Privacy Access Control Method
Permalink
Bookmark
Share
Twitter
Digg
Reddit
Facebook
Stumbleupon
Del.icio.us| IP.com Number | IPCOM000184509D |
|
|
|---|---|---|---|
| Dated | Jun 29, 2009 UTC | ||
| Size | 5 page(s) (100.7 KB) | ||
| Disclosed by |
|
||
Publication Summary
This method provides an access control model that supports legal and regulatory privacy requirements. There are many models already existing and each does not completely solved the specific problem of protecting personal data according to the business needs to meet legal and regulatory controls.| Country | |
|---|---|
| Language | English (United States) |
About this Publication
This document was submitted to IP.com's Prior Art Database and this preview is designed to provide you with information regarding the contents of this document by displaying up to the first four pages of the document as scaled page renderings and displaying a limited amount of text which was extracted from the document on the Text Preview Tab.
To find out more on how to obtain the entire document, click the Download tab. There is a charge for downloading some Prior Art Database documents; please examine carefully whether you believe this document fills your needs before purchasing.
For more information about the Prior Art Database, visit the Learn section of this website. Thank you for visiting IP.com's Prior Art Database! You may wish to check out our Global Patent Search website before you leave.
Privacy Access Control Method
Overview
This method proposes a new Privacy Access Control model to control access to data that needs to be controlled according to privacy laws and regulations.
The core invention classifies data, in business language, based on three static access control attributes: scope hierarchy, level of detail/granularity and data type. The method determines access is based on inherited and explicit access for the scope hierarchy and based on 'read up' principles for the level of detail/granularity control attribute.
Access is given based on the authorisation given to an identifiable individual. Additionally, access is controlled based on the geo-location from where the data is being accessed. This enables access to personal data to be protected according to the legal requirements placed on the data.
Potential Applications
This solution is required for any application including personal information and with increasing numbers of laws that are all different there needs to some way of controlling access. HR applications and HIPPA-based applications. Commercial applications it could apply to include SAP and Oracle HR applications.
The core invention is a method to classify data, in business language, based on three static access control attributes: scope, level of detail/granularity, data type and geographical location of the subject and object. Access is then given based on the clearance given to an identifiable individual. This enables access to personal data to be protected according to the legal requirements placed on the data.
Claim
A method for determining what access a subject is given to a data object using rules based on data privacy comprising of
a means to classify a data object based on scope hierarchy using one or more attributes based on explicit or implicit access, using on the type of data, the location of the data and the granularity of data;
a means to give clearance to a subject accessing the data using one or more attributes based on scope hierarchy, explicit access, the type of data, the location of the subject and the granularity of data;
a method where data access is determined based on a scope hierarchy;
a method where data access must not be given implicitly based on scope hierarchy but only through explicit clearance;
a method where data access is determined based on the type of data;
a method where data access is determined based on the location of the person accessing the data and the location of the data being referenced;
and
a method where the data access is determined based on the granularity of the information.
Key Features
The key features of the proposed method include:
Classification based on a scope hierarchy, level of detail/granularity and data type
Exclusion scope to require explicit rather than inherited scope
Scope hierarchy based on inherited and explicit authorisation Level of detail/granularity uses 'read up' principle
Access controlled bas...