WO2016122499A1 - Controlling the release of personal information - Google Patents

Controlling the release of personal information Download PDF

Info

Publication number
WO2016122499A1
WO2016122499A1 PCT/US2015/013354 US2015013354W WO2016122499A1 WO 2016122499 A1 WO2016122499 A1 WO 2016122499A1 US 2015013354 W US2015013354 W US 2015013354W WO 2016122499 A1 WO2016122499 A1 WO 2016122499A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
personal information
plurality
indoor location
based
Prior art date
Application number
PCT/US2015/013354
Other languages
French (fr)
Inventor
Kassem Fawaz
Kyu-Han Kim
Original Assignee
Hewlett Packard Enterprise Development Lp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hewlett Packard Enterprise Development Lp filed Critical Hewlett Packard Enterprise Development Lp
Priority to PCT/US2015/013354 priority Critical patent/WO2016122499A1/en
Publication of WO2016122499A1 publication Critical patent/WO2016122499A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce, e.g. shopping or e-commerce
    • G06Q30/02Marketing, e.g. market research and analysis, surveying, promotions, advertising, buyer profiling, customer management or rewards; Price estimation or determination
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation, e.g. computer aided management of electronic mail or groupware; Time management, e.g. calendars, reminders, meetings or time accounting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity ; Protecting confidentiality; Key management; Integrity; Mobile application security; Using identity modules; Secure pairing of devices; Context aware security; Lawful interception
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/20Network-specific arrangements or communication protocols supporting networked applications involving third party service providers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/30Network-specific arrangements or communication protocols supporting networked applications involving profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/02Services making use of location information
    • H04W4/029Location-based management or tracking services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/33Services specially adapted for particular environments, situations or purposes for indoor environments, e.g. buildings

Abstract

In an example, a method is described in which tracking information associated with movement of an endpoint device of a user in an indoor location; a correlation to personal information is made based on the tracking information; an offer intended for the user from a service provider of the indoor location is received; a privacy loss resulting from a release of the personal information is calculated and compared to the benefit gained by the offer; and the personal information associated with the indoor location is released to the service provider when the benefit gained is greater than the privacy loss.

Description

CONTROLLING THE RELEASE OF PERSONAL INFORMATION

BACKGROUND

[0001] Service providers are trying to track users' mobility in indoor locations to learn more about their behavior and provide them with improved services. For example, based on the users' behavior, personalized services can be provided to the users. Shopping is one example where retailers would like to know more about the shopping behavior of shoppers, which helps generate more revenue.

[0002] Outdoor localization technology (e.g., Global Positioning System (GPS) systems) may not provide an accurate location of a user within a retailer's store. For example, the store can cause interference, weak signals or obstruct the GPS signals.

[0003] Many studies have indicated that people are uncomfortable with being continuously tracked. Mobility patterns of individuals are tightly coupled with personality traits that are potentially private to the people. Recent outrage against companies that engaged in covert shopper tracking supports these studies and eventually led to a stop of the tracking of the retailers' customers. Current methodologies in controlling user privacy use an all or nothing approach. In other words, the user can opt in and allow all private information to be shared or opt out and deny any access to the user's private information.

BRIEF DESCRIPTION OF THE DRAWINGS

[0004] FIG. 1 is a block diagram of an example system of the present disclosure;

[0005] FIG. 2 is an example of tracking a mobile endpoint device in an indoor location and correlating personal information based on the tracking;

[0006] FIG. 3 is an example flowchart of a method for controlling the release of personal information; and

[0007] FIG. 4 is an example high-level block diagram of a computer suitable for use in performing the functions described herein. DETAILED DESCRIPTION

[0008] The present disclosure broadly techniques for controlling user privacy. As discussed above, service providers are trying to track users' mobility in indoor locations to learn more about their behavior and provide them with improved services. Current methodologies in controlling user privacy use an all or nothing approach. In other words, the user can opt in and allow all private information to be shared or opt out and deny any access to the user's private information.

[0009] Examples of the present disclosure provide techniques for controlling user privacy in indoor environments that balance the privacy loss experienced by the user by releasing personal information and the benefit gained by services provided to the user in exchange for the personal information. In one example, a third party location sharing control server may be used to perform the comparison such that the user's personal information remains private and is not released to a service provider that is attempting to access the personal information of the user.

[0010] FIG. 1 illustrates an example system 100 of the present disclosure. In one example, the system 100 includes a mobile endpoint device 102 that is moving within an indoor location 150, a location sharing control server 106, a localization server 108 and a location analytic server 1 12. In one example, the mobile endpoint device 102 may be any type of mobile endpoint device 102, such as for example, a smart phone, a tablet computer, and the like, that can communicate wirelessly with the location sharing control server 106, the localization server 108 and the location analytic server 1 12.

[0011] In one example, the indoor location 150 may be a retail location of a service provider or an office building of a company and the user of the mobile endpoint device 102 may be a customer or an employee. The indoor location 150 may include one or more access points (APs) 104i to 104n (also referred to herein individually or collectively as AP 104). In one example, the location of the mobile endpoint device 102 may be tracked using the signals exchanged by the mobile endpoint device 102 and one or more of the APs 104. One example of an indoor Wireless Fidelity (Wi-Fi) tracking system that uses the signals exchanged by the APS 104 and the mobile endpoint device 102 is CUPID® developed by Hewlett Packard® of Palo Alto, California.

[0012] As noted above, general global positioning system (GPS) tracking technologies are not sufficient for indoor location tracking. For example, GPS tracking may only provide general location information at a location or may suffer from interference when the mobile endpoint device 102 is located indoors. However, the Wi-Fi tracking system may provide more specific location information within the indoor location, such as, which aisle within a store the mobile endpoint device is located.

[0013] In one example, the Wi-Fi tracking system may collect location information from the mobile endpoint device 102 in a form of <t; p; x; y> where t stands for a timestamp, p is an identifier of the user (e.g., a media access control (MAC) identification (ID) of the mobile endpoint device 102), and the pair (x; y) refers to a raw location of the mobile endpoint device 102. In one example, the localization server 108 may store a mapping between raw (x; y) data coordinates to a logical location (e.g., a particular aisle or department within the indoor location 150). The logical location along with the MAC ID may then be sent to the location sharing control server 106 for further analysis, as discussed below.

[0014] Another indoor localization method that may be used is a Bluetooth Low Energy (BLE) scanner application programming interface (API) that scans for beacons. The BLE API scans for a scanning duration of one second during each scanning interval and then turns off the Bluetooth® radio. During the scanning duration, the mobile endpoint device 102 may receive advertisements from multiple beacon devices and decide on the beacon with the lowest power attenuation. The beacon with the lowest power attenuation may be considered to be the closest to the mobile endpoint device 102 and the user. The

identifying fields may then be extracted from the beacon advertisement (e.g., universally unique identifier (UUID), major and minor coordinates). The data may then be mapped to a zone within the indoor location 150.

[0015] In one example, the mobile endpoint device 102 may execute an application that is downloaded from the service provider of the indoor location 150. For example, the service provider may be a retailer and the indoor location may be a retail location. The user may run the application on the mobile endpoint device 102 from the time that the user enters the indoor location 150 until the user leaves the indoor location 150. The application may provide the user an option to opt-in or opt-out of the privacy controls described herein. For example, the user may opt-out if the user does not want any personal information to be released no matter the amount of benefit gained by an offer from the service provider. Alternatively, the user may opt-in if the user wants to allow personal information to be released if the benefit gained is greater than a privacy loss experienced by the user due to the release of the personal information.

[0016] In one example, the location analytic server 1 12 may be used to determine what offers should be directed to the user to entice the user to release personal information to the service provider. In one example, information about the user and other users may be stored in a database (DB) 1 10. In one example, the information may include demographic profiles of the user and other users (e.g., age, sex, income, ethnicity, and the like), shopping habits of the user and other users in a similar demographic, and the like.

[0017] In one example, the offer may be based on a type of application that is being used by the mobile endpoint device 102. For example, if the user is using a coupon application 1 14, the offer may be a coupon based on the information about the user and other similar users obtained in the DB 1 10. In another example, if the user is using an augmented reality application 1 16 on a mobile endpoint device 102 that is an augmented reality device, the user may be presented promotional offers in a display of the augmented reality device while the user is looking at an item. In yet another example, if the user is using a directions application 1 18, the user may be given directions to a particular item or other items that the user may like with discount offers. The offers may be presented to the user in exchange for personal information.

[0018] In one example, the mobile endpoint device 102 may transmit the offers to the location sharing control server 106 for analysis compared to personal infornnation correlated based on the logical location infornnation received from the localization server 108. Based on the comparison, if the benefit gained by the offer is greater than the privacy loss resulting from the release of the personal information, the location sharing control server 106 may release the personal information to the location analytic server 1 12 and the personal information may be stored in the DB 1 10. In other words, the user does not need to subjectively decide whether or not to exchange his or her personal information in exchange for the offer. Rather, the location sharing control server 106 may automatically perform the cost benefit analysis between the offer and the personal information that will be released or shared.

[0019] FIG. 2 illustrates an example of tracking the mobile endpoint device 102 within an indoor location 200 and correlating personal information based on the tracking. For example, the indoor location 200 may be a retail location or a store with different zones 202, 204, 206 and 208. In one example, each one of the zones 202, 204, 206 and 208 may be a different department of the store. For example, the zone 202 may be an outdoor department, the zone 204 may be a clothing department, the zone 206 may be an electronics department and the zone 208 may be a grocery department. The indoor location 200 may include a plurality of different aisles 210-236 within each one of the different zones 202-208. In one example, each one of the aisles 210-236 may be logically mapped to a particular product or products.

[0020] As noted above, the user of the mobile endpoint device 102 may opt- in to the privacy controls. As a result, an application on the mobile endpoint device 102 may run when the mobile endpoint device 102 enters the indoor location 200 that allows access points (e.g., APs 104) within the indoor location to track the movement of the mobile endpoint device 102. The application may track the movement of the mobile endpoint device 102, track an amount of time spent in any one of the zones 202-208, track an amount of time spent in any one of the aisles 210-236, and the like.

[0021] In one example, based on the tracking information obtained from tracking the movement of the mobile endpoint device 102, personal information may be correlated to the tracking information. For example, the user may have spent time in aisles 218 and 220 of the clothing zone 204, which contains infant clothing. The user then spends time in aisle 234 of the grocery zone 208 which contains baby food or infant formula. Thus, the location sharing control server 106 may correlate this information received from the localization server 108 that the user is a female and is most likely pregnant or has a baby. This information may be used by the retailer to provide personalized offers to the user regarding maternity clothes, baby clothes, baby furniture, and the like.

[0022] In another example, the indoor location 200 may be an office building. Zone 206 may be a bathroom and the localization server 108 may report that the user has gone to the bathroom multiple times each day for the past week. The location sharing control server 106 may correlate this information received from the localization server 108 that the user may have a health issue. This information may be used by a company to provide personalized health care offers to the user.

[0023] In one example, how personal the personal information is or a level of privacy of the personal information may be quantified based on a calculated deviation from the user's previous trips to the indoor location 200 and/or a calculated deviation from other users' trips to the indoor location 200. For example, if the sequence of stops deviates greatly from the sequence of stops or the path of the user's previous visits to the indoor location 200, the correlated personal information is most likely very private. However, if the sequence of stops or the path deviates only slightly from the sequence of stops of the user's previous visits to the indoor location 200, the personal information is most likely not very private.

[0024] In addition, behaviors that do not adhere with the norm of a social group are perceived to be more private to the user. For example, if the sequence of stops deviates greatly from the sequence of stops or the path of the general public or other users, then the personal information may be assumed to be associated with a higher level of privacy.

[0025] In one example, the amount of benefit gained by the offer may be calculated based upon a quality of service metric. For example, the offer may be sent to the user via the mobile endpoint device 102. As a result, benefit gained may be assumed to be high when the user spends a large amount of time interacting with the application that presents the offers to the user on the mobile endpoint device 102 of the user. In one example, the quality of service metric may be defined by an amount of time spent on the application divided by an amount of time the user is in the indoor location 150 or 200. For example, a high quality of service is correlated with a higher percentage of use of the application while in the indoor location 150 or 200. Conversely, a low quality of service is correlated with a lower percentage of use of the application while in the indoor location 150 or 200.

[0026] In one example, the loss that the user experiences from releasing the personal information with a certain level of privacy and receiving a service with a certain quality may be calculated based on a fuzzy inference system (FIS). In one example, a Mamdani-type fuzzy inference system may be applied.

[0027] As discussed above, the privacy loss due to the release of the personal information may be compared to the amount of benefit gained by the offer. In one example, the comparison may be based on an application of a repeated play model to maximize the user's reward for incurring privacy loss due to release of the personal information. In one example, the two players in the repeated play model may be the user and the service provider. From the user's perspective, the user may choose to hide or release his personal information (e.g., his location information) with the objective of minimizing his or her loss. The service provider on the other hand has to choose between pushing an offer or service and doing nothing with the objective of maximizing the service provider's gain (e.g., obtaining the most information possible from the user).

[0028] In one example, the repeated play model uses an experts algorithm that has access to a set of experts that each offer an advice for the action to take at each stage or interaction. The objective of the repeated game algorithms is to decide which action to use so as to minimize the difference between the loss incurred by the player and that incurred by the best expert.

[0029] In one example, the location sharing control server 106 may apply the repeated play model to perform the comparison on behalf of the user. The location sharing control server 106 can choose to either release the personal infornnation or hide the personal infornnation. Based on the results of the repeated play model, the location sharing control server 106 may choose to release different levels of the personal information. For example, the greater level of benefit gained by the user, the higher levels of private information that can be released to the service provider.

[0030] In addition, the location sharing control server 106 may make a decision based on the results of the repeated play model and a user profile preference. For example, when the user opts-in, the user may decide to favor privacy (releasing less information) or favor sharing (releasing more information) via a privacy setting. In one example, the privacy setting may be a scale that runs between favoring privacy to favoring sharing. For example, sliding the scale all the way towards favoring sharing would be least private and sliding the scale all the way towards favoring privacy would be most private.

[0031] As a result, the examples of the present disclosure provide a balanced approach to sharing a user's private information. For example, rather than taking an all or nothing approach to sharing private information, the examples of the present disclosure compares a benefit gained from an offer of a service provider to the privacy loss that results in releasing the private

information to the service provider.

[0032] FIG. 3 illustrates a flowchart of a method 300 for controlling the release of personal information. In one example, the method 300 may be performed by the location sharing control server 104 or a computer as illustrated in FIG. 4 and discussed below.

[0033] At block 302 the method 300 begins. At block 304, the method 300 receives tracking information associated with movement of a mobile endpoint device of a user in an indoor environment. In one example, the user may have an option to opt-in or opt-out of the location tracking feature of an application running on the mobile endpoint device of the user that is provided by a service provider of the indoor environment. For example, the indoor environment may be a retail store and the retailer may provide a shopping application to the user that interactively provides store maps, product locators, advertisements, and the like. The application may also run tracking programs that provide indoor localization.

[0034] At block 306, the method 300 correlates personal information to the tracking information. For example, based on a sequence of stops within the indoor location, a path of the user within the indoor location, an amount of time spent in different zones or departments within the indoor location, and the like, the method 300 may correlate personal information. For example, based on the path of the user, the method 300 may correlate that the user is pregnant, the user has a particular health problem, the user has a certain level of income, the user is male or female, the user has certain hobbies or interests, the user has certain renovation projects at home, and the like.

[0035] In one example, the personal information that is correlated may have different levels of privacy. In other words, some personal information may be more private than others. For example, a correlation that the user is pregnant may be more private than a correlation that the user prefers Brand A products over Brand B products.

[0036] At block 308, the method 300 receives an offer intended for the user from a service provider of the indoor location. In one example, the service provider may send the user a personalized offer to the user in exchange for releasing the personal information correlated from the location information from the user. In one example, the service provider may have some basic knowledge of the user from the application provided to the user (e.g., general demographic information, gender, address, and the like). In addition, the service provider may have collected information about other users over a period of time. Based on information of the user and other users that may be similar to the user, the service provider may send a personalized offer to the user.

[0037] At block 310, the method 300 compares a privacy loss resulting from a release of the personal information to the benefit gained by the offer. In one example, the privacy loss that is suffered by the user may be quantified based upon a deviation of the path or sequence of stops of the user from the user's previous path or sequence of stops. The privacy loss may also be quantified based upon a deviation of the path or sequence of stops of the user from the path or sequence of stops of other users.

[0038] In one example, the benefit gained may be quantified based upon a measurement of a quality of service. In one example, the quality of service may be measured based upon a time of usage of the application provided by the service provider divided by the total amount of time that the user is tracked within the indoor location. The quantified amounts of the privacy loss and the benefit gained may then be compared using a repeated play model that uses expert algorithms to decide whether the user should release the personal information or hide the personal information.

[0039] At block 312, the method 300 applies the repeated play model to determine if it is to the user's benefit to release the personal information. If the personal information cannot be released, the method 300 may proceed to block 316. However, if the benefit is greater than the privacy loss, the method 300 may proceed to block 314.

[0040] At block 314, the method 300 releases the personal information to the service provider. In one example, the amount of personal information may vary based on a level of privacy loss that is acceptable in comparison to the benefit gained by the offer. For example, if the benefit gained from the offer is low, personal information with a low level of privacy may be released (e.g., brand preferences, hobbies or interest, and the like). However, if the benefit gained from the offer is high, personal information with a high level of privacy may be released (e.g., a specific health condition of the user, and the like).

[0041] At block 316, the method 300 determines if there are any additional offers that are received. For example, the user may determine that the initial offer was not worth sharing his or her personal information. As a result, the service provider may send another offer that provides more benefits (e.g., a greater discount offer) or the service provider may want more information and continue to send additional offers to the user. If additional offers are received, the method 300 may return to block 310 and blocks 310-316 may be repeated.

[0042] If no additional offers are received, the method 300 may proceed to block 318. At block 318, the method 300 ends. [0043] As a result, the examples of the present disclosure improve the functioning of an application server or a computer. For example, the location sharing control server 106 may provide a balanced approach to determining whether to release personal information of the user based on a benefit gained by offers intended for the user. In other words, the technological art of privacy control is improved by providing the location sharing control server with the ability to compare a privacy loss resulting in a release of the personal information of the user compared to a benefit gained by the offer intended for the user, as disclosed by the present disclosure.

[0044] It should be noted that although not explicitly specified, one or more blocks, functions, or operations of the method 300 described above may include a storing, displaying and/or outputting step as required for a particular application. In other words, any data, records, fields, and/or intermediate results discussed in the methods can be stored, displayed, and/or outputted to another device as required for a particular application. Furthermore, blocks, functions, or operations in FIG. 3 that recite a determining operation, or involve a decision, do not necessarily require that both branches of the determining operation be practiced. In other words, one of the branches of the determining operation can be deemed as an optional step.

[0045] FIG. 4 depicts a high-level block diagram of a computer that can be transformed into a machine that is dedicated to perform the functions described herein. Notably, no computer or machine currently exists that performs the functions as described herein. As a result, the examples of the present disclosure improve the operation and functioning of the computer to compare a privacy loss resulting in a release of the personal information of the user compared to a benefit gained by the offer intended for the user, as disclosed herein.

[0046] As depicted in FIG. 4, the computer 400 comprises a hardware processor element 402, e.g., a central processing unit (CPU), a microprocessor, or a multi-core processor, a memory 404, e.g., random access memory (RAM) and/or read only memory (ROM), a module 405 for performing the methods and functions described herein, and various input/output devices 406, e.g., storage devices, including but not limited to, a tape drive, a floppy drive, a hard disk drive or a compact disk drive, a receiver, a transmitter, a speaker, a display, a speech synthesizer, an output port, an input port and a user input device, such as a keyboard, a keypad, a mouse, a microphone, and the like. Although only one processor element is shown, it should be noted that the computer may employ a plurality of processor elements. Furthermore, although only one computer is shown in the figure, if the method(s) as discussed above is implemented in a distributed or parallel manner for a particular illustrative example, i.e., the blocks of the above method(s) or the entire method(s) are implemented across multiple or parallel computers, then the computer of this figure is intended to represent each of those multiple computers. Furthermore, one or more hardware processors can be utilized in supporting a virtualized or shared computing environment. The virtualized computing environment may support one or more virtual machines representing computers, servers, or other computing devices. In such virtualized virtual machines, hardware components such as hardware processors and computer-readable storage devices may be virtualized or logically represented.

[0047] It should be noted that the present disclosure can be implemented by machine readable instructions and/or in a combination of machine readable instructions and hardware, e.g., using application specific integrated circuits (ASIC), a programmable logic array (PLA), including a field-programmable gate array (FPGA), or a state machine deployed on a hardware device, a computer or any other hardware equivalents, e.g., computer readable instructions pertaining to the method(s) discussed above can be used to configure a hardware processor to perform the blocks, functions and/or operations of the above disclosed methods. In one example, instructions and data for the present module or process 405 for performing the methods and functions described herein, e.g., machine readable instructions can be loaded into memory 404 and executed by hardware processor element 402 to implement the blocks, functions or operations as discussed above in connection with the exemplary method 300. Furthermore, when a hardware processor executes instructions to perform "operations", this could include the hardware processor performing the operations directly and/or facilitating, directing, or cooperating with another hardware device or component, e.g., a co-processor and the like, to perform the operations.

[0048] The processor executing the machine readable instructions relating to the above described method(s) can be perceived as a programmed processor or a specialized processor. As such, the present module 405 for performing the methods and functions described herein, including associated data structures, of the present disclosure can be stored on a tangible or physical (broadly non- transitory) computer-readable storage device or medium, e.g., volatile memory, non-volatile memory, ROM memory, RAM memory, magnetic or optical drive, device or diskette and the like. More specifically, the computer-readable storage device may comprise any physical devices that provide the ability to store information such as data and/or instructions to be accessed by a processor or a computing device such as a computer or an application server.

[0049] It will be appreciated that variants of the above-disclosed and other features and functions, or alternatives thereof, may be combined into many other different systems or applications. Various presently unforeseen or unanticipated alternatives, modifications, variations, or improvements therein may be subsequently made by those skilled in the art which are also intended to be encompassed by the following claims.

Claims

What is claimed is:
1 . A method, comprising:
receiving, by a processor, tracking information associated with a movement of an endpoint device of a user in an indoor location;
correlating, by the processor, personal information to the tracking information;
receiving, by the processor, an offer intended for the user from a service provider of the indoor location;
comparing, by the processor, a privacy loss resulting from a release of the personal information to the benefit gained by the offer; and
releasing, by the processor, the personal information associated with the indoor location to the service provider when the benefit gained is greater than the privacy loss.
2. The method of claim 1 , wherein the personal information comprises at least one of: a health condition of the user, a brand preference of the user, or demographic data of the user.
3. The method of claim 1 , wherein the tracking information associated with the movement comprises the movement between a plurality of zones and an amount of time spent in each one of the plurality of zones.
4. The method of claim 3, wherein the plurality of zones comprises a plurality of different departments and the indoor location comprises a retail store.
5. The method of claim 1 , wherein the tracking information is based on at least one of: a Wireless Fidelity (Wi-Fi) signal, a Bluetooth® signal or a radio frequency signal.
6. The method of claim 1 , wherein the comparing is based on a repeated play model, wherein the repeated play model is based on a plurality of different experts, wherein each one of the plurality of different experts offers a different advice for an action to take for each interaction between the user and the service provider and the repeated play model determines the action to take so as to minimize a difference between the privacy loss incurred by the user and the privacy loss incurred by a best one of the plurality of different experts.
7. The method of claim 1 , wherein the benefit gained is based on a model of a measurement of a quality of service based on previous measurements of the benefit gained.
8. The method of claim 1 , wherein an amount information within the personal information is based on a level of the benefit gained by the offer.
9. A computer system, comprising:
a processor;
a storage coupled to the processor; and
an instruction set to cooperate with the processor and the storage to: receive tracking information associated with a movement of an endpoint device of a user in an indoor location;
correlate personal information to the tracking information;
receive an offer intended for the user from a service provider of the indoor location;
compare a privacy loss resulting from a release of the personal information to the benefit gained by the offer; and
release the personal information associated with the indoor location to the service provider when the benefit gained is greater than the privacy loss.
10. The computer system of claim 9, wherein the personal information comprises at least one of: a health condition of the user, a brand preference of the user, or demographic data of the user.
1 1 . The computer system of claim 9, wherein the tracking information associated with the movement comprises the movement between a plurality of zones and an amount of time spent in each one of the plurality of zones.
12. The computer system of claim 1 1 , wherein the plurality of zones comprises a plurality of different departments and the indoor location comprises a retail store.
13. The computer system of 9, wherein the comparing is based on a repeated play model, wherein the repeated play model is based on a plurality of different experts, wherein each one of the plurality of different experts offers a different advice for an action to take for each interaction between the user and the service provider and the repeated play model determines the action to take so as to minimize a difference between the privacy loss incurred by the user and the privacy loss incurred by a best one of the plurality of different experts.
14. The computer system of claim 9, wherein the benefit gained is based on a model of a measurement of a quality of service based on previous
measurements of the benefit gained.
15. A non-transitory machine-readable storage medium storing instructions executable by a processor, the machine-readable storage medium comprising: instructions to receive tracking information associated with a movement of an endpoint device of a user in an indoor location;
instructions to correlate personal information to the tracking information; instructions to receive an offer intended for the user from a service provider of the indoor location;
instructions to compare a privacy loss resulting from a release of the personal information to the benefit gained by the offer; and
instructions to release the personal information associated with the indoor location to the service provider when the benefit gained is greater than the privacy loss.
PCT/US2015/013354 2015-01-28 2015-01-28 Controlling the release of personal information WO2016122499A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/US2015/013354 WO2016122499A1 (en) 2015-01-28 2015-01-28 Controlling the release of personal information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/US2015/013354 WO2016122499A1 (en) 2015-01-28 2015-01-28 Controlling the release of personal information

Publications (1)

Publication Number Publication Date
WO2016122499A1 true WO2016122499A1 (en) 2016-08-04

Family

ID=56543925

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2015/013354 WO2016122499A1 (en) 2015-01-28 2015-01-28 Controlling the release of personal information

Country Status (1)

Country Link
WO (1) WO2016122499A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6587835B1 (en) * 2000-02-09 2003-07-01 G. Victor Treyz Shopping assistance with handheld computing device
US20080306826A1 (en) * 2006-01-30 2008-12-11 Hoozware, Inc. System for Providing a Service to Venues Where People Aggregate
US20110241882A1 (en) * 2010-04-01 2011-10-06 Sony Ericsson Mobile Communications Japan, Inc. Mobile terminal, location-based service server, and information providing system
US20120150593A1 (en) * 1998-10-19 2012-06-14 Alvin Robert S Sending targeted product offerings based on personal information
US20130317916A1 (en) * 2011-12-29 2013-11-28 Intel Corporation Location based technology for smart shopping services

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120150593A1 (en) * 1998-10-19 2012-06-14 Alvin Robert S Sending targeted product offerings based on personal information
US6587835B1 (en) * 2000-02-09 2003-07-01 G. Victor Treyz Shopping assistance with handheld computing device
US20080306826A1 (en) * 2006-01-30 2008-12-11 Hoozware, Inc. System for Providing a Service to Venues Where People Aggregate
US20110241882A1 (en) * 2010-04-01 2011-10-06 Sony Ericsson Mobile Communications Japan, Inc. Mobile terminal, location-based service server, and information providing system
US20130317916A1 (en) * 2011-12-29 2013-11-28 Intel Corporation Location based technology for smart shopping services

Similar Documents

Publication Publication Date Title
US9159066B2 (en) Method and system for adaptive offer determination
US9129303B2 (en) Method of conducting social network application operations
US8260725B2 (en) Method of conducting operations for a social network application including notification list generation with offer hyperlinks according to notification rules
US9691073B2 (en) Displaying social opportunities by location on a map
US20120197724A1 (en) Ad-Based Location Ranking for Geo-Social Networking System
US20120089455A1 (en) System and method for real-time advertising campaign adaptation
US20130204737A1 (en) Leveraging store activity for recommendations
US20140129328A1 (en) Providing augmented purchase schemes
US9697539B2 (en) Method and system for presence detection
US20130124329A1 (en) Validation of data for targeting users across multiple communication devices accessed by the same user
US8725567B2 (en) Targeted advertising in brick-and-mortar establishments
US20120072288A1 (en) Selecting and processing offers to complete tasks, research programs, and consumer rewards programs based on location
US9430781B1 (en) Network based indoor positioning and geofencing system and method
US20150170256A1 (en) Systems and Methods for Presenting Information Associated With a Three-Dimensional Location on a Two-Dimensional Display
JP5917712B2 (en) Smart device support deal
US20080004951A1 (en) Web-based targeted advertising in a brick-and-mortar retail establishment using online customer information
US9715693B2 (en) Method and apparatus for distributing advertisements using social networks and financial transaction card networks
US20130226704A1 (en) Consumer Interaction Using Proximity Events
US9992290B2 (en) Recommendations based on geolocation
CN105637550A (en) Wireless beacon and methods
US20140114738A1 (en) Automatic Check-In Using Social-Networking Information
US20160098744A1 (en) Method and system for providing location-based incentives and purchase opportunities to reward program members
US20120005023A1 (en) Methods and System for Providing Local Targeted Information to Mobile Devices of Consumers
AU2017202840A1 (en) Mobile advertisement with social component for geo-social networking system
US20120226563A1 (en) Segment optimization for targeted advertising

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15880398

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15880398

Country of ref document: EP

Kind code of ref document: A1