Policy-based automated consent

US 20140337914A1
Filed: 05/08/2013
Published: 11/13/2014
Est. Priority Date: 05/08/2013
Status: Active Grant

First Claim

Patent Images

1. A method of managing granting of consent to access a protected resource, the protected resource associated with a resource owner, comprising:

upon receipt of a request to access a protected resource, the request having a scope and being associated with a client, performing an analysis to identify a characteristic of the client, the analysis being performed using a computing entity having a hardware element;

based on the characteristic of the client and the scope of the request, applying a policy to determine whether the client should receive an automated consent to access the protected resource; and

if based on the policy the client should receive an automated consent, returning given information that the client can use to obtain access to the protected resource without requiring an explicit consent from the resource owner.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for intelligent automated consent is described by which a client may be automatically authorized to access a resource owner'"'"'s protected information (e.g., a profile) based on the owner'"'"'s previous authorization decisions and/or other client classifications. Using this approach to granting consent, the resource owner is not required to intervene during the authorization step for each client that is requesting access. Clients may be categorized, and authorization given to individual clients based on the category to which they belong and/or the scope of the access request. The technique may be implemented with user-centric identity protocols, as well as with delegated authorization protocols. The technique provides for policy-based consent grants.

123 Citations

20 Claims

1. A method of managing granting of consent to access a protected resource, the protected resource associated with a resource owner, comprising:
- upon receipt of a request to access a protected resource, the request having a scope and being associated with a client, performing an analysis to identify a characteristic of the client, the analysis being performed using a computing entity having a hardware element;
  
  based on the characteristic of the client and the scope of the request, applying a policy to determine whether the client should receive an automated consent to access the protected resource; and
  
  if based on the policy the client should receive an automated consent, returning given information that the client can use to obtain access to the protected resource without requiring an explicit consent from the resource owner.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as described in claim 1 wherein the analysis is based on a universal resource identifier (URI) associated with the request.
  - 3. The method as described in claim 1 wherein the characteristic of the client is one of:
    - a client category, a domain tag, an indication that the request has originated from a reputable source, and an indication that the client has a given privacy policy.
  - 4. The method as described in claim 1 wherein if the client should not receive the automated consent to access the protected resource, issuing a prompt to the resource owner to obtain explicit consent.
  - 5. The method as described in claim 4 further including:
    - obtaining a response to the prompt;
      
      upon receipt of a response to the prompt, updating the policy to include a category associated with the client.
  - 6. The method as described in claim 5 further including updating a consent list to include the client.
  - 7. The method as described in claim 1 wherein the given information is an OAuth token.

8. Apparatus, comprising:
- a processor;
  
  computer memory holding computer program instructions that when executed by the processor perform a method of managing granting of consent to access a protected resource, the protected resource associated with a resource owner, the method comprising;
  
  upon receipt of a request to access a protected resource, the request having a scope and being associated with a client, performing an analysis to identify a characteristic of the client;
  
  based on the characteristic of the client and the scope of the request, applying a policy to determine whether the client should receive an automated consent to access the protected resource; and
  
  if based on the policy the client should receive an automated consent, returning given information that the client can use to obtain access to the protected resource without requiring an explicit consent from the resource owner.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus as described in claim 8 wherein the analysis is based on a universal resource identifier (URI) associated with the request.
  - 10. The apparatus as described in claim 8 wherein the characteristic of the client is one of:
    - a client category, a domain tag, an indication that the request has originated from a reputable source, and an indication that the client has a given privacy policy.
  - 11. The apparatus as described in claim 8 wherein the method further includes issuing a prompt to the resource owner to obtain explicit consent if the client should not receive the automated consent to access the protected resource.
  - 12. The apparatus as described in claim 11 wherein the method further includes:
    - obtaining a response to the prompt;
      
      upon receipt of a response to the prompt, updating the policy to include a category associated with the client.
  - 13. The apparatus as described in claim 12 wherein the method further includes updating a consent list to include the client.
  - 14. The apparatus as described in claim 8 wherein the given information is an OAuth token.

15. A computer program product in a non-transitory computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method of managing granting of consent to access a protected resource, the protected resource associated with a resource owner, the method comprising:
- upon receipt of a request to access a protected resource, the request having a scope and being associated with a client, performing an analysis to identify a characteristic of the client;
  
  based on the characteristic of the client and the scope of the request, applying a policy to determine whether the client should receive an automated consent to access the protected resource; and
  
  if based on the policy the client should receive an automated consent, returning given information that the client can use to obtain access to the protected resource without requiring an explicit consent from the resource owner.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product as described in claim 15 wherein the analysis is based on a universal resource identifier (URI) associated with the request.
  - 17. The computer program product as described in claim 15 wherein the characteristic of the client is one of:
    - a client category, a domain tag, an indication that the request has originated from a reputable source, and an indication that the client has a given privacy policy.
  - 18. The computer program product as described in claim 15 wherein the method further includes issuing a prompt to the resource owner to obtain explicit consent if the client should not receive the automated consent to access the protected resource.
  - 19. The computer program product as described in claim 18 wherein the method further includes:
    - obtaining a response to the prompt;
      
      upon receipt of a response to the prompt, updating the policy to include a category associated with the client.
  - 20. The computer program product as described in claim 19 wherein the method further includes updating a consent list to include the client site.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
HCL Technologies Limited
Original Assignee
International Business Machines Corporation
Inventors
Canning, Simon Gilbert, Weeden, Shane Bradley, Pranam, Codur Sreedhar

Granted Patent

US 9,264,436 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

Policy-based automated consent

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

123 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Policy-based automated consent

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links