Profile and consent accrual

US 7,590,705 B2
Filed: 02/23/2004
Issued: 09/15/2009
Est. Priority Date: 02/23/2004
Status: Active Grant

First Claim

Patent Images

1. A method of managing consent between a client and a network server, said client and said network server being coupled to a data communication network, said network server providing a service to a user via the client, said client operating a browser configured to permit the user to communicate on the data communication network, said method comprising:

maintaining a user profile associated with the user;

receiving a request from the service provided by the network server for user information associated with the user and for consent to use the requested user information;

determining, in response to the request for consent, if the requested user information is not included in the user profile;

in response to the determining, providing a user interface via the browser to collect the requested user information that is not included in the user profile from the user wherein the user interface displays a user-selectable option for viewing intention information associated with the requested user information, said intention information describing how the requested user information will be used by the service;

receiving the user information provided by the user via the user interface;

updating the user profile with the received user information; and

allowing access by the service to the received user information in the updated user profile whereby the user profile is updated with user information which is not included in the user profile when the request is received from the service so that the requested user information is accessible to the service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Consent management between a client and a network server. In response to a request for consent, a central server determines if requested user information is included in a user profile associated with a user and if the user has granted consent to share the requested user information. A user interface is provided to the user via a browser of the client to collect the requested user information that is not included in the user profile and the consent to share the requested user information from the user. After receiving the user information provided by the user via the user interface, the service provided by the network server is allowed access to the received user information, and the central server updates the user profile. Other aspects of the invention are directed to computer-readable media for use with profile and consent accrual.

330 Citations

35 Claims

1. A method of managing consent between a client and a network server, said client and said network server being coupled to a data communication network, said network server providing a service to a user via the client, said client operating a browser configured to permit the user to communicate on the data communication network, said method comprising:
- maintaining a user profile associated with the user;
  
  receiving a request from the service provided by the network server for user information associated with the user and for consent to use the requested user information;
  
  determining, in response to the request for consent, if the requested user information is not included in the user profile;
  
  in response to the determining, providing a user interface via the browser to collect the requested user information that is not included in the user profile from the user wherein the user interface displays a user-selectable option for viewing intention information associated with the requested user information, said intention information describing how the requested user information will be used by the service;
  
  receiving the user information provided by the user via the user interface;
  
  updating the user profile with the received user information; and
  
  allowing access by the service to the received user information in the updated user profile whereby the user profile is updated with user information which is not included in the user profile when the request is received from the service so that the requested user information is accessible to the service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, further comprising allowing, in response to the request for consent, access by the service to the requested user information if the user information is included in the user profile.
  - 3. The method of claim 1, wherein the user profile is being maintained by a central server, said central server being coupled to the data communication network, and wherein the user interface is being provided by the central server and displays user information previously included in the user profile.
  - 4. The method of claim 1, wherein the user interface displays a user-selectable option for viewing intention information associated with the requested user information, said intention information describing how the requested user information will be used by the service provided by the network server.
  - 5. The method of claim 4, further comprising providing an intention user interface via the browser for displaying the intention information, said intention user interface being provided in response to the user-selectable option being selected by the user.
  - 6. The method of claim 5, wherein said intention user interface further displays retention information associated with the requested user information, said retention information specifying how long the requested user information will be retained by the service provided by the network server.
  - 7. The method of claim 5, wherein the service provided by the network server is a member of a policy group, and wherein said intention user interface further displays a list of members of said policy group.
  - 8. The method of claim 7, wherein said intention user interface further displays a second user-selectable option for viewing a privacy policy associated with said policy group, said privacy policy relating to how user information that the policy group is granted consent to use is to be protected.
  - 9. The method of claim 8, further comprising providing a policy user interface via the browser for displaying the privacy policy, said policy user interface being provided in response to the second user-selectable option being selected by the user.
  - 10. The method of claim 1, wherein the service provided by the network is granted consent to use user information included in the user profile.
  - 11. The method of claim 10, further comprising providing a revocation user interface via the browser for allowing the user to revoke consent for the service provided by the network server to use the user information included in the user profile, said revocation user interface displaying a list of services for which the user has granted consent to use the user information included in the user profile.
  - 12. The method of claim 11, wherein said revocation user interface further displays a user-selectable option for revoking consent for the service provided by the network server to use the user information included in the user profile.
  - 13. The method of claim 12, further comprising revoking consent for the service provided by the network server to use the user information included in the user profile in response to the user-selectable option being selected by the user.
  - 14. The method of claim 1, further comprising providing an administrator user interface to a responsible person of the user in response to said receiving the user information provided by the user, said another user interface allowing the responsible person of the user to grant consent for the service provided by the network server to use the received user information.
  - 15. The method of claim 14, wherein said allowing access by the service to the received user information comprises allowing access by the service to the received user information if consent for the service to use the received user information is granted by said responsible person.
  - 16. The method of claim 14, wherein said responsible person is a parent of the user.
  - 17. The method of claim 1, wherein one or more computer-readable storage media have computer-executable instructions for performing the method recited in claim 1.

18. An authentication system comprising:
- an authentication server coupled to a data communication network, said authentication server including processor for executing computer-executable instructions;
  
  an authentication database associated with the authentication server, said authentication database being configured to execute computer-executable instructions for storing authentication information for comparison to login information provided by a user for authenticating the user, said authentication database further being configured to execute computer-executable instructions for storing user-specific information identifying the user with respect to one or more services provided by a plurality of affiliate servers coupled to the data communication network, said affiliate servers each being configured to execute computer-executable instructions for providing the one or more services to the user via a client coupled to the data communication network;
  
  said authentication server being configured to execute computer executable instructions for receiving a first request from the user for a service to by provided by a first affiliate server, said second affiliate server being one of the plurality of affiliate servers, said authentication server further being configured to execute computer executable instructions for authenticating the user responsive to the request when login information retrieved from the user via the data communication network matches the authentication information stored in the authentication database;
  
  said authentication server being further configured to execute computer executable instructions for maintaining a user profile storing the user-specific information, said user profile comprising a plurality of profile attributes, to receive a first request from the requested service for a first profile attribute associated with the profile of the user and consent to use the requested first profile attribute wherein the consent is limited to the first service, determining if the requested first profile attribute is not stored in the user profile in response to the first request for consent;
  
  said authentication server being further configured to execute computer executable instructions for providing a user interface to collect the requested first profile attribute that is not stored in the user profile from the user, receiving the first profile attribute provided by the user via the user interface in response, and allowing access by the requested service to the received first profile attribute wherein the user interface provided by the authentication server displays a user-selectable option for viewing intention information associated with the requested first profile attribute, said intention information describing how the requested first profile attribute will by used by the requested first service; and
  
  said authentication server being further configured to execute computer executable instructions for updating the user profile with the received first profile attribute;
  
  wherein the authentication server being configured to execute computer executable instructions for receiving a second request from the user for a second service to be provided by a second affiliate server, said second affiliate server being one of the plurality of affiliate servers, said authentication server further being configured to execute computer executable instructions for authenticating the user responsive to the second request when login information retrieved from the user via the data communication network matches the authentication information stored in the authentication database;
  
  the authentication server is configured to execute computer executable instructions for receiving a request from the requested second service for a second profile attribute associated with the profile of the user and consent to use the requested second profile attribute wherein the consent is limited to the second service, to determine if the requested second profile attribute is stored in the user profile in response to the request for consent;
  
  said authentication server being further configured to execute computer executable instructions for providing a user interface to collect the requested second profile attribute that is not stored in the user profile from the user, receiving the second profile attribute provided by the user via the user interface in response, and allowing access by the requested second service to the received second profile attribute wherein the user interface provided by the authentication server displays a user-selectable option for viewing intention information associated with the requested second profile attribute, said intention information describing how the requested second profile attribute will be used by the requested second service; and
  
  said authentication server being further configured to execute computer executable instructions for updating the user profile with the received second profile attribute.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 19. The system of claim 18, wherein the authentication server is configured to execute computer executable instructions for allowing, in response to the first request for consent, access by the requested service to the requested first profile attribute if the first profile attribute is stored in the user profile.
  - 20. The system of claim 18, wherein the user interface provided by the authentication server displays the user-specific information previously stored in the user profile.
  - 21. The system of claim 18, wherein the authentication server is configured to execute computer executable instructions for providing an intention user interface for displaying the intention information, said intention user interface being provided by the authentication server in response to the user-selectable option being selected by the user.
  - 22. The system of claim 21, wherein said intention user interface further displays retention information associated with the requested first profile attribute, said retention information specifying how long the requested first profile attribute will be retained by the requested service.
  - 23. The system of claim 21, wherein the requested service is a member of a policy group, and wherein said intention user interface further displays a list of members of said policy group.
  - 24. The system of claim 18, wherein the requested service is granted consent to use the user-specific information stored in the user profile.
  - 25. The system of claim 24, wherein the authentication server is configured to execute computer executable instructions for providing a revocation user interface for allowing the user to revoke consent for the requested service to use the user-specific information stored in the user profile, said revocation user interface displaying a list of services that the user has granted consent to use the user-specific information stored in the user profile.
  - 26. The system of claim 25, wherein said revocation user interface further displays a user-selectable option for revoking consent for the requested service to use the user-specific information stored in the user profile wherein the authentication server is configured to execute computer-executable instructions for to revoke consent for the requested service to use the user-specific information stored in the user profile in response to the use-selectable option being selected by the user.
  - 27. The system of claim 18, wherein the authentication server is configured to execute computer executable instructions for providing an administrator user interface to a responsible person of the user in response to the received first profile attribute, said administrator user interface allowing the responsible person of the user to grant consent for the requested service to use the received first profile attribute.
  - 28. The system of claim 27, wherein the authentication server is configured to execute computer executable instructions for allowing access by the requested service to the received first profile attribute if consent for the requested service to use the received first profile attribute is granted by said responsible person.

29. One or more computer-readable storage media having computer-executable components for managing consent between a client and at least one network server, said client and said network server being coupled to a data communication network, said network server providing a plurality of services to a user via the client, said services being members of a policy group, said computer-readable media comprising:
- a profiling component for storing user-specific information associated with the user;
  
  a consent component for receiving a request from a first service provided by the network server for user information associated with the user and for consent to use the requested user information, said first service being a member of a first policy group, said consent component further determining if the requested user information is not stored in the profiling component in response to the request for consent;
  
  a user interface component for collecting the requested user information that is not included in the profiling component from the user in response to the consent component determining the requested user information is not stored in the user profile, said user interface component providing intention information describing how the requested user information will be used by the requested first service; and
  
  wherein the consent component is configured to receive the requested user information provided by the user via the user interface component;
  
  to store the received user information in the profiling component;
  
  to allow access to each member service of the first policy group to the received user information; and
  
  to deny access by each service which is not a member of the first policy group to the received user information.
- View Dependent Claims (30, 31, 32, 33, 34, 35)
- - 30. The computer-readable storage media of claim 29 wherein the user interface component is configured to display the user-specific information previously stored in the profiling component.
  - 31. The computer-readable storage media of claim 29, further comprising a reviewing component for displaying intention information associated with the user information, said intention information describing how the user information will be used by the first service provided by the network server.
  - 32. The computer-readable storage media of claim 31, wherein the reviewing component is configured to display retention information associated with the user information, said retention information specifying how long the user information will be retained by the first service provided by the network server.
  - 33. The computer-readable storage media of claim 31, wherein the reviewing component is configured to display a list of member services of said policy group.
  - 34. The computer-readable storage media of claim 29, further comprising a revoking component for allowing the user to revoke consent for the first service provided by the network server to use the user-specific information stored in the profiling component, said revoking component displaying a list of member services that the user has granted consent to use the user-specific information stored in the profiling component.
  - 35. The computer-readable storage media of claim 29, further comprising a managed-consent component for providing the received user information to a responsible person of the user to allow the responsible person of the user to grant consent for the first service provided by the network server to use the received user information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Coco, Joseph Nicholas, Vetrivel, Puhazholi, Mutha, Nayana Ramdas, Dunn, Melissa W., Mathew, Ashvin Joseph
Primary Examiner(s)
Blair; Douglas B

Application Number

US10/784,530
Publication Number

US 20050193093A1
Time in Patent Office

2,031 Days
Field of Search

709/229, 709/217, 709/219, 709/227, 726 3- 7
US Class Current

709/217
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06Q 30/02   Marketing; Price estimation...

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/306   User profiles

Profile and consent accrual

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

330 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Profile and consent accrual

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

330 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links