Privacy and security method and system for a world-wide-web site
First Claim
Patent Images
1. A method of making clinical information of a plurality of users accessible for use in an enhanced browsing application, while maintaining the security and privacy of the clinical information, said method comprising the steps:
- transferring de-identified clinical information of said users from said first computer to said second computer, said de-identified clinical information being associated with a surrogate ID;
transferring identifiable personal information which lack clinical information from said first computer to a third computer, wherein said third computer does not receive said de-identified clinical information and said second computer does not receive said identifiable personal information;
generating on said third computer an anonymous ID for each user which anonymously identifies the user, each anonymous ID being correlated or correlatable with a surrogate ID;
transferring said anonymous IDs from said third computer to said second computer and assuring that the anonymous IDs are not provided to said first computer; and
storing in a database accessible to said second computer said de-identified clinical information of said users indexed by said anonymous IDs, wherein said de-identified clinical information is used when a browser browses information on a web server associated with said second computer;
wherein said surrogate IDs are encrypted using an encryrption key maintained by said first computer;
said identifiable personal information transferred from said first computer to said third computer is indexed by unencrypted surrogate IDs;
said encryption key is transferred to said third computer from said first computer;
said third computer encrypts said surrogate IDs using said encryption key and transfers said encrypted surrogate IDs to said second computer with said anonymous IDs; and
said second computer uses said encrypted surrogate IDs transferred from said third computer to correlate said anonymous IDs with said de-identified personal information received from said first computer.
0 Assignments
0 Petitions
Accused Products
Abstract
Personal information of users is used to customize the browsing experiences of the users on a World-Wide-Web site. To ensure privacy of the users'"'"' personal information, each user is assigned a unique Universal Anonymous Identifier (UAI). The UAI is generated by a trusted third party and provided to the Web site operator. The Web site operator then indexes the users'"'"' personal information by UAI. Only the user has the ability to correlate his/her true identity with his/her personal information.
126 Citations
24 Claims
-
1. A method of making clinical information of a plurality of users accessible for use in an enhanced browsing application, while maintaining the security and privacy of the clinical information, said method comprising the steps:
-
transferring de-identified clinical information of said users from said first computer to said second computer, said de-identified clinical information being associated with a surrogate ID; transferring identifiable personal information which lack clinical information from said first computer to a third computer, wherein said third computer does not receive said de-identified clinical information and said second computer does not receive said identifiable personal information; generating on said third computer an anonymous ID for each user which anonymously identifies the user, each anonymous ID being correlated or correlatable with a surrogate ID; transferring said anonymous IDs from said third computer to said second computer and assuring that the anonymous IDs are not provided to said first computer; and storing in a database accessible to said second computer said de-identified clinical information of said users indexed by said anonymous IDs, wherein said de-identified clinical information is used when a browser browses information on a web server associated with said second computer; wherein said surrogate IDs are encrypted using an encryrption key maintained by said first computer; said identifiable personal information transferred from said first computer to said third computer is indexed by unencrypted surrogate IDs; said encryption key is transferred to said third computer from said first computer; said third computer encrypts said surrogate IDs using said encryption key and transfers said encrypted surrogate IDs to said second computer with said anonymous IDs; and said second computer uses said encrypted surrogate IDs transferred from said third computer to correlate said anonymous IDs with said de-identified personal information received from said first computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for making clinical information of a plurality of users accessible for use in an enhanced browsing application, while maintaining the security and privacy of the clinical information, said system comprising:
-
a first computer containing clinical information of said users; a second computer for receiving de-identified clinical information of said users transferred from said first computer together with surrogate IDs; a third computer for receiving identifiable personal information which lacks clinical information transferred from said first computer, wherein said third computer does not receive said de-identified clinical information, and wherein said second computer does not receive said identifiable personal information, said third computer being configured to generate an anonymous ID for each user which anonymously identifies the user, each anonymous ID being correlated or correlatable with a surrogate ID, said third computer transferring said anonymous IDs to said second computer and assuring said anonymous IDs are not provided to said first computer; and a database accessible to said second computer for storing said de-identified clinical information of said users indexed by said anonymous IDs, wherein said database is used when a browser browses information on a web server associated with said second computer; wherein said surrogate IDs are encrypted using an encryption key maintained by said first computer; said first computer transfers said encryption key to said third computer; said third computer encrypts said surrogate IDs using said encryption key and transfers said encrypted surrogate IDs to said second computer with said anonymous IDs; and said second computer uses said encrypted surrogate IDs transferred from said third computer to correlate said anonymous IDs with said de-identified clinical information received from said first computer. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
Specification