SYSTEM AND METHOD FOR CONTROLLING COMMUNICATION OF PRIVATE INFORMATION OVER A NETWORK

US 20120331567A1
Filed: 12/22/2011
Published: 12/27/2012
Est. Priority Date: 12/22/2010
Status: Active Grant

First Claim

Patent Images

1. A system for controlling access to private information, comprising:

a privacy preference repository accessible by one or more subjects of said private information and by a private access bureau, said privacy preference repository storing privacy preferences configured by said subjects to indicate conditions for disclosure of said private information;

a policy repository accessible by said private access bureau, said policy repository storing legal criteria for accessing said private information;

wherein said private access bureau is configured to receive requests from privacy-enabled systems for said privacy preferences and legal criteria required to release particular documents on said privacy enabled system in response to said privacy-enabled systems receiving a request for access to said private information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for controlling access to private information over a network is provided including a privacy preference repository accessible by one or more subjects of the private information and by a private access bureau. The privacy preference repository stores privacy preferences configured by the subjects to indicate conditions for disclosure of said private information. A policy repository that stores legal criteria for accessing the private information is also accessible by the private access bureau. The private access bureau is configurable to receive requests from privacy-enabled systems for privacy directives that take into account the privacy preferences and legal criteria required to release particular documents on said privacy enabled system in response to the privacy-enabled systems.

119 Citations

View as Search Results

20 Claims

1. A system for controlling access to private information, comprising:
- a privacy preference repository accessible by one or more subjects of said private information and by a private access bureau, said privacy preference repository storing privacy preferences configured by said subjects to indicate conditions for disclosure of said private information;
  
  a policy repository accessible by said private access bureau, said policy repository storing legal criteria for accessing said private information;
  
  wherein said private access bureau is configured to receive requests from privacy-enabled systems for said privacy preferences and legal criteria required to release particular documents on said privacy enabled system in response to said privacy-enabled systems receiving a request for access to said private information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, wherein said private access bureau is configured to compare said request to said legal criteria and said privacy preferences in response to said request to determine which portions of said private information are authorized for viewing by a requestor in accordance with both said legal criteria and said privacy preferences.
  - 3. The system of claim 2, wherein said private access bureau is configured to send to said privacy-enabled systems, an indication of which portions of said private record are authorized for viewing in response to completing said comparison.
  - 4. The system of claim 3, wherein said policy repository storing institutional policy criteria for accessing said private information.
  - 5. The system of claim 4, wherein said private access bureau further configured to adjudicate conflicts between said privacy preferences, said legal criteria, and said institutional policy criteria.
  - 6. The system of claim 3, further comprising an audit database accessible by said private access bureau and by said one or more subjects, said audit database receiving audit records of information sent by said private access bureau to said privacy-enabled systems.
  - 7. The system of claim 1, wherein said subjects are able update said indicated conditions for disclosure of said private information using a mobile device.
  - 8. The system of claim 7, wherein said updates by said subjects being in response to a specific request for approval initiated by said private access bureau.
  - 9. The system of claim 8, wherein said request for approval by said private access bureau occurring in the event that the private access bureau is unable to successfully adjudicate conflicts between said privacy preferences, said legal criteria, and said institutional policy criteria.
  - 10. The system of claim 2, wherein said requester being a search engine, and the affected view being the search results page to an inquiry initiated by a user of such search engine.
  - 11. The system of claim 2, wherein when said legal criteria are insufficient to permit such comparison and render a determination as to which portions of said private information are authorized for viewing, for reporting this to the appropriate governing body so that it may consider changes or clarifications in the legal criteria to enable such comparison.
  - 12. The system of claim 3, further comprising a transaction database accessible by said private access bureau and by said one or more users of the private access bureau, said transaction database being configured to receive payments by said parties requesting access to said private information in return therefore.
  - 13. The system of claim 12, wherein said private access bureau being configured to disburse proceeds of such payments collected to the parties to whom such payments are obligated.

14. A computer implemented method for controlling access to private information, comprising:
- receiving, by a computer implemented private access bureau having at least one processor, a request for parameters governing opening a private record from a privacy-assured application;
  
  reading legal criteria related to said private record from a policy repository of said private access bureau by said at least one processor in response to said request;
  
  reading privacy preferences related to said private record from a privacy preference repository of said private access bureau by said at least one processor in response to said request;
  
  comparing said request to said legal criteria and said privacy preferences by said at least one processor in response to said request to determine which portions of said private record are authorized for viewing by a requestor in accordance with both said legal criteria and said privacy preferences; and
  
  sending, by said private access bureau to said privacy-enabled application, an indication of which portions of said private record are authorized for viewing in response to completing said comparison.

15. A computer implemented method of effecting a privacy policy for a website or online service, comprising:
- establishing a baseline policy respecting the collection, access, use, and sharing of data received from said website or online service users;
  
  promising in said privacy policy that if a user of said website or online service establishes a privacy preference in a private access bureau that deviates from said baseline policy, that said website or online service will abide by said preference unless expressly prohibited from doing so by controlling law; and
  
  configuring said website or online service to query said private access bureau and if said user has a privacy preference, taking into account said privacy preference in carrying out said website or online service'"'"'s practices with respect to collecting, accessing, using or sharing data received from said user.
- View Dependent Claims (16, 17, 18)
- - 16. The method of claim 15, further comprising:
    - said baseline policy being to utilize any data received from said website or online service user to the maximum extent permissible under then current applicable law.
  - 17. The method of claim 15, further comprising:
    - assessing a usage fee in an instance when one or more of the privacy preference options set by said user is more restrictive than said website or online service'"'"'s right to access, use or share said user'"'"'s data than the baseline policy under then current applicable law.
  - 18. The method of claim 17, further comprising:
    - providing for a payment to said user in an instance when one or more of the privacy preference options set by said user is less restrictive than said website on said website or online service'"'"'s right to access, use or share said user'"'"'s data than the otherwise baseline policy under then current applicable law.

19. A computer-implemented method in which crowd-sourcing is used to establish privacy policies for purposes of a private access bureau comprising:
- establishing a private network comprised of subject matter experts;
  
  identifying access right use cases involving the sharing of private dataidentifying critical topics for discussion by said subject matter experts, said critical topics involving the application of jurisdictional rules to said access right use cases; and
  
  identifying asymptotic areas where said crowd-sourcing indicates unanimity as to the appropriate rules embodying the access right use cases, and entering these into the private access bureau.
- View Dependent Claims (20)
- - 20. The method of claim 19, further comprising:
    - identifying areas where unanimity does not occur and identifying potential changes in laws, policies and regulations that would result in unanimity; and
      
      recommending said changes to the appropriate rules-making authority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Private Access Incorporated
Original Assignee
Private Access Incorporated
Inventors
Shelton, Robert

Granted Patent

US 9,032,544 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/28
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/6245   Protecting personal data, e...

G06Q 10/00   Administration; Management

G06Q 20/102   Bill distribution or payments

G06Q 50/265   Personal security, identity...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

SYSTEM AND METHOD FOR CONTROLLING COMMUNICATION OF PRIVATE INFORMATION OVER A NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

119 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR CONTROLLING COMMUNICATION OF PRIVATE INFORMATION OVER A NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links