Personal data repository
First Claim
1. A method for controlling access, use and distribution of personal data of a user stored in a personal data repository, the method comprising the steps of:
- allowing a user to indicate which portions of the personal data stored in the personal data repository are releasable to a second party;
reaching an agreement, between the user and the second party, regarding use, by the second party, of any portions of the personal data in the personal data repository; and
releasing any of the portions of the stored personal data in the personal data repository to the second party according to the agreement, wherein the agreement includes what items within the personal data repository can be used by the second party, and only ones of the items which, according to the agreement, can be used by the second party are released to the second party.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus are provided for controlling access to stored personal data of a user. A user indicates which portions of personal data of the user stored in a personal data repository are releasable to a second party. The user and the second party reach an agreement regarding use, by the second party, of any portions of the personal data in the personal data repository. The portions of the stored personal data in the personal data repository are released to the second party according to the agreement. The agreement includes what items within the personal data repository can be used by the second party. Only those items which, according to the agreement, can be used by the second party are released to the second party. In another embodiment of the invention, a method and apparatus are provided for selectively sending information. A trusted party device receives a request to send information. A user device is selected to receive the vendor information based on a willingness to receive the vendor information indicated within the stored personal data about the user. The vendor information is sent to the selected user device. Other aspects of the invention include a machine readable medium including instructions for a processor in a device to perform the methods described above.
430 Citations
45 Claims
-
1. A method for controlling access, use and distribution of personal data of a user stored in a personal data repository, the method comprising the steps of:
-
allowing a user to indicate which portions of the personal data stored in the personal data repository are releasable to a second party;
reaching an agreement, between the user and the second party, regarding use, by the second party, of any portions of the personal data in the personal data repository; and
releasing any of the portions of the stored personal data in the personal data repository to the second party according to the agreement, wherein the agreement includes what items within the personal data repository can be used by the second party, and only ones of the items which, according to the agreement, can be used by the second party are released to the second party. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for selectively sending information, comprising the steps of:
-
receiving, by a trusted party device, a request to send information;
selecting a user device to receive the information based on a willingness to receive the information indicated within the stored personal data about the user when at least one user device has indicated the willingness to receive the information; and
sending the vendor information to the selected user device when the selected user device exists.
-
-
17. A method of controlling receipt of information, comprising the steps of:
-
receiving, by a user device from a second party device, a request for at least some of the personal data of the user;
attempting to reach an agreement with a second party, via the second party device, regarding use by the second party of any of the personal data of the user; and
sending information to the user device only if the agreement is reached.
-
-
18. A system for providing personal data of a user with access rights being controlled by the user, the system comprising:
-
a user device;
a trusted party device, the user device being arranged to communicate with the trusted party device;
at least one data storage device including the personal data of the user;
a rules enforcer included in the trusted party device to enforce rules by which the personal data of the user can be accessed by a second party device, the rules having been agreed to by the user and a second party associated with the second party device, wherein;
the at least one data storage device is associated with at least one of the user device and the trusted party device. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A system for providing personal data of a user with access rights being controlled by the user, the system comprising
a user device; -
a second party device, the user device being arranged to communicate with the second party device;
a data storage, associated with the user device, including the personal data of the user; and
a rules enforcer included in the user device to enforce rules by which portions of the personal data of the user can be accessed by the second party device, the rules having been agreed to by the user and a second party associated with the second party device, the rules including what items of the personal data are releasable to the second party and how the items of the personal data can be used by the second party. - View Dependent Claims (26, 27, 28)
-
-
29. A device for providing personal data of a user with access rights being controlled by the user, the device comprising:
-
a data storage device having recorded therein at least some of the personal data of the user;
an agreement facilitator to facilitate an agreement between the user and a second party; and
a rules enforcer to enforce rules by which items of the personal data of the user can be accessed by a second party device, the rules having been agreed to by the user and a second party associated with the second party device, the rules enforcer allowing access to only ones of the items, which according to the agreement, can be used by the second party. - View Dependent Claims (30, 31, 32, 33, 34)
-
-
35. A mobile device for providing personal data of a user with access rights being controlled by the user, the mobile device comprising:
-
a rules enforcer to enforce the rules by which the personal data of the user can be accessed by a second party device, the rules having been agreed to by the user and a second party associated with the second party device;
a data storage device having recorded therein at least some of the personal data of the user;
an agreement facilitator to facilitate an agreement between the user and the second party, wherein;
the data storage device is arranged to have recorded therein a service profile including portions of the personal data of the user and information regarding conditions under which items within the service profile can be used by the second party.
-
-
36. A machine-readable medium having recorded thereon instructions for a processor in a device to perform the steps of:
-
receiving an indication regarding which portions of personal data of a user stored in a personal data repository are releasable to a second party;
reaching an agreement, between the user and the second party, regarding use, by the second party, of any portions of the personal data in the personal data repository; and
releasing any of the portions of the stored personal data in the personal data repository to the second party according to the agreement, wherein the agreement includes what items within the personal data repository can be used by the second party, and only ones of the items which, according to the agreement, can be used by the second party are released to the second party. - View Dependent Claims (37, 38, 39, 40, 41, 42)
-
-
43. A machine-readable medium having recorded thereon instructions for a processor in a device to perform the steps of:
-
receiving, by a trusted party device, a request to send information;
selecting a user device to receive the information based on a willingness to receive the information indicated within stored personal data about the user when at least one user device has indicated the willingness to receive the information; and
sending the vendor information to the selected user device when the selected user device exists.
-
-
44. A machine-readable medium having recorded thereon instructions for a processor in a device to perform the steps of:
-
receiving, by a user device from a second party device, a request for at least some of the personal data of the user;
attempting to reach an agreement with a second party, via the second party device, regarding use by the second party of any of the personal data of the user; and
sending vendor information to the user device only if the agreement is reached.
-
-
45. A mobile device for providing personal data of a user with access rights being controlled by the user, the mobile device comprising:
-
a rules enforcer to enforce the rules by which the personal data of the user can be accessed by a second party device, the rules having been agreed to by the user and a second party associated with the second party device;
a data storage device having recorded therein at least some of the personal data of the user;
an agreement facilitator to facilitate an agreement between the user and the second party;
and a history recorder to record a history of actions by the user via the user device, the history recorder including a level selector to select a level of the actions to be recorded, wherein;
the data storage device is arranged to have recorded therein at least a portion of a service profile including information regarding what portions of the stored personal data of the user can be released to the second party and conditions under which the portions of the service profile can be released to the second party.
-
Specification