Secure system and method for enforcement of privacy policy and protection of confidentiality
First Claim
1. A method for securely guaranteeing a privacy policy between two enterprises, comprising:
- creating a message at a first enterprise, wherein the message includes a request for data concerning a specifically identified third party for data stored by a second enterprise and a privacy policy of the first enterprise;
signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first enterprise will be enforced by the privacy rules engine of the first enterprise;
sending the message to the second enterprise; and
running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party, wherein in response to a match between the privacy policy of the first enterprise and the set of privacy rules for the third party;
encrypting the data requested by the first enterprise; and
sending the encrypted requested data from the second enterprise to the first enterprise.
4 Assignments
0 Petitions
Accused Products
Abstract
The invention includes various systems, architectures, frameworks and methodologies that can securely enforce a privacy policy. A method is include for securely guaranteeing a privacy policy between two enterprises, comprising: creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first entity will be enforced by the privacy rules engine of the first enterprise; sending the message to a second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.
-
Citations
9 Claims
-
1. A method for securely guaranteeing a privacy policy between two enterprises, comprising:
-
creating a message at a first enterprise, wherein the message includes a request for data concerning a specifically identified third party for data stored by a second enterprise and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first enterprise will be enforced by the privacy rules engine of the first enterprise; sending the message to the second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party, wherein in response to a match between the privacy policy of the first enterprise and the set of privacy rules for the third party;
encrypting the data requested by the first enterprise; and
sending the encrypted requested data from the second enterprise to the first enterprise. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for securely guaranteeing a privacy policy between two enterprises, comprising:
-
creating a message at a first enterprise, wherein the message includes a request for data concerning a specifically identified third party for data stored by a second enterprise and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first enterprise will be enforced by the privacy rules engine of the first enterprise, wherein;
the certifying step includes the preliminary act of registering the first enterprise with a trusted agency; and
the second enterprise checks the trusted agency to verify the certification;sending the message to the second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.
-
-
9. A method for securely guaranteeing a privacy policy between two enterprises, comprising:
-
creating a message at a first enterprise, wherein the message includes a request for data concerning a specifically identified third party for data stored by a second enterprise and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first enterprise will be enforced by the privacy rules engine of the first enterprise; sending the message to the second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party. wherein both the first and second enterprises each includes a hardware device built with a cryptographic identifier that allows the hardware device of the first enterprise and the hardware device of the second enterprise to recognize and certify each other.
-
Specification