User profile information is becoming an increasingly important asset to service providers, as they seek to provide highly customized and personalized experiences to service consumers. This is particularly true for software vendors and software service providers. For example, there are many providers of software-based services (e.g., website operators) that customize user interactions, as well as the presentation of information (e.g., content and advertisement), based on user profiles during interaction sessions with software supporting a particular service. Accordingly, from a software or software-services vendor perspective, the ability to obtain, generate and access user profile information is highly desirable.
From a user perspective, while the customization of software and services may be beneficial, privacy and security concerns cannot be ignored. Privacy concerns exist both with respect to the creation of user profile information by a vendor and the use of such profile information. For example, when interacting with a particular software application (e.g., when using a commercial search engine to search or when shopping on an e-commerce website), a user may or may not wish to have their activity for that particular session recorded and used to update a profile. Consider the situation in which the user is a middle-aged man, but is shopping for a gift for his teenage niece. In this situation, the user may not wish to have his activities used to automatically supplement his user profile that is automatically generated and maintained by the website. On the other hand, when shopping for technology gadgets, this particular user may view his activities with respect to that interaction as being relevant to his profile. Accordingly, the user may wish to have his profile accessed during such a session so that the software can accurately recommend products.
Turning to search software-based service providers, commercial search systems may save a search history only for a single session, or provide an option for registered users to save searches. Search history options are typically software-based, and allow searchers to access the history from any Internet-connected computer system by logging into a user account. The search history data (e.g., as part of a user profile) is typically stored on the search engine computers. Again, a user may or may not, for various reasons, wish to have their searching activities for a particular session logged and used to construct or modify a profile that is being automatically created by the search engine computers.
With respect to search history gathering, certain search engines provide no option to pause or turn off search history gathering, although logging out of a session often provides the same effect. Google, on the other hand, does provide a “pause” function that can be used to stop recording of search results without requiring that the user log out.
Ask.com has introduced an AskErase feature, which allows users to immediately delete search queries stored on servers of Ask.com in an attempt to address certain concerns around the privacy of search results history.
United States Patent Application Publication No. US 2005/0033803 describes a website system that includes an event history server system that persistently stores event data reflective of events that occurred during a browsing session of website's users, and makes such data available to other applications and services in real time. Various types of events and information are recorded by the event history server system, and event data is stored by user identifier (ID). These types of personalization applications and features are made possible by an event history server. An event search engine is provided through which users can search the respective event histories by event type, event value and event time-all-occurrence, and various other criteria. Users may also be permitted to “delete” specific events from their respective event histories.
United States Patent Application Publication No. US 2003/0051171 describes a user apparatus that forms a user identity, such as in a trusted platform module, and also captures at least one profile characteristic in a capture unit. An inquiring apparatus sends the request to the user apparatus. A profile unit forms a user self-profile by combining a formed user identity with one or more selective profile characteristics of interest to the inquirer. The user profile is formed at the user apparatus, and sent to a remote inquiring apparatus. The user therefore maintains some control of his/her user profile, and an overhead, such as data storage on an inquiring apparatus, is decreased. Paragraph [077] of this application discusses how a user identity supplied in a user self-profile may be checked.
United States Patent Application Publication No. US 2007/0261116 describes a secure content service available through a network. A user profile is stored in a user profile store, and the user access controller enforces access rights to the user profile. The user profile, once accessed, may be used to provide access to other content. A user profile store stores user profiles, each of which has a unique identifier. The user may set access levels to his or her profile in a profile store. A profile access controller enables a user to set access granularity and preferences. A user interface (275) enables access to the user profile through the profile access controller. Monitoring and logging logic (280) monitors access to the system, including user profile accesses and user preferences set by the user. The monitoring and logging logic determines if an access to a user profile is anomalous.
The described system is concerned with controlling access to the content which a content creator submits for a publication. A determination is made whether a content consumer is identified (i.e. has an associated user profile and is connected to the user profile), and whether the content consumer has access permissions to the content. The process may also determine whether content needs a content consumer's filter specifications. If there are no filters associated with content, or the content needs the filter specifications, data is decrypted and displayed to a content consumer.