METHOD FOR MAPPING PRIVACY POLICIES TO CLASSIFICATION LABELS

US 20090106815A1
Filed: 10/23/2007
Published: 04/23/2009
Est. Priority Date: 10/23/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method of mapping a privacy policy into classification labels for controlling access to information on a computer system or network, said privacy policy including one or more rules for determining which users can access said information, the method comprising the steps of:

parsing said one or more rules of the privacy policy;

sorting the one or more rules into one or more sets; and

for each set of rules,forming a logical statement from the rules of said each set, andusing said logical statement to create associated privacy labels that allow access to said information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system are disclosed for mapping a privacy policy into classification labels for controlling access to information on a computer system or network, said privacy policy including one or more rules for determining which users can access said information. The method comprises the steps of parsing said one or more rules of the privacy policy; sorting the one or more rules into one or more sets; and, for each set of rules, (i) forming a logical statement from the rules of said each set, and (ii) using said logical statement to create associated privacy labels that allow access to said information. In a preferred embodiment, each of the rules is associated with a user category, a data category and a purpose category; and the rules in each set of rules have the same user category, the same data category, and the same purpose category.

Citations

20 Claims

1. A method of mapping a privacy policy into classification labels for controlling access to information on a computer system or network, said privacy policy including one or more rules for determining which users can access said information, the method comprising the steps of:
- parsing said one or more rules of the privacy policy;
  
  sorting the one or more rules into one or more sets; and
  
  for each set of rules,forming a logical statement from the rules of said each set, andusing said logical statement to create associated privacy labels that allow access to said information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method according to claim 1, wherein:
    - each of the rules is associated with a user category, a data category and a purpose category; and
      
      the sorting step includes the step of sorting the one or more rules into one or more sets, where each of the set of rules have the same user category, the same data category, and the same purpose category.
  - 3. A method according to claim 1, wherein the forming step includes the step of forming the logical statement from all of the rules of said each set.
  - 4. A method according to claim 1, wherein:
    - the logical statement is a disjunction of conjunctions; and
      
      the using step includes the step of using said conjunctions to create the associated privacy labels.
  - 5. A method according to claim 1, wherein the using step includes the steps of:
    - if the rules have a default of allowing access to the information, thenconverting the logical statement to another logical statement having a default of denying access to the information, andusing said another logical statement to create the associated privacy labels.
  - 6. A method according to claim 1, comprising the further step of defining one purpose serving function set (PSFS) per said created privacy labels, each of the PSFSs identifying all of the applications within a given system that allow defined users to access specified data for defined purposes.
  - 7. A method according to claim 1, wherein said information includes a multitude of data objects, and comprising the further step of determining logic to apply the created privacy labels to said data objects.
  - 8. A method according to claim 7, wherein the step of determining logic includes the step of using said conjunctions to determine which of the privacy labels to add to which of the data objects.
  - 9. A method according to claim 1, for use with a plurality of users, and comprising the further step of determining logic to apply the created privacy labels to said users.
  - 10. A method according to claim 9, wherein the step of determining logic includes the step of using said conjunctions to determine which of the privacy labels to add to which of the users.

11. A system for mapping a privacy policy into classification labels for controlling access to information on a computer system or network, said privacy policy including one or more rules for determining which users can access said information, the system comprising:
- a translation server for parsing said one or more rules of the privacy policy;
  
  for sorting the one or more rules into one or more sets; and
  
  for each of said sets (i) forming a logical statement from the rules of said each set, and (ii) using said logical statement to create associated privacy labels that allow access to said information.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. A system according to claim 11, wherein the translation server includes:
    - a policy obtaining handler to parse the rules from the privacy policy; and
      
      a logical translation handler to generate the privacy labels and to calculate logic required to apply the generated privacy labels to data and users of the system.
  - 13. A system according to claim 12, wherein the logical translation handler sorts the rules into sets, wherein for each set, all of the rules in the set have the same user category, data category and purpose.
  - 14. A system according to claim 13, wherein, for each set, the logical translation handler combines all of the rules in said each set into one logical statement.
  - 15. A system according to claim 14, wherein:
    - each of the logical statements is a disjunction of conjunctions; and
      
      the translation server further includes a default deny conversion handler for converting selected ones of the logical statements to conjunctions of disjunctions.
  - 16. A system according to claim 15, for use with a group of applications for accessing the information, and wherein the translation server further includes:
    - a privacy label creation handler to create, when predetermined conditions are satisfied, one processing label for each user in a target system; and
      
      a purpose serving function set creation handler to create one or more purpose serving function sets (PSFSs) to indicate all of said applications that allow a given data user to access given data.

17. An article of manufacture comprising:
- at least one computer usable medium having computer readable program code logic for mapping a privacy policy into classification labels for controlling access to information on a computer system, said privacy policy including one or more rules for determining which users have access to said information, the computer readable program code logic comprising;
  
  parsing logic for parsing said one or more rules of the privacy policy;
  
  sorting logic for sorting the one or more rules into one or more sets; and
  
  translating logic for, from each set of rules, (i) forming a logical statement from the rules of said each set, and (ii) using said logical statement to create associated privacy labels that allow access to said information.
- View Dependent Claims (18, 19, 20)
- - 18. An article of manufacture according to claim 17, wherein:
    - each of the rules is associated with a user category, a data category and a purpose category; and
      
      the sorting logic includes logic for sorting the one or more rules into one or more sets, where each of the set of rules have the same user category, the same data category, and the same purpose category.
  - 19. An article of manufacture according to claim 18, wherein the translating logic includes logic for forming the logical statement from all of the rules of said each set.
  - 20. An article of manufacture according to claim 19, wherein:
    - the logical statement is a disjunction of conjunctions;
      
      the translation logic includes logic for using said conjunctions to create the associated privacy labels; and
      
      the translation logic includes further logic for, if the rules have a default of allowing access to the information, then (i) converting the logical statement to another logical statement having a default of denying access to the information, and (ii) using said another logical statement to create the associated privacy labels.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Karat, Clare-Marie N., Brodie, Carolyn A., Malkin, Peter K., Guski, Richard H., Karat, John

Application Number

US11/877,208
Publication Number

US 20090106815A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/604 Tools and structures for ma...

METHOD FOR MAPPING PRIVACY POLICIES TO CLASSIFICATION LABELS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR MAPPING PRIVACY POLICIES TO CLASSIFICATION LABELS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links