The physical behaviour of a person trying to gain access to data is analysed against the past patterns of an authorised person. If they match, it’s assumed that they are that person and access is allowed.
Access is allowed if a someones activity matches past behaviour. For example, a card transaction might be declined if used somewhere the user doesn’t usually go to.
Permission to access data is controlled through matching biometric data.
A person gives someone else they trust the authority to act on their behalf in an emergency by issuing them with an access code in advance. The trusted person can use the code to access the other person’s data in an emergency, but only after a set period of time has elapsed (during which there is the opportunity to veto access).
Access is controlled depending on the physical location of the person, using something like GPS.
A key is encoded into an image, like a pattern or a two-dimensional barcode. It’s scanned by a something which interprets the image and uses it in a cryptographic challenge with a key stored on the device of someone attempting to gain access. If the challenge is successful, access is granted.
Someone’s consent is assumed through continued use of a service. They are shown a message at the beginning of using the service, often with a link to further information.
People are asked to agree to a specific, atomic permission at the point that a service needs it to complete a task, e.g. access to a phone’s camera or contacts.
A person is invited to share their data via a location based beacon. For example, when walking through a park they might be asked to volunteer their location data to help improve the design of the park.
Access requires clicking a link sent through secondary means. For example, someone signing into an account on a service would be a sent a magic link to the email address associated with that account. It’s assumed that the email address is only accessible to the intended person.
People sell access to their data for a fee via a public marketplace. This can be used in conjunction with data licensing to allow people to set the terms of sale.
A person encrypts their data so that it can only decrypted by the intended recipient and shares their data via an email or shared file system.
A person can generate a unique code that allows a third-party to access their data at a set point in time. The code can only be used once. It is up to the person who generated the code how they deliver it to the third-party.
A one-time code cannot prevent saving/screen capture of data by the person using the code.
A link to data is generated and shared with those who have permission to access it. Sometimes the link is delisted from search engines to prevent other people from discovering it. No further authentication is needed when the link is accessed.
A person’s data is shared by default, but there is the option to opt-out.
Some services require a forced update to someone’s data, followed by a notification that it has occurred so that they have an opportunity to appeal. An example of this is if points for speeding need to be added to someone’s driving licence.
Permission is given when over a set amount of people agree, possibly using physical tokens like Yubikeys.
Gaining access to data through a series of answers that only an allowed person should know. (This information could be false — like lying about your name at Starbucks). Generally this pattern is used for identity rather than data access.
During a transaction, or during installation of software, people are asked to agree to a fixed set of terms and conditions before they can proceed.
Someone intending to access data needs to satisfy two different “factors” of verifying their identity. Frequently, this takes the form of knowing a username and password and having access to a device which a code is sent to or generated from to confirm their possession of it.
People are asked to agree to a specific set of permissions — for example access to a phone’s camera, location and contacts — before they use or install a service.
In an end-to-end encrypted system, people can verify each others identities by saying a word from a pair that is generated by a cryptographic function. If their communication is compromised (through a man-in-the-middle attack, for example) the words won’t match.