公开(公告)号：US12166788B2

公开(公告)日：2024-12-10

申请号：US18469893

申请日：2023-09-19

Applicant: OneTrust LLC

Inventor： Patrick Glenn Murray ,  Carman Kwong ,  Christopher Cross ,  Jose Costa Moreno ,  Harpreet Shergill ,  Keegan Callin

IPC: H04L9/40

Abstract: Techniques are disclosed for usage-tracking of various information security (InfoSec) entities for tenants/organization onboarded on an instant multi-tenant security assurance platform. The InfoSec entities include policies, procedures, controls and evidence tasks. A policy or procedure is enforced by implementing one or more controls, and the collection of one or more evidence tasks proves/verifies the implementation of a control. The InfoSec entities are linked to each other across the platform and accrue a number of benefits for the tenants. These include generating a security questionnaire response (SQR), defining a readiness project and an audit project, sharing InfoSec entities encompassing the various products of a tenant, automating risk assessment, automatic collection of evidence tasks for verifying the implementation and/or operational state/status of various mitigating controls, etc.

公开(公告)号：US12158975B2

公开(公告)日：2024-12-03

申请号：US18110511

申请日：2023-02-16

Applicant: OneTrust, LLC

Inventor： Jonathan Blake Brannon ,  Richard A. Beaumont

IPC: G06F21/62

Abstract: In various embodiments, an entity may provide a WebView where a transaction between an entity and a data subject may be performed. As described herein, the transaction may involve the collection or processing of personal data associated with the data subject by the entity as part of a processing activity undertaken by the entity that the data subject is consenting to as part of the transaction. Additionally, the entity may provide a native application where the transactions between the entity and a data subject may be performed. In some embodiments, the system may be configured to share consent data between the WebView and the native application so data subjects experience a seamless transition while using either the WebView or the native application, and the data subjects are not required to go through a consent workflow for each of the WebView and the native application.

公开(公告)号：US12153704B2

公开(公告)日：2024-11-26

申请号：US17881076

申请日：2022-08-04

Applicant: OneTrust, LLC

Inventor： Shiven Patel ,  Jason L. Sabourin ,  Sinu John ,  Siju George ,  Ashish R ,  Shivakumar Umadi ,  Sahaj Rao

IPC: H04L67/306 ,  G06F21/62 ,  H04L9/40

Abstract: Various aspects of the disclosure provide methods, apparatus, systems, computing devices, computing entities, and/or the like for facilitating the exchange of data among a diverse group of first and third party computing environments. Accordingly, various aspects of the disclosure provide a data exchange computing platform that facilitates data exchange among a diverse group of first and third party computing environments. In some aspects, the data exchange computing platform provides a data exchange service available to various first and third parties who wish to exchange data.

公开(公告)号：US20240385916A1

公开(公告)日：2024-11-21

申请号：US18687219

申请日：2022-10-03

Applicant: OneTrust, LLC

Inventor： Pratik Doshi ,  Spencer Wyckoff

IPC: G06F9/54

Abstract: Aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for auto-blocking of software development kit functionality for mobile software applications based on consent (or lack thereof) provided by users who are interacting with the mobile software applications.

公开(公告)号：US20240195835A1

公开(公告)日：2024-06-13

申请号：US18586958

申请日：2024-02-26

Applicant: OneTrust, LLC

Inventor： Jonathan Blake Brannon ,  Patrick Whitney ,  Sharath Chandra Chavva ,  Jeffrey Baucom

IPC: H04L9/40

CPC classification number: H04L63/1475 ,  H04L63/1416

Abstract: Embodiments of the present invention provide methods, apparatus, systems, computing devices, computing entities, and/or the like for permitting or blocking tracking tools used through webpages. In particular embodiments, the method involves: scanning a webpage to identify a tracking tool configured for processing personal data; determining a data destination location that is associated with the tracking tool; and generating program code configured to: determine a location associated with a user who is associated with a rendering of the webpage; determine a prohibited data destination location based on the location associated with the user; determine that the data destination location associated with the tracking tool is not the prohibited data destination location; and responsive to the data destination location associated with the tracking tool not being the prohibited data destination location, permit the tracking tool to execute.

公开(公告)号：US20240143674A1

公开(公告)日：2024-05-02

申请号：US18476185

申请日：2023-09-27

Applicant: OneTrust LLC

Inventor： Raju Bokade ,  Ravi Kalasapur ,  Mithun Babu ,  Austin Proctor

IPC: G06F16/951 ,  G06F9/50

CPC classification number: G06F16/951 ,  G06F9/5027

Abstract: Methods, systems, and non-transitory computer readable storage media are disclosed for processing data for a subset of domains in parallel with publishing data to a tenant database for another subset of domains within a shared infrastructure. Specifically, the disclosed system assigns one or more partitions of an intermediate shared processing queue to a set of domains indicated by a scan request from a client device. The disclosed system extracts data from a subset of domains of the set of domains via the one or more partitions and publishes scan results of the subset of domains to the tenant database. Furthermore, the disclosed system extracts, in parallel with publishing the data of the subset of domains, additional data of an additional subset of domains via the one or more partitions of the intermediate shared processing queue.

公开(公告)号：US11968229B2

公开(公告)日：2024-04-23

申请号：US17942242

申请日：2022-09-12

Applicant: OneTrust, LLC

Inventor： Jonathan Blake Brannon ,  Patrick Whitney ,  Sharath Chandra Chavva ,  Jeffrey Baucom

IPC: H04L9/40

CPC classification number: H04L63/1475 ,  H04L63/1416

Abstract: Embodiments of the present invention provide methods, apparatus, systems, computing devices, computing entities, and/or the like for permitting or blocking tracking tools used through webpages. In particular embodiments, the method involves: scanning a webpage to identify a tracking tool configured for processing personal data; determining a data destination location that is associated with the tracking tool; and generating program code configured to: determine a location associated with a user who is associated with a rendering of the webpage; determine a prohibited data destination location based on the location associated with the user; determine that the data destination location associated with the tracking tool is not the prohibited data destination location; and responsive to the data destination location associated with the tracking tool not being the prohibited data destination location, permit the tracking tool to execute.

公开(公告)号：US20240098109A1

公开(公告)日：2024-03-21

申请号：US18275910

申请日：2022-02-10

Applicant: OneTrust, LLC

Inventor： Subramanian Viswanathan ,  Milap Shah

IPC: H04L9/40 ,  G06F21/60

CPC classification number: H04L63/1433 ,  G06F21/60

Abstract: In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for integrating third party computing system functionality into a first party computing system by providing a risk management and mitigation computing system configured to analyze a risk of integrating the functionality provided by the third party computing system and facilitating implementation of one or more data-related controls that include performing computer-specific operations to mitigate and/or eliminate the identified risks. For example, the risk management and mitigation computing system can access risk data in tenant computing systems to determine a risk score related to the integration of the third party computing system functionality based on risks determined during prior integrations of the third party computing system functionality by other tenant computing systems. The risk management and mitigation computing system can generate a recommended control when integrating the third party computing system functionality.

公开(公告)号：US20230376852A1

公开(公告)日：2023-11-23

申请号：US18319301

申请日：2023-05-17

Applicant: OneTrust LLC

Inventor： Shane Wiggins ,  Kevin Jones

IPC: G06N20/00

CPC classification number: G06N20/00

Abstract: Methods, systems, and non-transitory computer readable storage media are disclosed for managing implementation of machine-learning models within computing environments according to system requirements frameworks via common data objects. The disclosed system generates a common data object to represent an implementation of a machine-learning model with a data process. For example, the disclosed system determines attribute values of the common data object according to data objects representing the machine-learning model and related datasets. Furthermore, the disclosed system utilizes the common data object to validate the machine-learning model according to a digital representation of a system requirements framework that includes usage requirements for machine-learning models to store, process, transmit, or otherwise handle specific data types in specific ways for the one or more data processes within a computing environment. The disclosed systems also perform operations to implement, suspend, or otherwise modify the machine-learning model or datasets based on the validation.

公开(公告)号：US11797528B2

公开(公告)日：2023-10-24

申请号：US17370650

申请日：2021-07-08

Applicant: OneTrust, LLC

Inventor： Kevin Jones ,  Saravanan Pitchaimani ,  Subramanian Viswanathan ,  Milap Shah ,  Ramana Malladi ,  Aadil Allidina ,  Matthew Hennig ,  Dylan D. Patton-Kuhl ,  Jonathan Blake Brannon

IPC: G06F16/242 ,  G06F16/25 ,  G06F16/23 ,  G06F16/2457 ,  G06N20/00 ,  G06F11/34

CPC classification number: G06F16/2423 ,  G06F11/3409 ,  G06F16/2358 ,  G06F16/2457 ,  G06F16/258 ,  G06N20/00 ,  G06F2201/80

Abstract: Various embodiments provide methods, apparatus, systems, computing devices, computing entities, and/or the like for identifying targeted data for a data subject across a plurality of data objects in a data source. In accordance with one embodiment, a method is provided comprising: receiving a request to identify targeted data for a data subject; identifying a first data object using metadata for a data source that identifies the first data object as associated with a first targeted data type for a data portion from the request; identifying a first data field from a graph data structure of the first data object that identifies the first data field as used for storing data having the first targeted data type; and querying the first data object based on the first data field and the data for the first targeted data type to identify a first targeted data portion for the data subject.