METHOD AND SYSTEM FOR PROTECTING PERSONALLY IDENTIFIABLE INFORMATION

US 20080270802A1
Filed: 04/24/2007
Published: 10/30/2008
Est. Priority Date: 04/24/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method, implemented as a Web service, comprising:

responsive to a query from a user agent that has been pre-configured with a set of one or more purpose usage selections, providing to the user agent a purpose usage option;

receiving from the user agent at least one purpose usage setting from the set of one or more purpose usage selections that have been pre-configured;

receiving personally identifying information (PII); and

applying a given function to the PII, the at least one purpose usage setting and a privacy policy to generate a secure information envelope.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a way to protect PII (or, more generally, any user “sensitive” information) throughout its life cycle in an organization. The techniques described herein ensure that a user'"'"'s PII is protecting during storage, access or transfer of the data. Preferably, this objective is accomplished by associating given metadata with a given piece of PII and then storing the PII and metadata in a “privacy protecting envelope.” The given metadata includes, without limitation, the privacy policy that applies to the PII, as well as a set of one more purpose usages for the PII that the system has collected from an end user'"'"'s user agent (e.g., a web browser), preferably in an automated manner. Preferably, the PII data, the privacy policy, and the user preferences (the purpose usages) are formatted in a structured document, such as XML. The information in the XML document (as well as the document itself) is then protected against misuse during storage, access or transfer using one or more of the following techniques: encryption, digital signatures, and digital rights management.

68 Citations

View as Search Results

20 Claims

1. A method, implemented as a Web service, comprising:
- responsive to a query from a user agent that has been pre-configured with a set of one or more purpose usage selections, providing to the user agent a purpose usage option;
  
  receiving from the user agent at least one purpose usage setting from the set of one or more purpose usage selections that have been pre-configured;
  
  receiving personally identifying information (PII); and
  
  applying a given function to the PII, the at least one purpose usage setting and a privacy policy to generate a secure information envelope.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as described in claim 1 wherein the secure information envelope is XML-compliant
  - 3. The method as described in claim 2 wherein the given function encrypts at least the PII to generate the secure information envelope
  - 4. The method as described in claim 2 wherein the given function digitally signs at least the PII to generate the secure information envelope.
  - 5. The method as described in claim 2 wherein the given function applies an encryption to at least the PII and then digitally signs a resulting encrypted PII to generate the secure information envelope.
  - 6. The method as described in claim 1 further including applying an access control to the secure information envelope.
  - 7. The method as described in claim 1 wherein the given function applies a rights management policy to the PII to generate the secure information envelope.
  - 8. The method as described in claim 1 wherein the given function is one of:
    - encryption, digital signing, and digital rights management, and a combination thereof.
  - 9. The method as described in claim 1 wherein the Web service is identified via WSDL and is accessible via SOAP.
  - 10. A computer-readable medium having computer-executable instructions for performing the method steps of claim 1.
  - 11. A server comprising a processor, and a computer-readable medium, the computer-readable medium having processor-executable instructions for performing the method steps of claim 1.

12. A computer program product comprising a computer useable medium having a computer readable program, wherein the computer readable program when executed on a server causes the server to perform the following method steps:
- displaying, as a Web service or web site, at least one page that has been enabled for automated purpose usage selection, comprising;
  
  responsive to a message query from a user agent that has been pre-configured with a set of one or more purpose usage selections, providing to the user agent a purpose usage option;
  
  receiving from the user agent at least one purpose usage setting from the set of one or more purpose usage selections that have been pre-configured;
  
  receiving personally identifying information (PII); and
  
  applying a given function to the PII, and at least one purpose usage setting to generate a secure information envelope.
- View Dependent Claims (13, 14, 15)
- - 13. The computer program product as described in claim 12 wherein the given function is one of:
    - encryption, digital signing, and digital rights management, and a combination thereof.
  - 14. The computer program product as described in claim 12 wherein the given function is also applied to a privacy policy.
  - 15. The computer program product as described in claim 14 wherein a first given function is applied to a first piece of PII and a first purpose usage setting, and a second given function is applied to a second piece of PII and a second purpose usage setting.

16. A method, managed as a Web service having a privacy policy associated therewith, of managing sensitive information, comprising:
- receiving from the user agent personally identifying information (PII) together with a user preference;
  
  applying a given function to the PII, the user preference and the privacy policy to generate a privacy protecting envelope, the given function being one of;
  
  encryption, digital signing, and digital rights management, and a combination thereof;
  
  taking a given action with respect to the privacy protecting envelope in lieu of the PII.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method as described in claim 16 wherein the given action stores the privacy protecting envelope.
  - 18. The method as described in claim 16 wherein the given action enables access to the PII to an authorized entity.
  - 19. The method as described in claim 16 wherein the given action enables use of the PII according to a management policy.
  - 20. The method as described in claim 16 wherein the given action transmits the privacy protecting envelope from a first location to a second location in a manner that prevents disclosure of the PII in the privacy protecting envelope.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Muppidi, Sridhar R., Ashley, Paul Anthony, Vandenwauver, Mark

Application Number

US11/739,207
Publication Number

US 20080270802A1
Time in Patent Office

Days
Field of Search
US Class Current

713/184
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/604   Tools and structures for ma...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/0428   wherein the data content is...

H04L 63/102   Entity profiles

H04L 63/168   above the transport layer

METHOD AND SYSTEM FOR PROTECTING PERSONALLY IDENTIFIABLE INFORMATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

68 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR PROTECTING PERSONALLY IDENTIFIABLE INFORMATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

68 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links