-
1.发明授权Using an object model to improve handling of personally identifiable information 有权使用对象模型来改善个人身份信息的处理公开(公告)号:US07962962B2
公开(公告)日:2011-06-14
申请号:US09884311
申请日:2001-06-19
申请人: Steven B. Adler , Endre Felix Bangerter , Kathryn Ann Bohrer , Nigel Howard Julian Brown , Jan Camenisch , Arthur M. Gilbert , Dogan Kesdogan , Matthew P. Leonard , Xuan Liu , Michael Robert McCullough , Adam Charles Nelson , Charles Campbell Palmer , Calvin Stacy Powers , Michael Schnyder , Edith Schonberg , Matthias Schunter , Elsie Van Herreweghen , Michael Waidner
发明人: Steven B. Adler , Endre Felix Bangerter , Kathryn Ann Bohrer , Nigel Howard Julian Brown , Jan Camenisch , Arthur M. Gilbert , Dogan Kesdogan , Matthew P. Leonard , Xuan Liu , Michael Robert McCullough , Adam Charles Nelson , Charles Campbell Palmer , Calvin Stacy Powers , Michael Schnyder , Edith Schonberg , Matthias Schunter , Elsie Van Herreweghen , Michael Waidner
CPC分类号: G06Q10/10
摘要: In a computer, a first set of object classes are provided representing active entities in an information-handling process and a second set of object classes are provided representing data and rules in the information-handling process. At least one object class has rules associated with data. The above-mentioned objects are used in constructing a model of an information-handling process, and to provide an output that identifies at least one way in which the information-handling process could be improved. One aspect is a method for handling personally identifiable information. Another aspect is a system for executing the method of the present invention. A third aspect is as a set of instructions on a computer-usable medium, or resident in a computer system, for executing the method of the present invention.
摘要翻译: 在计算机中,提供第一组对象类,表示信息处理过程中的活动实体,并且提供表示信息处理过程中的数据和规则的第二组对象类。 至少有一个对象类具有与数据相关联的规则。 上述目的用于构建信息处理过程的模型,并且提供一种识别可以改进信息处理过程的至少一种方式的输出。 一个方面是处理个人身份信息的方法。 另一方面是用于执行本发明的方法的系统。 第三方面是用于执行本发明的方法的计算机可用介质或驻留在计算机系统中的一组指令。
-
公开(公告)号:US07069427B2
公开(公告)日:2006-06-27
申请号:US09884153
申请日:2001-06-19
申请人: Steven B. Adler , Endre Felix Bangerter , Nigel Howard Julian Brown , Jan Camenisch , Arthur M. Gilbert , Guenter Karjoth , Dogan Kesdogan , Michael Robert McCullough , Adam Charles Nelson , Charles Campbell Palmer , Martin Joseph Clayton Presler-Marshall , Michael Schnyder , Elsie Van Herreweghen , Michael Waidner
发明人: Steven B. Adler , Endre Felix Bangerter , Nigel Howard Julian Brown , Jan Camenisch , Arthur M. Gilbert , Guenter Karjoth , Dogan Kesdogan , Michael Robert McCullough , Adam Charles Nelson , Charles Campbell Palmer , Martin Joseph Clayton Presler-Marshall , Michael Schnyder , Elsie Van Herreweghen , Michael Waidner
IPC分类号: G06F9/00
CPC分类号: G06F21/6254 , G06F21/6245
摘要: The present invention is a system and method for handling personally identifiable information, using a rules model. The invention involves defining a limited number of privacy-related actions regarding personally identifiable information; constructing a rule for each circumstance in which one of said privacy-related actions may be taken or must be taken; allowing for the input of dynamic contextual information to precisely specify the condition for evaluation of a rule; creating a programming object containing at least one of said rules; associating the programming object with personally identifiable information; processing a request; and providing an output. The invention does not merely give a “yes-or-no answer. The invention has the advantage of being able to specify additional actions that must be taken. The invention may use a computer system and network. One aspect of the present invention is a method for handling personally identifiable information. Another aspect of the present invention is a system for executing the method of the present invention. A third aspect of the present invention is as a set of instructions on a computer-usable medium, or resident in a computer system, for executing the method of the present invention.
-
3.发明授权Using a privacy agreement framework to improve handling of personally identifiable information 失效使用隐私协议框架来改善对个人身份信息的处理公开(公告)号:US07603317B2
公开(公告)日:2009-10-13
申请号:US09884296
申请日:2001-06-19
申请人: Steven B. Adler , Nigel Howard Julian Brown , Arthur M. Gilbert , Charles Campbell Palmer , Michael Schnyder , Michael Waidner
发明人: Steven B. Adler , Nigel Howard Julian Brown , Arthur M. Gilbert , Charles Campbell Palmer , Michael Schnyder , Michael Waidner
IPC分类号: G06Q99/00
CPC分类号: G06F21/6245
摘要: The invention entails identifying the parties involved in a process of handling personally identifiable information; identifying the data involved in said process; classifying the data; expressing each relationship between each pair of said parties in terms of a privacy agreement; and representing the parties, data, and privacy agreements graphically in one or more privacy agreement relationship diagrams. The invention has the advantage of identifying opportunities to reduce privacy-related risks, including identifying unnecessary exchanges of data, for possible elimination, and identifying opportunities to transform data into a less sensitive form. Privacy agreements are based on a limited set of privacy-related actions: access, disclose, release, notify, utilize, update, withdrawConsent, giveConsent, delete, anonymize, depersonalize, and repersonalize. One aspect of the present invention is a method for improving the handling of personally identifiable information. Another aspect of the present invention is a system for executing the method of the present invention. A third aspect of the present invention is as a set of instructions on a computer-usable medium, or resident in a computer system, for executing the method of the present invention.
摘要翻译: 本发明需要确定涉及处理个人身份信息的过程中的各方; 识别所述过程中涉及的数据; 数据分类; 根据隐私协议表达每对所述各方之间的每个关系; 并在一个或多个隐私协议关系图中以图形方式表示各方,数据和隐私协议。 本发明具有以下优点:识别减少隐私相关风险的机会,包括识别不必要的数据交换,以便可能消除,以及识别将数据转换成较不敏感的形式的机会。 隐私协议是基于一组有限的隐私相关行为:访问,披露,发布,通知,利用,更新,撤销等等,授权,删除,匿名化,个人化和个人化。 本发明的一个方面是改善个人身份信息处理的方法。 本发明的另一方面是用于执行本发明的方法的系统。 本发明的第三方面是用于执行本发明的方法的计算机可用介质或驻留在计算机系统中的一组指令。
-
4.发明申请公开(公告)号:US20050251857A1
公开(公告)日:2005-11-10
申请号:US11120578
申请日:2005-05-02
CPC分类号: G06F21/57
摘要: Method and device for verifying the security of a computing platform. In the method for verifying the security of a computing platform a verification machine is first transmitting a verification request via an integrity verification component to the platform. Then the platform is generating by means of a trusted platform module a verification result depending on binaries loaded on the platform, and is transmitting it to the integrity verification component. Afterwards, the integrity verification component is determining with the received verification result the security properties of the platform and transmits them to the verification machine. Finally, the verification machine is determining whether the determined security properties comply with desired security properties.
摘要翻译: 用于验证计算平台安全性的方法和设备。 在验证计算平台的安全性的方法中,验证机首先通过完整性验证部件向平台发送验证请求。 然后,平台通过可信赖的平台模块产生取决于平台上加载的二进制文件的验证结果,并将其发送到完整性验证组件。 之后,完整性验证部件正在使用接收到的验证结果确定平台的安全属性并将其发送到验证机。 最后,验证机正在确定所确定的安全属性是否符合所需的安全属性。
-
公开(公告)号:US20080229097A1
公开(公告)日:2008-09-18
申请号:US12126978
申请日:2008-05-26
IPC分类号: H04L9/32
CPC分类号: H04L9/3218 , H04L9/3234 , H04L2209/80
摘要: Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM), and comprises the following steps. First, the computing platform (P) receives configuration values (PCR1 . . . PCRn). Then, by means of the trusted platform module (TPM), a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCR1 . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp)) on one of the received configuration values (PCR1 . . . PCRn).
摘要翻译: 用于隐私保护计算平台完整性认证的系统,设备和方法。 用于隐私保护计算平台(P)的完整性认证的示例方法具有可信平台模块(TPM),并且包括以下步骤。 首先,计算平台(P)接收配置值(PCR1 ... PCRn)。 然后,通过可信平台模块(TPM),确定取决于计算平台(P)的配置的配置值(PCRp)。 在进一步的步骤中,配置值(PCRp)通过可信平台模块进行签名。 最后,如果配置值(PCRp)是接收到的配置值(PCR1 ... PCRn)之一,则计算平台(P)向验证者(V)证明其知道签名(sign(PCRp ))接收配置值之一(PCR1 ... PCRn)。
-
公开(公告)号:US20060026423A1
公开(公告)日:2006-02-02
申请号:US11178722
申请日:2005-07-11
IPC分类号: H04L9/00
CPC分类号: H04L9/3218 , H04L9/3234 , H04L2209/80
摘要: Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM), and comprises the following steps. First, the computing platform (P) receives configuration values (PCR1 . . . PCRn). Then, by means of the trusted platform module (TPM), a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCR1 . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp)) on one of the received configuration values (PCR1 . . . PCRn).
摘要翻译: 用于隐私保护计算平台完整性认证的系统,设备和方法。 用于隐私保护计算平台(P)的完整性认证的示例方法具有可信平台模块(TPM),并且包括以下步骤。 首先,计算平台(P)接收配置值(PCR1 ... PCRn)。 然后,通过可信平台模块(TPM),确定取决于计算平台(P)的配置的配置值(PCRp)。 在进一步的步骤中,配置值(PCRp)通过可信平台模块进行签名。 最后,如果配置值(PCRp)是接收到的配置值(PCR1 ... PCRn)之一,则计算平台(P)向验证者(V)证明其知道签名(sign(PCRp ))接收配置值之一(PCR1 ... PCRn)。
-
公开(公告)号:US20120331285A1
公开(公告)日:2012-12-27
申请号:US13602169
申请日:2012-09-02
IPC分类号: H04L29/06
CPC分类号: H04L9/3218 , H04L9/3234 , H04L2209/80
摘要: Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM}, and comprises the following steps. First, the computing platform (P) receives configuration values (PCRI . . . PCRn). Then, by means of the trusted platform module (TPM}, a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCRI . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp}} on one of the received configuration values (PCRI . . . PCRn).
摘要翻译: 用于隐私保护计算平台完整性认证的系统,设备和方法。 计算平台(P)的隐私保护完整性认证的一个示例性方法具有可信赖的平台模块(TPM),包括以下步骤:首先,计算平台(P)接收配置值(PCRI ...,PCRn)。 然后,通过可信平台模块(TPM),确定取决于计算平台(P)的配置的配置值(PCRp),在另一步骤中,配置值(PCRp)通过 最后,如果配置值(PCRp)是接收到的配置值(PCRI ...,PCRn)之一,则计算平台(P)向验证者(V)证明其知道签名( 在PCR接收的配置值之一(PCRI ... PCRn)上签名(PCRp}}。
-
公开(公告)号:US20050289340A1
公开(公告)日:2005-12-29
申请号:US10874421
申请日:2004-06-23
CPC分类号: G06F21/6245
摘要: Method, system, and storage medium for reducing or minimizing access to sensitive information. A method includes identifying processes and data associated with a computer system and classifying each of the data as one of either sensitive information or non-sensitive information. The sensitive information includes at least one of: data that is personal to an individual, confidential data, and data that is legally subject to conditions of restricted use. For each of the processes the method includes selecting a process and a sensitive data item, modifying the sensitive data item, analyzing the behavior of at least the selected process, and preventing access of the sensitive data item by the selected process if, as a result of the analyzing, the sensitive data item is determined not to be needed by the selected process.
摘要翻译: 用于减少或最小化敏感信息访问的方法,系统和存储介质。 一种方法包括识别与计算机系统相关联的过程和数据,并将每个数据分类为敏感信息或非敏感信息之一。 敏感信息包括以下至少一项:对个人个人的数据,机密数据和法律上受限于使用条件的数据。 对于每个过程,该方法包括选择过程和敏感数据项,修改敏感数据项,分析至少所选过程的行为,以及如果结果,则阻止敏感数据项的访问。 在分析的情况下,敏感数据项被确定为所选择的处理不需要。
-
公开(公告)号:US08312271B2
公开(公告)日:2012-11-13
申请号:US12126978
申请日:2008-05-26
IPC分类号: H04L29/06
CPC分类号: H04L9/3218 , H04L9/3234 , H04L2209/80
摘要: Systems, apparatus and methods for privacy-protecting integrity attestation of a computing platform. An example method for privacy-protecting integrity attestation of a computing platform (P) has a trusted platform module (TPM), and comprises the following steps. First, the computing platform (P) receives configuration values (PCR1 . . . PCRn). Then, by means of the trusted platform module (TPM), a configuration value (PCRp) is determined which depends on the configuration of the computing platform (P). In a further step the configuration value (PCRp) is signed by means of the trusted platform module. Finally, in the event that the configuration value (PCRp) is one of the received configuration values (PCR1 . . . PCRn), the computing platform (P) proves to a verifier (V) that it knows the signature (sign(PCRp)) on one of the received configuration values (PCR1 . . . PCRn).
摘要翻译: 用于隐私保护计算平台完整性认证的系统,设备和方法。 用于隐私保护计算平台(P)的完整性认证的示例方法具有可信平台模块(TPM),并且包括以下步骤。 首先,计算平台(P)接收配置值(PCR1 ... PCRn)。 然后,通过可信平台模块(TPM),确定取决于计算平台(P)的配置的配置值(PCRp)。 在进一步的步骤中,配置值(PCRp)通过可信平台模块进行签名。 最后,如果配置值(PCRp)是接收到的配置值(PCR1 ... PCRn)之一,计算平台(P)向验证者(V)证明它知道签名(signp(PCRp) )在接收的配置值之一(PCR1 ... PCRn)上。
-
公开(公告)号:US07770000B2
公开(公告)日:2010-08-03
申请号:US12124619
申请日:2008-05-21
CPC分类号: G06F21/57
摘要: Method and device for verifying the security of a computing platform. In the method for verifying the security of a computing platform a verification machine is first transmitting a verification request via an integrity verification component to the platform. Then the platform is generating by means of a trusted platform module a verification result depending on binaries loaded on the platform, and is transmitting it to the integrity verification component. Afterwards, the integrity verification component is determining with the received verification result the security properties of the platform and transmits them to the verification machine. Finally, the verification machine is determining whether the determined security properties comply with desired security properties.
摘要翻译: 用于验证计算平台安全性的方法和设备。 在验证计算平台的安全性的方法中,验证机首先通过完整性验证部件向平台发送验证请求。 然后,平台通过可信赖的平台模块产生取决于平台上加载的二进制文件的验证结果,并将其发送到完整性验证组件。 之后,完整性验证部件正在使用接收到的验证结果确定平台的安全属性并将其发送到验证机。 最后,验证机正在确定所确定的安全属性是否符合所需的安全属性。
-
-
-
-
-
-
-
-
-
搜索结果
32 条记录 (耗时 0.053 秒)