Personal data repository

US 20030097451A1
Filed: 11/16/2001
Published: 05/22/2003
Est. Priority Date: 11/16/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for controlling access, use and distribution of personal data of a user stored in a personal data repository, the method comprising the steps of:

allowing a user to indicate which portions of the personal data stored in the personal data repository are releasable to a second party;

reaching an agreement, between the user and the second party, regarding use, by the second party, of any portions of the personal data in the personal data repository; and

releasing any of the portions of the stored personal data in the personal data repository to the second party according to the agreement, wherein the agreement includes what items within the personal data repository can be used by the second party, and only ones of the items which, according to the agreement, can be used by the second party are released to the second party.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are provided for controlling access to stored personal data of a user. A user indicates which portions of personal data of the user stored in a personal data repository are releasable to a second party. The user and the second party reach an agreement regarding use, by the second party, of any portions of the personal data in the personal data repository. The portions of the stored personal data in the personal data repository are released to the second party according to the agreement. The agreement includes what items within the personal data repository can be used by the second party. Only those items which, according to the agreement, can be used by the second party are released to the second party. In another embodiment of the invention, a method and apparatus are provided for selectively sending information. A trusted party device receives a request to send information. A user device is selected to receive the vendor information based on a willingness to receive the vendor information indicated within the stored personal data about the user. The vendor information is sent to the selected user device. Other aspects of the invention include a machine readable medium including instructions for a processor in a device to perform the methods described above.

430 Citations

45 Claims

1. A method for controlling access, use and distribution of personal data of a user stored in a personal data repository, the method comprising the steps of:
- allowing a user to indicate which portions of the personal data stored in the personal data repository are releasable to a second party;
  
  reaching an agreement, between the user and the second party, regarding use, by the second party, of any portions of the personal data in the personal data repository; and
  
  releasing any of the portions of the stored personal data in the personal data repository to the second party according to the agreement, wherein the agreement includes what items within the personal data repository can be used by the second party, and only ones of the items which, according to the agreement, can be used by the second party are released to the second party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein the personal data about the user is collected automatically.
  - 3. The method of claim 1, wherein the step of reaching the agreement comprises choosing an agreement provided by an independent agreement provider, wherein the independent agreement provider receives compensation based on use of the provided agreement.
  - 4. The method of claim 1, wherein the personal data about the user is entered by the user.
  - 5. The method of claim 1, further comprising the step of storing the personal data about the user on a device operated by the user.
  - 6. The method of claim 1, further comprising the step of storing the personal data about the user on a trusted party device.
  - 7. The method of claim 1, further comprising the step of storing the personal data about the user in a distributed manner among a plurality of trusted party devices.
  - 8. The method of claim 1, further comprising the step of allowing the user to perform at least one of adding, deleting or changing the personal data about the user.
  - 9. The method of claim 1, further comprising the step of defining a service profile within the personal data repository, wherein the service profile includes portions of the personal data of the user and information regarding conditions under which items within the service profile can be used by the second party.
  - 10. The method of claim 9, wherein the service profile includes information regarding a date and a time that any of the stored information about the user was released to the second party and to whom the stored information was released.
  - 11. The method of claim 9;
    - wherein the service profile includes information pertaining to a description of the agreement between the user and the second party.
  - 12. The method of claim 1, further comprising the step of acting, by a trusted party, as an agent of the user to negotiate use, by the second party, of any of the personal data of the user in return for compensation to the user for the use of any of the personal data.
  - 13. The method of claim 1, further comprising the steps of recording a history of actions, by the user using a user device, as part of the personal data of the user.
  - 14. The method of claim 13, further comprising defining, by the user, of a level of a type of the actions to be recorded.
  - 15. The method of claim 1, further comprising the steps of:
    - receiving, at a trusted party device connected to a computer network, a first request from a device operated by a user;
      
      forming a second request from the first request, the second request being stripped of information that can associate the user with the second request;
      
      sending, from the trusted party device, the second request over a computer network to a second party device;
      
      receiving, at the trusted party device, response information in response to the sending of the second request;
      
      forming a response based on the response information; and
      
      sending the response to the device operated by the user.

16. A method for selectively sending information, comprising the steps of:
- receiving, by a trusted party device, a request to send information;
  
  selecting a user device to receive the information based on a willingness to receive the information indicated within the stored personal data about the user when at least one user device has indicated the willingness to receive the information; and
  
  sending the vendor information to the selected user device when the selected user device exists.

17. A method of controlling receipt of information, comprising the steps of:
- receiving, by a user device from a second party device, a request for at least some of the personal data of the user;
  
  attempting to reach an agreement with a second party, via the second party device, regarding use by the second party of any of the personal data of the user; and
  
  sending information to the user device only if the agreement is reached.

18. A system for providing personal data of a user with access rights being controlled by the user, the system comprising:
- a user device;
  
  a trusted party device, the user device being arranged to communicate with the trusted party device;
  
  at least one data storage device including the personal data of the user;
  
  a rules enforcer included in the trusted party device to enforce rules by which the personal data of the user can be accessed by a second party device, the rules having been agreed to by the user and a second party associated with the second party device, wherein;
  
  the at least one data storage device is associated with at least one of the user device and the trusted party device.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The system of claim 18, further comprising a plurality of trusted party devices, each of the trusted party devices being configured to communicate with at least one other of the plurality of trusted party devices, wherein:
    - the at least one storage device is included in at least some of the plurality of trusted party devices and the personal data of the user is distributed among the at least one storage device of at least some of the plurality of trusted party devices.
  - 20. The system of claim 18, wherein the trusted party device further comprises an agreement facilitator to facilitate an agreement between the user and the trusted party.
  - 21. The system of claim 18, wherein the user device further comprises an agreement facilitator to facilitate an agreement between the user and the trusted party.
  - 22. The system of claim 18, wherein the at least one data storage device has recorded therein a service profile within a personal data repository, wherein the service profile includes portions of the personal data of the user and information regarding conditions under which items within the service profile can be used by the second party.
  - 23. The system of claim 18, wherein the trusted party device further comprises a history recorder to record a history of actions performed by the user device.
  - 24. The system of claim 23, wherein the history recorder includes a level selector by which the user, via the user device, can select one of a plurality of levels of a type of the actions to be recorded.

25. A system for providing personal data of a user with access rights being controlled by the user, the system comprising a user device;
- a second party device, the user device being arranged to communicate with the second party device;
  
  a data storage, associated with the user device, including the personal data of the user; and
  
  a rules enforcer included in the user device to enforce rules by which portions of the personal data of the user can be accessed by the second party device, the rules having been agreed to by the user and a second party associated with the second party device, the rules including what items of the personal data are releasable to the second party and how the items of the personal data can be used by the second party.
- View Dependent Claims (26, 27, 28)
- - 26. The system of claim 25, further comprising a service profile stored within the data storage, the service profile including portions of the personal data of the user and information pertaining to an agreement describing how any of the stored information about the user can be used by the second party.
  - 27. The system of claim 25, wherein the user device further comprises a history recorder to record a history of actions performed by the user device.
  - 28. The system of claim 27, wherein the history recorder includes a level selector to select one of a plurality of levels of a type of the actions to be recorded.

29. A device for providing personal data of a user with access rights being controlled by the user, the device comprising:
- a data storage device having recorded therein at least some of the personal data of the user;
  
  an agreement facilitator to facilitate an agreement between the user and a second party; and
  
  a rules enforcer to enforce rules by which items of the personal data of the user can be accessed by a second party device, the rules having been agreed to by the user and a second party associated with the second party device, the rules enforcer allowing access to only ones of the items, which according to the agreement, can be used by the second party.
- View Dependent Claims (30, 31, 32, 33, 34)
- - 30. The device of claim 29, wherein the data storage device has recorded therein a service profile within a personal data repository, the service profile including portions of the personal data of the user and information regarding conditions under which items of the stored personal data of the user can be released to the second party.
  - 31. The device of claim 30, wherein the service profile is arranged to include information regarding a date and a time that any of the stored personal information of the user is released to the second party.
  - 32. The device of claim 30, wherein the service profile is arranged to include information pertaining to a contract that describes how any of the stored personal data of the user can be used by the second party.
  - 33. The device of claim 29 further comprising a history recorder to record a history of actions performed by the user.
  - 34. The device of claim 33, wherein the history recorder includes a level selector by which the user can select one of a plurality of levels of a type of the actions to be recorded.

35. A mobile device for providing personal data of a user with access rights being controlled by the user, the mobile device comprising:
- a rules enforcer to enforce the rules by which the personal data of the user can be accessed by a second party device, the rules having been agreed to by the user and a second party associated with the second party device;
  
  a data storage device having recorded therein at least some of the personal data of the user;
  
  an agreement facilitator to facilitate an agreement between the user and the second party, wherein;
  
  the data storage device is arranged to have recorded therein a service profile including portions of the personal data of the user and information regarding conditions under which items within the service profile can be used by the second party.

36. A machine-readable medium having recorded thereon instructions for a processor in a device to perform the steps of:
- receiving an indication regarding which portions of personal data of a user stored in a personal data repository are releasable to a second party;
  
  reaching an agreement, between the user and the second party, regarding use, by the second party, of any portions of the personal data in the personal data repository; and
  
  releasing any of the portions of the stored personal data in the personal data repository to the second party according to the agreement, wherein the agreement includes what items within the personal data repository can be used by the second party, and only ones of the items which, according to the agreement, can be used by the second party are released to the second party.
- View Dependent Claims (37, 38, 39, 40, 41, 42)
- - 37. The machine-readable medium of claim 36, further comprising instructions for storing of the personal data about the user in a distributed manner, the personal data being distributed and stored among a plurality of devices arranged to communicate with one another.
  - 38. The machine-readable medium of claim 36, further comprising instructions for allowing the user to perform at least one of adding, deleting or changing the personal data about the user.
  - 39. The machine-readable medium of claim 36, further comprising instructions for allowing a defining of a service profile within a personal data repository, the service profile including portions of the personal data of the user and information regarding conditions under which items of the stored personal data of the user can be released to the second party.
  - 40. The machine-readable medium of claim 39, wherein the service profile includes information pertaining to the agreement between the user and a second party.
  - 41. The machine-readable medium of claim 36, further comprising instructions for recording a history of actions by the user as part of the personal data of the user.
  - 42. The machine-readable medium of claim 41, further comprising instructions for defining, by the user, a level of a type of the actions to be recorded.

43. A machine-readable medium having recorded thereon instructions for a processor in a device to perform the steps of:
- receiving, by a trusted party device, a request to send information;
  
  selecting a user device to receive the information based on a willingness to receive the information indicated within stored personal data about the user when at least one user device has indicated the willingness to receive the information; and
  
  sending the vendor information to the selected user device when the selected user device exists.

44. A machine-readable medium having recorded thereon instructions for a processor in a device to perform the steps of:
- receiving, by a user device from a second party device, a request for at least some of the personal data of the user;
  
  attempting to reach an agreement with a second party, via the second party device, regarding use by the second party of any of the personal data of the user; and
  
  sending vendor information to the user device only if the agreement is reached.

45. A mobile device for providing personal data of a user with access rights being controlled by the user, the mobile device comprising:
- a rules enforcer to enforce the rules by which the personal data of the user can be accessed by a second party device, the rules having been agreed to by the user and a second party associated with the second party device;
  
  a data storage device having recorded therein at least some of the personal data of the user;
  
  an agreement facilitator to facilitate an agreement between the user and the second party;
  
  and a history recorder to record a history of actions by the user via the user device, the history recorder including a level selector to select a level of the actions to be recorded, wherein;
  
  the data storage device is arranged to have recorded therein at least a portion of a service profile including information regarding what portions of the stored personal data of the user can be released to the second party and conditions under which the portions of the service profile can be released to the second party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia, Inc. (Nokia Corporation)
Original Assignee
Nokia, Inc. (Nokia Corporation)
Inventors
Bjorksten, Margareta Gunilla, Abou-Rizk, Mitri

Application Number

US09/988,002
Publication Number

US 20030097451A1
Time in Patent Office

Days
Field of Search
US Class Current

709/228
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/6245   Protecting personal data, e...

G06Q 30/02   Marketing; Price estimation...

Personal data repository

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

430 Citations

45 Claims

Specification

Use Cases

Quick Links

Others

Personal data repository

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

430 Citations

45 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others