公开(公告)号：WO2022192627A1

公开(公告)日：2022-09-15

申请号：PCT/US2022/019882

申请日：2022-03-11

申请人： ONETRUST, LLC

发明人： BRANNON, Jonathan Blake ,  WHITNEY, Patrick ,  CASH, Alex ,  WYCKOFF, Spencer ,  HANSON, Stephanie ,  DOSHI, Pratik

IPC分类号： G06F21/60 ,  G06F21/62 ,  G06F21/36

摘要： A privacy-related consent extension and data processing system may be configured to automatically extend one or more privacy-related consents for a user of a first computing device to a second computing device. In various embodiments, the system is configured to provide a computer-readable indicium(indicia) on a previously unknown computing device upon initiation of a transaction between a user and an entity collecting and processing privacy data. In response to a user using a known computing device to scan the computer-readable indicium, in various embodiments, the system may provide the ability to share user consent data provided by the first known device to the second unknown device, allowing the user to provide consent without manually re-entering privacy and consent preferences.

公开(公告)号：WO2022026564A1

公开(公告)日：2022-02-03

申请号：PCT/US2021/043481

申请日：2021-07-28

申请人： ONETRUST, LLC

发明人： BRANNON, Jonathan Blake ,  WHITNEY, Patrick ,  CHAVVA, Sharath Chandra ,  BAUCOM, Jeffrey

IPC分类号： G06F21/55 ,  G06F16/95 ,  H04L29/08 ,  G06F21/62 ,  H04L29/06

摘要： Embodiments of the present invention provide methods, apparatus, systems, computing devices, computing entities, and/or the like for permitting or blocking tracking tools used through webpages. In particular embodiments, the method involves: scanning a webpage to identify a tracking tool configured for processing personal data; determining a data destination location that is associated with the tracking tool; and generating program code configured to: determine a location associated with a user who is associated with a rendering of the webpage; determine a prohibited data destination location based on the location associated with the user; determine that the data destination location associated with the tracking tool is not the prohibited data destination location; and responsive to the data destination location associated with the tracking tool not being the prohibited data destination location, permit the tracking tool to execute.

公开(公告)号：WO2019023550A1

公开(公告)日：2019-01-31

申请号：PCT/US2018/044046

申请日：2018-07-27

申请人： ONETRUST, LLC

发明人： BARDAY, Kabir A. ,  KARANJKAR, Mihir S. ,  FINCH, Steven W. ,  BROWNE, Ken A. ,  HEARD, Nathan W. ,  PATEL, Aakash H. ,  SABOURIN, Jason L. ,  DANIEL, Richard L. ,  PATTON-KUHL, Dylan D. ,  BRANNON, Jonathan Blake

IPC分类号： G06Q10/06 ,  G06F17/30

CPC分类号： G06Q10/063 ,  G06F16/21 ,  G06Q10/105

摘要： In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include any entity that collects, processes, contains, and/or transfers personal data (e.g., a software application, database, website, server, etc.). A data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc. The system may then utilize the generated model to fulfil a data subject access request.

公开(公告)号：WO2022192269A1

公开(公告)日：2022-09-15

申请号：PCT/US2022/019358

申请日：2022-03-08

申请人： ONETRUST, LLC

发明人： BRANNON, Jonathan Blake ,  JONES, Kevin

IPC分类号： G06F21/60 ,  G06F21/57 ,  H04L9/40 ,  G06F21/55

摘要： In various aspects, a data transfer discovery and analysis system may query an entity computing system to identify access credentials for third-party computing systems and scan each access credential to determine associated permissions provided by each access credential on the entity computing system. The data transfer discovery and analysis system may further inspect access logs to identify actual data transfers between the entity computing system and third-party computing systems as well as other access activity associated with each of the credentials. The system can generate and store a mapping of all actual data transfers (e.g., based on the access log data) and potential data transfers (e.g., based on particular access permissions) between/among the entity computing system and the third-party computing systems. By analyzing access logs to determine actual data transfers executed under each particular access credential, the data transfer discovery and analysis system can identify unused and/or underutilized access permissions.

公开(公告)号：WO2022061270A1

公开(公告)日：2022-03-24

申请号：PCT/US2021/051217

申请日：2021-09-21

申请人： ONETRUST, LLC

发明人： BRANNON, Jonathan Blake ,  WHITNEY, Patrick

IPC分类号： G06F21/55 ,  G06F21/57 ,  G06F21/62 ,  G06N20/00

摘要： Aspects of the present disclosure provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for protection of system software, or data from destruction, unauthorized modification, and/or unauthorized disclosure securing by, for example, detecting the transfer and/or processing of target data. Accordingly, a method is provided that involves: scanning a software application to identify functionality configured for processing target data; identifying fields associated with the functionality; identifying metadata associated with a field; generating, from the metadata, an identification of a type of data associated with the field; determining a location based on the processing of the target data by the functionality; determining a risk associated with the functionality processing the target data based on the location and the type of data; determining that the risk satisfies a threshold level of risk; and in response, causing an action to be performed to mitigate the risk.

公开(公告)号：WO2021237075A1

公开(公告)日：2021-11-25

申请号：PCT/US2021/033631

申请日：2021-05-21

申请人： ONETRUST, LLC

发明人： JONES, Kevin ,  DOSHI, Pratik ,  BRANNON, Jonathan Blake ,  KUMAR, Prabhu

IPC分类号： G06F8/70 ,  G06F21/62 ,  G06F21/57

摘要： A mobile application privacy analysis system is described, where the system scans a mobile device to identify files associated with a particular SDK and generates a tokenized name for the SDK. The tokenized name includes tokens representing the SDK vendor and one or more functions of the SDK. Using the tokenized name, the system then determines corresponding categories for each functionality token and score for each such category. Based on the scores, the system determines the most significant category and assigns that category to the SDK for use in privacy analysis. The system may also, or instead, determine a vendor category using the vendor token and assign that category to the SDK. Weighting factors may be applied to the scores for the categories associated with the functionality tokens and vendor tokens.

公开(公告)号：WO2019023534A1

公开(公告)日：2019-01-31

申请号：PCT/US2018/044020

申请日：2018-07-27

申请人： ONETRUST, LLC

发明人： BARDAY, Kabir A. ,  KARANJKAR, Mihir S. ,  FINCH, Steven W. ,  BROWNE, Ken A. ,  HEARD, Nathan W. ,  PATEL, Aakash H. ,  SABOURIN, Jason L. ,  DANIEL, Richard L. ,  PATTON-KUHL, Dylan D. ,  BRANNON, Jonathan Blake

IPC分类号： G06Q10/06 ,  G06F17/30

CPC分类号： G06Q10/063 ,  G06F16/21 ,  G06Q10/105

摘要： In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include any entity that collects, processes, contains, and/or transfers personal data (e.g., a software application, database, website, server, etc.). A data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc. The system may then utilize the generated model to fulfil a data subject access request.

公开(公告)号：WO2022178219A1

公开(公告)日：2022-08-25

申请号：PCT/US2022/016930

申请日：2022-02-18

申请人： ONETRUST, LLC

发明人： BRANNON, Jonathan Blake

IPC分类号： G10L15/26 ,  G06F21/62 ,  G06V10/00

摘要： In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for identifying and documenting certain subject matter found in media content, as well as selectively redacting the subject matter found in media content. In accordance with various aspects, a method is provided that comprises: obtaining first metadata for media content, the metadata identifying a context and a portion of content for an individual; identifying, based on the context, a certain subject matter for the media content; determining that a particular item associated with the subject matter is present in the portion of content associated with the individual; generating second metadata to document the particular item present in the portion of content; and using the second metadata to selectively redacting the item from the portion of content associated with the individual upon request to do so with respect to the individual.

公开(公告)号：WO2022060860A1

公开(公告)日：2022-03-24

申请号：PCT/US2021/050497

申请日：2021-09-15

申请人： ONETRUST, LLC

发明人： BRANNON, Jonathan Blake ,  WHITNEY, Patrick ,  CHAVVA, Sharath Chandra

IPC分类号： G06F16/957 ,  G06F21/62

摘要： Systems and methods are disclosed detecting whether calls to consent rejection functions originate with an automated tool or a human user. The system can determine that a calls to a consent rejection function are likely from an automated tool by determining that a rate and/or number of calls to a function exceeds a threshold and/or that the calls are received before the interface requesting user consent preferences has been rendered to the user. The system can also require that a function call include a token that an automated tool would not have knowledge of or access to and reject function calls without this token. The system can also use private consent rejection function calls with obfuscated names and/or provide a follow up consent rejections confirmation interface requiring human user input before process a consent rejection.

公开(公告)号：WO2022032072A1

公开(公告)日：2022-02-10

申请号：PCT/US2021/044910

申请日：2021-08-06

申请人： ONETRUST, LLC

发明人： BRANNON, Jonathan Blake ,  JONES, Kevin ,  PITCHAIMANI, Saravanan ,  RAGHUPATHY, Haribalan ,  SARANGAPANI, Mahashankar ,  SIVAN, Mahesh ,  MALHOTRA, Priya

IPC分类号： G06F16/242 ,  G06F16/332 ,  G06F16/901 ,  G06N20/00 ,  G06Q10/10 ,  G06F16/3335 ,  G06F16/335 ,  G06F16/35 ,  G06F21/6254 ,  G06N3/0454 ,  G06N5/022

摘要： System and methods are disclosed for redacting analyzing unstructured data in a request for data associated with a data subject to determine whether the unstructured data is relevant to the request. The relevancy of pieces of the unstructured data may be determined by determining a categorization for each such piece of unstructured data and comparing them to known personal data associated with the data subject having the same categorization. Pieces of the unstructured data that do not match known personal data having the same categorization are redacted from the request before the request is processed.