Rules engine architecture and implementation
First Claim
1. A system for managing private customer data, the system comprising:
- a data store in a computer readable storage media maintaining customer data, the customer data including privacy constraints and private customer data;
a first security module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to restrict access to at least one element of the private customer data based on one or more of the privacy constraints associated with the at least one element of the private customer data, wherein the privacy constraints include role related privacy rules associated with a category of the private customer data corresponding to the at least one element of the private customer data, wherein at least one of the role related privacy rules is a customer selectable rule that implements an opt-in or opt-out method, wherein the privacy constraints further include a set of security requirements and data retention requirements for the category of the private customer data that include a restricted value related to the category of the private customer data;
a second security module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to communicate with an application of a requesting entity desiring access to the customer data from the data store, the second security module executable to determine whether the application is a legitimate, authorized application and further denying the application access to the customer data of the data store upon determining that the application is an imposter, unauthorized application, wherein the application includes a security portion of the application programmed to communicate with the second security module to provide the second security module with parameters of the application necessary for the second security module to determine whether the application is a legitimate, authorized application; and
a third security module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to restrict access to the customer data by the application based on a data operation to be performed by the application on the customer data, wherein the third security module permits access to the customer data upon the data operation being a read only data operation based solely on the operation being a read only data operation, and wherein the third security module determines whether to restrict access by the application to the customer data upon the data operation being a modify data operation.
6 Assignments
0 Petitions
Accused Products
Abstract
A system for customer data privacy management is provided. The system includes a data store having customer data and privacy rules associated with the customer data, a rules engine that limits access to the customer data, an application to provide a service related to the customer data, and an interface in communication with the application and the rules engine. The rules engine promotes limiting access to customer data based on the service of the application and the privacy rules associated with the customer data. The customer data includes mobile location information and positioning information. The service of the application may be further defined as a mobile location service. The customer data includes a buddy list and one or more of the privacy rules can be associated with the buddy list to limit access by one or more applications to the buddy list.
-
Citations
25 Claims
-
1. A system for managing private customer data, the system comprising:
-
a data store in a computer readable storage media maintaining customer data, the customer data including privacy constraints and private customer data; a first security module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to restrict access to at least one element of the private customer data based on one or more of the privacy constraints associated with the at least one element of the private customer data, wherein the privacy constraints include role related privacy rules associated with a category of the private customer data corresponding to the at least one element of the private customer data, wherein at least one of the role related privacy rules is a customer selectable rule that implements an opt-in or opt-out method, wherein the privacy constraints further include a set of security requirements and data retention requirements for the category of the private customer data that include a restricted value related to the category of the private customer data; a second security module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to communicate with an application of a requesting entity desiring access to the customer data from the data store, the second security module executable to determine whether the application is a legitimate, authorized application and further denying the application access to the customer data of the data store upon determining that the application is an imposter, unauthorized application, wherein the application includes a security portion of the application programmed to communicate with the second security module to provide the second security module with parameters of the application necessary for the second security module to determine whether the application is a legitimate, authorized application; and a third security module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to restrict access to the customer data by the application based on a data operation to be performed by the application on the customer data, wherein the third security module permits access to the customer data upon the data operation being a read only data operation based solely on the operation being a read only data operation, and wherein the third security module determines whether to restrict access by the application to the customer data upon the data operation being a modify data operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for managing customer data;
- comprising;
restricting, by a computer processor, access by a requesting application to a system maintaining the customer data in a data store based on a determination of whether the requesting application is legitimate and authorized to access the system, wherein the determination is based on parameters of the requesting application; restricting, by a computer processor, access by the requesting application to one or more portions of the customer data based on actions to be performed by the requesting application on the portions of the customer data, wherein access by the requesting application to the one or more portions of the customer is not restricted upon the actions to be performed being a read only action based solely on the determination that the action to be performed is a read only action, and wherein upon the actions to be performed being modifying actions to the one or more portions of the customer data, access by the requesting application to the one or more portions of the customer data is restricted based on authorizing an entity using the requesting application; and restricting, by a computer processor, access by the requesting application to one or more portions of the customer data where the customer data includes at least one security restriction on the customer data requested by the requesting application, wherein a customer to which the customer data pertains selects the at least one security restriction on the customer data, wherein the at least one security restriction includes role related privacy rules associated with a category of the customer data requested by the requesting application, wherein at least one of the role related privacy rules is a customer selectable rule that implements an opt-in or opt-out method, and wherein the at least one security restriction further includes a set of security requirements and data retention requirements for the category of the customer data that include a restricted value related to the category of the private customer data. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- comprising;
-
24. A system for managing private customer data, the system comprising:
-
an entity authorization module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to determine whether an entity is allowed to access an application, wherein the application accesses at least one element of private customer data; an application authorization module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to determine whether the application is a legitimate application based on parameters of the application, wherein the application authorization module permits the application'"'"'s access to the at least one element of private customer data upon determining that the application is a legitimate application, the application authorization module coupled to the entity authorization module; an operation authorization module stored as a set of computer readable instructions in a computer readable storage media and executable by a processor to determine whether an operation to be performed by the application'"'"'s access to the at least one element of private customer data is a read operation or a modify operation, wherein upon determining that the operation is a read operation, the operation authorization module always permits the application'"'"'s access to the at least one element of private customer data, and wherein upon determining that the operation is a modify operation, the operation authorization module further determines whether the entity is authorized to perform the modify operation on the at least one element of private customer data and permits the application'"'"'s access to the at least one element of private customer data upon determining that the entity is authorized to perform the modify operation, wherein the operation authorization module is coupled to the application authorization module after the application authorization module is coupled to the entity authorization module; a data store that stores customer data comprising private customer data including the at least one element of private customer data, the data store further comprising privacy constraints, wherein each element of private customer data has at least one associated privacy constraint, wherein the privacy constraints include role related privacy rules associated with a category of the private customer data corresponding to the at least one element of private customer data, wherein at least one of the role related privacy rules is a customer selectable rule that implements an opt-in or opt-out method, wherein the privacy constraints further include a set of security requirements and data retention requirements for the category of the private customer data that include a restricted value related to the category of the private customer data; and a rules engine coupled to the operation authorization module and the data store, wherein the rules engine permits the application'"'"'s access to the at least one element of private customer data based on applying the at least one privacy constraint associated with the at least one element of private customer data. - View Dependent Claims (25)
-
Specification