Abstract: The invention provides methods, apparatus and systems for securely processing an originator request of a customer. This originator request can be sent to at least one first entity.

Abstract: A computer implemented access control system, the system includes a database for storing a serialized version of an XACML permissions hierarchy. The system also includes a memory for storing an original version of the XACML permissions hierarchy, and an XACML serialization engine configured to convert the XACML permissions hierarchy into the serialized version, wherein the serialized version contains a listing of at least a portion of the predicates possible in the XACML permission hierarchy and the effect on each of the portion of the predicates.

Abstract: Given a new user U or a user whose role in the organization changed, an automated method of the present disclosure in one aspect determines the new or revised access permissions the user should have. In one aspect, the method of the present disclosure automatically determines access rights based on the access rights held by similar users. This general idea, including a formalization of similarity between users, the details of how access rights are determined, and an algorithm to test if the presented methods are safe to use are provided.

Abstract: The invention provides protection to wireless portable transponders from unauthorized interrogation by employing a mechanical means for disabling reception by or from the antenna of the transponder. Transponders include RFID tags that are attached to items that a persons may purchase or carry. Such transponders generally have means for receiving and storing electronic and other information, commonly in binary form using memories as in electronic circuits, etc. The invention is designed to provide privacy of electronic information. The tags can be protected from receiving or providing unauthorized or unwanted information. The invention provides the mechanical means that permit the owner to decide when reception/interrogation of personal or other information is not desired by employing the provided mechanical disable control means.

Abstract: A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.

Abstract: Methods and apparatus are provided for generating an access control policy data structure for a single-authorization-query access control system from a source policy data structure of an access control system in which primary authorizations can be subject to auxiliary constraints. Authorizations in the data structures are defined in terms of subject, resource and action elements. For each resource in a set of resources in the source policy data structure, the data structure is analyzed to identify primary authorizations relating to that resource. For each primary authorization, policy data which represents a policy defining an access rule expressing that authorization is generated and stored in system memory and analyzed to identify any auxiliary constraints associated with that primary authorization. For each auxiliary constraint so identified, policy data is generated and stored in system memory.

Abstract: For detecting a blocker RFID tag, the following steps are conducted. First, a random identifier of a given bit length is created. Alternatively, an identifier is selected out of a probing set, which is stored on a data storage device. The probing set comprises of identifiers, which are not being used as identifiers for a given set of RFID tags. In a second step, a response from all RFID tags is requested having an identifier matching the random identifier or, respectively, the selected identifier. In a third step, it is determined, depending on receiving or not receiving a response, whether the blocker RFID tag is present.

Abstract: The present invention relates to a tag identification system comprising: a plurality of tags, each tag being identifiable by an associated tag identifier, and at least one tag comprising at least one link to at least one other tag in said group.

Abstract: A verification method, system and computer program. The method includes the steps of reading first summary information related to a first group of tags, reading tag information for each tag of a second group of tags, computing second summary information based on the read tag information of the second group of tags, comparing the first summary information and second summary information, and verifying whether the first group of tags and the second group of tags are identical based on the comparison.

Abstract: The present invention relates to a privacy method for responding to read request. The present invention further relates to a device for generating a response signal and a computer program product. Methods and systems in accordance with embodiments of the invention validate, whether a read request is directed at a target tag to be protected, and, upon a match, respond to the read request by sending a response signal.

Abstract: The invention provides protection to wireless portable transponders from unauthorized interrogation by employing a mechanical means for disabling reception by or from the antenna of the transponder. Transponders include RFID tags that are attached to items that a persons may purchase or carry. Such transponders generally have means for receiving and storing electronic and other information, commonly in binary form using memories as in electronic circuits, etc. The invention is designed to provide privacy of electronic information. The tags can be protected from receiving or providing unauthorized or unwanted information. The invention provides the mechanical means that permit the owner to decide when reception/interrogation of personal or other information is not desired by employing the provided mechanical disable control means.

Abstract: A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.

Abstract: A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.

Abstract: The invention provides protection to wireless portable transponders from unauthorized interrogation by employing a mechanism for disabling reception by or from the antenna of the transponder. Transponders include RFID tags that are attached to items that a persons may purchase or carry. Such transponders generally have an ability for receiving and storing electronic and other information, commonly in binary form using memories as in electronic circuits, etc. The invention is designed to provide privacy of electronic information. The tags can be protected from receiving or providing unauthorized or unwanted information. The invention provides the mechanism that permit the owner to decide when reception/interrogation of personal or other information is not desired by employing the provided mechanical disable control.

Abstract: For detecting an invalid RFID tag, an identifier and authentication information is read from a given RFID tag. The authentication information is then verified dependent on at least a given part (IDP_TAG) of the identifier (ID_TAG) and it is determined that the given RFID tag is the invalid RFID tag if the verification was negative. Accordingly, an RFID tag is manufactured by determining an identifier (ID), determining an authentication information dependent on at least a given part (IDP) of the identifier (ID) and storing the identifier (ID) and the authentication information on or in the RFID tag.

Abstract: For detecting a blocker RFID tag, the following steps are conducted. First, a random identifier of a given bit length is created. Alternatively, an identifier is selected out of a probing set, which is stored on a data storage device. The probing set comprises of identifiers, which are not being used as identifiers for a given set of RFID tags. In a second step, a response from all RFID tags is requested having an identifier matching the random identifier or, respectively, the selected identifier. In a third step, it is determined, depending on receiving or not receiving a response, whether the blocker RFID tag is present.

Abstract: The present invention provides methods and apparatus for creating a privacy policy from a process model, and methods and apparatus for checking the compliance of a privacy policy. An example of a method for creating a privacy policy from a process model according to the invention comprises the following steps. First, a task from the process model is chosen. Then one or more of the elements role, data, purpose, action, obligation, and condition are gathered from the task and a rule is build up by means of these elements. Finally the rule is added to the privacy policy.

Abstract: The present invention is a system and method for handling personally identifiable information, using a rules model. The invention involves defining a limited number of privacy-related actions regarding personally identifiable information; constructing a rule for each circumstance in which one of said privacy-related actions may be taken or must be taken; allowing for the input of dynamic contextual information to precisely specify the condition for evaluation of a rule; creating a programming object containing at least one of said rules; associating the programming object with personally identifiable information; processing a request; and providing an output. The invention does not merely give a “yes-or-no answer. The invention has the advantage of being able to specify additional actions that must be taken. The invention may use a computer system and network. One aspect of the present invention is a method for handling personally identifiable information.

Abstract: The invention provides protection to wireless portable transponders from unauthorized interrogation by employing a mechanical means for disabling reception by or from the antenna of the transponder. Transponders include RFID tags that are attached to items that a persons may purchase or carry. Such transponders generally have means for receiving and storing electronic and other information, commonly in binary form using memories as in electronic circuits, etc.. The invention is designed to provide privacy of electronic information. The tags can be protected from receiving or providing unauthorized or unwanted information. The invention provides the mechanical means that permit the owner to decide when reception/interrogation of personal or other information is not desired by employing the provided mechanical disable control means.

Abstract: Methods and devices for determining a geographic location of an electronic device are introduced. A range of radio frequencies at the electronic device's location is scanned by a radio receiver (11). Characteristics (CH) of a geographically bound transmission system (3) within said scanned frequencies are identified by a control unit (21). A matching unit (5) matches these characteristics (CH) with stored characteristics (SCH) of geographically bound transmission systems of different geographical areas. The geographic location (LD) of said electronic device (1) is dependent on a result of said matching process.