System and method for defining a privacy zone within a network

US 10,733,666 B1
Filed: 06/30/2005
Issued: 08/04/2020
Est. Priority Date: 06/30/2005
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium containing instructions for controlling a data processing system to perform a method, the data processing system having an asset platform and an offering platform, the offering platform being operatively connected to the asset platform across a network, the instructions comprising:

instructions for causing the offering platform to receive a request for an offering to be deployed to an asset, the asset being operatively connected to the asset platform, wherein;

the asset platform and an asset platform manager are disposed on an asset platform computer system in the data processing system;

the offering, the offering platform and an offering platform privacy manager are disposed on an offering platform computer system in the data processing system; and

the offering comprises a front-end offering logic hosted on the asset platform computer system and a back-end offering logic hosted on the offering platform computer system, the front-end offering logic being operatively configured to collect at least one data element associated with the asset and transfer said data element to the back-end offering logic;

instructions for causing the offering platform privacy manager to identify a privacy policy associated with the offering, wherein the privacy policy independently defines at least an access list and a time to live for each of the at least one data element;

instructions for causing the offering platform privacy manager to deploy the front-end offering logic to the asset platform such that the front-end offering logic is operatively configured to communicate with the asset; and

instructions for causing the asset platform manager to generate a data element collection filter configured to control the transfer and the access of the at least one data element in accordance with the privacy policy, said data element collection filter being disposed between the front end offering logic and the back end offering logic, wherein the at least one data element is used by the back end offering logic for processing the request for the offering, and wherein the data element collection filter inhibits transfer of the at least one data element to the offering platform after determining that the at least one data element is not identified in the privacy policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and articles of manufacture are provided for defining a privacy zone between an asset platform and an offering platform within a network. A request is received from a customer for an offering to be deployed in association with an asset hosted on the asset platform. The offering has back-end offering logic and front-end offering logic that is operatively configured to collect and transfer a data element associated with the asset to the back-end offering logic. A privacy policy associated with the offering is identified. The front-end offering logic is deployed to the asset platform such that the front-end offering logic is operatively configured to communicate with the asset. A data element collection filter is then generated between the front-end offering logic and the back-end offering logic to control the transfer and the access of the data element in accordance with the privacy policy.

34 Citations

24 Claims

1. A non-transitory computer-readable medium containing instructions for controlling a data processing system to perform a method, the data processing system having an asset platform and an offering platform, the offering platform being operatively connected to the asset platform across a network, the instructions comprising:
- instructions for causing the offering platform to receive a request for an offering to be deployed to an asset, the asset being operatively connected to the asset platform, wherein;
  
  the asset platform and an asset platform manager are disposed on an asset platform computer system in the data processing system;
  
  the offering, the offering platform and an offering platform privacy manager are disposed on an offering platform computer system in the data processing system; and
  
  the offering comprises a front-end offering logic hosted on the asset platform computer system and a back-end offering logic hosted on the offering platform computer system, the front-end offering logic being operatively configured to collect at least one data element associated with the asset and transfer said data element to the back-end offering logic;
  
  instructions for causing the offering platform privacy manager to identify a privacy policy associated with the offering, wherein the privacy policy independently defines at least an access list and a time to live for each of the at least one data element;
  
  instructions for causing the offering platform privacy manager to deploy the front-end offering logic to the asset platform such that the front-end offering logic is operatively configured to communicate with the asset; and
  
  instructions for causing the asset platform manager to generate a data element collection filter configured to control the transfer and the access of the at least one data element in accordance with the privacy policy, said data element collection filter being disposed between the front end offering logic and the back end offering logic, wherein the at least one data element is used by the back end offering logic for processing the request for the offering, and wherein the data element collection filter inhibits transfer of the at least one data element to the offering platform after determining that the at least one data element is not identified in the privacy policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The non-transitory computer readable medium of claim 1, further comprising instructions for associating the front-end offering logic with an asset interface module that is operatively configured to enable the associated front-end offering logic to communicate with the asset.
  - 3. The non-transitory computer readable medium of claim 1, further comprising instructions for causing the data element collection filter to determine whether a first of the data elements collected by the front-end offering logic is identified in the privacy policy and, when it is determined that the first data element is identified in the privacy policy, associate the data element with a time-to-live in accordance with the privacy policy.
  - 4. The non-transitory computer readable medium of claim 3, further comprising:
    - instructions for transferring the data element to the offering platform;
      
      instructions for determining whether the time-to-live associated with the transferred data element has expired; and
      
      instructions for, when it is determined that the time-to-live associated with the transferred data element has expired, deleting the transferred data element.
  - 5. The non-transitory computer readable medium of claim 1, further comprising instructions for causing the data element collection filter to determine whether a first of the data elements collected by the front-end offering logic is identified in the privacy policy and, when it is determined that the first data element is identified in the privacy policy, associate the data element with an access control list in accordance with the privacy policy.
  - 6. The non-transitory computer readable medium of claim 5, further comprising:
    - instructions for transferring the data element to the offering platform; and
      
      instructions for controlling access to the transferred data element in accordance with the access control list associated with the transferred data element.
  - 7. The non-transitory computer readable medium of claim 1, further comprising instructions for receiving a change to the privacy policy, wherein the data element collection filter is generated in accordance with the change to the privacy policy.
  - 8. The non-transitory computer readable medium of claim 7, further comprising instructions for modifying the privacy policy to incorporate the change, wherein the privacy policy is disposed on the offering platform.
  - 9. The non-transitory computer readable medium of claim 1, further comprising instructions for receiving a change to the privacy policy, wherein the data element collection filter is modified in accordance with the change to the privacy policy.
  - 10. The non-transitory computer readable medium of claim 9, further comprising instructions for deploying the privacy policy to the asset platform and modifying the privacy policy to incorporate the change via the asset platform.

11. A non-transitory computer-readable medium containing instructions for controlling a data processing system to perform a method, the data processing system having an asset platform and an offering platform, said offering platform being operatively connected to the asset platform across a network, the instructions comprising:
- instructions for causing the offering platform to receive, from a customer, a request for an offering to be deployed to an asset, the asset being operatively connected to the asset platform, wherein;
  
  the asset platform and an asset platform manager are disposed on an asset platform computer system in the data processing system;
  
  the offering, the offering platform, and an offering platform privacy manager are disposed on an offering platform computer system in the data processing system; and
  
  the offering comprises a back-end offering logic hosted on the offering platform computer system and a front-end offering logic hosted on the asset platform computer system, the front-end offering logic being operatively configured to collect a plurality of data elements associated with the asset and transfer said plurality of data elements to the back-end offering logic;
  
  instructions for causing the offering platform privacy manager to identify a privacy policy associated with the offering that dictates transfer of and access to the plurality of data elements in the data processing system;
  
  instructions for causing the offering platform privacy manager to present a graphical representation of a hierarchical tree structure representing the privacy policy on a display to the customer, wherein the hierarchical tree structure includes a plurality of segments respectively representing the plurality of data elements of the privacy policy, and wherein the hierarchical tree structure includes a plurality of sub-segments respectively representing a plurality of parameters of the plurality of data elements of the privacy policy;
  
  instructions for causing the offering platform privacy manager to deploy the front-end offering logic to the asset platform such that the front-end offering logic is operatively configured to communicate with the asset;
  
  instructions for causing the asset platform manager to generate a data element collection filter configured to control the transfer and the access of the plurality of data elements in accordance with the privacy policy, said data element collection filter being disposed between the front end offering logic and the back end offering logic, wherein the plurality of data elements are used by the back end offering logic for processing the request for the offering; and
  
  instructions for causing the data processing system to receive a change to the privacy policy including setting differing access lists and times-to-live for differing ones of plurality of data elements, wherein the instructions for causing the data processing system to receive a change to the privacy policy include instructions for receiving a change to the graphical representation of the hierarchical tree structure via the display, and wherein the data element collection filter is generated in accordance with the change to the privacy policy.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The non-transitory computer-readable medium of claim 11, the instructions further comprising instructions for causing the data processing system to receive a change to the privacy policy, wherein the data element collection filter is modified in accordance with the change to the privacy policy.
  - 13. The non-transitory computer-readable medium of claim 12, further comprising the step of deploying the privacy policy to the asset platform and modifying the privacy policy to incorporate the change via the asset platform.
  - 14. The non-transitory computer readable medium of claim 11, wherein the instructions for causing a change to the hierarchical tree structure include instructions for causing a change to at least one segment of the plurality of segments.
  - 15. The non-transitory computer readable medium of claim 14, wherein the instructions for causing a change to the hierarchical tree structure include instructions for causing a change to at least one sub-segment of the plurality of sub-segments.
  - 16. The non-transitory computer readable medium of claim 15, wherein a respective subset of the plurality of sub-segments depends from each segment of the plurality of segments.
  - 17. The non-transitory computer readable medium of claim 11, wherein the plurality of parameters of the plurality of data elements include an identifier that identifies the asset platform as the source of the at least one data element and an identifier that identifies the offering platform as the destination of the at least one data element.
  - 18. The non-transitory computer readable medium of claim 11, wherein a respective subset of the plurality of sub-segments depends from each segment of the plurality of segments.

19. A data processing system, comprising:
- an asset platform computer system comprising an asset platform operatively connected to a customer asset, a first memory to store the asset platform and a processor to run the asset platform, the asset platform including an asset platform manager; and
  
  an offering platform computer system comprising an offering, an offering platform operatively connected to the asset platform across a network, a second memory to store the offering platform and a processor to run the offering platform, the offering platform having a privacy manager, the offering comprising a front-end offering logic and a back-end offering logic, the front-end offering logic being operatively configured to collect at least one data element associated with the customer asset and transfer said data element to the back-end offering logic,wherein the offering platform;
  
  receives a request for the offering to be deployed to the customer asset,identifies a privacy policy associated with the offering that defines the at least one data element for use in processing the request for the offering,deploys the front-end offering logic to the asset platform such that the front-end offering logic is operatively configured to communicate with the asset, andrequests one of the privacy manager and the asset platform manager to generate a data element collection filter configured to control the transfer and the access of the at least one data element in accordance with the privacy policy including inhibiting transfer of any data elements not identified on the privacy policy, said data element collection filter being disposed between the front-end offering logic and the back-end offering logic wherein the at least one data element is used by the back end offering logic for processing the request for the offering.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The data processing system of claim 19, wherein the data element collection filter is operatively configured to determine whether a first of the data elements collected by the front-end offering logic is identified in the privacy policy and, when it is determined that the first data element is identified in the privacy policy, to associate the data element with a time-to-live in accordance with the privacy policy.
  - 21. The data processing system of claim 19, wherein the data element collection filter is operatively configured to determine whether a first of the data elements collected by the front-end offering logic is identified in the privacy policy and, when it is determined that the first data element is identified in the privacy policy, to associate the data element with an access control list in accordance with the privacy policy.
  - 22. The data processing system of claim 19, wherein the privacy manager further receives a change to the privacy policy and generates the data element collection filter in accordance with the change to the privacy policy.
  - 23. The data processing system of claim 19, wherein the asset platform manager further receives a change to the privacy policy and modifies the data element collection filter in accordance with the change to the privacy policy.

24. A non-transitory computer-readable medium containing instructions for controlling a data processing system to perform a method, the data processing system having an asset platform and an offering platform, said offering platform being operatively connected to the asset platform across a network, the instructions comprising:
- instructions for receiving, at an offering platform computer system, first and second requests from respective first and second customers for an offering to be deployed to first and second assets of the first and second customers, the first and second assets being respectively operatively connected to first and second asset platforms, the offering comprising a front-end offering logic and a back-end offering logic, the front-end offering logic being operatively configured to collect at least one data element associated with each of the first and second customer assets and transfer the data elements to the back-end offering logic;
  
  instructions for identifying, by the offering platform computer system, a privacy policy associated with the offering;
  
  instructions for deploying, by the offering platform computer system, the front-end offering logic to the first and second asset platforms such that the front-end offering logic is operatively configured to communicate with the first and second assets;
  
  instructions for providing, during the deploying, the front-end offering logic with first and second application programming interfaces that respectively allow the front-end offering logic to communicate with the first and second assets of the first and second asset platforms; and
  
  instructions for generating, by the first and second asset platforms, a data element collection filter between the front-end offering logic and the back-end offering logic, said filter being configured to control the transfer and the access of the data elements in accordance with the privacy policy, wherein the at least one data element is used by the back end offering logic for processing the request for the offering.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Wookey, Michael J., Gionfriddo, Michael J.
Primary Examiner(s)
Pollock, Gregory A

Application Number

US11/173,725
Time in Patent Office

5,514 Days
Field of Search

705 35
US Class Current
CPC Class Codes

G06Q 40/00 Finance; Insurance; Tax str...

System and method for defining a privacy zone within a network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for defining a privacy zone within a network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links