Generating a privacy rating for an application or website
First Claim
1. A method of rating privacy risk, the method comprising:
- receiving by a privacy analyzing server device an identifier of an application or website;
identifying by the privacy analyzing server device at least one policy associated with the application or website;
obtaining by the privacy analyzing server device the at least one policy associated with the application or website, the at least one policy being in machine-readable format;
identifying, by the privacy analyzing server device, key words or phrases included in the at least one policy, the identified key words or phrases corresponding to one or more interactions of the application or website, the one or more interactions comprising use of functionality of a computing device or use of personal information;
for each respective key word or phrase identified by the privacy analyzing server device,determining whether the respective key word or phrase has been previously assigned a particular level of privacy risk;
if the respective key word or phrase has been previously assigned the particular level of privacy risk, then retrieving the particular level of privacy risk from a database;
if the respective key word or phrase has not been previously assigned the particular level of privacy risk, thengenerating a respective level of privacy risk associated with one or more particular interactions of the application or website corresponding to the respective key word or phrase;
assigning to the respective key word or phrase the respective level of privacy risk associated with the one or more particular interactions of the application or website corresponding to the respective key word or phrase; and
storing in the database the respective key word or phrase and the respective level of privacy risk assigned to the respective key word or phrase;
generating by the privacy analyzing server device a privacy rating for the application or website based on the particular levels of privacy risk and on the respective levels of privacy risk assigned to the respective key words or phrases in the at least one policy, the privacy rating indicating a particular level of privacy risk of the application or website; and
storing the privacy rating for the application or website and the at least one policy in the database.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, non-transitory computer readable medium, and policy rating server device that receives a request from a client computing device for one or more privacy ratings. The request identifies at least one application, such as an application installed on the client computing device for example. A policy associated with the identified application is obtained. The obtained policy is analyzed to identify a plurality of key words or phrases associated with use by the at least one application of functionality of, or personal information stored on, the client computing device. One or more privacy ratings are generated based on numerical values assigned to each of the identified key words or phrases. The generated one or more privacy ratings are output to the client computing device in response to the request.
-
Citations
17 Claims
-
1. A method of rating privacy risk, the method comprising:
-
receiving by a privacy analyzing server device an identifier of an application or website; identifying by the privacy analyzing server device at least one policy associated with the application or website; obtaining by the privacy analyzing server device the at least one policy associated with the application or website, the at least one policy being in machine-readable format; identifying, by the privacy analyzing server device, key words or phrases included in the at least one policy, the identified key words or phrases corresponding to one or more interactions of the application or website, the one or more interactions comprising use of functionality of a computing device or use of personal information; for each respective key word or phrase identified by the privacy analyzing server device, determining whether the respective key word or phrase has been previously assigned a particular level of privacy risk; if the respective key word or phrase has been previously assigned the particular level of privacy risk, then retrieving the particular level of privacy risk from a database; if the respective key word or phrase has not been previously assigned the particular level of privacy risk, then generating a respective level of privacy risk associated with one or more particular interactions of the application or website corresponding to the respective key word or phrase; assigning to the respective key word or phrase the respective level of privacy risk associated with the one or more particular interactions of the application or website corresponding to the respective key word or phrase; and storing in the database the respective key word or phrase and the respective level of privacy risk assigned to the respective key word or phrase; generating by the privacy analyzing server device a privacy rating for the application or website based on the particular levels of privacy risk and on the respective levels of privacy risk assigned to the respective key words or phrases in the at least one policy, the privacy rating indicating a particular level of privacy risk of the application or website; and storing the privacy rating for the application or website and the at least one policy in the database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
-
at least one processor; memory coupled to the processor; and program instructions stored in the memory and executable by the at least one processor, the program instructions when executed by the at least one processor for causing the at least one processor to perform the steps of; receiving by a privacy analyzing server device an identifier of an application or web site; identifying by the privacy analyzing server device at least one policy associated with the application or website; obtaining by the privacy analyzing server device the at least one policy associated with the application or website, the at least one policy being in machine-readable format; identifying, by the privacy analyzing server device, key words or phrases included in the at least one policy, the identified key words or phrases corresponding to one or more interactions of the application or website, the one or more interactions comprising use of functionality of a computing device or use of personal information; for each respective key word or phrase identified by the privacy analyzing server device, determining whether the respective key word or phrase has been previously assigned a particular level of privacy risk; if the respective key word or phrase has been previously assigned the particular level of privacy risk, then retrieving the particular level of privacy risk from a database; if the respective key word or phrase has not been previously assigned the particular level of privacy risk, then generating a respective level of privacy risk associated with one or more particular interactions of the application or website corresponding to the respective key word or phrase; assigning to the respective key word or phrase the respective level of privacy risk associated with the one or more particular interactions of the application or website corresponding to the respective key word or phrase; and storing in the database the respective key word or phrase and the respective level of privacy risk assigned to the respective key word or phrase; generating by the privacy analyzing server device a privacy rating for the application or website based on the particular levels of privacy risk and on the respective levels of privacy risk assigned to the respective key words or phrases in the at least one policy, the privacy rating indicating a particular level of privacy risk of the application or website; and storing the privacy rating for the application or website and the at least one policy in the database. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable medium storing program code for causing a computer to perform the steps of:
-
receiving by a privacy analyzing server device an identifier of an application or website; identifying by the privacy analyzing server device at least one policy associated with the application or website; obtaining by the privacy analyzing server device the at least one policy associated with the application or website, the at least one policy being in machine-readable format; identifying, by the privacy analyzing server device, key words or phrases included in the at least one policy, the identified key words or phrases corresponding to one or more interactions of the application or website, the one or more interactions comprising use of functionality of a computing device or use of personal information; for each respective key word or phrase identified by the privacy analyzing server device, determining whether the respective key word or phrase has been previously assigned a particular level of privacy risk; if the respective key word or phrase has been previously assigned the particular level of privacy risk, then retrieving the particular level of privacy risk from a database; if the respective key word or phrase has not been previously assigned the particular level of privacy risk, then generating a respective level of privacy risk associated with one or more particular interactions of the application or website corresponding to the respective key word or phrase; assigning to the respective key word or phrase the respective level of privacy risk associated with the one or more particular interactions of the application or website corresponding to the respective key word or phrase; and storing in the database the respective key word or phrase and the respective level of privacy risk assigned to the respective key word or phrase; generating by the privacy analyzing server device a privacy rating for the application or website based on the particular levels of privacy risk and on the respective levels of privacy risk assigned to the respective key words or phrases in the at least one policy, the privacy rating indicating a particular level of privacy risk of the application or website; and storing the privacy rating for the application or website and the at least one policy in the database.
-
Specification