Rules engine architecture and implementation

US 7,853,786 B1
Filed: 12/17/2003
Issued: 12/14/2010
Est. Priority Date: 12/17/2003
Status: Active Grant

First Claim

Patent Images

1. A system for managing private customer data, the system comprising:

a data store in a computer readable storage media maintaining customer data, the customer data including privacy constraints and private customer data;

a first security module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to restrict access to at least one element of the private customer data based on one or more of the privacy constraints associated with the at least one element of the private customer data, wherein the privacy constraints include role related privacy rules associated with a category of the private customer data corresponding to the at least one element of the private customer data, wherein at least one of the role related privacy rules is a customer selectable rule that implements an opt-in or opt-out method, wherein the privacy constraints further include a set of security requirements and data retention requirements for the category of the private customer data that include a restricted value related to the category of the private customer data;

a second security module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to communicate with an application of a requesting entity desiring access to the customer data from the data store, the second security module executable to determine whether the application is a legitimate, authorized application and further denying the application access to the customer data of the data store upon determining that the application is an imposter, unauthorized application, wherein the application includes a security portion of the application programmed to communicate with the second security module to provide the second security module with parameters of the application necessary for the second security module to determine whether the application is a legitimate, authorized application; and

a third security module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to restrict access to the customer data by the application based on a data operation to be performed by the application on the customer data, wherein the third security module permits access to the customer data upon the data operation being a read only data operation based solely on the operation being a read only data operation, and wherein the third security module determines whether to restrict access by the application to the customer data upon the data operation being a modify data operation.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for customer data privacy management is provided. The system includes a data store having customer data and privacy rules associated with the customer data, a rules engine that limits access to the customer data, an application to provide a service related to the customer data, and an interface in communication with the application and the rules engine. The rules engine promotes limiting access to customer data based on the service of the application and the privacy rules associated with the customer data. The customer data includes mobile location information and positioning information. The service of the application may be further defined as a mobile location service. The customer data includes a buddy list and one or more of the privacy rules can be associated with the buddy list to limit access by one or more applications to the buddy list.

102 Citations

View as Search Results

25 Claims

1. A system for managing private customer data, the system comprising:
- a data store in a computer readable storage media maintaining customer data, the customer data including privacy constraints and private customer data;
  
  a first security module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to restrict access to at least one element of the private customer data based on one or more of the privacy constraints associated with the at least one element of the private customer data, wherein the privacy constraints include role related privacy rules associated with a category of the private customer data corresponding to the at least one element of the private customer data, wherein at least one of the role related privacy rules is a customer selectable rule that implements an opt-in or opt-out method, wherein the privacy constraints further include a set of security requirements and data retention requirements for the category of the private customer data that include a restricted value related to the category of the private customer data;
  
  a second security module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to communicate with an application of a requesting entity desiring access to the customer data from the data store, the second security module executable to determine whether the application is a legitimate, authorized application and further denying the application access to the customer data of the data store upon determining that the application is an imposter, unauthorized application, wherein the application includes a security portion of the application programmed to communicate with the second security module to provide the second security module with parameters of the application necessary for the second security module to determine whether the application is a legitimate, authorized application; and
  
  a third security module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to restrict access to the customer data by the application based on a data operation to be performed by the application on the customer data, wherein the third security module permits access to the customer data upon the data operation being a read only data operation based solely on the operation being a read only data operation, and wherein the third security module determines whether to restrict access by the application to the customer data upon the data operation being a modify data operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1, wherein the modify data operation is one of a change data operation and a write new data operation.
  - 3. The system of claim 1, wherein the third security module further determines whether to restrict access by the application to the customer data based on whether the requesting entity is authorized to perform the modify data operation.
  - 4. The system of claim 1, wherein the third security module further determines whether to restrict access by the application to the customer data based on whether the requesting entity is authorized to perform the modify data operation based on the customer data to be changed.
  - 5. The system of claim 1, wherein each of the first, second, and third security modules authorize the application before allowing the application access to the customer data.
  - 6. The system of claim 1, wherein at least some of the privacy constraints are selectable by a customer whose private customer data is maintained by the data store.
  - 7. The system of claim 1, wherein the second security module includes a user access to the application.
  - 8. The system of claim 1, wherein the second security module includes a firewall.
  - 9. The system of claim 1, wherein the second security module is further defined as a system interface security layer and the first security module is further defined as a data access security layer, and wherein the third security module is further defined as between the data access layer and the system interface layer.
  - 10. The system of claim 1, further comprising:
    - an authorization module requiring passcode prior to providing the customer data to the application;
      
      a transmission module determining a state of the customer data for transmission based on the customer data to be transmitted to the application; and
      
      a storage module determining a state of the customer data for storage on the data store.
  - 11. The system of claim 10, wherein the state of the data for transmission is encrypted.
  - 12. The system of claim 10, wherein the passcode is further defined as a digital certificate.
  - 13. The system of claim 1, wherein the data store is further defined as a first data store maintaining the private customer data of the customer data and a second data store maintaining the privacy constraints of the customer data.
  - 14. The system of claim 1, wherein the parameters of the application include one or more from the group consisting of port information of the application, socket information of the application, and an internet protocol address of the application.

15. A method for managing customer data;
- comprising;
  
  restricting, by a computer processor, access by a requesting application to a system maintaining the customer data in a data store based on a determination of whether the requesting application is legitimate and authorized to access the system, wherein the determination is based on parameters of the requesting application;
  
  restricting, by a computer processor, access by the requesting application to one or more portions of the customer data based on actions to be performed by the requesting application on the portions of the customer data, wherein access by the requesting application to the one or more portions of the customer is not restricted upon the actions to be performed being a read only action based solely on the determination that the action to be performed is a read only action, and wherein upon the actions to be performed being modifying actions to the one or more portions of the customer data, access by the requesting application to the one or more portions of the customer data is restricted based on authorizing an entity using the requesting application; and
  
  restricting, by a computer processor, access by the requesting application to one or more portions of the customer data where the customer data includes at least one security restriction on the customer data requested by the requesting application, wherein a customer to which the customer data pertains selects the at least one security restriction on the customer data, wherein the at least one security restriction includes role related privacy rules associated with a category of the customer data requested by the requesting application, wherein at least one of the role related privacy rules is a customer selectable rule that implements an opt-in or opt-out method, and wherein the at least one security restriction further includes a set of security requirements and data retention requirements for the category of the customer data that include a restricted value related to the category of the private customer data.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The method of claim 15, wherein the customer data includes a mobile location information or a positioning information.
  - 17. The method of claim 15, wherein the requesting application is further defined as a mobile location service, and wherein the method includes determining a service of the application and restricting access to the customer data based on the service of the application.
  - 18. The method of claim 15, wherein the customer data includes a buddy list and wherein the at least one security restriction is related to restricting access to the buddy list.
  - 19. The method of claim 15, wherein the customer data includes a push-to-talk buddy list and wherein the security restriction provides for restricting push-to-talk buddy lists.
  - 20. The method of claim 15, wherein the requesting application parameters include a security protocol to negotiate a firewall of the system, the firewall preventing unauthorized access by application.
  - 21. The method of claim 15, wherein access to the system maintaining the customer data is denied upon determining that the requesting application is an imposter or unauthorized application based on the parameters of the requesting application.
  - 22. The method of claim 15, wherein upon the actions to be performed being reading actions to the one or more portions of the customer data, access by the requesting application to the one or more portions of the customer data is not restricted.
  - 23. The method of claim 15, wherein the parameters of the application include one or more from the group consisting of port information of the application, socket information of the application, and an internet protocol address of the application.

24. A system for managing private customer data, the system comprising:
- an entity authorization module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to determine whether an entity is allowed to access an application, wherein the application accesses at least one element of private customer data;
  
  an application authorization module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to determine whether the application is a legitimate application based on parameters of the application, wherein the application authorization module permits the application'"'"'s access to the at least one element of private customer data upon determining that the application is a legitimate application, the application authorization module coupled to the entity authorization module;
  
  an operation authorization module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to determine whether an operation to be performed by the application'"'"'s access to the at least one element of private customer data is a read operation or a modify operation, wherein upon determining that the operation is a read operation, the operation authorization module always permits the application'"'"'s access to the at least one element of private customer data, and wherein upon determining that the operation is a modify operation, the operation authorization module further determines whether the entity is authorized to perform the modify operation on the at least one element of private customer data and permits the application'"'"'s access to the at least one element of private customer data upon determining that the entity is authorized to perform the modify operation, wherein the operation authorization module is coupled to the application authorization module after the application authorization module is coupled to the entity authorization module;
  
  a data store that stores customer data comprising private customer data including the at least one element of private customer data, the data store further comprising privacy constraints, wherein each element of private customer data has at least one associated privacy constraint, wherein the privacy constraints include role related privacy rules associated with a category of the private customer data corresponding to the at least one element of private customer data, wherein at least one of the role related privacy rules is a customer selectable rule that implements an opt-in or opt-out method, wherein the privacy constraints further include a set of security requirements and data retention requirements for the category of the private customer data that include a restricted value related to the category of the private customer data; and
  
  a rules engine coupled to the operation authorization module and the data store, wherein the rules engine permits the application'"'"'s access to the at least one element of private customer data based on applying the at least one privacy constraint associated with the at least one element of private customer data.
- View Dependent Claims (25)
- - 25. The system of claim 24, wherein the parameters of the application include one or more from the group consisting of port information of the application, socket information of the application, and an internet protocol address of the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Ramanujan, Anuradha S., Ibitayo, Kemi Y., Fultz, David
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
Schmidt; Kari L

Application Number

US10/738,598
Time in Patent Office

2,554 Days
Field of Search

713/166, 713/171, 713/155, 726/1, 726 26- 30, 726/17
US Class Current

713/166
CPC Class Codes

H04L 63/102   Entity profiles

H04L 67/52   specially adapted for the l...

H04W 4/02   Services making use of loca...

H04W 4/029   Location-based management o...

Rules engine architecture and implementation

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

102 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Rules engine architecture and implementation

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links