METHOD AND SYSTEM FOR PROTECTING PERSONALLY IDENTIFIABLE INFORMATION
First Claim
1. A method, implemented as a Web service, comprising:
- responsive to a query from a user agent that has been pre-configured with a set of one or more purpose usage selections, providing to the user agent a purpose usage option;
receiving from the user agent at least one purpose usage setting from the set of one or more purpose usage selections that have been pre-configured;
receiving personally identifying information (PII); and
applying a given function to the PII, the at least one purpose usage setting and a privacy policy to generate a secure information envelope.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a way to protect PII (or, more generally, any user “sensitive” information) throughout its life cycle in an organization. The techniques described herein ensure that a user'"'"'s PII is protecting during storage, access or transfer of the data. Preferably, this objective is accomplished by associating given metadata with a given piece of PII and then storing the PII and metadata in a “privacy protecting envelope.” The given metadata includes, without limitation, the privacy policy that applies to the PII, as well as a set of one more purpose usages for the PII that the system has collected from an end user'"'"'s user agent (e.g., a web browser), preferably in an automated manner. Preferably, the PII data, the privacy policy, and the user preferences (the purpose usages) are formatted in a structured document, such as XML. The information in the XML document (as well as the document itself) is then protected against misuse during storage, access or transfer using one or more of the following techniques: encryption, digital signatures, and digital rights management.
68 Citations
20 Claims
-
1. A method, implemented as a Web service, comprising:
-
responsive to a query from a user agent that has been pre-configured with a set of one or more purpose usage selections, providing to the user agent a purpose usage option; receiving from the user agent at least one purpose usage setting from the set of one or more purpose usage selections that have been pre-configured; receiving personally identifying information (PII); and applying a given function to the PII, the at least one purpose usage setting and a privacy policy to generate a secure information envelope. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer program product comprising a computer useable medium having a computer readable program, wherein the computer readable program when executed on a server causes the server to perform the following method steps:
-
displaying, as a Web service or web site, at least one page that has been enabled for automated purpose usage selection, comprising; responsive to a message query from a user agent that has been pre-configured with a set of one or more purpose usage selections, providing to the user agent a purpose usage option; receiving from the user agent at least one purpose usage setting from the set of one or more purpose usage selections that have been pre-configured; receiving personally identifying information (PII); and applying a given function to the PII, and at least one purpose usage setting to generate a secure information envelope. - View Dependent Claims (13, 14, 15)
-
-
16. A method, managed as a Web service having a privacy policy associated therewith, of managing sensitive information, comprising:
-
receiving from the user agent personally identifying information (PII) together with a user preference; applying a given function to the PII, the user preference and the privacy policy to generate a privacy protecting envelope, the given function being one of;
encryption, digital signing, and digital rights management, and a combination thereof;taking a given action with respect to the privacy protecting envelope in lieu of the PII. - View Dependent Claims (17, 18, 19, 20)
-
Specification