Managing user information—authorization masking

US 10,236,079 B2
Filed: 09/29/2014
Issued: 03/19/2019
Est. Priority Date: 05/30/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

performing, by one or more processors of a computing device configured with a secure storage device and to execute computer-executable instructions, a plurality of operations comprising;

receiving health information of a user associated with at least a subset of a plurality of different data types, the health information received from a data collection device of the user;

storing the health information of the user in the secure storage device of the computing device;

receiving, from a third-party application, an authorization request for accessing at least one data type of the plurality of different data types for the user, the at least one data type in the authorization request corresponding to the stored health information of the user;

providing, via a user interface, the authorization request to the user;

receiving a response from the user to the provided authorization request, the response indicating, to the computing device, whether the user has authorized access by the third-party application to the at least one data type;

in response to receiving the user'"'"'s response to the provided authorization request, masking the user'"'"'s response to the authorization request by providing, to the third-party application, an indication that the authorization request was presented to the user without indicating whether the authorization request was approved or not;

after providing the indication that the authorization request was presented to the user to the third-party application, receiving from the third-party application, a request for a value corresponding to the at least one data type;

determining whether the value corresponding to the at least one data type is available to fulfill the request;

providing, to the third-party application, a reply in response to determining that the value corresponding to the at least one data type is available to fulfill the request, wherein the computing device is configured to provide the reply by;

providing, in accordance with a determination that the user has authorized access to the at least one data type, the value corresponding to the at least one data type to the third-party application; and

providing, in accordance with a determination that the user has not authorized access to the at least one data type, the at least one data type with no value corresponding to the at least one data type to the third-party application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer-readable medium are provided for managing user information. For example, data of the user may be stored in a memory. A request for a user to authorize access of at least a portion of the data may be provided. The authorization may be for an application to access the portion of the data. In some examples, a response to the request may be received, and an indication that the request was provided to the user may be provided without indicating whether the user denied the request.

Citations

20 Claims

1. A computer-implemented method, comprising:
- performing, by one or more processors of a computing device configured with a secure storage device and to execute computer-executable instructions, a plurality of operations comprising;
  
  receiving health information of a user associated with at least a subset of a plurality of different data types, the health information received from a data collection device of the user;
  
  storing the health information of the user in the secure storage device of the computing device;
  
  receiving, from a third-party application, an authorization request for accessing at least one data type of the plurality of different data types for the user, the at least one data type in the authorization request corresponding to the stored health information of the user;
  
  providing, via a user interface, the authorization request to the user;
  
  receiving a response from the user to the provided authorization request, the response indicating, to the computing device, whether the user has authorized access by the third-party application to the at least one data type;
  
  in response to receiving the user'"'"'s response to the provided authorization request, masking the user'"'"'s response to the authorization request by providing, to the third-party application, an indication that the authorization request was presented to the user without indicating whether the authorization request was approved or not;
  
  after providing the indication that the authorization request was presented to the user to the third-party application, receiving from the third-party application, a request for a value corresponding to the at least one data type;
  
  determining whether the value corresponding to the at least one data type is available to fulfill the request;
  
  providing, to the third-party application, a reply in response to determining that the value corresponding to the at least one data type is available to fulfill the request, wherein the computing device is configured to provide the reply by;
  
  providing, in accordance with a determination that the user has authorized access to the at least one data type, the value corresponding to the at least one data type to the third-party application; and
  
  providing, in accordance with a determination that the user has not authorized access to the at least one data type, the at least one data type with no value corresponding to the at least one data type to the third-party application.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein the indication that the authorization request was presented to the user is provided to the third-party application without indicating to the third-party application that the user denied access, to the third-party application, to a particular data type.
  - 3. The computer-implemented method of claim 1, wherein the user has provided the value corresponding to the at least one data type.
  - 4. The computer-implemented method of claim 3, wherein the indication of the at least one data type is provided to the third-party application without indicating that the user has provided the value corresponding to the at least one data type.
  - 5. The computer-implemented method of claim 1, wherein data of the secure storage device is accessible to the third-party application when the user is authenticated with the computing device.
  - 6. The computer-implemented method of claim 1, further comprising:
    - receiving, from a second third-party application, a second authorization request for accessing the at least one data type of the plurality of different data types of the user;
      
      receiving an authorization grant from the user for the second third-party application to access the at least one data type; and
      
      providing, to the second third-party application, a same indication to the second third-party application as was provided to the third-party application.
  - 7. The computer-implemented method of claim 6, wherein the same indication is provided to the second third-party when the user has not provided the value corresponding to the at least one data type.

8. A user device, comprising:
- a memory configured to store computer-executable instructions; and
  
  a processor in communication with the memory configured to execute the computer-executable instructions to at least;
  
  configure the memory to store health data of a user;
  
  present a request, on an interface of the user device, for the user to authorize access of at least one data type of the health data to a third-party application of the user device;
  
  receive, from the interface of the user device, a response to the request, the response indicating, to the user device, whether the user has authorized access by the third-party application to the at least one data type;
  
  in response to receiving the user'"'"'s response to the presented request, mask the user'"'"'s response to the request by providing to the third-party application of the user device, an indication that the request was presented on the interface without indicating whether the request was approved or not;
  
  after providing the indication that the request was presented to the user to the third-party application, receive from the application, a request for a value corresponding to the at least one data type;
  
  determine whether the value corresponding to the at least one data type is available to fulfill the request for the value from the application;
  
  provide, to the third-party application a reply in response to determining that the value corresponding to the at least one data type is available to fulfill the request, wherein the user device is configured to provide the reply by;
  
  providing, in accordance with a determination that the user has authorized access to the at least one data type, the value corresponding to the at least one data type to the third-party application; and
  
  providing, in accordance with a determination that the user has not authorized access to the at least one data type, the at least one data type with no value corresponding to the at least one data type to the third-party application.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The user device of claim 8, wherein the application of the device comprises a third-party application executed by the processor.
  - 10. The user device of claim 8, wherein the user is enabled to authorize access to first health data of a first data type and deny access to second health data of a second data type.
  - 11. The user device of claim 10, wherein the memory is configured to store the second health data and not store the first health data.
  - 12. The user device of claim 11, wherein the processor is further configured to execute the computer-executable instructions to at least receive, from the application, a first data request for the first health data and a second data request for the second health data.
  - 13. The user device of claim 12, wherein the processor is further configured to execute the computer-executable instructions to at least provide the at least one data type with no value corresponding to the at least one data type to the application in response to both the first data request and the second data request.
  - 14. The user device of claim 8, wherein the processor is further configured to execute the computer-executable instructions to at least provide a read request, to the user, for the user to authorize the application to read the data stored in the memory.
  - 15. The user device of claim 14, wherein the processor is further configured to execute the computer-executable instructions to at least provide, to the application, only information provided by the application to the memory when the user denies the read request.

16. A non-transitory computer-readable storage medium storing computer-executable instructions that, when executed by a processor of a user device, configure the processor to perform operations comprising:
- storing health information associated with a user in a data store of the user device;
  
  receiving a first request, from an application, for authorization to access the health information;
  
  providing, via a user interface, the first request to the user, for the user to authorize access of at least one data type of the health information to the application;
  
  receiving a response to the first request, the response indicating, to the user device, whether the user has authorized access by the application to the at least one data type;
  
  in response to receiving the user'"'"'s response to the authorization request, masking the user'"'"'s response to the authorization request by providing, to the application, an indication that the first request was presented to the user without indicating whether the first request was approved or not;
  
  after providing the indication that the authorization request was presented to the user to the application, receiving a second request, from the application, for a value corresponding to the at least one data type;
  
  determining whether the value corresponding to the at least one data type is available to fulfill the second request;
  
  providing, to the application, a reply in response to determining that the value corresponding to the at least one data type is available to fulfill the second request, wherein the user device is configured to provide the reply by;
  
  providing, in accordance with a determination that the user has authorized access to the at least one data type, the value corresponding to the at least one data type to the application; and
  
  providing, in accordance with a determination that the user has not authorized access to the at least one data type, the at least one data type with no value corresponding to the at least one data type to the application in response to the second request.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable medium of claim 16, wherein the application is a third-party application configured to be capable of at least one of reading or writing at least a portion of the health information to the data store, and wherein at least one first party application is configured to be capable of at least one of reading or writing at least the portion of the health information to the data store.
  - 18. The non-transitory computer-readable medium of claim 17, wherein the user is enabled to respond to the first request for authorization for each of a plurality of data types.
  - 19. The non-transitory computer-readable medium of claim 16, wherein the denial of the first request for authorization is masked by providing a response to the application that does not indicate that the user denied the first request for authorization.
  - 20. The non-transitory computer-readable medium of claim 19, wherein providing the at least one data type with no value corresponding to the at least one data type comprises providing an identifier of the at least one data type and not providing any values corresponding to the identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Keen, Daniel S.
Primary Examiner(s)
Al Kawsar, Abdullah
Assistant Examiner(s)
Ramsey, Patrick R

Application Number

US14/499,449
Publication Number

US 20150347784A1
Time in Patent Office

1,632 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06F 16/2291   User-Defined Types; Storage...

G06F 16/24   Querying

G06F 21/6245   Protecting personal data, e...

G06F 9/54   Interprogram communication

G16H 10/60   for patient-specific data, ...

G16H 10/65   stored on portable record c...

G16H 20/30   relating to physical therap...

G16H 20/40   relating to mechanical, rad...

G16H 50/70   for mining of medical data,...

G16H 70/00   ICT specially adapted for t...

H04L 63/102   Entity profiles

H04L 67/12   specially adapted for propr...

Managing user information—authorization masking

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Managing user information—authorization masking

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links