Secure system and method for enforcement of privacy policy and protection of confidentiality

US 7,353,532 B2
Filed: 08/30/2002
Issued: 04/01/2008
Est. Priority Date: 08/30/2002
Status: Active Grant

First Claim

Patent Images

1. A data repository system that can securely guarantee a privacy policy of a user, comprising:

an initialization system, wherein the initialization system includes;

a system for providing the user with a privacy policy of the data repository and a mechanism for validating the privacy policy of the data repository, wherein the mechanism for validating the privacy policy includes providing to the user a public signature key and means to access at least one validator, wherein the validator is a guarantor of hardware for the data repository system, the public signature key is a key generated by the hardware, and the validator can validate the key, anda system for collecting user data from the user, wherein the user data comprises a description of expirable validity tokens authorizing a third party access to a subset of the user data from the data repository, wherein the expirable validity tokens are expirable after one of a limited time or a limited number of requests from the third party; and

a referral system for providing the third party access to the subset of the user data upon the third party providing a valid expirable validity token, wherein the referral system digitally signs and digitally encrypts the subset of data, including;

a system for checking that a privacy policy of the third party is compatible with the privacy policy of the user;

a system for digitally encoding the subset of data;

a system for requesting an expirable validity token from the third party; and

a system for verifying the validity of the expirable validity token from the third party.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention includes various systems, architectures, frameworks and methodologies that can securely enforce a privacy policy. A method is include for securely guaranteeing a privacy policy between two enterprises, comprising: creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first entity will be enforced by the privacy rules engine of the first enterprise; sending the message to a second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.

97 Citations

View as Search Results

14 Claims

1. A data repository system that can securely guarantee a privacy policy of a user, comprising:
- an initialization system, wherein the initialization system includes;
  
  a system for providing the user with a privacy policy of the data repository and a mechanism for validating the privacy policy of the data repository, wherein the mechanism for validating the privacy policy includes providing to the user a public signature key and means to access at least one validator, wherein the validator is a guarantor of hardware for the data repository system, the public signature key is a key generated by the hardware, and the validator can validate the key, anda system for collecting user data from the user, wherein the user data comprises a description of expirable validity tokens authorizing a third party access to a subset of the user data from the data repository, wherein the expirable validity tokens are expirable after one of a limited time or a limited number of requests from the third party; and
  
  a referral system for providing the third party access to the subset of the user data upon the third party providing a valid expirable validity token, wherein the referral system digitally signs and digitally encrypts the subset of data, including;
  
  a system for checking that a privacy policy of the third party is compatible with the privacy policy of the user;
  
  a system for digitally encoding the subset of data;
  
  a system for requesting an expirable validity token from the third party; and
  
  a system for verifying the validity of the expirable validity token from the third party.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The data repository system of claim 1, wherein the means to access is selected from a group consisting of a web site, printed material, and a telephone.
  - 3. The data repository system of claim 1, wherein the validity of the key can be established from the group consisting of a consumer group and a publication in printed media.
  - 4. The data repository system of claim 1, wherein the guarantor of hardware is a provider of the hardware.
  - 5. The data repository system of claim 1, wherein the privacy policy of the data repository is signed with the public signature key of the data repository.
  - 6. The data repository system of claim 1, wherein the privacy policy of the data repository is signed with the public signature key of a reputable guarantor.
  - 7. The data repository system of claim 1, wherein the user data is collected in a filled personal data form that is digitally encoded.

8. A method of controlling user data in a data repository subject to a privacy policy of the user, comprising:
- providing the user with a privacy policy of the data repository, a public signature key, and a site of a validator, wherein the validator is a guarantor of hardware for the data repository system, the public signature key is a key generated by the hardware, and the key is validated by one from the group consisting of the validator, a consumer group, and a publication in printed media;
  
  communicating with the validitor to validate the public signature key;
  
  validitating the privacy policy of the data repository with the public signature key;
  
  submitting the privacy policy of the user to the data repository;
  
  checking to determine if the privacy policy of the user matches the privacy policy of the data repository;
  
  sending user data from the user to the data repository, wherein the user data includes a description of expirable validity tokens that authorizes a third party access to a subset of the user data from the data repository, wherein the expirable validity tokens are expirable after one of a limited time or a limited number of requests from the third party;
  
  requesting an expirable validity token from the third party;
  
  verifying the validity of the expirable validity token from the third party;
  
  providing the third party access to the subset of the user data upon the verifying requesting a subset of data from a third party to the user;
  
  checking that a privacy policy of the third party is compatible with the privacy policy of the user;
  
  providing a validity token to the third party from the user;
  
  requesting from the data repository a validity token from the third party; and
  
  providing to the third party the requested subset of data, wherein the step of providing a validity token to the third party from the user, includes;
  
  providing a public key/private key encryption pair;
  
  sending an encoded message to the third party signed with the public key, wherein the encoded message includes a password and validation information;
  
  providing the data repository with the private key; and
  
  passing the encoded message to the data repository from the third party, along with the location of the private key.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein the guarantor of hardware is a provider of the hardware.
  - 10. The method of claim 8, wherein the step of sending user data from the user to the data repository includes the steps of:
    - securely sending to the user from the data repository a data form that is compatible with the privacy policy of the user and of the data repository;
      
      filling out the data form in a manner that is compatible with the privacy policy of the user and of the data repository; and
      
      including in the filled out data form the description of the validity tokens; and
      
      securely sending the filled out data form to the data repository.
  - 11. The method of claim 8, wherein the step of providing the user with the privacy policy of the data repository includes the step of signing the privacy with a public signature key of one selected from the group consisting of a reputable guarantor and the data repository.

12. A program product stored on a recordable medium for providing a data repository that can securely guarantee a privacy policy of a user, the program product comprising:
- means for providing the user with a privacy policy of the data repository, and for providing a mechanism for validating the privacy policy of the data repository, wherein the mechanism for validating the privacy policy includes providing to the user a public signature key and a site of at least validator, wherein the validator is a provider of hardware for the data repository, the public signature key is a key generated by the hardware, and the validator can validate the public signature key;
  
  means for collecting user data from the user, wherein the user data comprises a description of expirable validity tokens authorizing a third party access to a subset of the user data from the data repository, wherein the expirable validity tokens are expirable after one of a limited time or a limited number of requests from the third party;
  
  means for checking that a privacy policy of the third party is compatible with the privacy policy of the user;
  
  means for digitally encoding the subset of data to be transmitted to the third party;
  
  means for requesting an expirable validity token from the third party;
  
  means for verifying the validity of the expirable validity token from the third party;
  
  means for authorizing access to the third party of the user data upon the verifying; and
  
  means for digitally signing and digitally encrypting the subset of data.
- View Dependent Claims (13, 14)
- - 13. The program product of claim 12, wherein the privacy policy of the data repository is signed with the public signature key.
  - 14. The program product of claim 13, wherein the user data is collected in a filled personal data form that is digitally encoded.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Perez, Ronald, Duri, Sastry S., Schonberg, Edith G., Liu, Xuan, Tresser, Charles P., Singh, Moninder, Moskowitz, Paul A.
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Nobahar; Abdulhakim

Application Number

US10/233,340
Publication Number

US 20040054919A1
Time in Patent Office

2,041 Days
Field of Search

726/26, 726/29, 726/30, 726/27, 726/1
US Class Current

726/1
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06Q 20/389   Keeping log of transactions...

G06Q 20/4016   involving fraud or risk lev...

G06Q 40/02   Banking, e.g. interest calc...

Secure system and method for enforcement of privacy policy and protection of confidentiality

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

97 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Secure system and method for enforcement of privacy policy and protection of confidentiality

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

97 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links