User privacy framework
First Claim
1. A computer-implemented method for implementing a policy for disclosing information of a first user to a second user, the method comprising:
- providing, by a server, a user interface to the first user to create and manage the policy for determining if the second user is allowed access to the information of the first user;
anticipating, by the server, the policy desired by the first user based on location information of the first user for which the policy is created;
based on the anticipation, suggesting, by the server, a policy template;
receiving, at the server, the policy created by the first user,wherein the policy comprises a privacy level and a first rule created by the first user using the user interface,wherein the first rule comprises a condition, andwherein the condition comprises one or more dimensions selected from a plurality of dimensions associated with the second user;
storing the first rule and the privacy level in a rules database;
receiving a request by an application of the second user to view the information of the first user;
evaluating the first rule and the privacy level from the rules database against the request by the application of the second user; and
based on the evaluating, allowing access by the second user to view the information of the first user if the request satisfies the condition of the first rule and the privacy level.
4 Assignments
0 Petitions
Accused Products
Abstract
A computer program product has a computer-readable storage medium having computer program instructions embodied therein for performing a method for implementing a privacy policy for a user. The method may include the user developing rules that determine whether another user (requester) can access information related to the user. The rules may be stored in a database coupled to a server and evaluated when a request is received from the requester to access the information. If a rule is satisfied by the requester, the server can return the information to the requester. The information can be returned at a level of granularity specified by the user in the satisfied rule. A privacy level can be set by the user to allow access to requesters based on the rules or to deny access to any requesters.
25 Citations
71 Claims
-
1. A computer-implemented method for implementing a policy for disclosing information of a first user to a second user, the method comprising:
-
providing, by a server, a user interface to the first user to create and manage the policy for determining if the second user is allowed access to the information of the first user; anticipating, by the server, the policy desired by the first user based on location information of the first user for which the policy is created; based on the anticipation, suggesting, by the server, a policy template; receiving, at the server, the policy created by the first user, wherein the policy comprises a privacy level and a first rule created by the first user using the user interface, wherein the first rule comprises a condition, and wherein the condition comprises one or more dimensions selected from a plurality of dimensions associated with the second user; storing the first rule and the privacy level in a rules database; receiving a request by an application of the second user to view the information of the first user; evaluating the first rule and the privacy level from the rules database against the request by the application of the second user; and based on the evaluating, allowing access by the second user to view the information of the first user if the request satisfies the condition of the first rule and the privacy level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 60, 61, 62, 63, 64, 65, 66, 67, 68)
-
-
19. A system for implementing a privacy policy, the system comprising:
-
a first data storage unit for storing one or more policies, wherein each policy of the one or more policies comprise a privacy level and one or more rules, wherein each rule of the one or more rules each comprises a condition, wherein the condition comprises one or more dimensions selected from a plurality of dimensions, and wherein the condition comprises one or more elements associated with the one or more dimensions selected from a plurality of elements; a second data storage unit for storing information of a user; and an authorization server coupled to at least one of the first data storage unit and the second data storage unit and configured to receive a request from a requester for viewing the information of the user and for returning the information of the user if one or more policies are satisfied, wherein the authorization server comprises a processor for evaluating the one or more policies against the request, wherein the authorization server is configured to provide a user interface for allowing the user to develop the one or more policies by providing a plurality of conditions, dimensions, elements and privacy levels for selection by the user and for allowing the user to add, modify, or delete the one or more policies, wherein the authorization server is configured to anticipate the policy desired by the user based on location information of the first user for which the policy is created, wherein the authorization server is configured to suggest a policy template, and wherein the authorization server is configured to receive the policy created by the first user. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 69)
-
-
39. A non-transitory computer readable storage medium having computer readable program code embodied therein for implementing a policy for a first user, the computer readable program code representing instructions to cause a processor to perform operations comprising:
-
providing a user interface for allowing the first user to create and manage a condition of a first rule and a privacy level for determining if a second user is allowed access to information of the first user, wherein the condition comprises one or more dimensions selected from a plurality of dimensions; and anticipating the policy desired by the first user based on location information of the first user for which the policy is created; suggesting a policy template from a plurality of policy templates based on the anticipation, wherein the suggested policy template is displayed in the user interface; receiving the first rule and the privacy level; storing the first rule and the privacy level; evaluating the first rule and the privacy level against a request from the second user upon receiving the request, wherein the request by the second user is to access the information of the first user; and permitting access to the second user if the second user satisfies the at least one of the condition of the first rule and the privacy level. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 70, 71)
-
Specification