System, Method, and Computer Program Product for Consent Management

Information

Patent Application
20230297716

References
Source

Publication Number
20230297716
Date Filed
August 31, 2022
2 years ago
Date Published
September 21, 2023
a year ago

Inventors
Original Assignees
- VISA INC

CPC
- G06F21/6245 - Protecting personal data
- G06F16/2379
International Classifications
- G06F21/62
- G06F16/23

Information

Abstract

A system, method, and computer program product are provided for consent management. A method may include receiving a first data request for user data associated with a user, the user data stored in a user data database; communicating a consent request to the requester system; receiving a consent response from the requester system; storing consent data associated with the consent response for the user data requested in the first data request in an immutable ledger; receiving a consent verification request from the user data database, the consent verification request based on a second data request for the user data from the requester system to the user data database; verifying the consent verification request based on the consent data; and communicating a consent verification response to the user data database, the consent verification response indicating consent from the user to share the user data with the requester system.

Description

Claims

1. A computer-implemented method, comprising: receiving, by a consent database, a first data request for user data associated with a user from a requester system, the user data stored in a user data database separate from the consent database;communicating, by the consent database, a consent request to the requester system for display to the user on a user device associated with the user;receiving, by the consent database, a consent response from the requester system based on input from the user device, the consent response indicating consent from the user to share the user data requested in the first data request;storing, by the consent database, consent data associated with the consent response for the user data requested in the first data request in an immutable ledger;receiving, by the consent database, a consent verification request from the user data database, the consent verification request based on a second data request for the user data from the requester system to the user data database;verifying, by the consent database, the consent verification request based on the consent data stored in the immutable ledger; andcommunicating, by the consent database, a consent verification response based on verifying the consent verification request to the user data database, the consent verification response indicating consent from the user to share the user data from the user data database with the requester system.
2. The method of claim 1, further comprising: receiving, by the consent database, from the requester system, utilization data associated with consented use of user data; andstoring, by the consent database, the utilization data associated with the user data in the immutable ledger.
3. The method of claim 2, further comprising: receiving, by the consent database, from the user data database, distribution data associated with a data access of the user data from the requester system; andstoring, by the consent database, the distribution data associated with the user data in the immutable ledger.
4. The method of claim 3, further comprising: comparing, by the consent database, the distribution data associated with the user data with the consent data associated with the user data;determining, by the consent database, compliance of the distribution data to conditions of the consent data; andstoring, by the consent database, an indication of compliance of the distribution data in the immutable ledger.
5. The method of claim 2, further comprising: comparing, by the consent database, the utilization data associated with the user data with the consent data associated with the user data;determining, by the consent database, compliance of the utilization data to conditions of the consent data; andstoring, by the consent database, an indication of compliance of the utilization data in the immutable ledger.
6. The method of claim 5, further comprising: receiving, by the consent database, an audit request associated with the user data from the user data database; andcommunicating, by the consent database, the indication of compliance of the utilization data associated with the user data to the user data database.
7. The method of claim 1, further comprising: receiving, by the consent database, a revocation request of a consent associated with the user data from the user device;updating, by the consent database, the consent response based on the revocation request; andcommunicating, by the consent database, the updated consent response to the user data database.
8. A system for managing consent, the system comprising at least one server computer including at least one processor, the at least one server computer programmed and/or configured to: receive a first data request for user data associated with a user from a requester system, the user data stored in a user data database separate from a consent database;communicate a consent request to the requester system for display to the user on a user device associated with the user;receive a consent response from the requester system based on input from the user device, the consent response indicating consent from the user to share the user data requested in the first data request;store consent data associated with the consent response for the user data requested in the first data request in an immutable ledger;receive a consent verification request from the user data database, the consent verification request based on a second data request for the user data from the requester system to the user data database;verify the consent verification request based on the consent data stored in the immutable ledger; andcommunicate a consent verification response based on verifying the consent verification request to the user data database, the consent verification response indicating consent from the user to share the user data from the user data database with the requester system.
9. The system of claim 8, wherein the at least one server computer is programmed and/or configured to: receive, from the requester system, utilization data associated with consented use of user data; andstore the utilization data associated with the user data in the immutable ledger.
10. The system of claim 9, wherein the at least one server computer is programmed and/or configured to: receive, from the user data database, distribution data associated with a data access of the user data from the requester system; andstore the distribution data associated with the user data in the immutable ledger.
11. The system of claim 10, wherein the at least one server computer is programmed and/or configured to: compare the distribution data associated with the user data with the consent data associated with the user data;determine compliance of the distribution data to conditions of the consent data; andstore an indication of compliance of the distribution data in the immutable ledger.
12. The system of claim 9, wherein the at least one server computer is programmed and/or configured to: compare the utilization data associated with the user data with the consent data associated with the user data;determine compliance of the utilization data to conditions of the consent data; andstore an indication of compliance of the utilization data in the immutable ledger.
13. The system of claim 12, wherein the at least one server computer is programmed and/or configured to: receive an audit request associated with the user data from the user data database; andcommunicate the indication of compliance of the utilization data associated with the user data to the user data database.
14. The system of claim 8, wherein the at least one server computer is programmed and/or configured to: receive a revocation request of a consent associated with the user data from the user device;update the consent response based on the revocation request; andcommunicate the updated consent response to the user data database.
15. A computer program product comprising at least one non-transitory computer-readable medium including one or more program instructions that, when executed by at least one processor, cause the at least one processor to: receive a first data request for user data associated with a user from a requester system, the user data stored in a user data database separate from a consent database;communicate a consent request to the requester system for display to the user on a user device associated with the user;receive a consent response from the requester system based on input from the user device, the consent response indicating consent from the user to share the user data requested in the first data request;store consent data associated with the consent response for the user data requested in the first data request in an immutable ledger;receive a consent verification request from the user data database, the consent verification request based on a second data request for the user data from the requester system to the user data database;verify the consent verification request based on the consent data stored in the immutable ledger; andcommunicate a consent verification response based on verifying the consent verification request to the user data database, the consent verification response indicating consent from the user to share the user data from the user data database with the requester system.
16. The computer program product of claim 15, wherein the one or more program instructions further cause the at least one processor to: receive, from the requester system, utilization data associated with consented use of user data; andstore the utilization data associated with the user data in the immutable ledger.
17. The computer program product of claim 16, wherein the one or more program instructions further cause the at least one processor to: receive, from the user data database, distribution data associated with a data access of the user data from the requester system; andstore the distribution data associated with the user data in the immutable ledger.
18. The computer program product of claim 17, wherein the one or more program instructions further cause the at least one processor to: compare the distribution data associated with the user data with the consent data associated with the user data;determine compliance of the distribution data to conditions of the consent data; andstore an indication of compliance of the distribution data in the immutable ledger.
19. The computer program product of claim 16, wherein the one or more program instructions further cause the at least one processor to: compare the utilization data associated with the user data with the consent data associated with the user data;determine compliance of the utilization data to conditions of the consent data; andstore an indication of compliance of the utilization data in the immutable ledger.
20. The computer program product of claim 19, wherein the one or more program instructions further cause the at least one processor to: receive an audit request associated with the user data from the user data database; andcommunicate the indication of compliance of the utilization data associated with the user data to the user data database.
21-35. (canceled)

PCT Information

Filing Document	Filing Date	Country	Kind
PCT/US2022/042136	8/31/2022	WO

Provisional Applications (2)

	Number	Date	Country
	63314744	Feb 2022	US
	63238945	Aug 2021	US

System, Method, and Computer Program Product for Consent Management

Information

Publication Number

Date Filed

Date Published

Inventors

Original Assignees

CPC

International Classifications

Abstract

Description

Claims

PCT Information

Provisional Applications (2)