User-directed privacy control in a user-centric identity management system
First Claim
1. In an environment including at least one service provider each associated with a respective privacy policy, a system comprising:
- at least one hardware processor programmed to provide an identity manager programmed to manage a plurality of user identities of an individual user, the plurality of user identities pertaining to the individual user and describing different sets of personal information of the individual user, and to select one or more of the user identities of the user that satisfy a set of identity requirements of a security policy obtained from the environment;
a plurality of privacy preferences relative to at least one user identity of the plurality of user identities of the user;
a privacy engine operatively associated with the plurality of privacy preferences, the privacy engine programmed to evaluate one or more privacy preferences of the one or more selected user identities of the user against a privacy policy obtained from the environment to determine which of the selected user identities satisfy the at least one privacy preference, the privacy engine further programmed to present the evaluation of the selected user identities to the user; and
a policy editor programmed to process a privacy policy from the environment, generate a reduced version thereof, and supply the reduced privacy policy as the privacy policy used by the privacy engine in performing the evaluation.
3 Assignments
0 Petitions
Accused Products
Abstract
An identity management system incorporates privacy management processes that enable the user to exercise privacy controls over the disclosure of user identity information within the context of an authentication process. A combination includes an identity selector, a privacy engine, and a ruleset. The identity selector directs the release of a user identity in the form of a security token to satisfy the requirements dictated by a security policy. Prior to release of the user identity, the engine conducts a privacy enforcement process that examines the privacy policy of the service provider and determines if it is acceptable. The engine evaluates a ruleset against the privacy policy. A preference editor enables the user to construct, in advance, the ruleset, which embodies the user'"'"'s privacy preferences regarding the disclosure of identity information. Based on the evaluation results, the user can either approve or disapprove the privacy policy, and so decide whether to proceed with disclosure of the user identity.
-
Citations
18 Claims
-
1. In an environment including at least one service provider each associated with a respective privacy policy, a system comprising:
-
at least one hardware processor programmed to provide an identity manager programmed to manage a plurality of user identities of an individual user, the plurality of user identities pertaining to the individual user and describing different sets of personal information of the individual user, and to select one or more of the user identities of the user that satisfy a set of identity requirements of a security policy obtained from the environment; a plurality of privacy preferences relative to at least one user identity of the plurality of user identities of the user; a privacy engine operatively associated with the plurality of privacy preferences, the privacy engine programmed to evaluate one or more privacy preferences of the one or more selected user identities of the user against a privacy policy obtained from the environment to determine which of the selected user identities satisfy the at least one privacy preference, the privacy engine further programmed to present the evaluation of the selected user identities to the user; and a policy editor programmed to process a privacy policy from the environment, generate a reduced version thereof, and supply the reduced privacy policy as the privacy policy used by the privacy engine in performing the evaluation. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. In an environment including at least one service provider each associated with a respective privacy policy, a method, comprising:
-
managing a plurality of user identities of an individual user, the plurality of user identities pertaining to the individual user and describing different sets of personal information of the individual user, by an identity manager programmed to manage the plurality of user identities of the user including selecting one or more of the user identities of the user that satisfy a set of identity requirements of a security policy obtained from the environment; providing a plurality of privacy preferences relative to at least one user identity; evaluating, by a privacy engine, one or more privacy preferences of the one or more selected user identities of the user against a privacy policy obtained from the environment to determine which of the selected user identities satisfy the at least one privacy preference; presenting the evaluation of the selected user identities to the user; and processing, by a policy editor, a privacy policy from the environment, generating a reduced version thereof, and supplying the reduced privacy policy as the privacy policy used by the privacy engine in performing the evaluation. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. In an environment including at least one service provider each associated with a respective privacy policy, a non-transitory computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
-
manage a plurality of user identities of an individual user, the plurality of user identities pertaining to the individual user and describing different sets of personal information of the individual user, and to select one or more of the user identities of the user that satisfy a set of identity requirements of a security policy obtained from the environment; provide a plurality of privacy preferences relative to at least one user identity of the plurality of user identities of the user; evaluate one or more privacy preferences of the one or more selected user identities of the user against a privacy policy obtained from the environment to determine which of the selected user identities satisfy the at least one privacy preference; present the evaluation of the selected user identities to the user; and process, by a policy editor, a privacy policy from the environment, generate a reduced version thereof, and supply the reduced privacy policy as the privacy policy used by the privacy engine in performing the evaluation. - View Dependent Claims (16, 17, 18)
-
Specification