System and method establishing trusted relationships to enable secure exchange of private information
First Claim
1. A system for secure exchange of private information between a personal information repository owner (PIRO) and an application services provider (ASP) to enable delivery of a personalized service to an end-user device, the system comprising:
- a trusted third-party privity core on a processor, wherein the trusted third-party privity core is in communication with the PIRO, the ASP, and the end-user device; and
a privity runtime engine in communication with the trusted third-party privity core, the PIRO, and the ASP;
wherein the trusted third-party privity core;
stores a level of trustworthiness for the ASP;
stores rules regulating dissemination of different types of private information;
receives an opt-in message from the end-user device indicating a request to receive a service provided by the ASP;
receives from the ASP, a request for private information of the end-user device needed for providing the requested service;
determines whether the requested private information can be provided to the ASP based on the level of trustworthiness for the ASP, the rules regulating dissemination of the requested private information, and the opt-in message from the end-user device;
generates a one-time subscription token that includes the received request for private information;
stores the token in a token database accessible by the privity runtime engine;
encrypts the token; and
sends the encrypted one-time token to the ASP upon determining that the requested private information can be provided to the ASP;
wherein the ASP decrypts the encrypted one-time token and sends the token and the request for private information to the privity runtime engine; and
wherein the privity runtime engine;
receives the token and the request for private information from the ASP;
verifies the token is valid and the request for private information matches the request sent from the privity core to the ASP; and
upon verification of the token and the request, obtains the requested private information from the PIRO and sends the requested private information to the ASP.
0 Assignments
0 Petitions
Accused Products
Abstract
The invention disclosed here is aimed at enabling a trusted third party to manage user opt-ins which would enable growth of personalized information services, that is, enabling trusted business relationships between three types of entities—an end-user, an information source/provider, and an application service provider/developer—so that they can have a controlled, secure and private exchange of sensitive and/or confidential information. The inventive system has modes of operation recommended based on various conditions, enabling a secure exchange of private information between personal information repository owners and application services providers to enable deliver of personalized services. One mode is Durable Subscription Management, which is used when per transaction approval is not needed, that is, when an end-user has given permission to access data for a given or predefined period of time. A second mode is Per-Transaction Subscription Management Without Logs and a third mode is Per-Transaction Subscription Management With Logs.
11 Citations
3 Claims
-
1. A system for secure exchange of private information between a personal information repository owner (PIRO) and an application services provider (ASP) to enable delivery of a personalized service to an end-user device, the system comprising:
-
a trusted third-party privity core on a processor, wherein the trusted third-party privity core is in communication with the PIRO, the ASP, and the end-user device; and a privity runtime engine in communication with the trusted third-party privity core, the PIRO, and the ASP; wherein the trusted third-party privity core; stores a level of trustworthiness for the ASP; stores rules regulating dissemination of different types of private information; receives an opt-in message from the end-user device indicating a request to receive a service provided by the ASP; receives from the ASP, a request for private information of the end-user device needed for providing the requested service; determines whether the requested private information can be provided to the ASP based on the level of trustworthiness for the ASP, the rules regulating dissemination of the requested private information, and the opt-in message from the end-user device; generates a one-time subscription token that includes the received request for private information; stores the token in a token database accessible by the privity runtime engine; encrypts the token; and sends the encrypted one-time token to the ASP upon determining that the requested private information can be provided to the ASP; wherein the ASP decrypts the encrypted one-time token and sends the token and the request for private information to the privity runtime engine; and wherein the privity runtime engine; receives the token and the request for private information from the ASP; verifies the token is valid and the request for private information matches the request sent from the privity core to the ASP; and upon verification of the token and the request, obtains the requested private information from the PIRO and sends the requested private information to the ASP.
-
-
2. A method of securely exchanging private information between a personal information repository owner (PIRO) and an application services provider (ASP) to enable delivery of a personalized service to an end-user device, wherein a trusted third-party privity core on a processor is in communication with the PIRO, the ASP, and the end-user device, and a privity runtime engine is in communication with the trusted third-party privity core, the PIRO, and the ASP, wherein the method comprises:
-
performing the following steps by the trusted third-party privity core on a processor; storing a level of trustworthiness for the ASP; storing rules regulating dissemination of different types of private information; receiving from the end-user device, an opt-in message that indicates a request to receive a service provided by the ASP; receiving from the ASP, a request for private information of the end-user device needed for providing the requested service; determining whether the requested private information can be provided to the ASP based on the level of trustworthiness for the ASP, the rules regulating dissemination of the requested private information, and the opt-in message from the end-user device; generating a one-time subscription token that includes the received request for private information; storing the token in a token database accessible by the privity runtime engine; encrypting the token; and sending the encrypted one-time token to the ASP upon determining that the requested private information can be provided to the ASP; performing the following steps by the ASP; decrypting the encrypted one-time token; and sending the token and the request for private information to the privity runtime engine; and performing the following steps by the privity runtime engine; receiving the token and the request for private information from the ASP; verifying the token is valid; verifying the request for private information matches the request sent from the privity core to the ASP; and upon verification of the token and the request, obtaining the requested private information from the PIRO and sending the requested private information to the ASP.
-
-
3. A non-transitory computer-readable storage medium storing a program of instructions executable by a machine to perform a method of securely exchanging private information between a personal information repository owner (PIRO) and an application services provider (ASP), wherein a trusted third-party privity core on a processor is in communication with the PIRO, the ASP, and an end-user device, and a privity runtime engine is in communication with the trusted third-party privity core, the PIRO, and the ASP, wherein the method comprises:
-
performing the following steps by the trusted third-party privity core on the processor; storing a level of trustworthiness for the ASP; storing rules regulating dissemination of different types of private information; receiving from the end-user device, an opt-in message that indicates a request to receive a service provided by the ASP; receiving from the ASP, a request for private information of the end-user device needed for providing the requested service; determining whether the requested private information can be provided to the ASP based on the level of trustworthiness for the ASP, the rules regulating dissemination of the requested private information, and the opt-in message from the end-user device; generating a one-time subscription token that includes the received request for private information; storing the token in a token database accessible by the privity runtime engine; encrypting the token; and sending the encrypted one-time token to the ASP upon determining that the requested private information can be provided to the ASP; performing the following steps by the ASP; decrypting the encrypted one-time token; and sending the token and the request for private information to the privity runtime engine; and performing the following steps by the privity runtime engine; receiving the token and the request for private information from the ASP; verifying the token is valid; verifying the request for private information matches the request sent from the privity core to the ASP; and upon verification of the token and the request, obtaining the requested private information from the PIRO and sending the requested private information to the ASP.
-
Specification