User-centric consent management system and method

US 7,610,391 B2
Filed: 07/10/2006
Issued: 10/27/2009
Est. Priority Date: 02/27/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method of managing access by a client device to user-specific information maintained in a memory in connection with a plurality of services offered by a web-services provider and used by a user of said plurality of services, the method comprising:

maintaining in the memory a plurality of items of user-specific information in more than one of the plurality of services;

obtaining from the client device a plurality of client access requests directed to accessing the plurality of items of user-specific information maintained in the more than one of the plurality of services, said plurality of access requests being translated from a task request that requires the client device to access the plurality of items of user-specific information in order to complete the task request;

in response to obtaining the plurality of client access requests, determining a purpose for which the client device desires to access one of the plurality of items of user-specific information, said determining including determining a purpose specifying why the client device seeks to access one of the plurality of items of user-specific information and determining how the client device intends to use one of the plurality of items of user-specific information;

selectively obtaining consent from a party having authority to grant consent to the client device to access the one of the plurality of items of user-specific information for which the client device lacked consent to access based on determining why the client device desires to access one of the plurality of items of user-specific information and based on determining how the client device desires to access one of the plurality of items of user-specific information; and

in response to selectively obtaining consent for the client device to access the one of the plurality of items of user-specific information based on the determined purpose, filling the plurality of client access requests if the client device has permission to access each of the plurality of items of user-specific information in the more than one of the plurality of services.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a network computing environment, a user-centric system and method for controlling access to user-specific information maintained in association with a web-services service. When a web-services client desires access to the user-specific information, the client sends a request. The request identifies the reasons/intentions for accessing the desired information. The request is compared to the user'"'"'s existing access permissions. If there is no existing access permission, the request is compared to the user'"'"'s default preferences. If the default preferences permit the requested access, an access rule is created dynamically and the client'"'"'s request is filled, without interrupting the user. If the default preferences do not permit the request to be filled, a consent user interface may be invoked. The consent user interface presents one or more consent options to a party with authority to grant consent, thereby permitting the user to control whether the client'"'"'s access will be filled.

75 Citations

View as Search Results

11 Claims

1. A method of managing access by a client device to user-specific information maintained in a memory in connection with a plurality of services offered by a web-services provider and used by a user of said plurality of services, the method comprising:
- maintaining in the memory a plurality of items of user-specific information in more than one of the plurality of services;
  
  obtaining from the client device a plurality of client access requests directed to accessing the plurality of items of user-specific information maintained in the more than one of the plurality of services, said plurality of access requests being translated from a task request that requires the client device to access the plurality of items of user-specific information in order to complete the task request;
  
  in response to obtaining the plurality of client access requests, determining a purpose for which the client device desires to access one of the plurality of items of user-specific information, said determining including determining a purpose specifying why the client device seeks to access one of the plurality of items of user-specific information and determining how the client device intends to use one of the plurality of items of user-specific information;
  
  selectively obtaining consent from a party having authority to grant consent to the client device to access the one of the plurality of items of user-specific information for which the client device lacked consent to access based on determining why the client device desires to access one of the plurality of items of user-specific information and based on determining how the client device desires to access one of the plurality of items of user-specific information; and
  
  in response to selectively obtaining consent for the client device to access the one of the plurality of items of user-specific information based on the determined purpose, filling the plurality of client access requests if the client device has permission to access each of the plurality of items of user-specific information in the more than one of the plurality of services.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 further comprising:
    - initiating the task request requiring the client device to access the plurality of items of user-specific information in order to complete the task request; and
      
      translating the task request into the plurality of client access requests to complete the task request.
  - 3. The method of claim 1 for controlling access to user-specific information for use in connection with a network computing environment including the web-services provider, wherein said web-services provider maintains a data store of user-specific information associated with the user in connection with the service, and wherein said client device seeks access to an item of user-specific information in the data store and transmits an access request message directed to the service and indicating the item of user-specific information in the data store to which the client device seeks access;
    - wherein the access request message is compared to an access control list associated with the service, said access control list identifying whether the client device has permission to access the item of user-specific information;
      
      wherein the access request is placed in a pending request queue;
      
      wherein a service response message is transmitted to the client device, said service response message indicating a fault if the access control list identifies that the client device does not have permission to access the item of user-specific information and said service response message indicating a success if the access control list identifies that the client device has permission to access the item of user-specific information;
      
      wherein the selectively obtaining includes displaying a consent user interface and includes obtaining consent if the service response message received by the client device indicates a fault; and
      
      wherein the filling includes filling the access request if the access control list authorizes the client device to access the item of user-specific information in the data store and removing the access request from the pending request queue.

4. A system for controlling access to user-specific information in a network computing environment, the system comprising:
- a web-services provider providing a service;
  
  a user device of the service, the web-services provider maintaining an item of user-specific information associated with the user device in a data store associated with the service;
  
  a client device of the web-services provider, said client device seeking access to the item of user-specific information wherein the web-services provider receives an access request from the client device directed to accessing the item of user-specific information maintained in the service;
  
  an access control list associated with the item of user-specific information, said access control list indicating whether consent exists to allow the client device to access the item of user-specific information; and
  
  a consent management system including a processor executing instructions for controlling an update of the access control list, said consent management system initiating a consent transaction with a party having authority to grant consent to update the access control list when the access control list indicates that consent does not exist to allow the client device to access the item of user-specific information, wherein the consent management system is invoked in response to the web-services provider receiving the access request from the client device wherein the consent management system comprises a consent user interface displaying on the user device a consent menu to the party having authority to update the access control list, said consent menu prompting the identified party to grant or deny consent to allow the client device to access the item of user-specific information, wherein when the identified party grants consent the consent management system operatively updates the access control list to indicate that the client device has consent to access the item of user-specific information, said consent menu identifying a plurality of menu entries including a value proposition associated with a purpose for which the client device desires to access the first item of user-specific information, said value proposition identifying why the user device should grant consent to allow the client device to access the item of user-specific information wherein the party having authority to grant consent to update the access control list allowing the client device to access the item of user-specific information based on the value proposition.
- View Dependent Claims (5, 6, 7)
- - 5. The system of claim 4 wherein the consent management system further comprises a consent server associated with the consent user interface for determining the party having authority to update the access control list and for operatively updating the access control list if the identified party grants consent to allow the client device to access the item of user-specific information.
  - 6. The system of claim 5 wherein the consent menu identifies a plurality of menu entries comprising:
    - an identity of the client device;
      
      a method by which the client device seeks to access the item of user-specific information; and
      
      a purpose for which the client device seeks to access the item of user-specific information.
  - 7. The system of claim 6 wherein the plurality of menu entries further comprises a value proposition associated with the purpose for which the client device desires to access the first item of user-specific information.

8. A system for controlling access to user-specific information in a network computing environment, said system comprising:
- a user device transmitting a task request;
  
  a web-services provider including at least one server executing instructions providing a first service and a second service, said web-services provider maintaining a first item of user-specific information associated with the user device in connection with the first service and a second item of user-specific information associated with the user device in connection with the second service, said first and second services requiring consent before allowing access to the first and second items of user-specific information;
  
  a client device in digital communication with the user device and receiving the task request, said client device translating the task request into a first access request and a second access request, said first access request being directed to the first service and seeking access to the first item of user-specific information and said second access request being directed to the second service and seeking access to the second item of user-specific information; and
  
  a consent management system being selectively invoked by the client device if the client device lacks consent to access the first item of user-specific information, said consent management system identifying a party with authority to grant consent to the client device to access the first item of user-specific information and initiating a consent request transaction with the party with authority to grant consent to the client device to access the first item of user-specific information, said consent request transaction inviting the party with authority to grant consent to allow the client device to access the first item of user-specific information wherein the consent management system further comprises a consent user interface for displaying a consent menu to the party with authority to grant consent to the client device to access the first item of user-specific information; and
  
  wherein the consent menu identifies a plurality of menu entries comprising;
  
  a purpose for which the client device desires to access the first item of user-specific information wherein the purpose specifies why the client device seeks to access the first item of user-specific information and how the client device will use the first item of user-specific information; and
  
  a value proposition associated with the purpose for which the client device desires to access the first item of user-specific information wherein the value proposition identifies why the user device should grant consent to allow the client device to access the first item of user-specific information wherein the party with authority to grant consent allows the client device to access the first item of user-specific information based on the purpose and the value proposition.
- View Dependent Claims (9, 10, 11)
- - 9. The system of claim 8 wherein the consent management system further comprises a consent server associated with the consent user interface for determining the party having authority to update the access control list and for operatively updating the access control list if the identified party grants consent to allow the client device to access the item of user-specific information.
  - 10. The system of claim 9 wherein the consent menu identifies a plurality of menu entries comprising:
    - an identity of the client device;
      
      a method by which the client device proposes to access the first item of user-specific information; and
      
      a purpose for which the client device desires to access the first item of user-specific information.
  - 11. The system of claim 10 wherein the plurality of menu entries further comprises a value proposition associated with the purpose for which the client device desires to access the first item of user-specific information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dunn, Melissa W.
Primary Examiner(s)
Flynn, Nathan J
Assistant Examiner(s)
Patel, Chirag R

Application Number

US11/456,380
Publication Number

US 20070038765A1
Time in Patent Office

1,205 Days
Field of Search

709/229, 726/4
US Class Current

709/229
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2141 Access rights, e.g. capabil...

User-centric consent management system and method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

75 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

User-centric consent management system and method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links