User-centric consent management system and method

US 7,076,558 B1
Filed: 02/27/2002
Issued: 07/11/2006
Est. Priority Date: 02/27/2002
Status: Active Grant

First Claim

Patent Images

1. A method of managing access by a client to user-specific information maintained in connection with a plurality of services, the method comprising:

maintaining a plurality of items of user-specific information in more than one of a plurality of services offered by a web-services provider and used by a user of said plurality of services;

obtaining a plurality of client access requests directed to accessing the plurality of items of user-specific information maintained in the more than one of the plurality of services, said plurality of access requests being translated from a task request that requires the client to access the plurality of items of user-specific information in order to complete the task request; and

for each of the plurality of items of user-specific information required by the client to complete the task request;

determining if the client has consent to access the items of user-specific information required by the client to complete the task request;

selectively obtaining consent, from a party having authority to grant access to the client for the client to access the item of user-specific information if the client lacks consent as a function of said determining;

filling the client access request directed to the item if the client has consent to access the item of user-specific information;

initiating the task request requiring the client to access the item of user-specific information in order to complete the task request;

translating the task request into the plurality of client access requests to complete the task request wherein selectively obtaining consent for the client to access the item of user-specific information comprises;

identifying the task request;

placing the identified task request in a task queue;

identifying the party with authority to grant consent to the client to access the item of user-specific information for which the client lacked consent to access; and

displaying a consent menu to the identified party with authority, said consent menu prompting the identified party to grant or deny consent for the client to access the item of user-specific information for which the client lacked consent to access.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a network computing environment, a user-centric system and method for controlling access to user-specific information maintained in association with a web-services service. When a web-services client desires access to the user-specific information, the client sends a request. The request identifies the reasons/intentions for accessing the desired information. The request is compared to the user'"'"'s existing access permissions. If there is no existing access permission, the request is compared to the user'"'"'s default preferences. If the default preferences permit the requested access, an access rule is created dynamically and the client'"'"'s request is filled, without interrupting the user. If the default preferences do not permit the request to be filled, a consent user interface may be invoked. The consent user interface presents one or more consent options to a party with authority to grant consent, thereby permitting the user to control whether the client'"'"'s access will be filled.

Citations

36 Claims

1. A method of managing access by a client to user-specific information maintained in connection with a plurality of services, the method comprising:
- maintaining a plurality of items of user-specific information in more than one of a plurality of services offered by a web-services provider and used by a user of said plurality of services;
  
  obtaining a plurality of client access requests directed to accessing the plurality of items of user-specific information maintained in the more than one of the plurality of services, said plurality of access requests being translated from a task request that requires the client to access the plurality of items of user-specific information in order to complete the task request; and
  
  for each of the plurality of items of user-specific information required by the client to complete the task request;
  
  determining if the client has consent to access the items of user-specific information required by the client to complete the task request;
  
  selectively obtaining consent, from a party having authority to grant access to the client for the client to access the item of user-specific information if the client lacks consent as a function of said determining;
  
  filling the client access request directed to the item if the client has consent to access the item of user-specific information;
  
  initiating the task request requiring the client to access the item of user-specific information in order to complete the task request;
  
  translating the task request into the plurality of client access requests to complete the task request wherein selectively obtaining consent for the client to access the item of user-specific information comprises;
  
  identifying the task request;
  
  placing the identified task request in a task queue;
  
  identifying the party with authority to grant consent to the client to access the item of user-specific information for which the client lacked consent to access; and
  
  displaying a consent menu to the identified party with authority, said consent menu prompting the identified party to grant or deny consent for the client to access the item of user-specific information for which the client lacked consent to access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1 wherein the identified party with authority to grant consent is the user of the plurality of services offered by the web-services provider and wherein displaying the consent menu to the identified party comprises displaying the consent menu to the user.
  - 3. The method of claim 1 wherein the identified party with authority to grant consent is an owner of the item of user-specific information for which the client lacked consent to access and wherein displaying the consent menu to the identified party comprises displaying the consent menu to the owner.
  - 4. The method of claim 3 wherein the owner is the user of the plurality of services and wherein displaying the consent menu to the identified party comprises displaying the consent menu to the user.
  - 5. The method of claim 1 wherein the user of the plurality of services is a managed user and the identified party with authority to grant consent is a manager of the managed user and wherein displaying the consent menu to the identified party comprises displaying the consent menu to the manager of the managed user.
  - 6. The method of claim 1 wherein displaying the consent menu to the identified party comprises:
    - displaying an indication of the item of user-specific information for which the client lacked consent to access;
      
      displaying an identity of the client; and
      
      displaying an intended use of the client of the item of user-specific information for which the client lacked consent to access.
  - 7. The method of claim 6 wherein displaying a consent menu to the identified party further comprises displaying a method of access requested by the client to complete the initiated task request.
  - 8. The method of claim 6 wherein displaying a consent menu to the identified party further comprises displaying an indication of a status of each of the plurality of client access requests translated from the task request.
  - 9. The method of claim 8 wherein displaying an indication of the status of each of the plurality of client access requests comprises displaying an indication of whether the client has consent from the identified party to access the plurality of items of user-specific information in the more than one of the plurality of services.
  - 10. The method of claim 1 wherein identifying the task request comprises:
    - identifying the plurality of client access requests to complete the task request; and
      
      identifying the item of user-specific information for which the client lacked consent to access.
  - 11. The method of claim 1 further comprising:
    - providing a consent acceptance message being indicative of whether the identified party granted consent for the client to access the item of user-specific information for which the client lacked consent; and
      
      updating an access control list associated with the item of user-specific information for which the client lacked consent if the consent acceptance message indicates that the identified party granted consent, whereby upon updating said access control list, the client has consent to access the item of user-specific information.
  - 12. The method of claim 11 further comprising removing the identified task from the task queue if the consent acceptance message indicates that the identified party granted consent.
  - 13. The method of claim 11 further comprising transmitting a consent success message to the client, said consent success message being indicative of whether the identified party granted consent for the client to access the item of user-specific information for which the client lacked consent.
  - 14. The method of claim 11 wherein updating the access control list further comprises setting a time limit in which the client has consent to access the item of user-specific information.
  - 15. The method of claim 1 wherein displaying the consent menu to the identified party further comprises displaying an invitation to allow the client to enjoy a one-time only access to the item of user-specific information for which the client lacked consent.
  - 16. The method of claim 1 wherein selectively obtaining consent for the client to access the item of user-specific information further comprises sending an alert message to the party with authority to grant consent, said alert message alerting the party with authority to grant consent that the client seeks access to the item of user-specific information for which the client lacked consent.
  - 17. The method of claim 1 further comprising:
    - providing a consent acceptance message being indicative of whether the identified party granted consent for the client to access the item of user-specific information for which the client lacked consent;
      
      granting consent to allow the client to access the item of user-specific information if the consent acceptance message indicates that the identified party granted consent.
  - 18. The method of claim 1, wherein one or more computer-readable media have computer-executable instructions for performing the method recited in claim 1.

19. A task-based method of managing consent transactions in a network computing environment, said network computing environment including a web-services provider providing a first service and a second service, a user of the first service and the second service, and a client of the web-services provider, the method comprising:
- maintaining a first data store of user-specific information in connection with the first service;
  
  maintaining a second data store of user-specific information in connection with the second service;
  
  obtaining a first access request from the client and directed to the first service, said first access request indicating a first item of user-specific information maintained in the first data store to which the client seeks access in order to complete a task request;
  
  obtaining a second access request from the client and directed to the second service, said second access request indicating a second item of user-specific information maintained in the second data store to which the client seeks access in order to complete the task request;
  
  determining if the client has consent to access the first item of user-specific information and separately determining if the client has consent to access the second item of user-specific information;
  
  selectively obtaining consent if consent does not currently exist to allow the client to access the first item of user-specific information as a function of said determining, wherein selectively obtaining consent includes;
  
  identifying a party with authority to grant consent to the client to access the first item of user-specific information; and
  
  displaying a consent menu to the identified party with authority, said consent menu prompting the identified party to grant or deny consent to the client to access the first item of user-specific information.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method of claim 19 further comprising:
    - initiating a task request from the user that requires the client to access the first item of user-specific information and the second item of user-specific information; and
      
      translating the task request into the first access request and the second access request.
  - 21. The method of claim 19 wherein selectively obtaining consent further includes:
    - identifying the task request;
      
      retrieving a task manifest corresponding to the task request, said task manifest identifying the first and second items of user-specific information; and
      
      preparing an entry for display on the consent menu based on the task manifest.
  - 22. The method of claim 19 further comprising filling the second access request only if the client has consent to access both the first item of user-specific information and the second item of user-specific information.
  - 23. The method of claim 19, wherein one or more computer-readable media have computer-executable instructions for performing the method recited in claim 19.

24. A method of managing consent transactions in a network computing environment, said network computing environment including a web-services provider providing a plurality of services, a user of the plurality of services, said web-services provider maintaining user-specific information associated with the user in connection with the plurality of services, and a client of the web-services provider, said user initiating a task request with the client, said client directing a plurality of access requests to the plurality of services in order to complete the task request, the method comprising:
- selectively obtaining consent if the client lacks consent required to complete one or more of the plurality of access requests, wherein, for each of the one or more of the plurality of access requests, said obtaining consent includes;
  
  identifying a party with authority to grant consent to allow the client to complete the access request; and
  
  initiating a consent request transaction with the identified party with authority to grant consent, said consent request transaction inviting the party with authority to grant consent to allow the client to complete the access request.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. The method of claim 24 wherein initiating a consent request transaction further comprises displaying a consent menu to the identified party with authority to grant consent, said consent menu prompting the identified party to grant or deny consent for the client to complete the access request.
  - 26. The method of claim 25 wherein the identified party with authority to grant consent is the user of the plurality of services and wherein displaying the consent menu to said identified party comprises displaying the consent menu to the user.
  - 27. The method of claim 25 wherein the identified party with authority to grant consent is an owner of the user-specific information associated with the user and wherein displaying the consent menu to said identified party comprises displaying the consent menu to the owner.
  - 28. The method of claim 25 wherein the user of the plurality of services is a managed user and the identified party with authority to grant consent is a manager of the managed user and wherein displaying the consent menu to said identified party comprises displaying the consent menu to the manager of the managed user.
  - 29. The method of claim 25 wherein prompting the identified party to grant or deny consent for the client to complete the access request comprises providing a one-time only consent option whereby when said identified party selects the one-time only consent option the client is allowed to complete the access request only for completing the task request.
  - 30. The method of claim 24 wherein initiating the consent transaction with the party with authority to grant consent further comprises sending an alert message to said party with authority, said alert message alerting said party that the client is seeking access to the user-specific information.
  - 31. The method of claim 24, wherein one or more computer-readable media have computer-executable instructions for performing the method recited in claim 24.

32. A method of controlling access to user-specific information for use in connection with a network computing environment including a web-services provider, a user of a service provided by the web-services provider, and a client of the web-services provider, said web-services provider maintaining a data store of user-specific information associated with the user in connection with the service, and said client seeking access to one or more of a plurality of items of user-specific information in the data store and transmitting an access request message directed to the service and indicating the one or more of the plurality of items of user-specific information in the data store to which the client seeks access the method comprising, for each of the one or more of the plurality of items:
- comparing the access request message to an access control list associated with the service, said access control list identifying whether the client has permission to access the item of user-specific information;
  
  placing the access request in a pending request queue;
  
  transmitting a service response message to the client, said service response message indicating a fault if the access control list identifies that the client does not have permission to access the item of user-specific information and said service response message indicating a success if the access control list identifies that the client has permission to access the item of user-specific information;
  
  selectively obtaining consent, from a party having authority to grant consent to the client, for the client to access the item of user-specific information if the service response message received by the client indicates a fault; and
  
  filling the access request if the access control list authorizes the client to access the item of user-specific information in the data store and removing the access request from the pending request queue wherein selectively obtaining consent further includes;
  
  identifying a party with authority to grant permission to the client to access the item of user-specific information; and
  
  displaying a consent menu to the identified party with authority to grant permission, said consent menu prompting the identified party to grant or deny permission for the client to access the item of user-specific information.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The method of claim 32 wherein the identified party is the user of the service and wherein displaying a consent menu to the identified party comprises displaying the consent menu to the user.
  - 34. The method of claim 32 wherein the identified party is an owner of the item of user-specific information and wherein displaying the consent menu to the identified party comprises displaying the consent menu to the owner.
  - 35. The method of claim 32 wherein the user is a managed user and the identified party is a manager of the managed user and wherein displaying the consent menu to the identified party comprises displaying the consent menu to the manager of the managed user.
  - 36. The method of claim 32, wherein one or more computer-readable media have computer-executable instructions for performing the method recited in claim 32.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dunn, Melissa W.
Primary Examiner(s)
Dharia, Rupal
Assistant Examiner(s)
Patel, Chirag R

Application Number

US10/084,778
Time in Patent Office

1,595 Days
Field of Search

709/229, 709/225, 707/9, 715/700, 713/200, 713/4, 713/28
US Class Current

709/229
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

User-centric consent management system and method

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

User-centric consent management system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links