Method and system for implementing privacy notice, consent, and preference with a privacy proxy

US 20060095956A1
Filed: 10/28/2004
Published: 05/04/2006
Est. Priority Date: 10/28/2004
Status: Active Grant

First Claim

Patent Images

1. A method for processing data for a privacy policy within a data processing system, the method comprising:

receiving, at a proxy, a first message from a server to a client; and

in response to a determination at the proxy that the first message initiates collection of personally identifiable information from the client by the server, sending a second message from the proxy to the client, wherein the second message requests consent from a user of the client to a privacy policy that concerns management of the personally identifiable information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is presented for processing data for a privacy policy concerning management of personally identifiable information. A proxy intercepts a first message from a server to a client and determines that the first message initiates collection of personally identifiable information from a user of the client. The proxy then sends a second message to the client that requests consent from the user to the privacy policy. If the user provides consent within a third message that is received by the proxy from the client, then the proxy sends the intercepted first message to the client. If the user does not provide consent, then the proxy sends a fourth message to the server that fails the collection of personally identifiable information from the client by the server. The proxy may also obtain user preferences for options concerning management of the personally identifiable information by a data processing system.

62 Citations

View as Search Results

27 Claims

1. A method for processing data for a privacy policy within a data processing system, the method comprising:
- receiving, at a proxy, a first message from a server to a client; and
  
  in response to a determination at the proxy that the first message initiates collection of personally identifiable information from the client by the server, sending a second message from the proxy to the client, wherein the second message requests consent from a user of the client to a privacy policy that concerns management of the personally identifiable information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - in response to receiving at the proxy from the client a third message that indicates consent from the user to the privacy policy, sending the first message from the proxy to the client.
  - 3. The method of claim 1 further comprising:
    - in response to receiving at the proxy from the client a third message that indicates no consent from the user to the privacy policy, sending a fourth message from the proxy to the server that fails the collection of personally identifiable information from the client by the server.
  - 4. The method of claim 1 further comprising:
    - in response to receiving at the proxy a third message that indicates consent from the user to the privacy policy, storing an indication of the,consent from the user in association with an identifier for the user.
  - 5. The method of claim 1 further comprising:
    - in response to receiving the first message at the proxy, determining whether the user has previously provided consent to the privacy policy; and
      
      in response to a determination that the user has previously provided consent to the privacy policy, sending the first message from the proxy to the client.
  - 6. The method of claim 1, wherein the step of determining that the first message initiates collection of personally identifiable information from the client by the server further comprises:
    - scanning the first message for a data element that has been inserted into the first message by the server to signal to the proxy that the first message initiates collection of personally identifiable information from the client by the server.
  - 7. The method of claim 1, wherein the step of determining that the first message initiates collection of personally identifiable information from the client by the server further comprises:
    - scanning the first message for information that is presented to the user by the client to request collection of personally identifiable information by the server.
  - 8. The method of claim 1, wherein the step of determining that the first message initiates collection of personally identifiable information from the client by the server is performed in accordance with a set of configurable rules that contain conditions that are evaluated against the first message.
  - 9. The method of claim 1 further comprising:
    - in response to receiving at the proxy a third message that indicates consent from the user to the privacy policy, obtaining by the proxy user preferences for options concerning management of the personally identifiable information.

10. An apparatus for processing data for a privacy policy, the apparatus comprising:
- means for receiving, at a proxy, a first message from a server to a client; and
  
  means for sending, in response to a determination at the proxy that the first message initiates collection of personally identifiable information from the client by the server, a second message from the proxy to the client, wherein the second message requests consent from a user of the client to a privacy policy that concerns management of the personally identifiable information.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus of claim 10 further comprising:
    - mean for sending, in response to receiving at the proxy from the client a third message that indicates consent from the user to the privacy policy, the first message from the proxy to the client.
  - 12. The apparatus of claim 10 further comprising:
    - means for sending, in response to receiving at the proxy from the client a third message that indicates no consent from the user to the privacy policy, a fourth message from the proxy to the server that fails the collection of personally identifiable information from the client by the server.
  - 13. The apparatus of claim 10 further comprising:
    - means for storing, in response to receiving at the proxy a third message that indicates consent from the user to the privacy policy, an indication of the consent from the user in association with an identifier for the user.
  - 14. The apparatus of claim 10 further comprising:
    - means for determining, in response to receiving the first message at the proxy, whether the user has previously provided consent to the privacy policy; and
      
      means for sending, in response to a determination that the user has previously provided consent to the privacy policy, the first message from the proxy to the client.
  - 15. The apparatus of claim 10, wherein a means for determining that the first message initiates collection of personally identifiable information from the client by the server further comprises:
    - means for scanning the first message for a data element that has been inserted into the first message by the server to signal to the proxy that the first message initiates collection of personally identifiable information from the client by the server.
  - 16. The apparatus of claim 10, wherein a means for determining that the first message initiates collection of personally identifiable information from the client by the server further comprises:
    - means for scanning the first message for information that is presented to the user by the client to request collection of personally identifiable information by the server.
  - 17. The apparatus of claim 10, wherein a means for determining that the first message initiates collection of personally identifiable information from the client by the server is operated in accordance with a set of configurable rules that contain conditions that are evaluated against the first message.
  - 18. The apparatus of claim 10 further comprising:
    - means for obtaining by the proxy, in response to receiving at the proxy a third message that indicates consent from the user to the privacy policy, user preferences for options concerning management of the personally identifiable information.

19. A computer program product on a computer readable medium for processing data for a privacy policy in a data processing system, the computer program product comprising:
- means for receiving, at a proxy, a first message from a server to a client; and
  
  means for sending, in response to a determination at the proxy that the first message initiates collection of personally identifiable information from the client by the server, a second message from the proxy to the client, wherein the second message requests consent from a user of the client to a privacy policy that concerns management of the personally identifiable information.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The computer program product of claim 19 further comprising:
    - mean for sending, in response to receiving at the proxy from the client a third message that indicates consent from the user to the privacy policy, the first message from the proxy to the client.
  - 21. The computer program product of claim 19 further comprising:
    - means for sending, in response to receiving at the proxy from the client a third message that indicates no consent from the user to the privacy policy, a fourth message from the proxy to the server that fails the collection of personally identifiable information from the client by the server.
  - 22. The computer program product of claim 19 further comprising:
    - means for storing, in response to receiving at the proxy a third message that indicates consent from the user to the privacy policy, an indication of the consent from the user in association with an identifier for the user.
  - 23. The computer program product of claim 19 further comprising:
    - means for determining, in response to receiving the first message at the proxy, whether the user has previously provided consent to the privacy policy; and
      
      means for sending, in response to a determination that the user has previously provided consent to the privacy policy, the first message from the proxy to the client.
  - 24. The computer program product of claim 19, wherein a means for determining that the first message initiates collection of personally identifiable information from the client by the server further comprises:
    - means for scanning the first message for a data element that has been inserted into the first message by the server to signal to the proxy that the first message initiates collection of personally identifiable information from the client by the server.
  - 25. The computer program product of claim 19, wherein a means for determining that the first message initiates collection of personally identifiable information from the client by the server further comprises:
    - means for scanning the first message for information that is presented to the user by the client to request collection of personally identifiable information by the server.
  - 26. The computer program product of claim 19, wherein a means for determining that the first message initiates collection of personally identifiable information from the client by the server is operated in accordance with a set of configurable rules that contain conditions that are evaluated against the first message.
  - 27. The computer program product of claim 19 further comprising:
    - means for obtaining by the proxy, in response to receiving at the proxy a third message that indicates consent from the user to the privacy policy, user preferences for options concerning management of the personally identifiable information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Muppidi, Sridhar R., Ashley, Paul Anthony, Vandenwauver, Mark

Granted Patent

US 8,464,311 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 67/30   Profiles

H04L 67/306   User profiles

Method and system for implementing privacy notice, consent, and preference with a privacy proxy

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

62 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for implementing privacy notice, consent, and preference with a privacy proxy

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

62 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links