Privacy Access Control Method
Original Publication Date: 2009-Jun-29
Included in the Prior Art Database: 2009-Jun-29
This method provides an access control model that supports legal and regulatory privacy requirements. There are many models already existing and each does not completely solved the specific problem of protecting personal data according to the business needs to meet legal and regulatory controls.
Privacy Access Control Method
This method proposes a new Privacy Access Control model to control access to data that needs to be controlled according to privacy laws and regulations.
The core invention classifies data, in business language, based on three static access control attributes: scope hierarchy, level of detail/granularity and data type. The method determines access is based on inherited and explicit access for the scope hierarchy and based on 'read up' principles for the level of detail/granularity control attribute.
Access is given based on the authorisation given to an identifiable individual. Additionally, access is controlled based on the geo-location from where the data is being accessed. This enables access to personal data to be protected according to the legal requirements placed on the data.
This solution is required for any application including personal information and with increasing numbers of laws that are all different there needs to some way of controlling access. HR applications and HIPPA-based applications. Commercial applications it could apply to include SAP and Oracle HR applications.
The core invention is a method to classify data, in business language, based on three static access control attributes: scope, level of detail/granularity, data type and geographical location of the subject and object. Access is then given based on the clearance given to an identifiable individual. This enables access to personal data to be protected according to the legal requirements placed on the data.
A method for determining what access a subject is given to a data object using rules based on data privacy comprising of
a means to classify a data object based on scope hierarchy using one or more attributes based on explicit or implicit access, using on the type of data, the location of the data and the granularity of data;
a means to give clearance to a subject accessing the data using one or more attributes based on scope hierarchy, explicit access, the type of data, the location of the subject and the granularity of data;
a method where data access is determined based on a scope hierarchy;
a method where data access must not be given implicitly based on scope hierarchy but only through explicit clearance;
a method where data access is determined based on the type of data;
a method where data access is determined based on the location of the person accessing the data and the location of the data being referenced;
a method where the data access is determined based on the granularity of the information.
The key features of the proposed method include:
Classification based on a scope hierarchy, level of detail/granularity and data type
Exclusion scope to require explicit rather than inherited scope
Scope hierarchy based on inherited and explicit authorisation Level of detail/granularity uses 'read up' principle
Access controlled bas...