PRIVACY ENGINE AND METHOD OF USE IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM

US 20090300714A1
Filed: 05/27/2009
Published: 12/03/2009
Est. Priority Date: 05/27/2008
Status: Abandoned Application

First Claim

Patent Images

1. In an environment providing at least one privacy policy and at least one security policy each having requirements, a system, comprising:

a plurality of privacy preferences, each privacy preference relating to user identity information;

a privacy engine operatively associated with the plurality of privacy preferences, the privacy engine includinga means for receiving an indication of at least one user identity, anda process, the process configured to use at least one privacy preference specified by the user identity indication, and to evaluate the at least one specified privacy preference against a privacy policy obtained from the environment.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A privacy enforcement engine conducts a process that evaluates user privacy preferences against the privacy policy of a service provider. The engine works in conjunction with an identity selector. The identity selector filters user identity information cards to determine which ones satisfy the requirements of a security policy. The engine identifies privacy preferences that are relevant to the user identity information specified by the successfully filtered cards. The engine evaluates these privacy preferences against the privacy policy, to provide its own filtering operation relative to the exercise of privacy controls. The cards that pass the filtering operation conducted by the engine are deemed available for disclosure.

Citations

20 Claims

1. In an environment providing at least one privacy policy and at least one security policy each having requirements, a system, comprising:
- a plurality of privacy preferences, each privacy preference relating to user identity information;
  
  a privacy engine operatively associated with the plurality of privacy preferences, the privacy engine includinga means for receiving an indication of at least one user identity, anda process, the process configured to use at least one privacy preference specified by the user identity indication, and to evaluate the at least one specified privacy preference against a privacy policy obtained from the environment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, further includes:
    - a plurality of information cards each representative of a user identity;
      
      the indication of at least one user identity includes at least one information card;
      
      at least one of the privacy preferences relates to an information card.
  - 3. The system of claim 1, further includes:
    - a plurality of categorized attribute groups each representative of a user identity;
      
      the indication of at least one user identity includes at least one categorized attribute group;
      
      at least one of the privacy preferences relates to a categorized attribute group.
  - 4. The system of claim 1, further includes:
    - a means for processing a security policy from the environment to identify attributes required by the security policy;
      
      the indication of at least one user identity includes at least one attribute required by the security policy;
      
      at least one of the privacy preferences relates to an attribute required by the security policy.
  - 5. The system of claim 1, further includes:
    - a means for providing at least one user identity;
      
      a means for processing a security policy from the environment to determine whether any of the at least one user identity satisfies the requirements of the security policy; and
      
      a means for providing the privacy engine, as the user identity indication, any user identity determined to satisfy the security policy requirements.
  - 6. The system of claim 1, further includes:
    - a means for providing the privacy engine, as the user identity indication, at least one user identity each satisfying the requirements of a security policy from the environment;
      
      at least one of the privacy preferences relates to a user identity satisfying the requirements of a security policy.
  - 7. The system of claim 1, wherein the plurality of privacy preferences includes:
    - at least one ruleset.
  - 8. The system of claim 1, further includes:
    - a means for indexing at least one privacy preference to at least one of (1) at least one information card each defining a collection of attributes, (2) at least one categorized group of attributes, and (3) a respective attribute in a one-to-one correspondence.

9. In an environment providing at least one privacy policy and at least one security policy each having requirements, a method, comprising:
- providing at least one privacy preference relating to at least one indication of user identity; and
  
  evaluating the at least one privacy preference against a privacy policy obtained from the environment.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, comprises:
    - providing at least one user identity each having a privacy preference associated therewith;
      
      processing a security policy from the environment to determine whether any of the at least one user identity satisfies the requirements of the security policy; and
      
      the evaluating further includes using any privacy preference relating to a user identity determined to satisfy the security policy requirements.
  - 11. The method of claim 9, comprises:
    - processing a security policy from the environment to identify attributes required by the security policy;
      
      the providing further includes providing at least one privacy preference each relating to an attribute required by the security policy; and
      
      the evaluating further includes using the at least one privacy preference relating to an attribute required by the security policy.
  - 12. The method of claim 9, comprises:
    - providing a plurality of information cards;
      
      the privacy preference providing further includes providing at least one privacy preference each relating to an information card; and
      
      the evaluating further includes using the at least one privacy preference relating to an information card.
  - 13. The method of claim 9, comprises:
    - providing a plurality of categorized attribute groups each representative of a user identity;
      
      the privacy preference providing further includes providing at least one privacy preference each relating to a categorized attribute group; and
      
      the evaluating further includes using the at least one privacy preference relating to the categorized attribute groups.
  - 14. The method of claim 9, comprises:
    - rendering a decision regarding the acceptability of the privacy policy, using the evaluation.

15. In an environment providing at least one privacy policy and at least one security policy each having requirements, a computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
- provide at least one privacy preference relating to at least one indication of user identity; and
  
  evaluate the at least one privacy preference against a privacy policy obtained from the environment.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable medium of claim 15, wherein the instructions further cause the processor to:
    - provide at least one user identity each having a privacy preference associated therewith;
      
      process a security policy from the environment to determine whether any of the at least one user identity satisfies the requirements of the security policy; and
      
      cause the evaluate operation to use any privacy preference relating to a user identity determined to satisfy the security policy requirements.
  - 17. The computer-readable medium of claim 15, wherein the instructions further cause the processor to:
    - process a security policy from the environment to identify attributes required by the security policy;
      
      provide at least one privacy preference each relating to an attribute required by the security policy; and
      
      cause the evaluate operation to use the at least one privacy preference relating to an attribute required by the security policy
  - 18. The computer-readable medium of claim 15, wherein the instructions further cause the processor to:
    - provide a plurality of information cards;
      
      provide at least one privacy preference each relating to an information card; and
      
      cause the evaluate operation to use the at least one privacy preference relating to an information card.
  - 19. The computer-readable medium of claim 15, wherein the instructions further cause the processor to:
    - provide a plurality of categorized attribute groups each representative of a user identity;
      
      provide at least one privacy preference each relating to a categorized attribute group; and
      
      cause the evaluate operation to use the at least one privacy preference relating to the categorized attribute groups.
  - 20. The computer-readable medium of claim 15, wherein the instructions further cause the processor to:
    - render a decision regarding the acceptability of the privacy policy, using the evaluation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Open Invention Network LLC
Original Assignee
Open Invention Network LLC
Inventors
Ahn, Gail-Joon

Application Number

US12/472,502
Publication Number

US 20090300714A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/604   Tools and structures for ma...

G06F 21/6245   Protecting personal data, e...

G06F 21/6263   during internet communicati...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

PRIVACY ENGINE AND METHOD OF USE IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PRIVACY ENGINE AND METHOD OF USE IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links