Method for automatically managing information privacy

US 7,469,416 B2
Filed: 11/05/2002
Issued: 12/23/2008
Est. Priority Date: 11/05/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for automatically managing information privacy, comprising:

receiving a request that includes a call for information in a bean, which stores information and methods for operating on the information, and a purpose for the call, the purpose indicating a manner in which a requestor of the information intends to use the information; and

automatically determining whether the request should be granted by comparing the purpose to a privacy control policy, which sets forth privacy rules governing circumstances under which the information particular to the bean can be accessed and used, that is packaged with the bean to determine whether the purpose is valid, the privacy control policy being additional to the information and the methods and being packaged as an element of a deployment descriptor.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A request including a call for the information in a bean and a purpose for the call is received. Upon receipt, the purpose is compared to a privacy control policy that is packaged with the bean. If the purpose complies with the privacy control policy, the requested access and/or use of the information is permitted.

20 Citations

View as Search Results

15 Claims

1. A method for automatically managing information privacy, comprising:
- receiving a request that includes a call for information in a bean, which stores information and methods for operating on the information, and a purpose for the call, the purpose indicating a manner in which a requestor of the information intends to use the information; and
  
  automatically determining whether the request should be granted by comparing the purpose to a privacy control policy, which sets forth privacy rules governing circumstances under which the information particular to the bean can be accessed and used, that is packaged with the bean to determine whether the purpose is valid, the privacy control policy being additional to the information and the methods and being packaged as an element of a deployment descriptor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the call comprises a call to a method within the bean, wherein the method includes a procedure that operates on the information, and wherein the method references at least one rule in the privacy control policy.
  - 3. The method of claim 2, further comprising:
    - providing the information pursuant to a web transaction; and
      
      storing the information and the method in the bean, prior to the receiving step.
  - 4. The method of claim 1, wherein the bean is an ENTERPRISE JAVABEAN that stores information regarding a single source.
  - 5. The method of claim 1, wherein the privacy control policy is packaged with the bean as a deployment descriptor.
  - 6. The method of claim 1, further comprising, in addition to comparing of the purpose to the access control policy, automatically performing access control to the information based on user information that identifies the requestor making the request and an access control policy packaged with the bean that dictates who can access the information.
  - 7. The method of claim 1, wherein the step of automatically determining is carried out by an application server.
  - 8. The method of claim 6, wherein the application server is WEBSPHERE application server.

9. A computer-implemented method for automatically managing information privacy, comprising:
- receiving a request that includes a call for information in a bean and a purpose for the call, the purpose indicating a manner in which a requestor of the information intends to use the information, wherein the call is to a method within the bean, and wherein the method references at least one privacy control rule, which governs at least one of access or use of the information, that is packaged with the bean, the privacy control rule being additional to the information and methods of the bean and being packaged as an element of a deployment descriptor; and
  
  automatically determining whether the request should be granted by comparing the purpose to the at least one privacy control rule to determine whether the purpose is valid, wherein the request is granted if the purpose complies with the at least one privacy control rule.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein the bean is an ENTERPRISE JAVABEAN.
  - 11. The method of claim 9, wherein the method comprises a procedure that operates on the information.
  - 12. The method of claim 9, further comprising, in addition to comparing of the purpose to the access control policy, automatically performing access control to the information by comparing user information that identifies the requestor making the request to an access control policy that is also packaged with the bean that dictates who can access the information.
  - 13. The method of claim 9, wherein the at least one privacy control rule is part of a privacy control policy that is packaged with the bean as a deployment descriptor.
  - 14. The method of claim 9, wherein the step of automatically determining is performed by an application server.
  - 15. The method of claim 9, further comprising:
    - providing the information pursuant to a web transaction; and
      
      storing the information and the method in the bean, prior to the receiving step.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Daedalus Blue LLC
Original Assignee
International Business Machines Corporation
Inventors
Powers, Calvin S., Presler-Marshall, Martin
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Tran; Tongoc

Application Number

US10/288,082
Publication Number

US 20040088579A1
Time in Patent Office

2,240 Days
Field of Search

726 27- 30, 726/1, 726/4, 707/2, 707/3, 707/9, 707/103.R, 705/3, 705/51, 705/26, 705/27
US Class Current

726/1
CPC Class Codes

G16H 10/60   for patient-specific data, ...

G16H 20/10   relating to drugs or medica...

H04L 63/104   Grouping of entities

Y10S 707/99932   Access augmentation or opti...

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99939   Privileged access

Method for automatically managing information privacy

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

20 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method for automatically managing information privacy

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links