Using a rules model to improve handling of personally identifiable information
First Claim
1. A method of handling personally identifiable information, said method comprising:
- defining a limited number of privacy-related actions regarding said personally identifiable information;
constructing a rule for each of said privacy-related actions, wherein each rule defines an action corresponding to an associated privacy-related action, a logical condition that identifies a condition under which a particular decision is generated, and a decision indicating a manner by which said associated privacy-related action is to be performed;
creating a programming object containing a set of rules, wherein the set of rules comprises at least one of said constructed rules;
associating said programming object with said personally identifiable information;
processing a request using the programming object containing said set of rules, wherein processing said request comprises;
determining if said set of rules includes at least one rule having an action corresponding to an action specified in the request, a condition that evaluates to “
true,” and
a decision that indicates that the action is authorized;
selecting a rule in the set of rules that has an action corresponding to said action specified in the request, said condition that evaluates to “
true.” and
said decision that indicates that the action is authorized; and
providing an output based on selecting said rule in the set of rules.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is a system and method for handling personally identifiable information, using a rules model. The invention involves defining a limited number of privacy-related actions regarding personally identifiable information; constructing a rule for each circumstance in which one of said privacy-related actions may be taken or must be taken; allowing for the input of dynamic contextual information to precisely specify the condition for evaluation of a rule; creating a programming object containing at least one of said rules; associating the programming object with personally identifiable information; processing a request; and providing an output. The invention does not merely give a “yes-or-no answer. The invention has the advantage of being able to specify additional actions that must be taken. The invention may use a computer system and network. One aspect of the present invention is a method for handling personally identifiable information. Another aspect of the present invention is a system for executing the method of the present invention. A third aspect of the present invention is as a set of instructions on a computer-usable medium, or resident in a computer system, for executing the method of the present invention.
329 Citations
20 Claims
-
1. A method of handling personally identifiable information, said method comprising:
-
defining a limited number of privacy-related actions regarding said personally identifiable information; constructing a rule for each of said privacy-related actions, wherein each rule defines an action corresponding to an associated privacy-related action, a logical condition that identifies a condition under which a particular decision is generated, and a decision indicating a manner by which said associated privacy-related action is to be performed; creating a programming object containing a set of rules, wherein the set of rules comprises at least one of said constructed rules; associating said programming object with said personally identifiable information; processing a request using the programming object containing said set of rules, wherein processing said request comprises; determining if said set of rules includes at least one rule having an action corresponding to an action specified in the request, a condition that evaluates to “
true,” and
a decision that indicates that the action is authorized;selecting a rule in the set of rules that has an action corresponding to said action specified in the request, said condition that evaluates to “
true.” and
said decision that indicates that the action is authorized; andproviding an output based on selecting said rule in the set of rules. - View Dependent Claims (2, 3, 10, 11, 12, 13, 14, 15)
-
-
4. A system for handling personally identifiable information, said system comprising:
-
a processor; and a memory coupled to the processor, wherein the memory stores instructions which, when executed by the processor, cause the processor to; define a limited number of privacy-relaxed actions regarding said personally identifiable information; construct a rule for each of said privacy-related actions, wherein each rule defines an action corresponding to an associated privacy-related action, a logical condition that identifies a condition under which a particular decision is generated, and a decision indicating a manner by which said associated privacy-relaxed action is to be performed; create a programming object containing a set of rules, wherein the set of rules comprises at least one of said constructed rules; associate said programming object with said personally identifiable information; process a request using the programming object containing said set of rules, wherein processing said request comprises; determining if said set of rules includes at least one rule having an action corresponding to an action specified in the request, a condition that evaluates to “
true,” and
a decision that indicates that the action is authorize;selecting a rule in the set of rules that has an action corresponding to said action specified in the request, said condition that evaluates to “
true,” and
said decision that indicates that the action is authorized; andproviding an output based on selecting said rule in the set of rules. - View Dependent Claims (5, 6, 16, 17, 18, 19, 20)
-
-
7. A computer program product comprising a computer-usable medium having a computer readable program for handling personally identifiable information, wherein the computer readable program, when executed on a computing device, causes the computing device to:
-
define a limited number of privacy-related actions regarding said personally identifiable information; construct a rule for each of said privacy-related actions, wherein each rule defines an action corresponding to an associated privacy-related action, a logical condition that identifies a condition under which a particular decision is generated, and a decision indicating a manner by which said associated privacy-related action is to be performed; create a programming object containing a set of rules, wherein the set of rules comprises at least one of said constructed rules; associate said programming object with said personally identifiable information; process a request using the programming object containing said set of rules, wherein processing said request comprises; determining if said set of rules includes at least one rule having an action corresponding to an action specified in the request, a condition that evaluates to “
true,” and
a decision that indicates that the action is authorized;selecting a rule in the set of rules that has an action corresponding to said action specified in the request, said condition that evaluates to “
true,” and
said decision that indicates that the action is authorized; andproviding an output based on selecting said rule in the set of rules. - View Dependent Claims (8, 9)
-
Specification