Managing data handling policies

US 9,864,873 B2
Filed: 03/15/2013
Issued: 01/09/2018
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method of automatically sharing sensitive data in accordance with a set of predetermined policy requirements including data handling policies a node requires for handling and protecting sensitive data, the method comprising:

establishing a secure connection between a first node and a second node across a network;

receiving a request from the first node across the network to provide a set of data for the first node;

determining whether the requested set of data includes a set of sensitive data;

upon a positive determination of a set of sensitive data, requesting a set of certified policy commitments from the first node, wherein the set of certified policy commitments includes data handling policies that the first node commits to utilize in handling and protecting the set of sensitive data of the second node;

the second node receiving across the network the set of certified policy commitments for the first node;

authenticating the set of certified policy commitments;

the second node comparing the data handling policies of the authenticated set of certified policy commitments from the first node to the data handling policies of the set of predetermined policy requirements that the second node requires for handling and protecting the requested sensitive data;

utilizing a processor of the second node to automatically determine from the comparison whether the data handling policies of the authenticated set of certified policy commitments of the first node at least meets the data handling policies of the set of predetermined policy requirements of the second node; and

upon a positive determination by the second node that the data handling policies of the authenticated set of certified policy commitments of the first node at least meets the data handling policies of the set of predetermined policy requirements of the second node, transmitting across the network the requested set of data including the set of sensitive data from the second node to the first node through the secure connection.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, computer usable program product or system for automatically sharing a set of sensitive data in accordance with a set of predetermined policy requirements including receiving across a network a set of certified policy commitments for a node; authenticating the set of certified policy commitments; utilizing a processor to automatically determine whether the set of certified policy commitments satisfies the set of predetermined policy requirements; and upon a positive determination, transmitting across the network the set of sensitive data to the node.

55 Citations

View as Search Results

37 Claims

1. A method of automatically sharing sensitive data in accordance with a set of predetermined policy requirements including data handling policies a node requires for handling and protecting sensitive data, the method comprising:
- establishing a secure connection between a first node and a second node across a network;
  
  receiving a request from the first node across the network to provide a set of data for the first node;
  
  determining whether the requested set of data includes a set of sensitive data;
  
  upon a positive determination of a set of sensitive data, requesting a set of certified policy commitments from the first node, wherein the set of certified policy commitments includes data handling policies that the first node commits to utilize in handling and protecting the set of sensitive data of the second node;
  
  the second node receiving across the network the set of certified policy commitments for the first node;
  
  authenticating the set of certified policy commitments;
  
  the second node comparing the data handling policies of the authenticated set of certified policy commitments from the first node to the data handling policies of the set of predetermined policy requirements that the second node requires for handling and protecting the requested sensitive data;
  
  utilizing a processor of the second node to automatically determine from the comparison whether the data handling policies of the authenticated set of certified policy commitments of the first node at least meets the data handling policies of the set of predetermined policy requirements of the second node; and
  
  upon a positive determination by the second node that the data handling policies of the authenticated set of certified policy commitments of the first node at least meets the data handling policies of the set of predetermined policy requirements of the second node, transmitting across the network the requested set of data including the set of sensitive data from the second node to the first node through the secure connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the certified policy commitments are authenticated by utilizing a public key of a certifying authority.
  - 3. The method of claim 2 wherein the set of certified policy commitments was encrypted by a private key of the certifying authority.
  - 4. The method of claim 3 wherein the certifying authority was previously approved as a trusted certifying authority.
  - 5. The method of claim 1 wherein determining whether the requested set of data includes a set of insensitive data is in response to the request to provide the set of data.
  - 6. The method of claim 1 further comprising authenticating an identity of the node from the set of certified policy commitments.
  - 7. The method of claim 1 further comprising receiving a request for the set of sensitive data is received from the node across the network;
    - establishing a secure communication pathway with the node across the network; and
      
      sending a request for the set of certified policy commitments to the node;
      
      wherein the set of sensitive data is transmitted across the secure communication pathway.
  - 8. The method of claim 1 wherein the set of policy commitments is selected from a standard set of policy commitments.
  - 9. The method of claim 8 wherein the standard set of policy commitments include data handling policies that are hierarchically consistent.
  - 10. The method of claim 1 further comprising upon a negative determination whether the authenticated set of certified policy commitments at least meets the set of predetermined policy requirements, transmitting a request to the node across the network for an exception to the set of certified policy commitments.
  - 11. The method of claim 10 further comprising receiving an exception to the set of certified policy commitments from the node across the network.
  - 12. The method of claim 11 wherein the exception is a certified exception that can be authenticated by using a public key of a certifying authority.
  - 13. The method of claim 5 further comprising authenticating an identity of the node from the set of certified policy commitments;
    - receiving a request for the set of sensitive data is received from the node across the network;
      
      establishing a secure communication pathway with the node across the network;
      
      sending a request for the set of certified policy commitments to the node;
      
      upon a negative determination, transmitting a request to the node across the network for an exception to the set of certified policy commitments; and
      
      receiving an exception to the set of certified policy commitments from the node across the network;
      
      wherein the set of sensitive data is transmitted across the secure communication pathway;
      
      wherein the set of policy commitments is selected from a standard set of policy commitments; and
      
      wherein the exception is a certified exception that can be authenticated by using a public key of a certifying authority.

14. A computer usable program product comprising a non-transitory computer usable storage medium including computer usable code for use in automatically sharing sensitive data in accordance with a set of predetermined policy requirements including data handling policies a node requires for handling and protecting sensitive data, the computer usable program product comprising code for performing the steps of:
- establishing a secure connection between a first node and a second node across a network;
  
  receiving a request from the first node across the network to provide a set of data for the first node;
  
  determining whether the requested set of data includes sensitive data;
  
  upon a positive determination of sensitive data, requesting a set of certified policy commitments from the first node, wherein the set of certified policy commitments includes data handling policies that the first node commits to utilize in handling and protecting the set of sensitive data of the second node;
  
  the second node receiving across the network the set of certified policy commitments for the first node;
  
  authenticating the set of certified policy commitments;
  
  the second node comparing the data handling policies of the authenticated set of certified policy commitments from the first node to the data handling policies of the set of predetermined policy requirements that the second node requires for handling and protecting the requested sensitive data;
  
  utilizing a processor of the second node to automatically determine from the comparison whether the data handling policies of the authenticated set of certified policy commitments of the first node at least meets the data handling policies of the set of predetermined policy requirements of the second node; and
  
  upon a positive determination by the second node that the data handling policies of the authenticated set of certified policy commitments of the first node at least meets the data handling policies of the set of predetermined policy requirements of the second node, transmitting across the network the requested set of data including the set of sensitive data from the second node to the first node through the secure connection.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The computer usable program product of claim 14 wherein the certified policy commitments are authenticated by utilizing a public key of a certifying authority.
  - 16. The computer usable program product of claim 15 wherein the set of certified policy commitments was encrypted by a private key of the certifying authority.
  - 17. The computer usable program product of claim 16 wherein the certifying authority was previously approved as a trusted certifying authority.
  - 18. The computer usable program product of claim 14 wherein determining whether the requested set of data includes a set of insensitive data is in response to the request to provide the set of data.
  - 19. The computer usable program product of claim 14 further comprising code for performing the step of authenticating an identity of the node from the set of certified policy commitments.
  - 20. The computer usable program product of claim 14 further comprising code for performing the steps of receiving a request for the set of sensitive data is received from the node across the network;
    - establishing a secure communication pathway with the node across the network;
      
      and sending a request for the set of certified policy commitments to the node;
      
      wherein the set of sensitive data is transmitted across the secure communication pathway.
  - 21. The computer usable program product of claim 14 wherein the set of policy commitments is selected from a standard set of policy commitments.
  - 22. The computer usable program product of claim 21 wherein the standard set of policy commitments include data handling policies that are hierarchically consistent.
  - 23. The computer usable program product of claim 14 further comprising code for performing the step of upon a negative determination whether the authenticated set of certified policy commitments at least meets the set of predetermined policy requirements, transmitting a request to the node across the network for an exception to the set of certified policy commitments.
  - 24. The computer usable program product of claim 23 further comprising code for performing the step of receiving an exception to the set of certified policy commitments from the node across the network.
  - 25. The computer usable program product of claim 24 wherein the exception is a certified exception that can be authenticated by using a public key of a certifying authority.

26. A data processing system for automatically sharing sensitive data in accordance with a set of predetermined policy requirements including data handling policies a node requires for handling and protecting sensitive data, the data processing system comprising:
- a processor; and
  
  a memory storing program instructions which when executed by the processor execute the steps of;
  
  establishing a secure connection between a first node and a second node across a network;
  
  receiving a request from the first node across the network to provide a set of data for the first node;
  
  determining whether the requested set of data includes sensitive data;
  
  upon a positive determination of sensitive data, requesting a set of certified policy commitments from the first node, wherein the set of certified policy commitments includes data handling policies that the first node commits to utilize in handling and protecting the set of sensitive data of the second node;
  
  the second node receiving across the network the set of certified policy commitments for the first node;
  
  authenticating the set of certified policy commitments;
  
  the second node comparing the data handling policies of the authenticated set of certified policy commitments from the first node to the data handling policies of the set of predetermined policy requirements that the second node requires for handling and protecting the requested sensitive data;
  
  utilizing a processor of the second node to automatically determine from the comparison whether the data handling policies of the authenticated set of certified policy commitments of the first node at least meets the data handling policies of the set of predetermined policy requirements of the second node; and
  
  upon a positive determination by the second node that the data handling policies of the authenticated set of certified policy commitments of the first node at least meets the data handling policies of the set of predetermined policy requirements of the second node, transmitting across the network the requested set of data including the set of sensitive data from the second node to the first node through the secure connection.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 27. The data processing system of claim 26 wherein the certified policy commitments are authenticated by utilizing a public key of a certifying authority.
  - 28. The data processing system of claim 27 wherein the set of certified policy commitments was encrypted by a private key of the certifying authority.
  - 29. The data processing system of claim 28 wherein the certifying authority was previously approved as a trusted certifying authority.
  - 30. The data processing system of claim 26 wherein determining whether the requested set of data includes a set of insensitive data is in response to the request to provide the set of data.
  - 31. The data processing system of claim 26 further comprising authenticating an identity of the node from the set of certified policy commitments.
  - 32. The data processing system of claim 26 further comprising receiving a request for the set of sensitive data is received from the node across the network;
    - establishing a secure communication pathway with the node across the network; and
      
      sending a request for the set of certified policy commitments to the node;
      
      wherein the set of sensitive data is transmitted across the secure communication pathway.
  - 33. The data processing system of claim 26 wherein the set of policy commitments is selected from a standard set of policy commitments.
  - 34. The data processing system of claim 33 wherein the standard set of policy commitments include data handling policies that are hierarchically consistent.
  - 35. The data processing system of claim 26 further comprising upon a negative determination whether the authenticated set of certified policy commitments at least meets the set of predetermined policy requirements, transmitting a request to the node across the network for an exception to the set of certified policy commitments.
  - 36. The data processing system of claim 35 further comprising receiving an exception to the set of certified policy commitments from the node across the network.
  - 37. The data processing system of claim 36 wherein the exception is a certified exception that can be authenticated by using a public key of a certifying authority.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
TrustArc, Inc.
Original Assignee
TrustArc, Inc.
Inventors
Guinan, Daniel J.
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US13/841,777
Publication Number

US 20140282835A1
Time in Patent Office

1,761 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 67/141   Setup of application sessio...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

H04W 12/08   Access security

Managing data handling policies

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Managing data handling policies

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links