Auditable privacy policies in a distributed hierarchical identity management system

US 9,245,266 B2
Filed: 06/16/2004
Issued: 01/26/2016
Est. Priority Date: 06/16/2004
Status: Active Grant

First Claim

Patent Images

1. A method of obtaining user information, the method comprising:

receiving, at a server through a data network from a device associated with a user, a request for access to a service;

transmitting, from the server through the data network to the device associated with the user, a request for the user information;

receiving, at the server through the data network from the device associated with the user, a location identifier associated with a network location where the user information can be obtained;

providing, from the server through the data network to the device associated with the user, a communication including a session identifier and a link to the network location where the user information can be obtained;

receiving, at the server through the data network from the device associated with the user, the user information and the session identifier;

correlating, at the server, based on the session identifier, the user information to the request for the user information; and

fulfilling, by the server, based on the received user information, the request for access to the service.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A set of methods, and systems, for enabling the audit tracking of user agreement with policies, such as privacy policies in an authenticated fashion is disclosed herein. The method and system make use of third party signatures of privacy policies to show user approval of the policy as it pertains to released data.

Citations

20 Claims

1. A method of obtaining user information, the method comprising:
- receiving, at a server through a data network from a device associated with a user, a request for access to a service;
  
  transmitting, from the server through the data network to the device associated with the user, a request for the user information;
  
  receiving, at the server through the data network from the device associated with the user, a location identifier associated with a network location where the user information can be obtained;
  
  providing, from the server through the data network to the device associated with the user, a communication including a session identifier and a link to the network location where the user information can be obtained;
  
  receiving, at the server through the data network from the device associated with the user, the user information and the session identifier;
  
  correlating, at the server, based on the session identifier, the user information to the request for the user information; and
  
  fulfilling, by the server, based on the received user information, the request for access to the service.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - transmitting, from the server through the data network to network location where the user information can be obtained, a request for a certification of the user information; and
      
      receiving, at the server from the network location where the user information can be obtained, the certification of the user information.
  - 3. The method of claim 2 further comprising:
    - transmitting, from the server through the data network to a root device with an established trust relationship with the server, a request to verify the certification of the user information;
      
      receiving, at the server from the root device, verification of the certification of the user information; and
      
      verifying, by the server, based on the verification of the certification of the user information, the user information.
  - 4. The method of claim 1 wherein receiving the user information and the session identifier comprises receiving a user identifier and a timestamp.
  - 5. The method of claim 1 wherein the user information comprises user authentication information.
  - 6. The method of claim 1 wherein the link is provided as a redirect that redirects the device associated with the user to the network location where the user information can be obtained.
  - 7. The method of claim 1 wherein the user information provided is an XML block or fragment.

8. A storage medium, comprising hardware and/or a memory, storing instructions that, when executed by a computing system, cause the computing system to perform operations for obtaining user information, the operations comprising:
- receiving, at a server through a data network from a device associated with a user, a request for access to a service;
  
  transmitting, from the server through the data network to the device associated with the user, a request for the user information;
  
  receiving, at the server through the data network from the device associated with the user, a location identifier associated with a network location where the user information can be obtained;
  
  providing, from the server through the data network to the device associated with the user, a communication including a session identifier and a link to the network location where the user information can be obtained;
  
  receiving, at the server through the data network from the device associated with the user, the user information and the session identifier;
  
  correlating, at the server, based on the session identifier, the user information to the request for the user information; and
  
  fulfilling, by the server, based on the received user information, the request for access to the service.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The storage medium of claim 8 wherein the operations further comprise:
    - transmitting, from the server through the data network to network location where the user information can be obtained, a request for a certification of the user information; and
      
      receiving, at the server from the network location where the user information can be obtained, the certification of the user information.
  - 10. The storage medium of claim 9 wherein the operations further comprise:
    - transmitting, from the server through the data network to a root device with an established trust relationship with the server, a request to verify the certification of the user information;
      
      receiving, at the server from the root device, verification of the certification of the user information; and
      
      verifying, by the server, based on the verification of the certification of the user information, the user information.
  - 11. The storage medium of claim 8 wherein receiving the user information and the session identifier comprises receiving a user identifier and a timestamp.
  - 12. The storage medium of claim 8 wherein the user information comprises user authentication information.
  - 13. The storage medium of claim 8 wherein providing the communication including the session identifier and the link comprises providing a redirect that redirects the device associated with the user to the network location where the user information can be obtained.
  - 14. The storage medium of claim 8 wherein the user information provided is an XML block or fragment.

15. A system for obtaining user information, the system comprising:
- one or more processors; and
  
  a memory storing executable instructions that, when executed by the one or more processors, cause the one or more processors to perform operations for obtaining user information, the operations comprising;
  
  receiving, at a server through a data network from a device associated with a user, a request for access to a service;
  
  transmitting, from the server through the data network to the device associated with the user, a request for the user information;
  
  receiving, at the server through the data network from the device associated with the user, a location identifier associated with a network location where the user information can be obtained;
  
  providing, from the server through the data network to the device associated with the user, a communication including a session identifier and a link to the network location where the user information can be obtained;
  
  receiving, at the server through the data network from the device associated with the user, the user information and the session identifier;
  
  correlating, at the server, based on the session identifier, the user information to the request for the user information; and
  
  fulfilling, by the server, based on the received user information, the request for access to the service.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15 wherein the operations further comprise:
    - transmitting, from the server through the data network to network location where the user information can be obtained, a request for a certification of the user information; and
      
      receiving, at the server from the network location where the user information can be obtained, the certification of the user information.
  - 17. The system of claim 16 wherein the operations further comprise:
    - transmitting, from the server through the data network to a root device with an established trust relationship with the server, a request to verify the certification of the user information;
      
      receiving, at the server from the root device, verification of the certification of the user information; and
      
      verifying, by the server, based on the verification of the certification of the user information, the user information.
  - 18. The system of claim 15 wherein receiving the user information and the session identifier comprises receiving a user identifier and a timestamp.
  - 19. The system of claim 15 wherein the user information comprises user authentication information.
  - 20. The system of claim 15 wherein providing the communication including the session identifier and the link comprises providing a redirect that redirects the device associated with the user to the network location where the user information can be obtained.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Original Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Inventors
Hardt, Dick C.
Primary Examiner(s)
Hewitt, II, Calvin L
Assistant Examiner(s)
Neubig, Margaret

Application Number

US10/867,768
Publication Number

US 20050283443A1
Time in Patent Office

4,241 Days
Field of Search

705/26, 705/77, 705/52, 705/1, 713/200, 713/201, 713/177, 713/158, 380/28, 709/229
US Class Current

1/1
CPC Class Codes

G06Q 20/3674   involving authentication

G06Q 20/382   insuring higher security of...

H04L 2209/68   Special signature format, e...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/08   for authentication of entit...

H04L 63/0815   providing single-sign-on or...

H04L 63/12   Applying verification of th...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/50   using hash chains, e.g. blo...

Auditable privacy policies in a distributed hierarchical identity management system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Auditable privacy policies in a distributed hierarchical identity management system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links