System and method for controlling access to personal user data

US 9,325,715 B1
Filed: 05/28/2015
Issued: 04/26/2016
Est. Priority Date: 03/31/2015
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access of a consumer to personal data of a user, comprising:

collecting information about the consumer of personal data, wherein the collected information comprises at least one of a plurality of elements including service usage parameters associated with the consumer, statistical data associated with the consumer, and security incidents involving the consumer;

comparing, by a hardware processor, the collected information with one or more templates to determine a risk that is associated with the consumer, wherein each template includes a set of criteria corresponding to at least two of the plurality of elements, each criterion is assigned a numeric value and a weighting factor based on the collected information, and the risk corresponds to a summation of the numeric value and weighting factor of each criterion;

setting, based on the determined risk, by the hardware processor, consumer access parameters for the consumer to access the personal data of the user;

controlling, by the hardware processor, access of the consumer to the personal data of the user based on the consumer access parameters;

automatically modifying the consumer access parameters upon detecting that the summation exceeds a selected range of a defined threshold value; and

notifying the user, without modifying the consumer access parameters, of the risk upon detecting that the summation does not exceed the selected range of the defined threshold value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are system and methods for controlling access of a consumer to personal data of a user. An example method includes: collecting information about the consumer of personal data; comparing the collected information with one or more templates containing risk criteria to determine whether a risk is associated with the consumer; setting, based on the determined risk, consumer access parameters for access of the consumer to the personal information of the user; and controlling access of the consumer to the personal data of the user based on the set consumer access parameters.

33 Citations

View as Search Results

20 Claims

1. A method for controlling access of a consumer to personal data of a user, comprising:
- collecting information about the consumer of personal data, wherein the collected information comprises at least one of a plurality of elements including service usage parameters associated with the consumer, statistical data associated with the consumer, and security incidents involving the consumer;
  
  comparing, by a hardware processor, the collected information with one or more templates to determine a risk that is associated with the consumer, wherein each template includes a set of criteria corresponding to at least two of the plurality of elements, each criterion is assigned a numeric value and a weighting factor based on the collected information, and the risk corresponds to a summation of the numeric value and weighting factor of each criterion;
  
  setting, based on the determined risk, by the hardware processor, consumer access parameters for the consumer to access the personal data of the user;
  
  controlling, by the hardware processor, access of the consumer to the personal data of the user based on the consumer access parameters;
  
  automatically modifying the consumer access parameters upon detecting that the summation exceeds a selected range of a defined threshold value; and
  
  notifying the user, without modifying the consumer access parameters, of the risk upon detecting that the summation does not exceed the selected range of the defined threshold value.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1,wherein the service usage parameters comprise at least one of:
    - a consumer service price for the user,a total price of consumer services provided to the user,a location of the server storing the personal information of the user, andwherein the statistical data comprises at least one of;
      
      a number of user complaints over a time interval,a number of a specific type of incidents per over a time interval,a rating of the personal information consumer, anda number of users using a service provided by the consumer; and
      
      wherein the security incidents comprise at least one of;
      
      a report of potential unauthorized access to a consumer server, anda report of a personal data theft from the consumer,wherein the collected information further comprising notifications about the personal information consumer, wherein the notifications comprise at least one of;
      
      a notification from the consumer about server maintenance, anda notification of broken connection to a customer server.
  - 3. The method of claim 1, wherein the information about the consumer is received from at least one of:
    - an external or internal monitoring system;
      
      a notification system;
      
      a user security application; and
      
      the consumer.
  - 4. The method of claim 1, wherein the set of templates includes:
    - a global set of templates configured to identify risks associated with groups of users; and
      
      a local set of templates indicating risks specific to the user.
  - 5. The method of claim 1, wherein the risk includes at least on of:
    - a political risk;
      
      a reputational risk;
      
      a financial risk;
      
      a security risk; and
      
      a legal risk.
  - 6. The method of claim 1, wherein the setting of consumer access parameters includes at least one of:
    - changing consumer'"'"'s time limits of access to the personal data of the user;
      
      revoking consumer'"'"'s access privileges to the personal data of the user;
      
      granting consumer access privileges to the personal data of the user;
      
      blocking consumer'"'"'s access to the personal data of the user;
      
      granting consumer access to the personal data of the user; and
      
      rejecting services provided by the consumer.
  - 7. The method of claim 1,wherein the detecting whether a risk exists includes at least one of:
    - comparing a linear function of criteria with a numeric threshold;
      
      comparing a numeric function of criteria with a numeric threshold;
      
      applying a neural network algorithm to the set of criteria; and
      
      applying a fuzzy logic algorithm to the set of criteria.

8. A system for controlling access of a consumer to personal data of a user, comprising:
- a collection module executable on a hardware processor and configured to;
  
  collect information about the consumer of personal data, wherein the collected information comprises at least one of a plurality of elements including service usage parameters associated with the consumer, statistical data associated with the consumer, and security incidents involving the consumer;
  
  a template storage module configured to;
  
  store a plurality of templates containing risk criteria;
  
  an analysis module executable on the hardware processor and configured to;
  
  compare the collected information with the one or more templates to determine a risk that is associated with the consumer, wherein each template includes a set of criteria corresponding to at least two of the plurality of elements, each criterion is assigned a numeric value and a weighting factor based on the collected information, and the risk corresponds to a summation of the numeric value and weighting factor of each criterion; and
  
  an access control module executable on the hardware processor and configured to;
  
  set, based on the determined risk, consumer access parameters for the consumer to access the personal data of the user;
  
  control access of the consumer to the personal data of the user based on the consumer access parameters; and
  
  automatically modify the consumer access parameters upon detecting that the summation exceeds a selected range of a defined threshold value; and
  
  notify the user, without modifying the consumer access parameters, of the risk upon detecting that the summation does not exceed the selected range of the defined threshold value.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8,wherein the service usage parameters comprise at least one of:
    - a consumer service price for the user,a total price of consumer services provided to the user,a location of the server storing the personal information of the user, andwherein the statistical data comprises at least one of;
      
      a number of user complaints over a time interval,a number of a specific type of incidents per over a time interval,a rating of the personal information consumer, anda number of users using a service provided by the consumer; and
      
      wherein the security incidents comprise at least one of;
      
      a report of potential unauthorized access to a consumer server, anda report of a personal data theft from the consumer,wherein the collected information further comprising notifications about the personal information consumer, wherein the notifications comprise at least one of;
      
      a notification from the consumer about server maintenance, anda notification of broken connection to a customer server.
  - 10. The system of claim 8, wherein the information about the consumers received from at least one of:
    - an external or internal monitoring system;
      
      a notification system;
      
      a user security application; and
      
      the consumer.
  - 11. The system of claim 8, wherein the set of templates includes:
    - a global set of templates configured to identify risks associated with groups of users; and
      
      a local set of templates indicating risks specific to the user.
  - 12. The system of claim 8, wherein the risk includes at least on of:
    - a political risk;
      
      a reputational risk;
      
      a financial risk;
      
      a security risk; and
      
      a legal risk.
  - 13. The system of claim 8, wherein the setting of consumer access parameters includes at least one of:
    - changing consumer'"'"'s time limits of access to the personal data of the user;
      
      revoking consumer'"'"'s access privileges to the personal data of the user;
      
      granting consumer access privileges to the personal data of the user;
      
      blocking consumer'"'"'s access to the personal data of the user;
      
      granting consumer access to the personal data of the user; and
      
      rejecting services provided by the consumer.
  - 14. The system of claim 8,wherein the detecting whether a risk exists includes at least one of:
    - comparing a linear function of criteria with a numeric threshold;
      
      comparing a numeric function of criteria with a numeric threshold;
      
      applying a neural network algorithm to the set of criteria; and
      
      applying a fuzzy logic algorithm to the set of criteria.

15. A non-transitory computer-readable medium storing computer executable instructions for controlling access of a consumer to personal data of a user, including instructions for:
- collecting information about the consumer of personal data, wherein the collected information comprises at least one of a plurality of elements including service usage parameters associated with the consumer, statistical data associated with the consumer, and security incidents involving the consumer;
  
  comparing, by a hardware processor, the collected information with one or more templates to determine a risk that is associated with the consumer, wherein each template includes a set of criteria corresponding to at least two of the plurality of elements, each criterion is assigned a numeric value and a weighting factor based on the collected information, and the risk corresponds to a summation of the numeric value and weighting factor of each criterion;
  
  setting, based on the determined risk, by the hardware processor, consumer access parameters for the consumer to access the personal data of the user;
  
  controlling, by the hardware processor, access of the consumer to the personal data of the user based on the consumer access parameters;
  
  automatically modifying the consumer access parameters upon detecting that the summation exceeds a selected range of a defined threshold value; and
  
  notifying the user, without modifying the consumer access parameters, of the risk upon detecting that the summation does not exceed the selected range of the defined threshold value.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15,wherein the service usage parameters comprise at least one of:
    - a consumer service price for the user,a total price of consumer services provided to the user,a location of the server storing the personal information of the user, andwherein the statistical data comprises at least one of;
      
      a number of user complaints over a time interval,a number of a specific type of incidents per over a time interval,a rating of the personal information consumer, anda number of users using a service provided by the consumer; and
      
      wherein the security incidents comprise at least one of;
      
      a report of potential unauthorized access to a consumer server, anda report of a personal data theft from the consumer,wherein the collected information further comprising notifications about the personal information consumer, wherein the notifications comprise at least one of;
      
      a notification from the consumer about server maintenance, anda notification of broken connection to a customer server.
  - 17. The computer program product of claim 15, wherein the set of templates includes at least one of:
    - a global set of templates; and
      
      a local set of templates specific to the user.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the risk includes at least on of:
    - a political risk;
      
      a reputational risk;
      
      a financial risk;
      
      a security risk; and
      
      a legal risk.
  - 19. The computer program product of claim 15, wherein the setting of consumer access parameters includes at least one of:
    - changing consumer'"'"'s time limits of access to the personal information of the user;
      
      revoking consumer'"'"'s access privileges to the personal information of the user;
      
      granting consumer access privileges to the personal information of the user;
      
      blocking consumer'"'"'s access to the personal information of the user;
      
      granting consumer access to the personal information of the user; and
      
      rejecting services provided by the consumer.
  - 20. The computer program product of claim 15,wherein the detecting whether a risk event exists includes at least one of:
    - comparing a linear function of criteria with a numeric threshold;
      
      comparing a numeric function of criteria with a numeric threshold;
      
      applying a neural network algorithm to the set of criteria; and
      
      applying a fuzzy logic algorithm to the set of criteria.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lab A.O. Kaspersky
Original Assignee
Lab A.O. Kaspersky
Inventors
Chereshnev, Evgeny M., Minasyan, Vartan M., KASPERSKY LAB ZAO
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Shayanfar, Ali

Application Number

US14/723,966
Time in Patent Office

334 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/10 for controlling access to d...

H04L 63/1433 Vulnerability analysis

System and method for controlling access to personal user data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for controlling access to personal user data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links