User-centric consent management system and method

US 20070038765A1
Filed: 07/10/2006
Published: 02/15/2007
Est. Priority Date: 02/27/2002
Status: Active Grant

First Claim

Patent Images

1. A method of managing access by a client to user-specific information maintained in connection with a plurality of services offered by a web-services provider and used by a user of said plurality of services, the method comprising:

maintaining a plurality of items user-specific information in more than one of the plurality of services;

obtaining a plurality of client access requests directed to accessing the plurality of items of user-specific information maintained in the more than one of the plurality of services, said plurality of access requests being translated from a task request that requires the client to access the plurality of items of user-specific information in order to complete the task request;

invoking a consent management system if the client lacks consent to access one of the plurality of items of user-specific information required by the client to complete the task request, said consent management system selectively obtaining consent for the client to access the one of the plurality of items of user-specific information for which the client lacked consent to access; and

filling the plurality of client access requests if the client has permission to access each of the plurality of items of user-specific information in the more than one of the plurality of services.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a network computing environment, a user-centric system and method for controlling access to user-specific information maintained in association with a web-services service. When a web-services client desires access to the user-specific information, the client sends a request. The request identifies the reasons/intentions for accessing the desired information. The request is compared to the user'"'"'s existing access permissions. If there is no existing access permission, the request is compared to the user'"'"'s default preferences. If the default preferences permit the requested access, an access rule is created dynamically and the client'"'"'s request is filled, without interrupting the user. If the default preferences do not permit the request to be filled, a consent user interface may be invoked. The consent user interface presents one or more consent options to a party with authority to grant consent, thereby permitting the user to control whether the client'"'"'s access will be filled.

146 Citations

17 Claims

1. A method of managing access by a client to user-specific information maintained in connection with a plurality of services offered by a web-services provider and used by a user of said plurality of services, the method comprising:
- maintaining a plurality of items user-specific information in more than one of the plurality of services;
  
  obtaining a plurality of client access requests directed to accessing the plurality of items of user-specific information maintained in the more than one of the plurality of services, said plurality of access requests being translated from a task request that requires the client to access the plurality of items of user-specific information in order to complete the task request;
  
  invoking a consent management system if the client lacks consent to access one of the plurality of items of user-specific information required by the client to complete the task request, said consent management system selectively obtaining consent for the client to access the one of the plurality of items of user-specific information for which the client lacked consent to access; and
  
  filling the plurality of client access requests if the client has permission to access each of the plurality of items of user-specific information in the more than one of the plurality of services.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 further comprising:
    - initiating the task request requiring the client to access the plurality of items of user-specific information in order to complete the task request; and
      
      translating the task request into the plurality of client access requests to complete the task request.
  - 3. The method of claim 1 for controlling access to user-specific information for use in connection with a network computing environment including the web-services provider, wherein said web-services provider maintains a data store of user-specific information associated with the user in connection with the service, and wherein said client seeks access to an item of user-specific information in the data store and transmits an access request message directed to the service and indicating the item of user-specific information in the data store to which the client seeks access, the method further comprising:
    - comparing the access request message to an access control list associated with the service, said access control list identifying whether the client has permission to access the item of user-specific information;
      
      placing the access request in a pending request queue;
      
      transmitting a service response message to the client, said service response message indicating a fault if the access control list identifies that the client does not have permission to access the item of user-specific information and said service response message indicating a success if the access control list identifies that the client has permission to access the item of user-specific information;
      
      invoking a consent management system if the service response message received by the client indicates a fault; and
      
      filling the access request if the access control list authorizes the client to access the item of user-specific information in the data store and removing the access request from the pending request queue.

4. A system for controlling access to user-specific information in a network computing environment, the system comprising:
- a web-services provider providing a service;
  
  a user of the service, the web-services provider maintaining an item of user-specific information associated with the user in a data store associated with the service;
  
  a client of the web-services provider, said client operatively communicating with the user and seeking access to the item of user-specific information;
  
  an access control list associated with the item of user-specific information, said access control list indicating whether consent exists to allow the client to access the item of user-specific information; and
  
  a consent management system for controlling an update of the access control list, said consent management system initiating a consent transaction with a party having authority to grant consent to update the access control list when the access control list indicates that consent does not exist to allow the client to access the item of user-specific information.
- View Dependent Claims (5, 6, 7, 8, 9, 10)
- - 5. The system of claim 4 wherein the consent management system comprises a consent user interface for displaying a consent menu to the party having authority to update the access control list, said consent menu prompting the identified party to grant or deny consent to allow the client to access the item of user-specific information, whereby if the identified party grants consent the consent management system operatively updates the access control list to indicate that the client has consent to access the item of user-specific information.
  - 6. The system of claim 5 wherein the consent management system further comprises a consent server associated with the consent user interface for determining the party having authority to update the access control list and for operatively updating the access control list if the identified party grants consent to allow the client to access the item of user-specific information.
  - 7. The system of claim 6 wherein the consent menu identifies a plurality of menu entries comprising:
    - an identity of the client;
      
      a method by which the client seeks to access the item of user-specific information; and
      
      a purpose for which the client seeks to access the item of user-specific information.
  - 8. The system of claim 7 wherein the plurality of menu entries further comprises a value proposition associated with the purpose for which the client desires to access the first item of user-specific information.
  - 9. The system of claim 5 wherein the consent menu identifies a plurality of menu entries comprising:
    - an identity of the client;
      
      a method by which the client seeks to access the item of user-specific information; and
      
      a purpose for which the client seeks to access the item of user-specific information.
  - 10. The system of claim 9 wherein the plurality of menu entries further comprises a value proposition associated with the purpose for which the client desires to access the first item of user-specific information.

11. A system for controlling access to user-specific information in a network computing environment, said system comprising:
- a user transmitting a task request;
  
  a web-services provider providing a first service and a second service, said web-services provider maintaining a first of item of user-specific information associated with the user in connection with the first service and a second item of user-specific information associated with the user in connection with the second service, said first and second services requiring consent before allowing access to the first and second items of user-specific information;
  
  a client in digital communication with the user and receiving the task request, said client translating the task request into a first access request and a second access request, said first access request being directed to the first service and seeking access to the first item of user-specific information and said second access request being directed to the second service and seeking access to the second item of user-specific information; and
  
  a consent management system being selectively invoked by the client if the client lacks consent to access the first item of user-specific information, said consent management system identifying a party with authority to grant consent to the client to access the first item of user-specific information and initiating a consent request transaction with the party with authority to grant consent to the client to access the first item of user-specific information, said consent request transaction inviting the party with authority to grant consent to allow the client to access the first item of user-specific information.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The system of claim 11 wherein the consent management system further comprises a consent user interface for displaying a consent menu to the party with authority to grant consent to the client to access the first item of user-specific information.
  - 13. The system of claim 12 wherein the consent management system further comprises a consent server associated with the consent user interface for determining the party having authority to update the access control list and for operatively updating the access control list if the identified party grants consent to allow the client to access the item of user-specific information.
  - 14. The system of claim 13 wherein the consent menu identifies a plurality of menu entries comprising:
    - an identity of the client;
      
      a method by which the client proposes to access the first item of user-specific information; and
      
      a purpose for which the client desires to access the first item of user-specific information.
  - 15. The system of claim 14 wherein the plurality of menu entries further comprises a value proposition associated with the purpose for which the client desires to access the first item of user-specific information.
  - 16. The system of claim 12 wherein the plurality of menu entries further comprises a value proposition associated with the purpose for which the client desires to access the first item of user-specific information.
  - 17. The system of claim 16 wherein the consent menu identifies a plurality of menu entries comprising:
    - an identity of the client;
      
      a method by which the client proposes to access the first item of user-specific information; and
      
      a purpose for which the client desires to access the first item of user-specific information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dunn, Melissa

Granted Patent

US 7,610,391 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

User-centric consent management system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

146 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

User-centric consent management system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

146 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links