WO2023034060A1 - Écosystème de confidentialité de bout en bout - Google Patents

Écosystème de confidentialité de bout en bout Download PDF

Info

Publication number
WO2023034060A1
WO2023034060A1 PCT/US2022/041069 US2022041069W WO2023034060A1 WO 2023034060 A1 WO2023034060 A1 WO 2023034060A1 US 2022041069 W US2022041069 W US 2022041069W WO 2023034060 A1 WO2023034060 A1 WO 2023034060A1
Authority
WO
WIPO (PCT)
Prior art keywords
contents
party
data
access
user
Prior art date
Application number
PCT/US2022/041069
Other languages
English (en)
Inventor
Marvin LU
Timothy Gibson
Thomas J. Wilson
Aleksandr Likhterman
Raja Thiruvathuru
Original Assignee
Allstate Insurance Company
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US17/587,799 external-priority patent/US11599652B1/en
Application filed by Allstate Insurance Company filed Critical Allstate Insurance Company
Priority to EP22772668.4A priority Critical patent/EP4396760A1/fr
Publication of WO2023034060A1 publication Critical patent/WO2023034060A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0241Advertisements
    • G06Q30/0251Targeted advertisements
    • G06Q30/0255Targeted advertisements based on user history
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0207Discounts or incentives, e.g. coupons or rebates

Definitions

  • a system includes one or more privacy vaults, wherein at least one of the one or more privacy vaults is associated with at least one individual user, stores contents associated with the associated at least one individual user, and stores specific identification of a plurality of third-party entities, authorized to access at least a portion of the contents stored by the one or more privacy vaults, along with access permissions, one or more of the access permissions defined for each of the plurality of third-party entities, at least one of the access permissions defining accessibility of the contents for at least one of the plurality of third-party entities for which the at least one access permission is defined.
  • the system further includes one or more processors, configured to receive identification of the new third-party and determine whether any modification, to a default access permission to be applied to the new third-party indicated by the configuration, applies to the new third- party based on any agreement information included with identification of the new third-party. Responsive to determining that no modification applies, the one or more processors are configured to associate the default access permission with the new third-party based on the configuration.
  • FIG. 4 shows an illustrative example of a data management process
  • Fig. 6 shows an illustrative example of a data negotiation process.
  • the illustrative embodiments, and the like propose elements of an ecosystem for monitoring, understanding, controlling, reclaiming, storing, sharing, purging, and even monetizing a user’s personal data, which can be thought of as user personal digital contents of a digital personal data store, digital privacy vault, digital privacy locker, digital privacy data store, etc.
  • Aspects of the illustrative embodiments, and the like put knowledge and control back into the hands of the users. Even if users armed with such information choose to share their data and/or exchange the data for some other value, they can now have much better understanding of the exchange, and can thus act as an educated negotiator, deriving something closer to true value in exchange for their information.
  • merchants and services may be incentivized to create better value in exchange for the information they require. That is, while users may be perceived as being “addicted” to the free services provided in exchange for data, merchants, especially advertisers, are similarly “addicted” to user data, and often an entire business has been built around the predicate that it will have somewhat unlimited and unfettered access to data. Loss of data access, to those entities, may be catastrophic, and thus those entities may be willing to exchange significant value to keep the data pipeline open. Even when the situation is not so dire for a merchant or service, virtually every business can benefit from some level of data analysis, and so all such beneficiaries may be willing to exchange some portion of that benefit to users in order to obtain the value.
  • Data ingestion 122 may include importation 123 of data from existing user relationships, such as existing user accounts with other sources that may store user data - e.g., without limitation, social media sites, search engines, paid-subscription sites (e.g., streaming media sites), etc. That is, most users 100 have significant off-site/offboard present storage of data, often without their direct knowledge of what is stored.
  • Sources and storages of this data can include, for, example, without limitation, social media sites, on-demand services (rideshares, media content sites, delivery services, etc.), personal and professional networking sites, search engines, email providers, personal fitness sites, shopping sites, consumer facing sites, and any other entity that has access to user personal data and stores one or more aspects of that data.
  • Ingestion may also receive data 125 from other third-party applications, which can be an alternative form of data-sharing where the third-party application reports what data it gathered and sends a copy of that data or information about what data was gathered to the ingestion process 122.
  • third-party applications are seeking to build a more trustworthy relationship with a consumer, they have an added incentive to provide such information to prove their particular trustworthiness.
  • sharing may be dictated by terms of various smart contracts 108.
  • a user who elects to share an email address may receive a follow up email, but the user could have dictated that only one follow up email was permitted, and received some value exchange for sharing that level of information. If more than one email was received, the advertiser would be in violation of the defined policy and could be subjected to restriction as described in more detail below. If the level of restriction applied to the advertiser’s ability to access a larger set of data across many privacy vaults, the advertiser would be unlikely to risk loss of such value to violate a policy for one user, and since the vaults collectively represent a unified source for a vast amount of data, there is a significant incentive to follow the defined policies. Further, the revenue from the advertisements themselves could be shared with the users, getting them paid both for sharing the data and for any subsequently generated revenue resulting from presentation or utilization of the advertisement.
  • the policy may alternatively provide the user with a generalization of what is being requested.
  • the requests may still be machine filtered as well, so that if the nature of the request changes, the user can be informed, but the user may find it acceptable to know the general nature of the data as opposed to having to approve every single request from a given application or site.
  • Users could even see, for example, a browser symbol or score associated with a site as it is being browsed, to indicate the present level of sharing and/or present policy level associated with the site. This could serve as an assurance that an agreement is in place and that the site is in compliance.
  • Policies can also define data retention for certain sites and applications. While it may be impossible to “force” a site to delete data, legal changes may require the sites and applications to comply with user instructions. Thus, the user can define what data may be stored and what data should be deleted 132, and the site or application may be legally obligated to comply. Once the user knows what information is being shared and what information is proposed for storage, the user will be able to decide which information should be removed after agreed-upon use. This can be defined as part of a policy tier and/or for individual websites or applications and/or tracked by the audit process 109.
  • Deletion policies 132 relate to both external storage 133 and internal storage 134 (in the PDS). Some data is so sensitive to users they may not want it stored anywhere (e.g., a social security number), and yet it may be periodically necessary to share this information.
  • the audit process 109 can still keep a record of the fact that such data was shared (e.g., a placeholder such as “SSN shared with 000.111.000.111 at 10:11 PM on 1/1/21”) without actually storing the data itself. This is useful for auditing and evidence that while the data was shared, it was also supposed to be deleted, and an entity that fails to do so will not be able to deny that the information was shared under a restrictive agreement.
  • Third-party sites and applications 136 may access, use, retain and share data from the PDS in accordance with permissions provided to them directly or in general by a user. Some such entities may share 137 data with the PDS, and that data can represent data gathered about a consumer 100 or even inferences drawn about a consumer 100, if the third-party wants to build a strong relationship with the consumer. For example, a third-party may want to “prove” that inferences are useful to a consumer, in order to obtain a less restrictive policy, and therefore may share the inferences based on a sample set of data about that consumer. If the consumer likes the inferences and finds them beneficial, the consumer may agree to a less restrictive policy.
  • a gateway may provide offers to the consumer in accordance with a given consumer’ s desire to monetize their data.
  • One consumer may elect to share the minimum necessary amount of data for any service and save it for the minimum amount of necessary time, and another consumer may be willing to share virtually anything and have it stored for virtually any amount of time, for the proper price.
  • the purchaser may only want the data if at least 15,000 samples can be obtained, so users could opt into a group for sharing, and if the group pool filled with sufficient data, the value exchange would occur. Otherwise, the data would remain secure with the user.
  • Some purchasers may require storage of the data, others may allow individual users to define deletion policies, so even users with different deletion protocols may be able to participate in the same offers.
  • the gateway may conclude that value of approximately $7 is obtained for each data share of a certain level.
  • the gateway may provide offers that offer $7 in actual value (e.g., cash) in exchange for the data.
  • Tokens, crypto currency, or other value may also be exchanged, a redeemable point system may even be used, for example, wherein offerors by cryptocurrency or points from a common pool, and reward consumers with those coins or points in exchange for data. Consumers can then use the gateway to spend the coins or points in exchange for goods, services, discounts or even change them for cash.
  • Users may also be shown data snapshots about what is being gathered and by whom through analytics insights 144.
  • Data can be displayed in any reasonable format and per-site, per- category, per-day, etc. For example, one perspective may show a treemap or other construct that shows how many times each element of data was gathered by any site, or any site of a certain type, etc. Each box in the graph may show the relative amount of asks for the data relative to the other types of data.
  • Analytics may also provide a user with spending and browsing trends, so the user can better self-categorize their own behavior, as well as understand what computer-driven models might think of them based on their data. This may also help certain consumers conclude they are spending too much time or resources on certain sites or things and will allow consumers to benefit from their own data conclusions.
  • Analytics can come from the platform owner and/or third-party sources who are given permission to access the data.
  • Analytics may also be derived from a combination of the preceding or, for example, the logic for the analytics may come from a first source (e.g., the platform) and an analysis and presentation of the results, along with any accompanying recommendations, may come from a second source (e.g., a third-party application).
  • a suite of further microservices 151 may also be provided to the consumer 100. This can include some basic metrics about data 152, such as statistics about site usage, data sharing, and relative statistics - e.g., how much the consumer shares relative to anyone or relative to a demographic to which the consumer belongs or does not belong. The consumer could presumably select the baseline set for comparison as well, from a list of available baselines.
  • a consumer who considers themselves to be a luddite with regards to data sharing may want to know how much data they are sharing relative to a savvier demographic, for example.
  • a consumer who considers themselves to be wise may want to know how much and/or what types of data they are sharing relative to a potentially wiser, comparable, or potentially less-wise or less-careful demographic. Parents may want to know if their child is sharing a reasonable amount of data relative to their child’s peers.
  • PDSs may act as a data repository and reclamation point.
  • the gateway acts to assemble a profile of all the information stored about a given user, the user may want to recover their personal data from some sites. Certain sites may be willing to give the data back, other sites may simply agree to delete the data. Whether a consumer is entitled to see what data is stored by a given site will likely be a matter of contract and/or law. Sites may not want to show the full extent of data stored because it could reveal proprietary information about their algorithms, or it may just be embarrassing how much information they are storing. A contract with a consumer (e.g., a one-click license) may dictate whether the site has an obligation to share this information. Legal changes may override this, but presently some sites may be able to avoid sharing the scope and nature of information gathered and may simply instead agree to delete it.
  • Fig. 3 shows an illustrative logical view of a data ecosystem including the platform, a security gateway, and public networks.
  • “public” networks 301 may include unsecured access points outside of direct control of the backend platform provider, which can include, for example, a mobile application 303 for accessing the platform or other mobile applications that reside on top of the PDS and are, for example, approved but not controlled by the platform provider, social media or other websites and applications 305 and/or business partners 307 that have defined accesses and or existing permissions.
  • a data layer 343 can store data objects.
  • the data layer 343 may include different representation of the data. For example, one representation might be a graph data base, another might be a database, another might be file based.
  • the recommended policy may include an offer and/or other less aggressive policies may include better offers and so the user may be provided with the better offer as well as any applicable offer relative to the recommended policy at 425.
  • the offers do not have to be policy-by-policy, as noted, and may instead pertain to a carve-out for certain data or a change to a use or retention aspect for certain data.
  • the platform can handle the interaction at 431. This can include, for example, providing data in accordance with the applied policy and tracking the provided data at 433. Any deletion requirements applied by the policy and/or user general settings may dictate flagging of certain data sharing for later audit at 435, as discussed in greater detail with respect to Fig. 5 below.
  • Fig. 5 shows an illustrative example of a data auditing process.
  • an audit process may contact a third-party site or repository on behalf of a user or on behalf of the platform at 501. Audits can be run user-by-user, or audits can be periodic with regards to any entity for which data-deletion was instructed.
  • the audit process can compare the stored data to the data that was supposed to be deleted at 507, effectively looking for the absence of data, for example. That is, user account names and basic information may be permissibly stored, but certain ancillary information may be expected to be not included in the response.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • Game Theory and Decision Science (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Un système comprend un ou plusieurs chambres fortes de confidentialité. Au moins une des chambres fortes de confidentialité est associée à au moins un utilisateur individuel, stocke des contenus associés au ou aux utilisateurs individuels associés, et stocke une identification spécifique d'une pluralité d'entités tierces, autorisées à accéder à au moins une partie du contenu stocké par la ou les chambres fortes de confidentialité, conjointement avec des autorisations d'accès, une ou plusieurs des autorisations d'accès définies pour chacune de la pluralité d'entités tierces. Au moins une des autorisations d'accès définit l'accessibilité du contenu pour au moins l'une de la pluralité d'entités tierces pour lesquelles la ou les autorisations d'accès sont définies.
PCT/US2022/041069 2021-08-31 2022-08-22 Écosystème de confidentialité de bout en bout WO2023034060A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP22772668.4A EP4396760A1 (fr) 2021-08-31 2022-08-22 Écosystème de confidentialité de bout en bout

Applications Claiming Priority (6)

Application Number Priority Date Filing Date Title
US202163239215P 2021-08-31 2021-08-31
US63/239,215 2021-08-31
US17/587,799 US11599652B1 (en) 2021-08-31 2022-01-28 End-to-end privacy ecosystem
US17/587,799 2022-01-28
US17/587,815 2022-01-28
US17/587,815 US11755752B2 (en) 2021-08-31 2022-01-28 End-to-end privacy ecosystem

Publications (1)

Publication Number Publication Date
WO2023034060A1 true WO2023034060A1 (fr) 2023-03-09

Family

ID=83355593

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2022/041069 WO2023034060A1 (fr) 2021-08-31 2022-08-22 Écosystème de confidentialité de bout en bout

Country Status (2)

Country Link
EP (1) EP4396760A1 (fr)
WO (1) WO2023034060A1 (fr)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210182915A1 (en) * 2019-12-11 2021-06-17 Data Donate Technologies, Inc. Platform for management of user data

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20210182915A1 (en) * 2019-12-11 2021-06-17 Data Donate Technologies, Inc. Platform for management of user data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ITANI W ET AL: "Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures", DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, 2009. DASC '09. EIGHTH IEEE INTERNATIONAL CONFERENCE ON, IEEE, PISCATAWAY, NJ, USA, 12 December 2009 (2009-12-12), pages 711 - 716, XP031610175, ISBN: 978-0-7695-3929-4 *

Also Published As

Publication number Publication date
EP4396760A1 (fr) 2024-07-10

Similar Documents

Publication Publication Date Title
Cui et al. Informational challenges in omnichannel marketing: Remedies and future research
US11558191B2 (en) Key pair platform and system to manage federated trust networks in distributed advertising
US20190318433A1 (en) Real estate marketplace method and system
US11699202B2 (en) Method and system to facilitate gamified arbitration of smart contracts
CA3118308A1 (fr) Plateforme d'activation de transaction de pret d'infrastructure partagee et a intelligence adaptative
Watson et al. Addressing the growing need for algorithmic transparency
US20130191898A1 (en) Identity verification credential with continuous verification and intention-based authentication systems and methods
US20220256013A1 (en) Hierarchical data exchange management system
US11960622B2 (en) Platform for management of user data
US20220036377A1 (en) Data exchange platform from personal data platform
US20200273124A1 (en) ANONYMOUS MATCH ENGINE and QUADMODAL NEGOTIATION SYSTEM
US11880882B2 (en) Computer-controlled marketplace network for digital transactions
US20150178744A1 (en) Methods and systems for signals management
Travizano et al. Wibson: A case study of a decentralized, privacy-preserving data marketplace
US20240028752A1 (en) End-to-end privacy ecosystem
US20210398182A1 (en) Information Marketplace
Abraham et al. A taxonomy of data governance decision domains in data marketplaces
Chen et al. Understanding big data: Data calculus in the digital era
Bergemann et al. Market design for personal data
US12067133B2 (en) End-to-end privacy ecosystem
US11755752B2 (en) End-to-end privacy ecosystem
US20240143800A1 (en) End-to-end privacy ecosystem
EP4396760A1 (fr) Écosystème de confidentialité de bout en bout
US20160048847A1 (en) Information Marketplace
Shukla et al. The economy of data privacy

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22772668

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2022772668

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2022772668

Country of ref document: EP

Effective date: 20240402