PERSONAL INFORMATION CERTIFICATION AND MANAGEMENT SYSTEM

US 20170193624A1
Filed: 12/30/2015
Published: 07/06/2017
Est. Priority Date: 12/30/2015
Status: Abandoned Application

First Claim

Patent Images

1. A personal information certification and management system, comprising:

a non-transitory memory storing one or more pre-authorized consent configurations that are associated with a customer; and

one or more processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising;

receiving, from a first device through a network, a first privacy policy associated with a website;

associating, in the non-transitory memory system, the first privacy policy with a first certification;

providing, over the network for display on a customer device in response to the determining the customer device has accessed the website, the first certification;

retrieving, from the non-transitory memory, the one or more pre-authorized consent configurations associated with the customer; and

determining pre-authorized consent associated with the website according to the one or more pre-authorized consent configurations using the first certification and, in response, sending the pre-authorized consent through the network to the first device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for providing personal information certification and management includes receiving, from a first device, a first privacy policy associated with a website, associating the first privacy policy with a first certification, and displaying, on a customer device in response to the determining that the customer device has accessed the website, the first certification. One or more pre-authorized consent configurations associated with the customer is retrieved, from a non-transitory memory. Pre-authorized consent associated with the website is determined according to the one or more pre-authorized consent configurations using the first certification. The pre-authorized consent is sent to the first device.

306 Citations

20 Claims

1. A personal information certification and management system, comprising:
- a non-transitory memory storing one or more pre-authorized consent configurations that are associated with a customer; and
  
  one or more processors coupled to the non-transitory memory and configured to read instructions from the non-transitory memory to cause the system to perform operations comprising;
  
  receiving, from a first device through a network, a first privacy policy associated with a website;
  
  associating, in the non-transitory memory system, the first privacy policy with a first certification;
  
  providing, over the network for display on a customer device in response to the determining the customer device has accessed the website, the first certification;
  
  retrieving, from the non-transitory memory, the one or more pre-authorized consent configurations associated with the customer; and
  
  determining pre-authorized consent associated with the website according to the one or more pre-authorized consent configurations using the first certification and, in response, sending the pre-authorized consent through the network to the first device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the one or more processors are configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
    - determining a requirement for explicit consent using a location of the customer device; and
      
      sending an explicit consent request through the network to the customer device.
  - 3. The system of claim 1, wherein the one or more processors are configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
    - receiving, through the network from the first device, a second privacy policy associated with the website;
      
      associating the second privacy policy with a second certification in the non-transitory memory and, in response, determining that the second certification is different from the first certification; and
      
      providing a notification associated with the first and second certifications through the network for display on the customer device.
  - 4. The system of claim 1, wherein the one or more processors are configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
    - retrieving, from the non-transitory memory, a personal information management configuration associated with the website and the customer; and
      
      sending, through the network to the device, the personal information management configuration to configure personal information usage of the personal information associated with the customer.
  - 5. The system of claim 4, wherein the determining pre-authorized consent further includes:
    - selecting a pre-authorized consent configuration from the one or more pre-authorized consent configurations according to the first certification and the personal information management configuration; and
      
      determining pre-authorized consent associated with the first website using the selected pre-authorized consent configuration.
  - 6. The system of claim 4, wherein the one or more processors are configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
    - monitoring personal data collection requests through the network from the first device;
      
      determining a personal data collection violation associated with at least one of the personal data collection requests according to the personal information management configuration; and
      
      providing a notification of the personal data collection violation through the network for display on the customer device.
  - 7. The system of claim 6, wherein the at least one of the personal data collection requests is associated with a personal data collection technology;
    - andwherein the personal data collection violation includes a personal data collection technology violation.
  - 8. The system of claim 1, wherein the one or more processors are configured to read instructions from the non-transitory memory to cause the system to perform operations comprising:
    - auditing personal information practices of the first device to detect a violation of the first certification; and
      
      providing a notification of the violation of the first certification through the network for display on the customer device.

9. A method, comprising:
- accessing, by a customer device through a network, a website associated with a first device;
  
  receiving, by the customer device through the network from a service provider device, a first certification associated with a first privacy policy associated with the website;
  
  providing, by the customer device through the network to the service provider device, one or more pre-authorized consent configurations associated with the customer,wherein the one or more pre-authorized consent configurations are used to determine pre-authorized consent associated with the website using the first certification.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, further comprising:
    - providing, by the customer device through the network to the service provider device, a location of the customer device used to determine a requirement for explicit consent; and
      
      receiving, by the customer device through the network from the service provider device, an explicit consent request through the network.
  - 11. The method of claim 9, further comprising:
    - receiving, by the customer device through the network from the service provider device, a privacy policy certification change notification associated with the first certification and a second certification associated with a second merchant privacy policy associated with the website.
  - 12. The method of claim 9, further comprising:
    - providing, by the customer device to the service provider device, a personal information management configuration associated with the website and the customer,wherein the personal information management configuration is used to configure personal information usage of the personal information associated with the customer by the first device.
  - 13. The method of claim 12, wherein the determining pre-authorized consent further includes:
    - selecting, by the service provider device, a pre-authorized consent configuration from the one or more pre-authorized consent configurations according to the first certification and the personal information management configuration; and
      
      determining, by the service provider device, pre-authorized consent associated with the website using the selected pre-authorized consent configuration.
  - 14. The method of claim 12, further comprising:
    - receiving, by the customer device through the network from the first device, personal data collection requests;
      
      sending, by the customer device through the network to the service provider device, the personal data collection requests; and
      
      receiving, by the customer device through the network from the service provider device, a notification of a personal data collection violation associated with at least one of the personal data collection requests,wherein the notification is determined according to the personal information management configuration.
  - 15. The method of claim 14, wherein the at least one of the personal data collection requests is associated with a personal data collection technology;
    - andwherein the personal data collection violation includes a personal data collection technology violation.

16. A non-transitory computer-readable medium having machine-readable instructions executable to cause a machine to perform operations comprising:
- providing, through a network to a service provider device, a first privacy policy associated with a website,wherein the first privacy policy is associated, in a database, with a first certification;
  
  determining that a customer device associated with a customer is accessing the website;
  
  providing through a network for display on the website on the customer device the first certification; and
  
  receiving, through the network from the service provider device, pre-authorized consent associated with the website and the customer,wherein the pre-authorized consent is determined according to one or more pre-authorized consent configurations retrieved from a database.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory machine-readable medium of claim 16, wherein the operations further comprise:
    - sending an explicit consent request through the network for display on the website on the customer device.
  - 18. The non-transitory machine-readable medium of claim 16, wherein the operations further comprise:
    - sending, through the network to the service provider device, a second privacy policy associated with the website,wherein the second privacy policy is associated with a second certification in the database;
      
      receiving, through a network from the service provider device, a notification associated with the first and second certifications; and
      
      displaying, through the network, the notification on the website on the customer device.
  - 19. The non-transitory machine-readable medium of claim 16, wherein the operations further comprise:
    - receiving, through the network from the service provider device, a personal information management configuration associated with the customer; and
      
      configuring personal information usage of personal information associated with the customer.
  - 20. The non-transitory machine-readable medium of claim 16, wherein the operations further comprise:
    - generating a second privacy policy using a privacy policy generator provided by the service provider device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Inventors
Tsai, John

Application Number

US14/984,830
Publication Number

US 20170193624A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06Q 50/01 Social networking

G06Q 50/265 Personal security, identity...

PERSONAL INFORMATION CERTIFICATION AND MANAGEMENT SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

306 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PERSONAL INFORMATION CERTIFICATION AND MANAGEMENT SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

306 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links