Methods and devices for analyzing user privacy based on a user's online presence

US 9,571,526 B2
Filed: 01/21/2016
Issued: 02/14/2017
Est. Priority Date: 01/23/2013
Status: Active Grant

First Claim

Patent Images

1. A method for rating privacy risk, the method comprising:

receiving by a privacy analyzing server device a plurality of identifiers, each identifier of the plurality of identifiers identifying an application or website;

for each application or website of the applications or websites identified by the plurality of identifiers,(i) determining by the privacy analyzing server device whether the application or website has a previously generated valid privacy rating;

(ii) if at least a determination is made that the application or website does not have a previously generated valid privacy rating, then(1) obtaining by the privacy analyzing server device at least one policy associated with the application or website;

(2) identifying, by the privacy analyzing server device, key words or phrases included in the at least one policy, the identified key words or phrases corresponding to one or more interactions of the application or website, the one or more interactions comprising use of functionality of a computing device or use of personal information; and

(3) generating by the privacy analyzing server device a new privacy rating for the application or website based on a level of privacy risk assigned to each of the identified key words or phrases in the at least one policy;

(iii) if at least a determination is made that the application or website has a previously generated valid privacy rating, then retrieving by the privacy analyzing server device the previously generated valid privacy rating for the application or website from a data store; and

generating by the privacy analyzing server device an aggregate privacy rating based on the new privacy ratings or previously generated valid privacy ratings for the applications or websites identified by the plurality of identifiers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, non-transitory computer readable medium, and policy rating server device that receives a request from a client computing device for one or more privacy ratings. The request identifies at least one application, such as an application installed on the client computing device for example. A policy associated with the identified application is obtained. The obtained policy is analyzed to identify a plurality of key words or phrases associated with use by the at least one application of functionality of, or personal information stored on, the client computing device. One or more privacy ratings are generated based on numerical values assigned to each of the identified key words or phrases. The generated one or more privacy ratings are output to the client computing device in response to the request.

260 Citations

21 Claims

1. A method for rating privacy risk, the method comprising:
- receiving by a privacy analyzing server device a plurality of identifiers, each identifier of the plurality of identifiers identifying an application or website;
  
  for each application or website of the applications or websites identified by the plurality of identifiers,(i) determining by the privacy analyzing server device whether the application or website has a previously generated valid privacy rating;
  
  (ii) if at least a determination is made that the application or website does not have a previously generated valid privacy rating, then(1) obtaining by the privacy analyzing server device at least one policy associated with the application or website;
  
  (2) identifying, by the privacy analyzing server device, key words or phrases included in the at least one policy, the identified key words or phrases corresponding to one or more interactions of the application or website, the one or more interactions comprising use of functionality of a computing device or use of personal information; and
  
  (3) generating by the privacy analyzing server device a new privacy rating for the application or website based on a level of privacy risk assigned to each of the identified key words or phrases in the at least one policy;
  
  (iii) if at least a determination is made that the application or website has a previously generated valid privacy rating, then retrieving by the privacy analyzing server device the previously generated valid privacy rating for the application or website from a data store; and
  
  generating by the privacy analyzing server device an aggregate privacy rating based on the new privacy ratings or previously generated valid privacy ratings for the applications or websites identified by the plurality of identifiers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein:
    - the plurality of identifiers includes identifiers of applications installed and websites frequented on the computing device; and
      
      the aggregate privacy rating defines a privacy risk score associated with the computing device.
  - 3. The method of claim 1, wherein:
    - the plurality of identifiers includes identifiers of applications used and websites frequented by a user; and
      
      the aggregate privacy rating defines a privacy risk score associated with the user.
  - 4. The method of claim 1, wherein the previously generated valid privacy rating is valid if the previously generated valid privacy rating is based on current policies associated with the application or website.
  - 5. The method of claim 1, further comprising storing, by the privacy analyzing server device, at least one new privacy rating associated with the application or website in the data store.
  - 6. The method of claim 1, wherein the generating the new privacy rating includes:
    - determining whether each identified key word or phrase in the policy matches a previously stored key word or phrase;
      
      retrieving a value representative of the level of privacy risk associated with each matching previously stored key word or phrase; and
      
      assigning a value for each identified key word or phrase not matching any of the previously stored key words or phrases.
  - 7. The method of claim 1, further comprising:
    - receiving from a user a request for the aggregate privacy rating; and
      
      providing the aggregate privacy rating to the user.
  - 8. The method of claim 1, wherein the generating the new privacy rating includes generating a new privacy sub-rating for each of a plurality of privacy categories.
  - 9. The method of claim 8, further comprising:
    - receiving from a user a request for the new privacy sub-rating for a particular privacy category of the plurality of privacy categories; and
      
      providing the new privacy sub-rating for the particular privacy category to the user.
  - 10. The method of claim 1, further comprising generating recommended actions to lower the privacy risk.

11. A system comprising:
- at least one processor;
  
  at least one memory coupled to the processor; and
  
  program instructions stored in the at least one memory and executable by the at least one processor, the program instructions when executed by the at least one processor for causing the at least one processor to perform the steps of;
  
  receiving a plurality of identifiers, each identifier of the plurality of identifiers identifying an application or website;
  
  for each application or website of the applications or websites identified by the plurality of identifiers,(i) determining whether the application or website has a previously generated valid privacy rating;
  
  (ii) if at least a determination is made that the application or website does not have a previously generated valid privacy rating, then(1) obtaining at least one policy associated with the application or web site;
  
  (2) identifying key words or phrases included in the at least one policy, the identified key words or phrases corresponding to one or more interactions of the application or website, the one or more interactions comprising use of functionality of a computing device or use of personal information; and
  
  (3) generating a new privacy rating for the application or website based on a level of privacy risk assigned to each of the identified key words or phrases in the at least one policy;
  
  (iii) if at least a determination is made that the application or website has a previously generated valid privacy rating, then retrieving the previously generated valid privacy rating for the application or website from a data store; and
  
  generating an aggregate privacy rating based on the new privacy ratings or previously generated valid privacy ratings for the applications or websites identified by the plurality of identifiers.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein:
    - the plurality of identifiers includes identifiers of applications installed and websites frequented on the computing device; and
      
      the aggregate privacy rating defines a privacy risk score associated with the computing device.
  - 13. The system of claim 11, wherein:
    - the plurality of identifiers includes identifiers of applications used and websites frequented by a user; and
      
      the aggregate privacy rating defines a privacy risk score associated with the user.
  - 14. The system of claim 11, wherein the previously generated valid privacy rating is valid if the previously generated valid privacy rating is based on current policies associated with the application or website.
  - 15. The system of claim 11, wherein the program instructions include program instructions when executed by the at least one processor for further causing the at least one processor to perform the step of storing at least one new privacy rating associated with the application or website in the data store.
  - 16. The system of claim 11, wherein the program instructions for causing the at least one processor to perform the step of generating the new privacy rating include program instructions when executed by the at least one processor for causing the at least one processor to perform the steps of:
    - determining whether each identified key word or phrase in the policy matches a previously stored key word or phrase;
      
      retrieving a value representative of the level of privacy risk associated with each matching previously stored key word or phrase; and
      
      assigning a value for each identified key word or phrase not matching any of the previously stored key words or phrases.
  - 17. The system of claim 11, wherein the program instructions include program instructions when executed by the at least one processor for further causing the at least one processor to perform the steps of:
    - receiving from a user a request for the aggregate privacy rating; and
      
      providing the aggregate privacy rating to the user.
  - 18. The system of claim 11, wherein the program instructions for causing the at least one processor to perform the step of generating the new privacy rating include program instructions when executed by the at least one processor for causing the at least one processor to perform the step of generating a new privacy sub-rating for each of a plurality of privacy categories.
  - 19. The system of claim 18, wherein the program instructions include program instructions when executed by the at least one processor for further causing the at least one processor to perform the steps of:
    - receiving from a user a request for the new privacy sub-rating for a particular privacy category of the plurality of privacy categories; and
      
      providing the new privacy sub-rating for the particular privacy category to the user.
  - 20. The system of claim 11, wherein the program instructions include program instructions when executed by the at least one processor for causing the at least one processor to perform the step of generating recommended actions to lower the privacy risk.

21. A non-transitory computer readable medium storing program code for causing a computer to perform the steps of:
- receiving by a privacy analyzing server device a plurality of identifiers, each identifier of the plurality of identifiers identifying an application or website;
  
  for each application or website of the applications or websites identified by the plurality of identifiers,(i) determining by the privacy analyzing server device whether the application or website has a previously generated valid privacy rating;
  
  (ii) if at least a determination is made that the application or website does not have a previously generated valid privacy rating, then(1) obtaining by the privacy analyzing server device at least one policy associated with the application or website;
  
  (2) identifying, by the privacy analyzing server device, key words or phrases included in the at least one policy, the identified key words or phrases corresponding to one or more interactions of the application or website, the one or more interactions comprising use of functionality of a computing device or use of personal information; and
  
  (3) generating by the privacy analyzing server device a new privacy rating for the application or website based on a level of privacy risk assigned to each of the identified key words or phrases in the at least one policy;
  
  (iii) if at least a determination is made that the application or website has a previously generated valid privacy rating, then retrieving by the privacy analyzing server device the previously generated valid privacy rating for the application or website from a data store; and
  
  generating by the privacy analyzing server device an aggregate privacy rating based on the new privacy ratings or previously generated valid privacy ratings for the applications or websites identified by the plurality of identifiers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Privacy Factor LLC
Original Assignee
The Privacy Factor LLC
Inventors
Sartor, Mark A.
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US15/003,626
Publication Number

US 20160142445A1
Time in Patent Office

390 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/53   by executing in a restricte...

G06F 21/604   Tools and structures for ma...

G06F 21/6245   Protecting personal data, e...

H04L 63/00   Network architectures or ne...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1483   service impersonation, e.g....

H04L 63/20   for managing network securi...

Methods and devices for analyzing user privacy based on a user's online presence

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

260 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and devices for analyzing user privacy based on a user's online presence

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

260 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links