Abstract: According to the present invention, there is provided a method and apparatus for controlling an access for a client application residing on a user computer to data stored on a network computer within a network.

Abstract: A data access control facility is implemented by assigning personally identifying information (PII) classification labels to PII data objects, with each PII data object having one PII classification label assigned thereto. The control facility further includes at least one PII purpose serving function set (PSFS) comprising a list of application functions that read or write PII data objects. Each PII PSFS is also assigned a PII classification label. A PII data object is accessible via an application function of a PII PSFS having a PII classification label that is identical to or dominant of the PII classification label of the PII object. A user of the control facility is assigned a PII clearance set which contains a list of at least one PII classification label, which is employed in determining whether the user is entitled to access a particular function.

Abstract: The invention provides methods, apparatus and systems for securely processing an originator request of a customer. This originator request can be sent to at least one first entity.

Abstract: The present invention is a system and method for handling personally identifiable information, using a rules model. The invention involves defining a limited number of privacy-related actions regarding personally identifiable information; constructing a rule for each circumstance in which one of said privacy-related actions may be taken or must be taken; allowing for the input of dynamic contextual information to precisely specify the condition for evaluation of a rule; creating a programming object containing at least one of said rules; associating the programming object with personally identifiable information; processing a request; and providing an output. The invention does not merely give a “yes-or-no answer. The invention has the advantage of being able to specify additional actions that must be taken. The invention may use a computer system and network. One aspect of the present invention is a method for handling personally identifiable information.

Abstract: Authenticated transmissions are usually time-consuming and often provide delayed error recognition and correction. This is a problem particularly with hand-held computing devices like personal digital assistants (PDAs), smart phones or smartcards, since these usually possess limited memory, processing power and communications bandwidth. Because of these limitations and generally low transfer rates between the device and a provider or central computer base, such transmissions are time-consuming and delay applications. The late detection of unavoidable transmission errors is especially cumbersome. By applying an optimally taylored authentication scheme to a block-wise transmission and in particular by applying a tree structure for the authentication process during such transfers, the present invention minimes the unavoidable delays and thus provides a solution for these problems.