Secure system and method for enforcement of privacy policy and protection of confidentiality
First Claim
1. A data repository system that can securely guarantee a privacy policy of a user, comprising:
- an initialization system, wherein the initialization system includes;
a system for providing the user with a privacy policy of the data repository and a mechanism for validating the privacy policy of the data repository, wherein the mechanism for validating the privacy policy includes providing to the user a public signature key and means to access at least one validator, wherein the validator is a guarantor of hardware for the data repository system, the public signature key is a key generated by the hardware, and the validator can validate the key, anda system for collecting user data from the user, wherein the user data comprises a description of expirable validity tokens authorizing a third party access to a subset of the user data from the data repository, wherein the expirable validity tokens are expirable after one of a limited time or a limited number of requests from the third party; and
a referral system for providing the third party access to the subset of the user data upon the third party providing a valid expirable validity token, wherein the referral system digitally signs and digitally encrypts the subset of data, including;
a system for checking that a privacy policy of the third party is compatible with the privacy policy of the user;
a system for digitally encoding the subset of data;
a system for requesting an expirable validity token from the third party; and
a system for verifying the validity of the expirable validity token from the third party.
3 Assignments
0 Petitions
Accused Products
Abstract
The invention includes various systems, architectures, frameworks and methodologies that can securely enforce a privacy policy. A method is include for securely guaranteeing a privacy policy between two enterprises, comprising: creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first entity will be enforced by the privacy rules engine of the first enterprise; sending the message to a second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.
97 Citations
14 Claims
-
1. A data repository system that can securely guarantee a privacy policy of a user, comprising:
an initialization system, wherein the initialization system includes; a system for providing the user with a privacy policy of the data repository and a mechanism for validating the privacy policy of the data repository, wherein the mechanism for validating the privacy policy includes providing to the user a public signature key and means to access at least one validator, wherein the validator is a guarantor of hardware for the data repository system, the public signature key is a key generated by the hardware, and the validator can validate the key, and a system for collecting user data from the user, wherein the user data comprises a description of expirable validity tokens authorizing a third party access to a subset of the user data from the data repository, wherein the expirable validity tokens are expirable after one of a limited time or a limited number of requests from the third party; and a referral system for providing the third party access to the subset of the user data upon the third party providing a valid expirable validity token, wherein the referral system digitally signs and digitally encrypts the subset of data, including; a system for checking that a privacy policy of the third party is compatible with the privacy policy of the user; a system for digitally encoding the subset of data; a system for requesting an expirable validity token from the third party; and a system for verifying the validity of the expirable validity token from the third party. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
8. A method of controlling user data in a data repository subject to a privacy policy of the user, comprising:
-
providing the user with a privacy policy of the data repository, a public signature key, and a site of a validator, wherein the validator is a guarantor of hardware for the data repository system, the public signature key is a key generated by the hardware, and the key is validated by one from the group consisting of the validator, a consumer group, and a publication in printed media; communicating with the validitor to validate the public signature key; validitating the privacy policy of the data repository with the public signature key; submitting the privacy policy of the user to the data repository; checking to determine if the privacy policy of the user matches the privacy policy of the data repository; sending user data from the user to the data repository, wherein the user data includes a description of expirable validity tokens that authorizes a third party access to a subset of the user data from the data repository, wherein the expirable validity tokens are expirable after one of a limited time or a limited number of requests from the third party; requesting an expirable validity token from the third party; verifying the validity of the expirable validity token from the third party; providing the third party access to the subset of the user data upon the verifying requesting a subset of data from a third party to the user; checking that a privacy policy of the third party is compatible with the privacy policy of the user; providing a validity token to the third party from the user; requesting from the data repository a validity token from the third party; and providing to the third party the requested subset of data, wherein the step of providing a validity token to the third party from the user, includes; providing a public key/private key encryption pair; sending an encoded message to the third party signed with the public key, wherein the encoded message includes a password and validation information; providing the data repository with the private key; and passing the encoded message to the data repository from the third party, along with the location of the private key. - View Dependent Claims (9, 10, 11)
-
-
12. A program product stored on a recordable medium for providing a data repository that can securely guarantee a privacy policy of a user, the program product comprising:
-
means for providing the user with a privacy policy of the data repository, and for providing a mechanism for validating the privacy policy of the data repository, wherein the mechanism for validating the privacy policy includes providing to the user a public signature key and a site of at least validator, wherein the validator is a provider of hardware for the data repository, the public signature key is a key generated by the hardware, and the validator can validate the public signature key; means for collecting user data from the user, wherein the user data comprises a description of expirable validity tokens authorizing a third party access to a subset of the user data from the data repository, wherein the expirable validity tokens are expirable after one of a limited time or a limited number of requests from the third party; means for checking that a privacy policy of the third party is compatible with the privacy policy of the user; means for digitally encoding the subset of data to be transmitted to the third party; means for requesting an expirable validity token from the third party; means for verifying the validity of the expirable validity token from the third party; means for authorizing access to the third party of the user data upon the verifying; and means for digitally signing and digitally encrypting the subset of data. - View Dependent Claims (13, 14)
-
Specification