Privacy policy change notification

US 7,269,853 B1
Filed: 07/23/2003
Issued: 09/11/2007
Est. Priority Date: 07/23/2003
Status: Active Grant

First Claim

Patent Images

1. A method of establishing permission to use information associated with a user, said method comprising:

identifying the user in connection with an application, said application requesting to use selected information associated with the user according to a predefined policy;

determining whether permission was previously granted for the application to use the selected information according to the policy;

when permission was not previously granted for the application, seeking permission from the user for the application to use the selected information according to the policy;

when permission was previously granted for the application, determining whether one or more changes have been made to the policy since the permission was previously granted and whether the user should be notified of said changes; and

notifying the user if determined that a change has been made to the policy since the permission was previously granted for the application and that the user is to be notified of said change.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and system for managing consent. Embodiments of the invention identify a user in connection with an application or service that requests to use selected information associated with the user according to a predefined policy. After determining whether the user previously granted permission to use the selected information according to the policy, the invention can notify the user if a change has been made to the policy since the user previously granted permission for the application to use the selected information and obtain re-consent. Other aspects of the invention are directed to computer-readable media for use with authentication, notification, and re-consent.

94 Citations

View as Search Results

45 Claims

1. A method of establishing permission to use information associated with a user, said method comprising:
- identifying the user in connection with an application, said application requesting to use selected information associated with the user according to a predefined policy;
  
  determining whether permission was previously granted for the application to use the selected information according to the policy;
  
  when permission was not previously granted for the application, seeking permission from the user for the application to use the selected information according to the policy;
  
  when permission was previously granted for the application, determining whether one or more changes have been made to the policy since the permission was previously granted and whether the user should be notified of said changes; and
  
  notifying the user if determined that a change has been made to the policy since the permission was previously granted for the application and that the user is to be notified of said change.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1, wherein notifying the user comprises providing a user interface to inform the user of the change to the policy since the permission was previously granted for the application to use the selected information.
  - 3. The method of claim 1, further comprising requesting consent to the change via the user interface.
  - 4. The method of claim 3, further comprising denying use of the selected information by the application until consent to the change is granted in response to the user interface.
  - 5. The method of claim 3, further comprising denying use of the selected information by the application if consent to the change is denied in response to the user interface.
  - 6. The method of claim 3, wherein the identified user is associated with a managed account and wherein requesting consent to the change comprises requesting consent to the change from a manager of the account.
  - 7. The method of claim 1, further comprising defining a consent state associated with the user, said consent state directly corresponding to a version of the policy for which the user has granted permission to the application to use the selected information.
  - 8. The method of claim 7, further comprising maintaining a user profile associated with the user and storing the consent state in user profile.
  - 9. The method of claim 7, further comprising identifying which version of the policy is currently in use for the application and determining when the version of the policy corresponding to the consent state is different from the version of the policy currently in use for the application.
  - 10. The method of claim 9, wherein notifying the user of the change to the policy is responsive to determining when the version of the policy corresponding to the consent state is different from the version of the policy currently in use for the application.
  - 11. The method of claim 7, wherein identifying the user comprises receiving login information from the user and authenticating the user based on the received login information.
  - 12. The method of claim 10, wherein authenticating the user comprises associating a unique identifier with the user.
  - 13. The method of claim 12, further comprising associating the unique identifier for the user to the consent state associated with the user.
  - 14. The method of claim 1, further comprising storing information representative of which version of the policy is current.
  - 15. The method of claim 1, further comprising storing content of the change to the policy relative to a version of the policy.
  - 16. The method of claim 1, further comprising maintaining a notification store containing information representative of one or more of the following:
    - a grace period for granting consent to the change to the policy;
      
      content of the change to the policy relative to a version of the policy; and
      
      a current version number of the policy.
  - 17. The method of claim 1, wherein the application comprises a web service provided to the user via a client by one or more network servers, said client and network servers being coupled to a data communication network.
  - 18. The method of claim 17, further comprising managing use of the selected information as a function of whether the user has a relationship with another web service.
  - 19. The method of claim 17, further comprising storing, in a central database, a user profile containing the information associated with the user, said central database being associated with a central server coupled to the data communication network.
  - 20. The method of claim 17, wherein the client operates a browser configured to permit the user to communicate on the data communication network, and wherein notifying the user comprises providing a user interface via the browser to inform the user of the change to the policy and to request re-consent.
  - 21. The method of claim 17 wherein the network servers are web servers and the data communication network is the Internet.
  - 22. One or more computer-readable storage media have computer-executable instructions for performing the method of claim 1.

23. A method of managing consent between a client and at least one network server, said client and said network server being coupled to a data communication network, said network server providing one or more services to a user via the client, said client operating a browser configured to permit the user to communicate on the data communication network, said method comprising:
- identifying the user in connection with the network server, said network server requesting to use selected information associated with the user according to a predefined policy;
  
  defining a consent state associated with the identified user, said consent state directly corresponding to a version of the policy for which permission has been granted for the network server to use the selected information;
  
  identifying which version of the policy is currently in use for the network server;
  
  determining whether the user has requested notification of a change in the policy version wherein the version of the policy corresponding to the consent state is different from the version of the policy currently in use for the network server; and
  
  providing a user interface via the browser to notify the user of the change in the policy version in response to determining that the user has requested the notification.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 24. The method of claim 23, wherein the user interface is provided by a central server also coupled to the data communication network.
  - 25. The method of claim 23, further comprising notifying the user of one or more differences between the version of the policy corresponding to the consent state and the version of the policy currently in use for the network server.
  - 26. The method of claim 23, further comprising requesting consent to the version of the policy currently in use for the network server via the user interface.
  - 27. The method of claim 26, further comprising denying use of the selected information by the network server until the consent is granted in response to the user interface.
  - 28. The method of claim 26, further comprising denying use of the selected information by the network server if the consent is denied in response to the user interface.
  - 29. The method of claim 26, wherein the identified user is associated with a managed account and wherein requesting consent to the version of the policy currently in use comprises requesting consent from a manager of the account.
  - 30. The method of claim 23, further comprising maintaining a user profile associated with the user and storing the consent state in user profile.
  - 31. The method of claim 23, further comprising storing content of a change to the policy corresponding to the consent state relative to the version of the policy currently in use for the network server.
  - 32. The method of claim 23, further comprising maintaining a notification store containing information representative of one or more of the following:
    - a grace period for granting consent to the change to the policy;
      
      content of a change to the policy relative to a later version of the policy; and
      
      a current version number of the policy.
  - 33. The method of claim 23, further comprising managing use of the selected information as a function of whether the user has a relationship with another service.
  - 34. The method of claim 23, further comprising storing, in a central database, a user profile containing the information associated with the user, said central database being associated with a central server coupled to the data communication network.
  - 35. The method of claim 34 wherein the central server is an authentication server of a multi-site user authentication system and the network servers are affiliated with the authentication server, said authentication server receiving requests to authenticate the user when the user requests the web service to be provided by one or more of the affiliated network servers.
  - 36. The method of claim 23, wherein the network servers are web servers and the data communication network is the Internet.
  - 37. One or more computer-readable storage media have computer-executable instructions for performing the method of claim 23.

38. An authentication system comprising:
- an authentication server coupled to a data communication network;
  
  an authentication database associated with the authentication server, said authentication database storing authentication information for comparison to login information provided by a user for authenticating the user, said authentication database further storing user-specific information identifying the user with respect to one or more services provided by at least one affiliate server coupled to the data communication network, said affiliate server providing the one or more services to the user via a client coupled to the data communication network and requesting to use selected information associated with the user according to a predefined policy;
  
  said authentication server being configured to identify which version of the policy is currently in use for the affiliate server, to determine whether user has requested notification of policy version changes, and to provide a user interface for notifying the user when the version of the policy currently in use is different from a policy under which the user previously granted permission for the affiliate server to use the selected information and the user has requested notification of the policy version changes.
- View Dependent Claims (39, 40, 41)
- - 39. The system of claim 38, further comprising a notification store containing information representative of one or more of the following:
    - a grace period for the user to consent to the change to the policy;
      
      content of a change to the policy relative to a later version of the policy; and
      
      a current version number of the policy.
  - 40. The system of claim 38, wherein the user interface provided by the authentication server further displays a user-selectable option for requesting consent from the user for the version of the policy currently in use for the affiliate server.
  - 41. The system of claim 38, wherein the affiliate server is a web server and the data communication network is the Internet.

42. One or more computer-readable storage media having computer-executable components for managing consent between a client and at least one network server, said client and said network server being coupled to a data communication network, said network server providing one or more services to a user via the client and requesting to use selected information associated with the user according to a predefined policy, said tangible computer-readable media comprising:
- an authentication component for authenticating the user and for identifying which version of the policy is currently in use for the network server;
  
  a profiling component for determining whether the user previously granted permission for the network server to use the selected information and for retrieving a consent state associated with the user, said consent state directly corresponding to a version of the policy for which the user has previously granted permission for the network server to use the selected information; and
  
  a re-consent component for determining whether the user has requested notification of policy version changes and notifying the user according to said request of one or more changes between the version of the policy currently in use for the network server and the version of the policy associated with the consent state and for requesting consent to the changes from the user.
- View Dependent Claims (43, 44, 45)
- - 43. The computer-readable storage media of claim 42, further comprising a user profile store containing information associated with the user and wherein the central server is responsive to the profiling component for retrieving the consent state associated with the user from the user profile store.
  - 44. The computer-readable storage media of claim 42, wherein the re-consent component comprises an interface component for providing a user interface to the user via the client.
  - 45. The computer-readable storage media of claim 42, further comprising a notification store containing information representative of one or more of the following:
    - a grace period for the user to consent to the change to the policy;
      
      content of the change to the policy relative to a version of the policy; and
      
      a current version number of the policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dunn, Melissa W.
Primary Examiner(s)
SMITHERS, MATTHEW

Application Number

US10/625,884
Time in Patent Office

1,511 Days
Field of Search

726/17, 726/21, 726/28, 726/29, 726/30
US Class Current

726/27
CPC Class Codes

H04L 61/4547 for personal communications...

H04L 63/102 Entity profiles

Privacy policy change notification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Privacy policy change notification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links