Method and system for protecting internet users' privacy by evaluating web site platform for privacy preferences policy

US 7,614,002 B2
Filed: 07/01/2005
Issued: 11/03/2009
Est. Priority Date: 11/30/2001
Status: Active Grant

First Claim

Patent Images

1. In a client computer connected to a remote site, a system comprising:

a mechanism, embodied on a computer-readable storage medium, that receives a response from the remote site, the response including a request directed to a cookie operation and policy information, the policy information comprising a set of at least one valid token in association with the cookie operation;

a browser component, embodied on a computer-readable storage medium, that handles the response, including recognizing the requested cookie operation;

one or more computer-readable storage media embodying a cookie mechanism configured to locally perform operations on cookies based on a current privacy setting; and

an evaluation engine, embodied on a computer-readable storage medium, the evaluation engine invoked to determine whether the cookie mechanism should perform the requested operation based on an evaluation of criteria available to the client computer including the policy information, the criteria comprising;

a first valid token in the set of valid tokens in association with a first privacy result; and

a second valid token in the set of valid tokens in association with a second privacy result;

the evaluation engine further configured to;

compare the first privacy result with the current privacy setting,set the current privacy setting to correspond to the first privacy result if the first privacy result provides more privacy than the current privacy setting,compare the second privacy result with the current privacy setting, andset the current privacy setting to correspond to the second privacy result if the second privacy result provides more privacy than the current privacy setting.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method that evaluates privacy policies from web sites to determine whether each site is permitted to perform operations (e.g., store, retrieve or delete) directed to cookies on a user'"'"'s computer. Various properties of each cookie and the context in which it is being used are evaluated against a user'"'"'s privacy preference settings to make the determination. An evaluation engine accomplishes the evaluation and determination via a number of criteria and considerations, including the cookie properties, its current context, the site, the zone that contains the site, and any P3P data (compact policy) provided with the site'"'"'s response. The user privacy preferences are evaluated against these criteria to determine whether a requested cookie operation is allowed, denied or modified. A formalized distinction between first-party cookies versus third-party cookies may be used in the determination, along with whether the cookie is a persistent cookie or a session cookie.

51 Citations

View as Search Results

19 Claims

1. In a client computer connected to a remote site, a system comprising:
- a mechanism, embodied on a computer-readable storage medium, that receives a response from the remote site, the response including a request directed to a cookie operation and policy information, the policy information comprising a set of at least one valid token in association with the cookie operation;
  
  a browser component, embodied on a computer-readable storage medium, that handles the response, including recognizing the requested cookie operation;
  
  one or more computer-readable storage media embodying a cookie mechanism configured to locally perform operations on cookies based on a current privacy setting; and
  
  an evaluation engine, embodied on a computer-readable storage medium, the evaluation engine invoked to determine whether the cookie mechanism should perform the requested operation based on an evaluation of criteria available to the client computer including the policy information, the criteria comprising;
  
  a first valid token in the set of valid tokens in association with a first privacy result; and
  
  a second valid token in the set of valid tokens in association with a second privacy result;
  
  the evaluation engine further configured to;
  
  compare the first privacy result with the current privacy setting,set the current privacy setting to correspond to the first privacy result if the first privacy result provides more privacy than the current privacy setting,compare the second privacy result with the current privacy setting, andset the current privacy setting to correspond to the second privacy result if the second privacy result provides more privacy than the current privacy setting.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1 wherein the evaluation engine accesses a per-site database to obtain information corresponding to at least some of the criteria.
  - 3. The system of claim 1 wherein the evaluation engine evaluates the cookie to determine whether it is a persistent or session cookie.
  - 4. The system of claim 1 wherein the evaluation engine evaluates the cookie with respect to the remote site to determine whether it is a first party or a third party cookie.
  - 5. The system of claim 1 wherein the evaluation engine obtains information corresponding to a zone for the remote site to determine whether the cookie mechanism should perform the requested operation.
  - 6. The system of claim 1 wherein the requested cookie operation is a request to store the cookie, and wherein the current privacy setting is set to deny the request.
  - 7. The system of claim 1 wherein the requested cookie operation is a request to store the cookie as a persistent cookie, and wherein the current privacy setting is set to downgrade the request so as to store the cookie as a session cookie.
  - 8. The system of claim 1 wherein the requested cookie operation is a request to store the cookie, and wherein the current privacy setting is set to store the cookie as a leashed cookie such that the cookie will not be allowed to be replayed in a third party context.
  - 9. The system of claim 1 wherein the requested cookie operation is a request to store the cookie, and wherein the current privacy setting is set to provide a prompt to obtain additional user information regarding storing the cookie.
  - 10. The system of claim 1 wherein the evaluation engine is further configured to determine whether the token is valid.
  - 11. The system of claim 1 wherein the evaluation engine is further configured to access at least one database based on each valid token in the set to provide a privacy result for each valid token.
  - 12. The system of claim 11, wherein the evaluation engine is further configured to select one of a plurality of privacy results to be the current privacy result.
  - 13. The system of claim 11, wherein the evaluation engine is further configured to select one of the plurality of privacy results to be the current privacy result, wherein a selected one of the plurality of privacy results comprises a most privacy of the plurality of privacy results based on a precedence ordering of the plurality of privacy results.
  - 14. The system of claim 1 wherein the criteria comprises information based on at least one of a zone corresponding to the site, a first party cookie versus third party cookie distinction, or a persistent cookie versus session cookie distinction.

15. One or more computer-readable storage media embodying computer-executable instructions which, when executed, implement a method comprising:
- receiving a response from a remote site, the response including a request directed to a cookie operation and policy information, the policy information comprising a set of at least one valid token;
  
  evaluating the policy information against one or more criteria to provide a privacy result by processing the set of at least one valid token, the evaluating comprising,determining that the policy information is valid;
  
  selecting a valid token from the set of at least one valid token;
  
  obtaining a privacy result corresponding to a selected token;
  
  determining whether an obtained privacy result denies the cookie operation;
  
  in response to determining that the obtained privacy result denies the cookie operation, setting a current privacy result to deny the requested operation and returning the current privacy result;
  
  in response to determining that the obtained privacy result allows the cookie operation, determining whether the obtained privacy result provides more privacy than a current privacy result; and
  
  if the obtained privacy result provides more privacy than the current privacy result, setting the current privacy result to match the obtained privacy result to create a new current privacy result and returning the new current privacy result; and
  
  controlling the requested cookie operation based on the new current privacy result.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The one or more computer-readable storage media of claim 15 wherein the requested cookie operation is to store the cookie as a persistent cookie, and wherein the new current privacy result is provided such that controlling the requested cookie operation downgrades the requested cookie operation so as to store the cookie as a session cookie.
  - 17. The one or more computer-readable storage media of claim 15 wherein the requested cookie operation is to store the cookie, and wherein the new current privacy result is provided such that controlling the requested cookie operation stores the cookie as a leashed cookie, the leashed cookie configured to prevent any replay of the cookie.
  - 18. The one or more computer-readable storage media of claim 15 wherein the requested cookie operation is to store the cookie, and wherein a new current privacy result is provided such that controlling the requested cookie operation provides a prompt to obtain additional user information regarding storing the cookie.
  - 19. The one or more computer-readable storage media of claim 15 wherein the requested cookie operation is to store the cookie, and wherein the new current privacy result is provided such that controlling the requested cookie operation denies the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Paya, Cem, Schwieterman, Frank M., Mitchell, Darren, Dujari, Rajeev, Purpura, Stephen J., Goldfeder, Aaron R.
Primary Examiner(s)
HAILU, TADESSE

Application Number

US11/174,259
Publication Number

US 20050257250A1
Time in Patent Office

1,586 Days
Field of Search

715/745, 715/740, 715/742, 709/224, 709/226, 713/183, 713/185, 713/175, 713/172, 713/159, 713/155
US Class Current

715/745
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

H04L 63/102   Entity profiles

H04L 67/02   based on web technology, e....

Method and system for protecting internet users' privacy by evaluating web site platform for privacy preferences policy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Method and system for protecting internet users' privacy by evaluating web site platform for privacy preferences policy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others