Systems and methods for protecting private information in a mobile environment

US 20060123462A1
Filed: 12/02/2004
Published: 06/08/2006
Est. Priority Date: 12/02/2004
Status: Active Grant

First Claim

Patent Images

1. A method of anonymizing information comprising the steps of:

determining a non-public information store for a first entity;

determining a request for at least one information feature from the non-public information store;

determining a privacy policy for the first entity; and

determining a set of entities associated with the at least one information feature based on privacy policies associated with each entity in the set of entities; and

determining an aggregated response to the request for at least one information feature from the non-public information store based on the set of entities.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for protecting non-public information in a mobile environment are provided. A request for non-public information about users in a mobile environment is received. Privacy policies, non-public and optional public information about the users affected by the request are determined. An optional privacy impact indicator is determined based on how satisfying the request increases the current public information about the users. Crowds of users having similar attribute name/values are optionally determined. User and optional requestor privacy policies which associate threshold release criteria such minimum crowd size, minimum consideration with the non-public information are determined. A privacy agreement is reached for the disclosure of the requested non-public information based on the compatibility of the requester and user privacy policies. Privacy protecting transformations are optionally determined and applied to create crowds or groups associated with the requested attribute.

83 Citations

View as Search Results

91 Claims

1. A method of anonymizing information comprising the steps of:
- determining a non-public information store for a first entity;
  
  determining a request for at least one information feature from the non-public information store;
  
  determining a privacy policy for the first entity; and
  
  determining a set of entities associated with the at least one information feature based on privacy policies associated with each entity in the set of entities; and
  
  determining an aggregated response to the request for at least one information feature from the non-public information store based on the set of entities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 21, 22, 23, 37)
- - 2. The method of claim 1, in which the aggregated response is further based on at least one of:
    - privacy policy for the requestor of information and publicly available information.
  - 3. The method of claim 1, wherein the set of entities associated with the at least one information feature are determined using at least one of:
    - a trusted third party and cryptographic matching protocols.
  - 4. The method of claim 3, wherein the number of entities in the set is based on the privacy policy information.
  - 5. The method of claim 2, wherein the request for at least one information feature from the information store originates from at least one of:
    - a vendor;
      
      a service provider;
      
      a family member; and
      
      an acquaintance.
  - 6. The method of claim 1, wherein the privacy policy is at least one of:
    - determined by a user and computed.
  - 7. The method of claim 1, wherein the privacy policy specifies the number of entities required to share the requested information.
  - 8. The method of claim 1, wherein the information store is stored in at least one of:
    - a file;
      
      a relational database and a data structure.
  - 9. The method of claim 1, wherein the information store is located in at least one of:
    - a mobile device;
      
      a personal computer;
      
      a workstation;
      
      a server;
      
      a gateway and a home portal.
  - 21. The method of claim 7, in which the transaction information is at least one of:
    - credit card;
      
      purchase;
      
      sale;
      
      refund;
      
      merchandise return;
      
      coupon; and
      
      discount information.
  - 22. The method of claim 7, in which the personal information is at least one of:
    - demographic;
      
      health;
      
      financial;
      
      political affiliation, criminal record, religious belief, location; and
      
      ownership information.
  - 23. The method of claim 7, in which the financial information is at least one of:
    - a FICO score, home ownership, stock ownership, bond ownership, mortgage, bank account, credit score, income, family income, investments and business ownership information.
  - 37. The method of claim 1, in which the information request is at least one of:
    - transaction information;
      
      personal information;
      
      financial information; and
      
      location information.

10. A method of indicating the effect of disclosing information comprising the steps of:
- determining a non-public information store;
  
  determining a privacy policy for a user;
  
  determining an information request for information in the non-public information store; and
  
  determining a privacy impact indicator based on the effect of disclosing the requested information and the privacy policy.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 36)
- - 11. The method of claim 10, in which the privacy impact indicator is further based on at least one of:
    - privacy policy for the requester of information and publicly available information.
  - 12. The method of claim 10, further comprising the steps of displaying the privacy impact indicator.
  - 13. The method of claim 12, wherein the privacy impact indicator is associated with at least one of:
    - a visual, aural, tactile and olfactory display attribute.
  - 14. The method of claim 13, wherein the visual privacy impact indicator is a user interface component.
  - 15. The method of claim 14, wherein the privacy impact indicator is at least one of:
    - a dial;
      
      a gauge;
      
      a meter; and
      
      a thermometer.
  - 16. The method of claim 13, wherein the aural privacy impact indicator is at least one of:
    - a frequency;
      
      a tone, a duration; and
      
      a beat.
  - 36. The method of claim 10, in which the information request is at least one of:
    - transaction information;
      
      personal information;
      
      financial information; and
      
      location information.

17. A method of sharing information comprising the steps of:
- determining a non-public information store;
  
  determining a privacy policy;
  
  determining an information request for information in the non-public information store; and
  
  determining a privacy agreement defining access to the requested information in the non-public information store based on the privacy policy.
- View Dependent Claims (18, 38)
- - 18. The method of claim 17, wherein the privacy policy comprises at least one of:
    - minimum number of entities in the set and acceptable consideration for disclosing information associated with privacy policies.
  - 38. The method of claim 17, in which the information request is at least one of:
    - transaction information;
      
      personal information;
      
      financial information; and
      
      location information.

19. A method of anonymizing information comprising the steps of:
- determining a non-public information store;
  
  determining a privacy policy;
  
  determining an information request for information in the non-public information store;
  
  determining a privacy impact indicator based on the effect of disclosing the requested information;
  
  determining a privacy agreement defining access to the requested information in the non-public information store based on the privacy policy;
  
  determining anonymizing transformations of the requested information based on at least one of;
  
  the determined privacy agreement, the privacy policy; and
  
  the privacy impact indicator.
- View Dependent Claims (20, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 20. The method of claim 19, in which the information request is at least one of:
    - transaction information;
      
      personal information;
      
      financial information; and
      
      location information.
  - 24. The method of claim 20, in which location information is at least one of:
    - inferred location information and specific location information.
  - 25. The method of claim 24, in which the inferred location information is based on at least one of:
    - geo-coded communication information;
      
      machine type information;
      
      pattern information and signal strength information.
  - 26. The method of claim 24, in which explicit location information is based on at least one of global positioning system information;
    - cellular antenna information;
      
      video information;
      
      sound information; and
      
      biometric information.
  - 27. The method of claim 20, in which the privacy policy is a computer readable privacy profile.
  - 28. The method of claim 20, in which the privacy policy is at least one of:
    - an XML privacy profile;
      
      a computer-readable privacy policy and a platform for privacy preferences conforming privacy policy.
  - 29. The method of claim 20, in which the privacy impact indicator is displayed to the user using at least one of:
    - a mobile device;
      
      a static device and a document.
  - 30. The method of claim 20, in which the privacy policy is located in at least one of:
    - a mobile device;
      
      a gateway device;
      
      a personal computer;
      
      a central repository and a server.
  - 31. The method of claim 20, in which the agreement includes a transfer of value for access to the anonymized non-public information.
  - 32. The method of claim 20, in which the agreement includes a transfer of value for access to the non-public information.
  - 33. The method of claim 20, in which the agreement includes a transfer of varying value for access to non-public information of varying degrees of anonymity.

34. A method of anonymizing non-public information comprising the steps of:
- determining a request for information from a non-public information store;
  
  determining the privacy policy for the information store;
  
  determining anonymizing transformations of the information based on the privacy policy;
  
  determining anonymized non-public information based on the anonymizing transformations;
  
  determining a privacy impact indicator based on the anonymized non-public information and public information; and
  
  determining the disclosure of anonymized non-public information based on the privacy impact indicator.
- View Dependent Claims (35)
- - 35. The method of claim 34, in which the information request is at least one of:
    - transaction information;
      
      personal information;
      
      financial information; and
      
      location information.

39. A system for anonymizing information comprising:
- an input/output circuit that receives a request for a request for at least one information feature from the non-public information store of a first entity;
  
  a memory;
  
  a processor that determines a privacy policy for the first entity; and
  
  a set of entities associated with the at least one information feature based on privacy policies associated with each entity in the set of entities; and
  
  which determines an aggregated response to the request for at least one information feature from the non-public information store based on the set of entities.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 59, 60, 61, 75)
- - 40. The system of claim 39, in which the aggregated response is further based on at least one of:
    - privacy policy for the requestor of information and publicly available information.
  - 41. The system of claim 39, wherein the set of entities associated with the at least one information feature are determined using at least one of:
    - a trusted third party and cryptographic matching protocols.
  - 42. The system of claim 41, wherein the number of entities in the set is based on the privacy policy information.
  - 43. The system of claim 40, wherein the request for at least one information feature from the information store originates from at least one of:
    - a vendor;
      
      a service provider;
      
      a family member; and
      
      an acquaintance.
  - 44. The system of claim 39, wherein the privacy policy is at least one of:
    - determined by a user and computed.
  - 45. The system of claim 39, wherein the privacy policy specifies the number of entities required to share the requested information.
  - 46. The system of claim 39, wherein the information store is stored in at least one of:
    - a file;
      
      a relational database and a data structure.
  - 47. The system of claim 39, wherein the information store is located in at least one of:
    - a mobile device;
      
      a personal computer;
      
      a workstation;
      
      a server;
      
      a gateway and a home portal.
  - 59. The system of claim 45, in which the transaction information is at least one of:
    - credit card;
      
      purchase;
      
      sale;
      
      refund;
      
      merchandise return;
      
      coupon; and
      
      discount information.
  - 60. The system of claim 45, in which the personal information is at least one of:
    - demographic;
      
      health;
      
      financial;
      
      political affiliation, criminal record, religious belief, location; and
      
      ownership information.
  - 61. The system of claim 45, in which the financial information is at least one of:
    - a FICO score, home ownership, stock ownership, bond ownership, mortgage, bank account, credit score, income, family income, investments and business ownership information.
  - 75. The system of claim 39, in which the information request is at least one of:
    - transaction information;
      
      personal information;
      
      financial information; and
      
      location information.

48. A system of indicating the effect of disclosing information comprising the steps of:
- an input/output circuit that receives a request for a request for information from the non-public information store of a user;
  
  a memory;
  
  a processor that determines the user privacy policy, and determines a privacy impact indicator based on the effect of disclosing the requested information and the privacy policy.
- View Dependent Claims (49, 50, 51, 52, 53, 54, 74)
- - 49. The system of claim 48, in which the privacy impact indicator is further based on at least one of:
    - privacy policy for the requestor of information and publicly available information.
  - 50. The system of claim 48, in which the privacy impact indicator is displayed.
  - 51. The system of claim 50, wherein the privacy impact indicator is associated with at least one of:
    - a visual, aural, tactile and olfactory display attribute.
  - 52. The system of claim 51, wherein the visual privacy impact indicator is a user interface component.
  - 53. The system of claim 52, wherein the privacy impact indicator is at least one of:
    - a dial;
      
      a gauge;
      
      a meter; and
      
      a thermometer.
  - 54. The system of claim 51, wherein the aural privacy impact indicator is at least one of:
    - a frequency;
      
      a tone, a duration; and
      
      a beat.
  - 74. The system of claim 48, in which the information request is at least one of:
    - transaction information;
      
      personal information;
      
      financial information; and
      
      location information.

55. A system of sharing information comprising the steps of:
- an input/output circuit that receives a request for information in the non-public information store of a user;
  
  a memory;
  
  a processor that determines the an privacy agreement defining access to the requested information in the non-public information store based on the request for information and the privacy policy.
- View Dependent Claims (56, 76)
- - 56. The system of claim 55, wherein the privacy policy comprises at least one of:
    - minimum number of entities in the set and acceptable consideration for disclosing information associated with privacy policies.
  - 76. The system of claim 55, in which the information request is at least one of:
    - transaction information;
      
      personal information;
      
      financial information; and
      
      location information.

57. A system of anonymizing information comprising the steps of:
- an input/output circuit that receives a request for information in the non-public information store of a user;
  
  a memory;
  
  a processor that determines a privacy impact indicator based on at least one of;
  
  a privacy and the effect of disclosing the requested information; and
  
  a privacy agreement defining access to the requested information in the non-public information store based on the privacy policy; and
  
  which determines anonymizing transformations of the requested information based on at least one of;
  
  the determined privacy agreement, the privacy policy; and
  
  the privacy impact indicator.
- View Dependent Claims (58, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71)
- - 58. The system of claim 57, in which the information request is at least one of:
    - transaction information;
      
      personal information;
      
      financial information; and
      
      location information.
  - 62. The system of claim 58, in which location information is at least one of:
    - inferred location information and specific location information.
  - 63. The system of claim 62, in which the inferred location information is based on at least one of:
    - geo-coded communication information;
      
      machine type information;
      
      pattern information and signal strength information.
  - 64. The system of claim 62, in which explicit location information is based on at least one of global positioning system information;
    - cellular antenna information;
      
      video information;
      
      sound information; and
      
      biometric information.
  - 65. The system of claim 58, in which the privacy policy is a computer readable privacy profile.
  - 66. The system of claim 58, in which the privacy policy is at least one of:
    - an XML privacy profile;
      
      a computer-readable privacy policy and a platform for privacy preferences conforming privacy policy.
  - 67. The system of claim 58, in which the privacy impact indicator is displayed to the user using at least one of:
    - a mobile device;
      
      a static device and a document.
  - 68. The system of claim 58, in which the privacy policy is located in at least one of:
    - a mobile device;
      
      a gateway device;
      
      a personal computer;
      
      a central repository and a server.
  - 69. The system of claim 58, in which the agreement includes a transfer of value for access to the anonymized non-public information.
  - 70. The system of claim 58, in which the agreement includes a transfer of value for access to the non-public information.
  - 71. The system of claim 58, in which the agreement includes a transfer of varying value for access to non-public information of varying degrees of anonymity.

72. A system of anonymizing non-public information comprising:
- an input/output circuit that receives a request for information in the non-public information store of a user;
  
  a memory;
  
  a processor that determines the privacy policy for the information store;
  
  anonymizing transformations of the information based on the privacy policy;
  
  anonymized non-public information based on the anonymizing transformations;
  
  a privacy impact indicator based on the anonymized non-public information and public information; and
  
  which determines the disclosure of anonymized non-public information based on the privacy impact indicator.
- View Dependent Claims (73)
- - 73. The system of claim 72, in which the information request is at least one of:
    - transaction information;
      
      personal information;
      
      financial information; and
      
      location information.

77. A system for anonymizing information comprising:
- a means for determining a non-public information store for a first entity;
  
  a means for determining a request for at least one information feature from the non-public information store;
  
  a means for determining a privacy policy for the first entity; and
  
  a means for determining a set of entities associated with the at least one information feature based on privacy policies associated with each entity in the set of entities; and
  
  a means for determining an aggregated response to the request for at least one information feature from the non-public information store based on the set of entities.

78. A system for indicating the effect of disclosing information comprising:
- a means for determining a non-public information store;
  
  a means for determining a privacy policy for a user;
  
  a means for determining an information request for information in the non-public information store; and
  
  a means for determining a privacy impact indicator based on the effect of disclosing the requested information and the privacy policy.

79. A system for sharing information comprising:
- a means for determining a non-public information store;
  
  a means for determining a privacy policy;
  
  a means for determining an information request for information in the non-public information store; and
  
  a means for determining a privacy agreement defining access to the requested information in the non-public information store based on the privacy policy.

80. A system for anonymizing information comprising:
- a means for determining a non-public information store;
  
  a means for determining a privacy policy;
  
  a means for determining an information request for information in the non-public information store;
  
  a means for determining a privacy impact indicator based on the effect of disclosing the requested information;
  
  a means for determining a privacy agreement defining access to the requested information in the non-public information store based on the privacy policy;
  
  a means for determining anonymizing transformations of the requested information based on at least one of;
  
  the determined privacy agreement, the privacy policy; and
  
  the privacy impact indicator.

81. A system for anonymizing non-public information comprising:
- a means for determining a request for information from a non-public information store;
  
  a means for determining the privacy policy for the information store;
  
  a means for determining anonymizing transformations of the information based on the privacy policy;
  
  a means for determining anonymized non-public information based on the anonymizing transformations;
  
  a means for determining a privacy impact indicator based on the anonymized non-public information and public information; and
  
  a means for determining the disclosure of anonymized non-public information based on the privacy impact indicator.

82. A carrier wave encoded to transmit a control program, useable to program a computer for anonymizing information, to a device for executing the program, the control program comprising:
- instructions for determining a non-public information store for a first entity;
  
  instructions for determining a request for at least one information feature from the non-public information store;
  
  instructions for determining a privacy policy for the first entity; and
  
  instructions for determining a set of entities associated with the at least one information feature based on privacy policies associated with each entity in the set of entities; and
  
  instructions for determining an aggregated response to the request for at least one information feature from the non-public information store based on the set of entities.

83. A carrier wave encoded to transmit a control program, useable to program a computer for indicating the effect of disclosing information, to a device for executing the program, the control program comprising:
- instructions for determining a non-public information store;
  
  instructions for determining a privacy policy for a user;
  
  instructions for determining an information request for information in the non-public information store; and
  
  instructions for determining a privacy impact indicator based on the effect of disclosing the requested information and the privacy policy.

84. A carrier wave encoded to transmit a control program, useable to program a computer for sharing information, to a device for executing the program, the control program comprising:
- instructions for determining a non-public information store;
  
  instructions for determining a privacy policy;
  
  instructions for determining an information request for information in the non-public information store; and
  
  instructions for determining a privacy agreement defining access to the requested information in the non-public information store based on the privacy policy.

85. A carrier wave encoded to transmit a control program, useable to program a computer for anonymizing information, to a device for executing the program, the control program comprising:
- instructions for determining a non-public information store;
  
  instructions for determining a privacy policy;
  
  instructions for determining an information request for information in the non-public information store;
  
  instructions for determining a privacy impact indicator based on the effect of disclosing the requested information;
  
  instructions for determining a privacy agreement defining access to the requested information in the non-public information store based on the privacy policy;
  
  instructions for determining anonymizing transformations of the requested information based on at least one of;
  
  the determined privacy agreement, the privacy policy; and
  
  the privacy impact indicator.

86. A carrier wave encoded to transmit a control program, useable to program a computer for anonymizing non-public information, to a device for executing the program, the control program comprising:
- determining a request for information from a non-public information store;
  
  determining the privacy policy for the information store;
  
  determining anonymizing transformations of the information based on the privacy policy;
  
  determining anonymized non-public information based on the anonymizing transformations;
  
  determining a privacy impact indicator based on the anonymized non-public information and public information; and
  
  determining the disclosure of anonymized non-public information based on the privacy impact indicator.

87. Computer readable storage medium comprising:
- computer readable program code embodied on the computer readable storage medium, the computer readable program code usable to program a computer for anonymizing information, comprising the steps of;
  
  determining a non-public information store for a first entity;
  
  determining a request for at least one information feature from the non-public information store;
  
  determining a privacy policy for the first entity; and
  
  determining a set of entities associated with the at least one information feature based on privacy policies associated with each entity in the set of entities; and
  
  determining an aggregated response to the request for at least one information feature from the non-public information store based on the set of entities.

88. Computer readable storage medium comprising:
- computer readable program code embodied on the computer readable storage medium, the computer readable program code usable to program a computer for indicating the effect of disclosing information comprising the steps of;
  
  determining a non-public information store;
  
  determining a privacy policy for a user;
  
  determining an information request for information in the non-public information store; and
  
  determining a privacy impact indicator based on the effect of disclosing the requested information and the privacy policy.

89. Computer readable storage medium comprising:
- computer readable program code embodied on the computer readable storage medium, the computer readable program code usable to program a computer for sharing information comprising the steps of;
  
  determining a non-public information store;
  
  determining a privacy policy;
  
  determining an information request for information in the non-public information store; and
  
  determining a privacy agreement defining access to the requested information in the non-public information store based on the privacy policy.

90. Computer readable storage medium comprising:
- computer readable program code embodied on the computer readable storage medium, the computer readable program code usable to program a computer for anonymizing information comprising the steps of;
  
  determining a non-public information store;
  
  determining a privacy policy;
  
  determining an information request for information in the non-public information store;
  
  determining a privacy impact indicator based on the effect of disclosing the requested information;
  
  determining a privacy agreement defining access to the requested information in the non-public information store based on the privacy policy;
  
  determining anonymizing transformations of the requested information based on at least one of;
  
  the determined privacy agreement, the privacy policy; and
  
  the privacy impact indicator.

91. Computer readable storage medium comprising:
- computer readable program code embodied on the computer readable storage medium, the computer readable program code usable to program a computer for anonymizing non-public information comprising the steps of;
  
  determining a request for information from a non-public information store;
  
  determining the privacy policy for the information store;
  
  determining anonymizing transformations of the information based on the privacy policy;
  
  determining anonymized non-public information based on the anonymizing transformations;
  
  determining a privacy impact indicator based on the anonymized non-public information and public information; and
  
  determining the disclosure of anonymized non-public information based on the privacy impact indicator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Palo Alto Research Center, Inc. (Xerox Holdings Corp.)
Original Assignee
Xerox Corporation (Xerox Holdings Corp.)
Inventors
Golle, Philippe J., Staddon, Jessica, Bruce, Richard H., Greene, Daniel H., Lunt, Teresa F.

Granted Patent

US 7,707,413 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/0421 Anonymous communication, i....

H04L 63/102 Entity profiles

Systems and methods for protecting private information in a mobile environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

83 Citations

91 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for protecting private information in a mobile environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

91 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links