User-centric consent management system and method
First Claim
1. A method of managing access by a client device to user-specific information maintained in a memory in connection with a plurality of services offered by a web-services provider and used by a user of said plurality of services, the method comprising:
- maintaining in the memory a plurality of items of user-specific information in more than one of the plurality of services;
obtaining from the client device a plurality of client access requests directed to accessing the plurality of items of user-specific information maintained in the more than one of the plurality of services, said plurality of access requests being translated from a task request that requires the client device to access the plurality of items of user-specific information in order to complete the task request;
in response to obtaining the plurality of client access requests, determining a purpose for which the client device desires to access one of the plurality of items of user-specific information, said determining including determining a purpose specifying why the client device seeks to access one of the plurality of items of user-specific information and determining how the client device intends to use one of the plurality of items of user-specific information;
selectively obtaining consent from a party having authority to grant consent to the client device to access the one of the plurality of items of user-specific information for which the client device lacked consent to access based on determining why the client device desires to access one of the plurality of items of user-specific information and based on determining how the client device desires to access one of the plurality of items of user-specific information; and
in response to selectively obtaining consent for the client device to access the one of the plurality of items of user-specific information based on the determined purpose, filling the plurality of client access requests if the client device has permission to access each of the plurality of items of user-specific information in the more than one of the plurality of services.
1 Assignment
0 Petitions
Accused Products
Abstract
In a network computing environment, a user-centric system and method for controlling access to user-specific information maintained in association with a web-services service. When a web-services client desires access to the user-specific information, the client sends a request. The request identifies the reasons/intentions for accessing the desired information. The request is compared to the user'"'"'s existing access permissions. If there is no existing access permission, the request is compared to the user'"'"'s default preferences. If the default preferences permit the requested access, an access rule is created dynamically and the client'"'"'s request is filled, without interrupting the user. If the default preferences do not permit the request to be filled, a consent user interface may be invoked. The consent user interface presents one or more consent options to a party with authority to grant consent, thereby permitting the user to control whether the client'"'"'s access will be filled.
75 Citations
11 Claims
-
1. A method of managing access by a client device to user-specific information maintained in a memory in connection with a plurality of services offered by a web-services provider and used by a user of said plurality of services, the method comprising:
-
maintaining in the memory a plurality of items of user-specific information in more than one of the plurality of services; obtaining from the client device a plurality of client access requests directed to accessing the plurality of items of user-specific information maintained in the more than one of the plurality of services, said plurality of access requests being translated from a task request that requires the client device to access the plurality of items of user-specific information in order to complete the task request; in response to obtaining the plurality of client access requests, determining a purpose for which the client device desires to access one of the plurality of items of user-specific information, said determining including determining a purpose specifying why the client device seeks to access one of the plurality of items of user-specific information and determining how the client device intends to use one of the plurality of items of user-specific information; selectively obtaining consent from a party having authority to grant consent to the client device to access the one of the plurality of items of user-specific information for which the client device lacked consent to access based on determining why the client device desires to access one of the plurality of items of user-specific information and based on determining how the client device desires to access one of the plurality of items of user-specific information; and in response to selectively obtaining consent for the client device to access the one of the plurality of items of user-specific information based on the determined purpose, filling the plurality of client access requests if the client device has permission to access each of the plurality of items of user-specific information in the more than one of the plurality of services. - View Dependent Claims (2, 3)
-
-
4. A system for controlling access to user-specific information in a network computing environment, the system comprising:
-
a web-services provider providing a service; a user device of the service, the web-services provider maintaining an item of user-specific information associated with the user device in a data store associated with the service; a client device of the web-services provider, said client device seeking access to the item of user-specific information wherein the web-services provider receives an access request from the client device directed to accessing the item of user-specific information maintained in the service; an access control list associated with the item of user-specific information, said access control list indicating whether consent exists to allow the client device to access the item of user-specific information; and a consent management system including a processor executing instructions for controlling an update of the access control list, said consent management system initiating a consent transaction with a party having authority to grant consent to update the access control list when the access control list indicates that consent does not exist to allow the client device to access the item of user-specific information, wherein the consent management system is invoked in response to the web-services provider receiving the access request from the client device wherein the consent management system comprises a consent user interface displaying on the user device a consent menu to the party having authority to update the access control list, said consent menu prompting the identified party to grant or deny consent to allow the client device to access the item of user-specific information, wherein when the identified party grants consent the consent management system operatively updates the access control list to indicate that the client device has consent to access the item of user-specific information, said consent menu identifying a plurality of menu entries including a value proposition associated with a purpose for which the client device desires to access the first item of user-specific information, said value proposition identifying why the user device should grant consent to allow the client device to access the item of user-specific information wherein the party having authority to grant consent to update the access control list allowing the client device to access the item of user-specific information based on the value proposition. - View Dependent Claims (5, 6, 7)
-
-
8. A system for controlling access to user-specific information in a network computing environment, said system comprising:
-
a user device transmitting a task request; a web-services provider including at least one server executing instructions providing a first service and a second service, said web-services provider maintaining a first item of user-specific information associated with the user device in connection with the first service and a second item of user-specific information associated with the user device in connection with the second service, said first and second services requiring consent before allowing access to the first and second items of user-specific information; a client device in digital communication with the user device and receiving the task request, said client device translating the task request into a first access request and a second access request, said first access request being directed to the first service and seeking access to the first item of user-specific information and said second access request being directed to the second service and seeking access to the second item of user-specific information; and a consent management system being selectively invoked by the client device if the client device lacks consent to access the first item of user-specific information, said consent management system identifying a party with authority to grant consent to the client device to access the first item of user-specific information and initiating a consent request transaction with the party with authority to grant consent to the client device to access the first item of user-specific information, said consent request transaction inviting the party with authority to grant consent to allow the client device to access the first item of user-specific information wherein the consent management system further comprises a consent user interface for displaying a consent menu to the party with authority to grant consent to the client device to access the first item of user-specific information; and wherein the consent menu identifies a plurality of menu entries comprising; a purpose for which the client device desires to access the first item of user-specific information wherein the purpose specifies why the client device seeks to access the first item of user-specific information and how the client device will use the first item of user-specific information; and a value proposition associated with the purpose for which the client device desires to access the first item of user-specific information wherein the value proposition identifies why the user device should grant consent to allow the client device to access the first item of user-specific information wherein the party with authority to grant consent allows the client device to access the first item of user-specific information based on the purpose and the value proposition. - View Dependent Claims (9, 10, 11)
-
Specification