Privacy preferences roaming and enforcement

US 20040083243A1
Filed: 10/23/2002
Published: 04/29/2004
Est. Priority Date: 10/23/2002
Status: Active Grant

First Claim

Patent Images

1. In a distributed network comprising a number of service providers and a number of clients communicatively coupled to each other via a network, wherein a number of users are registered with said service providers through said clients, each of the users having a single set of privacy preferences, a method for propagating a user'"'"'s privacy preferences from a service to a browser comprising the steps of:

signing up, by a user, a service provider via a browser without privacy;

returning, by said service provider, a set of default privacy preferences to said browser;

accessing, by the user, a service consumer site;

sending the user a user prompt for response;

modifying, by the user, said privacy preferences; and

returning said modified privacy preferences to said browser as a response.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention comprises a system and method for management of Web users'"'"' privacy preferences. In the distributed system, a Web user has a single set of privacy preferences. The single set of privacy preferences and any of its modifications are propagated among Web browsers and Web services. The user'"'"'s own privacy preferences are enforced at Web services based on the requester'"'"'s privacy policies.

Citations

19 Claims

1. In a distributed network comprising a number of service providers and a number of clients communicatively coupled to each other via a network, wherein a number of users are registered with said service providers through said clients, each of the users having a single set of privacy preferences, a method for propagating a user'"'"'s privacy preferences from a service to a browser comprising the steps of:
- signing up, by a user, a service provider via a browser without privacy;
  
  returning, by said service provider, a set of default privacy preferences to said browser;
  
  accessing, by the user, a service consumer site;
  
  sending the user a user prompt for response;
  
  modifying, by the user, said privacy preferences; and
  
  returning said modified privacy preferences to said browser as a response.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein said step of modification can be any of:
    - using a preference editor to edit his privacy preferences and importing the edited privacy preferences into his preferred browser; and
      
      changing said privacy preferences through permission prompts created by any site visited.
  - 3. The method of claim 1, further comprising the steps of:
    - checking, by said service provider, whether said browser needs to be updated for said modified privacy preferences;
      
      if the check result in said checking step is yes, then sending back said modified privacy preferences to said browser via a response header for the user'"'"'s response;
      
      updating said browser with said modified privacy preferences;
      
      if the check result in said checking step is no, then acknowledging, by said service provider, receipt of the user'"'"'s permission; and
      
      replying, by said service consumer site, the user'"'"'s request.
  - 4. The method of claim 1, further comprising the steps of:
    - checking, by said service provider, whether said browser needs to be updated for said modified privacy preferences;
      
      if the check result in said checking step is yes, then sending a response header from said service provider to said service consumer site;
      
      sending a response header from said service consumer site to said browser;
      
      updating said browser with said modified privacy preferences;
      
      if the check result in said check step is no, then acknowledging, by said service consumer site, receipt of the user'"'"'s permission; and
      
      replying, by said service consumer site, the user'"'"'s request.

5. In a distributed network comprising a number of Web service providers and a number of clients communicatively coupled to each other via the Internet, wherein a number of users are registered with said Web service providers through said clients, each of the users having a single set of privacy preferences, a method for propagating a user'"'"'s privacy preferences from a Web browser to Web services comprising the steps of:
- signing up, by a user, a Web service provider (WSP) via a browser with P3P private preferences;
  
  requesting, by said WSP, said privacy preferences from said browser;
  
  sending, by said browser, said privacy preferences to said WSP;
  
  recording, by said browser, said WSP'"'"'s URL; and
  
  acknowledging, by said WSP, receipt of said privacy preferences.
- View Dependent Claims (6, 7)
- - 6. The method of claim 5, further comprising the steps of:
    - modifying, by the user, said privacy preferences on said browser;
      
      updating said browser with said modified privacy preferences; and
      
      sending, by said browser, copy of said privacy preferences to each Web site whose URL is recorded in said browser.
  - 7. The method of claim 6, wherein the user can perform said step of modification by using a P3P preference editor to edit said user'"'"'s privacy preferences and importing them into said browser.

8. In a distributed network comprising a number of Web service providers and a number of clients communicatively coupled to each other via the Internet, wherein a number of users are registered with said Web service providers through said clients, each of the users having a single set of privacy preferences, a method for enforcing a user'"'"'s privacy preferences at Web services based on a service requester'"'"'s P3P policies comprising the steps of:
- (a) accessing, by the user, a Web service consumer site (WSC);
  
  (b) sending, by said WSC, a service request to a Web service provider (WSP);
  
  (c) classifying, by said WSP, the user'"'"'s data in terms of P3P categories;
  
  (d) checking whether said WSP needs to update its cache of said WSC'"'"'s P3P policies;
  
  (e) if the check result in step (d) is yes, then updating said WSC'"'"'s P3P policies in said WSP'"'"'s cache and continuing with step (f);
  
  (f) if the check result in step (d) is no, then identifying said WSC'"'"'s P3P policies based on the data included in the service request;
  
  (g) evaluating the user'"'"'s privacy preferences against said WSC'"'"'s P3P policies;
  
  (h) checking whether said WSC'"'"'s P3P policies exclude the user'"'"'s privacy preferences;
  
  (i) if the check result of the step (h) is no, then replying, by said WSP, to said WSC;
  
  (j) if the check result in the step (h) is yes, prompting the user via said WSC for permission; and
  
  (k) sending the user'"'"'s preference changes back from said WSP to said browser via HTTP response header for the user'"'"'s response.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein the service request comprises:
    - the URL of said WSC'"'"'s P3P policies and/or reference file;
      
      a timestamp of said WSC'"'"'s last modification on its P3P policies and/or reference file; and
      
      the URL that the user used to access said WSC.
  - 10. The method of claim 8, wherein the step (g) further comprises the steps of:
    - identifying the set of data fields that said WSC is trying to access;
      
      identifying the corresponding set of P3P categories by applying data-to-P3P category mapping; and
      
      executing a preference evaluation algorithm by taking input parameters.
  - 11. The method of claim 10, wherein said input parameters comprise:
    - said WSC'"'"'s P3P policies used at the URL that the user used to access said WSC; and
      
      the set of P3P categories that said WSC tries to access.

12. An apparatus for propagating a user'"'"'s privacy preferences from Web service to Web browser, comprising:
- at least one Web site;
  
  at least one client, said at least one client and said at least one Web site being communicatively coupled to each other via the Internet;
  
  wherein a number of users registered with said Web service providers through said at least one client, each of the users having a single set of privacy preferences;
  
  wherein when a user signs up a Web service provider (WSP) via a browser without P3P private preferences, said WSP returns a set of default privacy preferences to said browser;
  
  wherein the user modifies the default privacy preferences;
  
  wherein said WSP returns the modified privacy preferences to said browser as HTTP response; and
  
  wherein said browser updates with the modified privacy preferences.
- View Dependent Claims (13)
- - 13. The apparatus of claim 12, wherein the user modifies said default privacy preferences by any of:
    - using a P3P preference editor to edit his privacy preferences and importing the edited privacy preferences into his preferred browser; and
      
      changing said privacy preferences through permission prompts created by any Web site he visited.

14. An apparatus for propagating a user'"'"'s privacy preferences from a Web browser to Web services, comprising:
- at least one Web site;
  
  at least one client, said at least one client and said at least one Web site being communicatively coupled to each other via the Internet;
  
  wherein a number of users registered with said Web service providers through said at least one client, each of the users having a single set of privacy preferences;
  
  wherein when a user signs up a Web service provider (WSP) via a browser with P3P private preferences, said privacy preferences are copied to said WSP;
  
  wherein said browser records the URL of each Web site which receives a copy of said privacy preferences;
  
  wherein when said privacy preferences are modified in said browser, said browser propagates the modified privacy preferences to each Web site whose URL is recorded in said browser.
- View Dependent Claims (15)
- - 15. The apparatus of claim 14, wherein the user can modify his privacy preferences by using a P3P preference editor and import the modified privacy preferences into said browser.

16. An apparatus for enforcing a user'"'"'s privacy preferences at Web services based on a service requester'"'"'s P3P policies, comprising:
- at least two Web sites;
  
  at least one client, said at least one client and said at least two Web sites being communicatively coupled to each other via the Internet;
  
  wherein a number of users registered with said Web service providers through said at least one client, each of the users having a single set of privacy preferences;
  
  wherein when a user accesses a Web service consumer site (WSC) which in turn sends a service request to a Web service provider (WSP), said WSP classifies the user'"'"'s data in terms of P3P categories;
  
  wherein said WSP updates its cache of said WSC'"'"'s P3P policies when necessary;
  
  wherein said WSP identifies said WSC'"'"'s P3P policies based on the data included in the service request and evaluates the user'"'"'s preferences against said WSC'"'"'s P3P policies;
  
  wherein if said WSC'"'"'s P3P policies exclude the user'"'"'s privacy preferences, then said WSP prompts the user directly or indirectly via said WSC for permission and sends the user'"'"'s preference changes back to said browser via HTTP response header for the user'"'"'s response.
- View Dependent Claims (17, 18, 19)
- - 17. The apparatus of claim 16, wherein the service request comprises:
    - the URL of said WSC'"'"'s P3P policies and/or reference file;
      
      a timestamp of said WSC'"'"'s last modification on its P3P policies and/or reference file; and
      
      the URL that the user used to access said WSC.
  - 18. The apparatus of claim 16, wherein WSP evaluates the user'"'"'s preferences against said WSC'"'"'s P3P policies by:
    - identifying the set of data fields that said WSC is trying to access;
      
      identifying the corresponding set of P3P categories using data-to-P3P category mapping; and
      
      executing a preference evaluation algorithm by taking input parameters.
  - 19. The method of claim 18, wherein said input parameters comprise:
    - said WSC'"'"'s P3P policies used at the URL that the user used to access said WSC; and
      
      the set of P3P categories that said WSC tries to access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
AOL LLC (Apollo Global Management, Inc.)
Inventors
Minjarez, Frank, Feng, An

Granted Patent

US 7,305,432 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/203
CPC Class Codes

H04L 63/102   Entity profiles

H04L 67/02   based on web technology, e....

H04L 67/306   User profiles

H04L 69/329   in the application layer [O...

Privacy preferences roaming and enforcement

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy preferences roaming and enforcement

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links