Method and system for implementing privacy policy enforcement with a privacy proxy

US 7,797,726 B2
Filed: 12/16/2004
Issued: 09/14/2010
Est. Priority Date: 12/16/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for processing data in accordance with a privacy policy within a data processing system, the method comprising:

receiving, at a proxy, a first message from a first system to a second system;

in response to a determination at the proxy that the first message is associated with an operation on personally identifiable information, determining at the proxy whether the operation on the personally identifiable information is compliant with a privacy policy and with user preference information with respect to the privacy policy for a user who is associated with the personally identifiable information, where the personally identifiable information is information that can uniquely identify an individual;

in response to a determination that the operation on the personally identifiable information is compliant with a privacy policy and with user preference information with respect to the privacy policy, sending the first message from the proxy to the second system; and

in response to a determination that the operation on the personally identifiable information is not compliant with a privacy policy and with user preference information with respect to the privacy policy, sending a second message from the proxy to the first system, wherein the second message indicates an error status.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is presented for enforcing a privacy policy concerning management of personally identifiable information in a centralized manner through a privacy proxy agent. A proxy intercepts a message from a first system to a second system, e.g., from a server to a client, and determines whether the message is associated with an operation on personally identifiable information; if not, then the proxy sends the message to the second system, but if so, then the proxy determines whether the operation on the personally identifiable information is compliant with a privacy policy and with user preference information with respect to the privacy policy for a user who is associated the personally identifiable information. If the message is compliant with the privacy policy and user preference data, then the proxy sends the first message to the second system; otherwise, an error indication is returned to the first system.

Citations

24 Claims

1. A method for processing data in accordance with a privacy policy within a data processing system, the method comprising:
- receiving, at a proxy, a first message from a first system to a second system;
  
  in response to a determination at the proxy that the first message is associated with an operation on personally identifiable information, determining at the proxy whether the operation on the personally identifiable information is compliant with a privacy policy and with user preference information with respect to the privacy policy for a user who is associated with the personally identifiable information, where the personally identifiable information is information that can uniquely identify an individual;
  
  in response to a determination that the operation on the personally identifiable information is compliant with a privacy policy and with user preference information with respect to the privacy policy, sending the first message from the proxy to the second system; and
  
  in response to a determination that the operation on the personally identifiable information is not compliant with a privacy policy and with user preference information with respect to the privacy policy, sending a second message from the proxy to the first system, wherein the second message indicates an error status.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising:
    - in response to a determination at the proxy that the first message is not associated with an operation on personally identifiable information, sending the first message from the proxy to the second system.
  - 3. The method of claim 1 further comprising:
    - determining at the proxy whether the first message is associated with an operation on personally identifiable information by identifying personally identifiable information within the first message.
  - 4. The method of claim 1 further comprising:
    - determining at the proxy whether the first message is associated with an operation on personally identifiable information by identifying that the first message initiates collection of personally identifiable information by the first system or by the second system.
  - 5. The method of claim 1 further comprising:
    - determining at the proxy whether the first message is associated with an operation on personally identifiable information by scanning the first message for a data element that has been inserted into the first message by the first system to signal to the proxy that the first message is associated with an operation on personally identifiable information.
  - 6. The method of claim 1 further comprising:
    - determining at the proxy that the first message is associated with an operation on personally identifiable information in accordance with a set of configurable rules that contain conditions that are evaluated against the first message.
  - 7. The method of claim 1 further comprising:
    - determining at the proxy that the operation on the personally identifiable information is compliant with a privacy policy in accordance with a set of configurable rules that contain conditions that are evaluated against the first message.
  - 8. The method of claim 1 further comprising:
    - determining at the proxy that the operation on the personally identifiable information is compliant with user preference information with respect to the privacy policy in accordance with a set of configurable rules that contain conditions that are evaluated against the first message.

9. An apparatus for processing data in accordance with a privacy policy within a data processing system, the apparatus comprising:
- a processor;
  
  a data store that stores a set of program instruction means that, when executed by the processor comprise a proxy that performs a method comprising;
  
  receiving, at the proxy, a first message from a first system to a second system;
  
  in response to a determination that the first message is associated with an operation on personally identifiable information, determining whether the operation on the personally identifiable information is compliant with a privacy policy and with user preference information with respect to the privacy policy for a user who is associated with the personally identifiable information, where the personally identifiable information is information that can uniquely identify an individual; and
  
  in response to a determination that the operation on the personally identifiable information is compliant with a privacy policy and with user preference information with respect to the privacy policy, sending the first message from the proxy to the second system; and
  
  in response to a determination that the operation on the personally identifiable information is not compliant with a privacy policy and with user preference information with respect to the privacy policy, sending a second message from the proxy to the first system, wherein the second message indicates an error status.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus of claim 9 wherein the method further comprises:
    - in response to a determination that the first message is not associated with an operation on personally identifiable information, sending the first message from the proxy to the second system.
  - 11. The apparatus of claim 9 wherein the method further comprises:
    - determining whether the first message is associated with an operation on personally identifiable information by identifying personally identifiable information within the first message.
  - 12. The apparatus of claim 9 wherein the method further comprises:
    - determining whether the first message is associated with an operation on personally identifiable information by identifying that the first message initiates collection of personally identifiable information by the first system or by the second system.
  - 13. The apparatus of claim 9 wherein the method further comprises:
    - determining whether the first message is associated with an operation on personally identifiable information by scanning the first message for a data element that has been inserted into the first message by the first system to signal to the proxy that the first message is associated with an operation on personally identifiable information.
  - 14. The apparatus of claim 9 wherein the method further comprises:
    - determining that the first message is associated with an operation on personally identifiable information in accordance with a set of configurable rules that contain conditions that are evaluated against the first message.
  - 15. The apparatus of claim 9 wherein the method further comprises:
    - determining that the operation on the personally identifiable information is compliant with a privacy policy in accordance with a set of configurable rules that contain conditions that are evaluated against the first message.
  - 16. The apparatus of claim 9 wherein the method further comprises:
    - determining that the operation on the personally identifiable information is compliant with user preference information with respect to the privacy policy in accordance with a set of configurable rules that contain conditions that are evaluated against the first message.

17. A computer program product on a computer readable medium for processing data in accordance with a privacy policy within a data processing system, the computer program product holding computer program instructions which when executed by the data processing system comprise a proxy that performs a method comprising:
- receiving, at a proxy, a first message from a first system to a second system;
  
  in response to a determination that the first message is associated with an operation on personally identifiable information, determining whether the operation on the personally identifiable information is compliant with a privacy policy and with user preference information with respect to the privacy policy for a user who is associated with the personally identifiable information, where the personally identifiable information is information that can uniquely identify an individual;
  
  in response to a determination that the operation on the personally identifiable information is compliant with a privacy policy and with user preference information with respect to the privacy policy, sending the first message from the proxy to the second system; and
  
  in response to a determination that the operation on the personally identifiable information is not compliant with a privacy policy and with user preference information with respect to the privacy policy, sending a second message from the proxy to the first system, wherein the second message indicates an error status.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer program product of claim 17 wherein the method further comprises:
    - in response to a determination that the first message is not associated with an operation on personally identifiable information, sending the first message from the proxy to the second system.
  - 19. The computer program product of claim 17 wherein the method further comprises:
    - determining whether the first message is associated with an operation on personally identifiable information by identifying personally identifiable information within the first message.
  - 20. The computer program product of claim 17 wherein the method further comprises:
    - determining whether the first message is associated with an operation on personally identifiable information by identifying that the first message initiates collection of personally identifiable information by the first system or by the second system.
  - 21. The computer program product of claim 17 wherein the method further comprises:
    - determining whether the first message is associated with an operation on personally identifiable information by scanning the first message for a data element that has been inserted into the first message by the first system to signal to the proxy that the first message is associated with an operation on personally identifiable information.
  - 22. The computer program product of claim 17 wherein the method further comprises:
    - determining that the first message is associated with an operation on personally identifiable information in accordance with a set of configurable rules that contain conditions that are evaluated against the first message.
  - 23. The computer program product of claim 17 wherein the method further comprises:
    - determining that the operation on the personally identifiable information is compliant with a privacy policy in accordance with a set of configurable rules that contain conditions that are evaluated against the first message.
  - 24. The computer program product of claim 17 wherein the method further comprises:
    - determining that the operation on the personally identifiable information is compliant with user preference information with respect to the privacy policy in accordance with a set of configurable rules that contain conditions that are evaluated against the first message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LinkedIn Corporation (Microsoft Corporation)
Original Assignee
International Business Machines Corporation
Inventors
Muppidi, Sridhar R., Ashley, Paul Anthony, Vandenwauver, Mark
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Perungavoor; Venkat

Application Number

US11/014,561
Publication Number

US 20060136985A1
Time in Patent Office

2,098 Days
Field of Search

726 12- 13, 726 26- 27
US Class Current

726/1
CPC Class Codes

H04L 63/0407   wherein the identity of one...

H04L 63/101   Access control lists [ACL]

H04L 67/306   User profiles

Method and system for implementing privacy policy enforcement with a privacy proxy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for implementing privacy policy enforcement with a privacy proxy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links