Integrated privacy rules engine and application

US 7,496,191 B1
Filed: 12/17/2003
Issued: 02/24/2009
Est. Priority Date: 12/17/2003
Status: Active Grant

First Claim

Patent Images

1. A method for managing customer data comprising:

assigning one or more roles with entities requesting access to private customer data, the entities including at least one application;

determining a category associated with at least some of the customer data;

determining an access level for each of the one or more roles based on the category associated with the at least some of the private customer data, wherein the access level for each of the one or more roles is further based on one of one or more rules regulating accessing the private customer data, wherein each of the one or more rules corresponds with one of the one or more roles and the category, and wherein the one or more rules regulating accessing the private customer data are selectable by a customer related to the private customer data; and

restricting access by the entity to a system maintaining the private customer data based on whether the entity is authorized to access the system.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for managing customer data is provided. The method for managing customer data includes assigning one or more roles with entities desiring access to customer data, the entities including at least one application. The method provides for determining a category associated with at least some of the customer data, determining an access level for each role based on the category associated with the at least some of the customer data, and restricting access by the application to a system maintaining the customer data based on whether the application is authorized to access the system.

73 Citations

View as Search Results

23 Claims

1. A method for managing customer data comprising:
- assigning one or more roles with entities requesting access to private customer data, the entities including at least one application;
  
  determining a category associated with at least some of the customer data;
  
  determining an access level for each of the one or more roles based on the category associated with the at least some of the private customer data, wherein the access level for each of the one or more roles is further based on one of one or more rules regulating accessing the private customer data, wherein each of the one or more rules corresponds with one of the one or more roles and the category, and wherein the one or more rules regulating accessing the private customer data are selectable by a customer related to the private customer data; and
  
  restricting access by the entity to a system maintaining the private customer data based on whether the entity is authorized to access the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - identifying one or more entities for which access to customer data is to be provided;
      
      determining the roles associated with the entities; and
      
      assigning some of the entities to one of the defined roles.
  - 3. The method of claim 1, wherein the private customer data includes customer mobile telephony data.
  - 4. The method of claim 3, wherein the mobile telephony data includes a geographic location of the customer.
  - 5. The method of claim 4, wherein at least one of the entities requesting access to the private customer data based on a vendor providing a coupon to the customer based on geographic location data of the customer mobile telephony data.
  - 6. The method of claim 5, wherein the one of the one or more rules is further defined as a customer selectable rule related to providing the geographic location data of the customer.
  - 7. The method of claim 1, wherein the one of the one or more rules is further defined as a legal constraint operable to limit access to customer data.
  - 8. The method of claim 1, wherein the one of the one or more rules is further defined as a privacy constraint on customer data access based on at least a portion of a legal notice requirement.
  - 9. The method of claim 1, wherein the one of the one or more rules is further defined as a privacy constraint on customer data access based on at least a portion of a legal choice requirement.
  - 10. The method of claim 1, wherein the one of the one or more rules is further defined as an opt-in/opt-out legal choice requirement that is customer selectable.
  - 11. The method of claim 1, wherein the one of the one or more rules is further defined as a privacy constraint on customer data access based on at least a portion of a legal access requirement.
  - 12. The method of claim 1, wherein the one of the one or more rules is further defined as a privacy constraint on customer data access based on at least a portion of each of a notice, a choice, an access and a security requirement.

13. A system for privacy management of customer data comprising:
- a data store component configured to maintain a data store identifying private customer data and an authorization level associated with at least some of the private customer data, at least some of the private customer data securely stored according to a security protocol, wherein the authorization level associated with at least some of the private customer data is based on one or more rules selectable by a customer related to the private customer data; and
  
  a data retriever component configured to receive a request from an application for the private customer data, and the data retriever component determines whether to provide the requested private customer data to the application based on a role assigned to the application and the authorization level associated with the requested private customer data, wherein there is one-to-one-to-one correspondence between the requested private customer data, the role assigned to the application and the authorization level.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The system of claim 13, wherein the data store further identifies a category associated with at least some of the private customer data and wherein the authorization level is associated with the category.
  - 15. The system of claim 13, wherein the role is further defined as a classification role of an entity desiring to receive the private customer data.
  - 16. The system of claim 15, wherein the authorization level is associated with the role.
  - 17. The system of claim 15, wherein the authorization level is based on the category and the role.
  - 18. The system of claim 13, wherein the security protocol includes a security parameter related to a type of security storage of the private customer data on a system and a retention parameter related to retention of the private customer data.
  - 19. The system of claim 13, further comprising a network authentication system configured to authenticate the application for access to a network wherein the data store is located.
  - 20. The system of claim 13, wherein the application is associated with a service.
  - 21. The system of claim 20, wherein the data retriever component is further configured to determine whether to provide the requested private customer data to the application based on the role related to the service of the application.
  - 22. The system of claim 20, wherein the data retriever component is further configured to determine whether to provide the requested private customer data to the application based the service of the application.
  - 23. The system of claim 22, wherein the data retriever component is further configured to determine whether to provide the requested private customer data to the application based on the role assigned of the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Crews, John C., Pogiri, Srinivas, Fultz, David
Primary Examiner(s)
Aubaidi; Rasha S Al

Application Number

US10/738,763
Time in Patent Office

1,896 Days
Field of Search

379/220.01, 379/142.02, 379/142.05
US Class Current

379/220.01
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2111   Location-sensitive, e.g. ge...

H04M 2203/6009   Personal information, e.g. ...

H04M 3/42   Systems providing special s...

Integrated privacy rules engine and application

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Integrated privacy rules engine and application

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links