Privacy policy change notification
First Claim
1. A method of establishing permission to use information associated with a user, said method comprising:
- identifying the user in connection with an application, said application requesting to use selected information associated with the user according to a predefined policy;
determining whether permission was previously granted for the application to use the selected information according to the policy;
when permission was not previously granted for the application, seeking permission from the user for the application to use the selected information according to the policy;
when permission was previously granted for the application, determining whether one or more changes have been made to the policy since the permission was previously granted and whether the user should be notified of said changes; and
notifying the user if determined that a change has been made to the policy since the permission was previously granted for the application and that the user is to be notified of said change.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and system for managing consent. Embodiments of the invention identify a user in connection with an application or service that requests to use selected information associated with the user according to a predefined policy. After determining whether the user previously granted permission to use the selected information according to the policy, the invention can notify the user if a change has been made to the policy since the user previously granted permission for the application to use the selected information and obtain re-consent. Other aspects of the invention are directed to computer-readable media for use with authentication, notification, and re-consent.
94 Citations
45 Claims
-
1. A method of establishing permission to use information associated with a user, said method comprising:
-
identifying the user in connection with an application, said application requesting to use selected information associated with the user according to a predefined policy; determining whether permission was previously granted for the application to use the selected information according to the policy; when permission was not previously granted for the application, seeking permission from the user for the application to use the selected information according to the policy; when permission was previously granted for the application, determining whether one or more changes have been made to the policy since the permission was previously granted and whether the user should be notified of said changes; and notifying the user if determined that a change has been made to the policy since the permission was previously granted for the application and that the user is to be notified of said change. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method of managing consent between a client and at least one network server, said client and said network server being coupled to a data communication network, said network server providing one or more services to a user via the client, said client operating a browser configured to permit the user to communicate on the data communication network, said method comprising:
-
identifying the user in connection with the network server, said network server requesting to use selected information associated with the user according to a predefined policy; defining a consent state associated with the identified user, said consent state directly corresponding to a version of the policy for which permission has been granted for the network server to use the selected information; identifying which version of the policy is currently in use for the network server; determining whether the user has requested notification of a change in the policy version wherein the version of the policy corresponding to the consent state is different from the version of the policy currently in use for the network server; and providing a user interface via the browser to notify the user of the change in the policy version in response to determining that the user has requested the notification. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. An authentication system comprising:
-
an authentication server coupled to a data communication network; an authentication database associated with the authentication server, said authentication database storing authentication information for comparison to login information provided by a user for authenticating the user, said authentication database further storing user-specific information identifying the user with respect to one or more services provided by at least one affiliate server coupled to the data communication network, said affiliate server providing the one or more services to the user via a client coupled to the data communication network and requesting to use selected information associated with the user according to a predefined policy; said authentication server being configured to identify which version of the policy is currently in use for the affiliate server, to determine whether user has requested notification of policy version changes, and to provide a user interface for notifying the user when the version of the policy currently in use is different from a policy under which the user previously granted permission for the affiliate server to use the selected information and the user has requested notification of the policy version changes. - View Dependent Claims (39, 40, 41)
-
-
42. One or more computer-readable storage media having computer-executable components for managing consent between a client and at least one network server, said client and said network server being coupled to a data communication network, said network server providing one or more services to a user via the client and requesting to use selected information associated with the user according to a predefined policy, said tangible computer-readable media comprising:
-
an authentication component for authenticating the user and for identifying which version of the policy is currently in use for the network server; a profiling component for determining whether the user previously granted permission for the network server to use the selected information and for retrieving a consent state associated with the user, said consent state directly corresponding to a version of the policy for which the user has previously granted permission for the network server to use the selected information; and a re-consent component for determining whether the user has requested notification of policy version changes and notifying the user according to said request of one or more changes between the version of the policy currently in use for the network server and the version of the policy associated with the consent state and for requesting consent to the changes from the user. - View Dependent Claims (43, 44, 45)
-
Specification