USER AGENT TO EXERCISE PRIVACY CONTROL MANAGEMENT IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM

US 20090300716A1
Filed: 05/27/2009
Published: 12/03/2009
Est. Priority Date: 05/27/2008
Status: Active Grant

First Claim

Patent Images

1. In a combination including an identity manager and a user agent system, the combination for use in an environment including at least one security policy having requirements and at least one privacy policy, the identity manager configured to manage a plurality of user identities and to determine whether any user identity satisfies the security policy requirements, the user agent system comprising:

storage including at least one privacy preference relative to at least one user identity;

an editor means, responsive to user selections indicating at least one preference-related input relating to at least one user identity, for generating at least one privacy preference using the user selections;

means for supplying the at least one generated privacy preference to the storage for storage therein; and

an engine means, operatively connected to the storage, for evaluating at least one privacy preference against a privacy policy obtained from the environment.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client-side user agent operates in conjunction with an identity selector to institute and exercise privacy control management over user identities managed by the identity selector. The user agent includes the combination of a privacy enforcement engine, a storage of rulesets expressing user privacy preferences, and a preference editor. The editor enables the user to direct the composition of privacy preferences relative to user identities. The preferences can be applied to individual cards and to categorized groups of attributes. The engine evaluates the proper rulesets against the privacy policy of a service provider. The privacy preferences used by the engine are determined on the basis of specifications in a security policy indicating the attribute requirements for claims that purport to satisfy the security policy.

108 Citations

View as Search Results

20 Claims

1. In a combination including an identity manager and a user agent system, the combination for use in an environment including at least one security policy having requirements and at least one privacy policy, the identity manager configured to manage a plurality of user identities and to determine whether any user identity satisfies the security policy requirements, the user agent system comprising:
- storage including at least one privacy preference relative to at least one user identity;
  
  an editor means, responsive to user selections indicating at least one preference-related input relating to at least one user identity, for generating at least one privacy preference using the user selections;
  
  means for supplying the at least one generated privacy preference to the storage for storage therein; and
  
  an engine means, operatively connected to the storage, for evaluating at least one privacy preference against a privacy policy obtained from the environment.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The user agent system of claim 1, wherein the editor means further includes:
    - a means for enabling execution of a process to define at least one category, populate each category with a respective group of user identity attributes, and determine a privacy preference for each category.
  - 3. The user agent system of claim 2, wherein the engine means further includes:
    - a means, responsive to an indication of at least one required attribute as specified in a security policy requirement, for performing the evaluation using the privacy preference of any category referencing the at least one required attribute.
  - 4. The user agent system of claim 1, wherein the editor means further includes:
    - a means for enabling execution of a process to receive from the identity manager at least one indication of an information card each representative of a user identity, and to determine a privacy preference for each information card.
  - 5. The user agent system of claim 4, wherein the engine means further includes:
    - a means for performing the evaluation using the privacy preference of any information card determined by the identity manager to satisfy security policy requirements, in response to an indication of the determination from the identity manager.

6. In a combination including an identity manager and a user agent, the combination for use in an environment including at least one security policy having requirements and at least one privacy policy, the identity manager configured to manage a plurality of user identities and to determine whether any user identity satisfies the security policy requirements, a method, comprising:
- the user agent providing at least one privacy preference relative to at least one user identity;
  
  the user agent receiving user selections indicating at least one privacy preference-related input pertaining to at least one user identity;
  
  the user agent generating at least one privacy preference, using the user selections;
  
  the user agent furnishing the at least one generated privacy preference to the providing step; and
  
  the user agent evaluating at least one privacy preference against a privacy policy obtained from the environment.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method of claim 6, further comprises:
    - the user agent conducting a process to define at least one category, populate each category with a respective group of user identity attributes, and determine a privacy preference for each category.
  - 8. The method of claim 7, further comprises:
    - the user agent processing an indication of at least one required attribute as specified in security policy requirements; and
      
      the user agent evaluating further includes evaluating the privacy preference of any category referencing the at latest one required attribute.
  - 9. The method of claim 6, further comprises:
    - the user agent conducting a process to receive from the identity manager at least one indication of an information card each representative of a user identity, and to determine a privacy preference for each information card.
  - 10. The method of claim 9, further comprises:
    - the user agent evaluating further includes evaluating the privacy preference of any information card determined by the identity manager to satisfy security policy requirements.
  - 11. The method of claim 6, further comprises:
    - the user agent processing an indication from the identity manager specifying at least one user identity determined to satisfy security policy requirements; and
      
      the user agent evaluating further includes evaluating, in accordance with the indication, the privacy preference of each user identity specified in the determination.
  - 12. The method of claim 6, further comprises:
    - the user agent determining an acceptability of the privacy policy, using the evaluation.
  - 13. The method of claim 12, further comprises:
    - the user agent determining further includes determining the acceptability on a per user identity basis, relative to the user identities associated with the at least one privacy preference used in the evaluation.

14. In a user environment including an identity manager and a user agent system, the user environment for use in an operating environment including at least one security policy having requirements and at least one privacy policy, the identity manager configured to manage a plurality of user identities and to determine whether any user identity satisfies the security policy requirements, a computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
- provide, via the user agent, at least one privacy preference relative to at least one user identity;
  
  receive, via the user agent, user selections indicating at least one privacy preference-related input pertaining to at least one user identity;
  
  generate, via the user agent, at least one privacy preference, using the user selections;
  
  furnish, via the user agent, the at least one generated privacy preference to the provide operation; and
  
  evaluate, via the user agent, at least one privacy preference against a privacy policy obtained from the environment.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer-readable medium of claim 14, wherein the instructions further cause the processor to:
    - process, via the user agent, an indication from the identity manager specifying at least one user identity determined to satisfy security policy requirements; and
      
      cause the evaluation operation to evaluate, in accordance with the indication, the privacy preference of each user identity specified in the determination.
  - 16. The computer-readable medium of claim 14, wherein the instructions further cause the processor to:
    - conduct, via the user agent, a process to define at least one category, populate each category with a respective group of user identity attributes, and determine a privacy preference for each category.
  - 17. The computer-readable medium of claim 16, wherein the instructions further cause the processor to:
    - process, via the user agent, an indication of at least one required attribute as specified in security policy requirements; and
      
      cause the evaluation operation to evaluate the privacy preference of any category referencing the at latest one required attribute.
  - 18. The computer-readable medium of claim 15, wherein the instructions further cause the processor to:
    - conduct, via the user agent, a process to receive from the identity manager at least one indication of an information card each representative of a user identity, and to determine a privacy preference for each information card.
  - 19. The computer-readable medium of claim 18, wherein the instructions further cause the processor to:
    - cause the evaluation operation to evaluate the privacy preference of any information card determined by the identity manager to satisfy security policy requirements.
  - 20. The computer-readable medium of claim 15, wherein the instructions further cause the processor to:
    - determine an acceptability of the privacy policy, using the evaluation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
Open Invention Network LLC
Inventors
Ahn, Gail-Joon

Granted Patent

US 8,799,984 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/604   Tools and structures for ma...

G06F 21/6245   Protecting personal data, e...

G06F 21/6263   during internet communicati...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0876   based on the identity of th...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

USER AGENT TO EXERCISE PRIVACY CONTROL MANAGEMENT IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

108 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

USER AGENT TO EXERCISE PRIVACY CONTROL MANAGEMENT IN A USER-CENTRIC IDENTITY MANAGEMENT SYSTEM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

108 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links