User agent to exercise privacy control management in a user-centric identity management system
First Claim
1. A system, comprising:
- storage including at least one privacy preference relative to at least one user identity;
an editor, responsive to user selections that indicate at least one preference-related input that relates to the at least one user identity, the editor to;
generate at least one privacy preference based on the user selections wherein the user identity is represented by at least one information card used in an online transaction with a relying party; and
determine a privacy preference for each category;
an engine, operatively connected to the storage, the engine configured to perform an evaluation using the at least one privacy preference of any category that references at least one required attribute; and
a host computer to evaluate the at least one privacy preference against a privacy policy associated with the online transaction and obtained from the relying party;
wherein the host computer provides the at least one information card that represents the user identity to the relying party.
3 Assignments
0 Petitions
Accused Products
Abstract
A client-side user agent operates in conjunction with an identity selector to institute and exercise privacy control management over user identities managed by the identity selector. The user agent includes the combination of a privacy enforcement engine, a storage of rulesets expressing user privacy preferences, and a preference editor. The editor enables the user to direct the composition of privacy preferences relative to user identities. The preferences can be applied to individual cards and to categorized groups of attributes. The engine evaluates the proper rulesets against the privacy policy of a service provider. The privacy preferences used by the engine are determined on the basis of specifications in a security policy indicating the attribute requirements for claims that purport to satisfy the security policy.
-
Citations
20 Claims
-
1. A system, comprising:
-
storage including at least one privacy preference relative to at least one user identity; an editor, responsive to user selections that indicate at least one preference-related input that relates to the at least one user identity, the editor to; generate at least one privacy preference based on the user selections wherein the user identity is represented by at least one information card used in an online transaction with a relying party; and determine a privacy preference for each category; an engine, operatively connected to the storage, the engine configured to perform an evaluation using the at least one privacy preference of any category that references at least one required attribute; and a host computer to evaluate the at least one privacy preference against a privacy policy associated with the online transaction and obtained from the relying party; wherein the host computer provides the at least one information card that represents the user identity to the relying party. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method, comprising:
-
a user agent providing at least one privacy preference relative to at least one user identity; the user agent receiving user selections indicating at least one privacy preference-related input pertaining to the user identity wherein the user identity is represented by at least one information card used in completing an online transaction with a relying party; the user agent generating at least one privacy preference, using the user selections; the user agent furnishing the at least one generated privacy preference; the user agent evaluating at least one privacy preference against a privacy policy associated with an online transaction and obtained from the relying party, the evaluating using the at least one privacy preference of any category referencing at least one required attribute; and a host computer providing the at least one information card representing the user identity to the relying party. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable medium having computer-executable instructions for execution by a processor, that, when executed, cause the processor to:
-
provide, via a user agent, at least one privacy preference relative to the user identity wherein the user identity is represented by at least one information card used in completing an online transaction with a relying party; receive, via the user agent, user selections indicating at least one privacy preference-related input pertaining to at least one user identity; generate, via the user agent, at least one privacy preference, using the user selections; furnish, via the user agent, the at least one generated privacy preference; evaluate, via the user agent, at least one privacy preference against a privacy policy associated with the online transaction and obtained from the relying party, the evaluation using the at least one privacy preference of any category referencing at least one required attribute; and provide, by a host computer, the at least one information card that represents the user identity to the relying party. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification