Method and system for protecting internet users' privacy by evaluating web site platform for privacy preferences policy
First Claim
1. In a client computer, a method comprising:
- receiving a response to a client request for content of a remote server, the response including data directed to a requested operation on a cookie;
determining that standardized policy data is present with the response in the form of a set of at least one valid token;
evaluating the standardized policy data against criteria available to the client to provide a privacy result by processing the set, including;
a) selecting a valid token from the set as selected token;
b) obtaining an obtained result corresponding to the selected token;
c) determining whether the obtained result denies the requested operation, i) and if so, setting the privacy result so as to deny the requested operation and continuing to step e);
ii) and if not, determining whether the obtained result for the selected token provides more privacy than a current most private result, and if so, setting the current most private result to the obtained result;
d) returning to step a) until no other token in the set remains to be processed, and when no other token remains, selecting the current most private result as the privacy result; and
e) returning the privacy result; and
controlling the requested operation on the cookie based on the privacy result.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method that evaluates privacy policies from web sites to determine whether each site is permitted to perform operations (e.g., store, retrieve or delete) directed to cookies on a user'"'"'s computer. Various properties of each cookie and the context in which it is being used are evaluated against a user'"'"'s privacy preference settings to make the determination. An evaluation engine accomplishes the evaluation and determination via a number of criteria and considerations, including the cookie properties, its current context, the site, the zone that contains the site, and any P3P data (compact policy) provided with the site'"'"'s response. The user privacy preferences are evaluated against these criteria to determine whether a requested cookie operation is allowed, denied or modified. A formalized distinction between first-party cookies versus third-party cookies may be used in the determination, along with whether the cookie is a persistent cookie or a session cookie.
-
Citations
14 Claims
-
1. In a client computer, a method comprising:
-
receiving a response to a client request for content of a remote server, the response including data directed to a requested operation on a cookie;
determining that standardized policy data is present with the response in the form of a set of at least one valid token;
evaluating the standardized policy data against criteria available to the client to provide a privacy result by processing the set, including;
a) selecting a valid token from the set as selected token;
b) obtaining an obtained result corresponding to the selected token;
c) determining whether the obtained result denies the requested operation, i) and if so, setting the privacy result so as to deny the requested operation and continuing to step e);
ii) and if not, determining whether the obtained result for the selected token provides more privacy than a current most private result, and if so, setting the current most private result to the obtained result;
d) returning to step a) until no other token in the set remains to be processed, and when no other token remains, selecting the current most private result as the privacy result; and
e) returning the privacy result; and
controlling the requested operation on the cookie based on the privacy result. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
Specification