System and a method relating to access control
First Claim
1. A system for end user control of the distribution and maintenance of end user personal profile data in a data communications system providing communication between applications comprising and/or communicating with service/information/content providers or holding means (DB) holding end user personal profile data, characterized in that it comprises a personal profile protection network with at least one central protection server means, comprising or communicating with information holding means holding personal protection profile information, and a number of distributed access means, e.g. software modules, whereby for each of said applications at least one access means is provided, and in that grant/reject of an access request for/to end user personal profile data by a requesting application is determined by the central protection server in communication with a requesting application and/or an information providing applications in that translating means are provided for identity translation and that the identity of a requesting application will be concealed for an information providing application, and vice versa.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for end user control of the distribution and maintenance of end user personal profile data in a data communications system providing communication between applications comprising and/or communicating with service/information/content providers or holding means (DB) holding end user personal profile data. It comprises a personal profile protection network with at least one central protection server means, comprising or communicating with information holding means holding personal protection profile information, and a number of distributed access means, e.g. software modules. For each of said applications at least one access means is provided, and grant/reject of an access request for/to end user personal profile data by a requesting application is determined by the central protection server in communication with a requesting application and/or an information providing application. Translating means are provided for identity translation and the identity of a requesting application will be concealed for an information providing application, and vice versa.
90 Citations
34 Claims
-
1. A system for end user control of the distribution and maintenance of end user personal profile data in a data communications system providing communication between applications comprising and/or communicating with service/information/content providers or holding means (DB) holding end user personal profile data,
characterized in that it comprises a personal profile protection network with at least one central protection server means, comprising or communicating with information holding means holding personal protection profile information, and a number of distributed access means, e.g. software modules, whereby for each of said applications at least one access means is provided, and in that grant/reject of an access request for/to end user personal profile data by a requesting application is determined by the central protection server in communication with a requesting application and/or an information providing applications in that translating means are provided for identity translation and that the identity of a requesting application will be concealed for an information providing application, and vice versa.
-
24. A personal profile (privacy) control network for controlling the access to personal profile data,
characterized in that it comprises at least one central protection server means, comprising or communicating with information holding means holding personal protection profile information, and a number of distributed access means, e.g. software modules, at least one access means respectively interfacing each of a number of applications, the central protection server means comprising means for translating and verifying identities, and in that a request for access to personal profile data by a requesting application is communicated to the requesting application access means and granted/rejected by the central server means in communication with the access means of the requesting application and/or the information providing application, and in that the user identity used by the requesting application is concealed for the information providing application and vice versa.
-
29. A method of controlling access to personal data within a personal end user profile in a data communication network running a number of applications comprising or communicating with information holding means,
characterized in that it comprises the steps of: -
providing an access request from a requesting application to an access means associated with the requesting application using a generic mark-up language, e.g. XML, forwarding the request from the access means to a central server means with information holding means holding personal protection profiles for the end users in the system;
performing user identification encryption, such that the user identification of the requesting application will be concealed from an information providing application, and vice versa;
establishing, by using the request and the personal protection profile whether access is to be granted or denied;
if access to the requested personal profile is to be granted, confirming to the access means of the requesting application whether access is to be granted or not, preferably after digitally signing the request;
allowing transfer of the encrypted and preferably digitally signed request to the information providing application. - View Dependent Claims (30, 31)
-
-
32. A method of controlling access to personal data within a personal end user profile in a data communication network running a number of applications comprising, or communicating, with information holding means,
characterized in that it comprises the steps of: -
forwarding a request for access to data within a personal profile from a requesting application via at least one distributed access means to a central server means;
establishing in the central server means whether access to requested data should be allowed or not by comparing the request with an end user controlled personal protection profile;
providing the at least one distributed access means with information as to whether access is allowable or not, such that if access is allowable, the data communication network can be used for giving the requesting application access to the requested data without the identity of the requesting application being visible to the application able to provide access to the requested data, and vice versa. - View Dependent Claims (33, 34)
-
Specification