining to data associated with an item and stored in the repository;
      
      rewriting the received query to create a database view of the repository that is in accordance with the defined one or more disclosure policies; and
      
      returning data defined by the database view to the querying party.
  - 9. The method of claim 1, further comprising:
    - providing an option for a disclosure policy administrator to selectively enable or disable individual disclosure policies.

10. A computer program product for protecting data residing in a repository of an electronic product code information service against undesired data disclosure, comprising a computer useable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- define one or more disclosure policies for an item tagged with an electronic product code, the item having associated data stored in the repository, the one or more disclosure policies describing one or more of;
  
  who is permitted to query the repository for information, what type of information is permitted to be obtained from the repository in response to a query, and under what condition the repository can be queried; and
  
  enforce the one or more disclosure policies in response to a received query from a party by only disclosing a subset of the data from the repository, the subset being determined in accordance with the defined one or more disclosure policies.
- View Dependent Claims (11, 12)
- - 11. The computer program product of claim 10, wherein the one or more disclosure policies are based on master data for the item, the master data describing one or more aspects of a business vocabulary for the item, including one or more of:
    - business entities, terminology, definitions and classifications used to describe business information.
  - 12. The computer program product of claim 10, wherein the computer readable program when executed on a computer further causes the computer to:
    - receive a query from a party, the query pertaining to data associated with an item and stored in the repository;
      
      rewrite the received query to create a database view of the repository that is in accordance with the defined one or more disclosure policies; and
      
      return data defined by the database view to the querying party.

13. A computer program product for defining disclosure policies for data residing in a repository of an electronic product code information service, comprising a computer useable medium including a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- present a user interface through which a user can define one or more disclosure policies for the data residing in the repository;
  
  receive user input defining the one or more disclosure policies; and
  
  apply the defined disclosure policies to the data residing in the repository.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computer program product of claim 13, wherein the user input defining the one or more disclosure policies includes user input describing one or more of:
    - who is permitted to query the repository for information, what type of information is permitted to be obtained from the repository in response to a query, and under what condition the repository can be queried.
  - 15. The computer program product of claim 13, wherein the one or more disclosure policies are based on master data, the master data describing one or more aspects of a business vocabulary for the item, including one or more of:
    - business entities, terminology, definitions and classifications used to describe business information.
  - 16. The computer program product of claim 13, wherein the user input includes a definition of an action to be taken in response to a query, the action including one or more of:
    - responding with all the requested information, responding with less information than requested, and not responding to the query.
  - 17. The computer program product of claim 13, wherein the user input includes:
    - a definition of a role to be associated with one or more querying parties; and
      
      an association of one or more disclosure policies with the role.
  - 18. The computer program product of claim 13, further comprising instructions causing the computer to:
    - receive user input selectively enabling or disabling individual disclosure policies.
  - 19. The computer program product of claim 13, wherein the one or more disclosure policies are defined on an entity object level, wherein each entity object includes a pre-defined mapping to data attributes in the repository.
  - 20. The computer program product of claim 13, wherein the user interface is a web-based user interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
rfXcel Corporation (Antares Vision S.p.A.)
Original Assignee
International Business Machines Corporation
Inventors
Rantzau, Ralf, Beier, Steven P., Akeel, Umair, Crisan, Valer-Alin, Pai, Gautham B.

Granted Patent

US 8,516,538 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6227 where protection concerns t...

Providing Security for Queries to Electronic Product Code Information Services

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

77 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Providing Security for Queries to Electronic Product Code Information Services

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

77 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links