Personal information sharing systems and methods based on localized permits

A distributed system with localized permission and biometric authentication addresses data privacy and regulatory challenges by securely sharing personal information on demand, enhancing security and compliance.

JP2026522258APending Publication Date: 2026-07-07SIMPELLO LLC

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Applications
Current Assignee / Owner
SIMPELLO LLC
Filing Date
2024-05-28
Publication Date
2026-07-07

AI Technical Summary

Technical Problem

Existing systems face challenges in securely and efficiently sharing personal information while mitigating data privacy concerns and regulatory risks, particularly in the context of data breaches and stringent regulations, without the need for permanent storage.

Method used

A distributed system that stores user permissions locally and requests user permissions on demand, utilizing biometric authentication through a trusted intermediary to verify and temporarily share information, ensuring secure and controlled access.

Benefits of technology

Enhances data security and compliance by allowing just-in-time access to personal information, reducing the risk of breaches and regulatory penalties, while maintaining user control over their data.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 2026522258000001_ABST
    Figure 2026522258000001_ABST
Patent Text Reader

Abstract

The Just-In-Time personal information sharing system employs short-range wireless communication to detect and identify a user's presence before sharing their information. Users store their personal identification information on their user devices and manage who they are permitted to share their personal information with. Subsequently, when a user is detected within a certain location using a wireless terminal, their presence is verified using a biometric profile. If confirmed, the user's personal identification information is shared with other trading parties for temporary use when completing the desired transaction. In this way, trading parties do not need to maintain user information, and users manage their own information and its sharing without requiring cumbersome user input to proceed with the transaction.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] Mutual citation for related applications

[0001] This application claims priority to U.S. Patent Application No. 18 / 460,010, filed on September 1, 2023. U.S. Patent Application No. 18 / 460,010 is a partial continuation of U.S. Patent Application No. 18 / 338,618, filed on June 21, 2023. U.S. Patent Application No. 18 / 338,618 is a continuation of International Patent Application No. PCT / US2021 / 064309, filed on December 20, 2021. International Patent Application No. PCT / US2021 / 064309 claims the rights of U.S. Provisional Patent Application No. 63 / 128,956, filed on December 22, 2020. By citing these patent applications herein, the content of each of them is hereby incorporated into this application.

[0002]

[0002] This application also claims the rights of U.S. Provisional Patent Application No. 63 / 505,245, filed on May 31, 2023. By citing this patent application herein, its content is hereby incorporated into this application to the extent not inconsistent herewith.

[0003] Field of the Invention

[0003] The present invention generally relates to a system and method based on localized permission for selectively and securely storing and sharing a user's personal information. Personal information may include personally identifiable information, contact information, payment information, reservation information, travel information, credit information, access information, health information, etc. Personal information is stored in a distributed user-controlled environment and selectively provided to the requesting third party in response to the verification and approval of a request for specific information. More specifically, the present invention relates to a system and method for selectively sharing a user's personal information from a local user-controlled environment with a third party after biometric authentication and authorization carried out through a trusted intermediary. Personal information data is accessed and used only temporarily as needed by the requesting party in order to reduce and / or eliminate data privacy concerns and the associated burdens associated with storing such personal information. Prior Art

[0004]

[0004] Since the advent of the dot-com era, websites and businesses have continued their never-ending journey to collect data. Whether it be a user's name and address, email address, credit card information, or purchase history, all of this data can be unearthed, monetized, and profited from by selling such information (individually or aggregated), which makes it significantly easier for users to complete transactions, and this includes profits from targeted marketing. Alongside this trend, almost all stores today have loyalty programs or reward programs, mobile applications, user accounts, or otherwise request customer information to provide streamlined transaction processing, etc.

[0005]

[0005] Unfortunately, customers have seen many times that when their sensitive personal information is freely shared, they can suffer adverse consequences, such as in the case of a cyberattack or data breach, when their information is at risk of being accessed by threat actors who seek to exploit their information for personal gain. This often results in fraudulent credit cards being opened or unauthorized transactions being carried out, all of which can lead to bad consequences and major headaches for users. Responsible companies must not only address this issue but also spend a great deal of money to deal with the fierce consumer backlash and ultimate reputational damage they face.

[0006]

[0006] Furthermore, as a result of the harm that users have suffered so far due to data breaches, businesses have begun to face increasingly stringent regulations from many jurisdictions around the world, most notably the European Union. These regulations apply whenever data of citizens of a country is collected and / or stored. Potential legal liabilities and regulatory risks, including substantial fines, as well as the frameworks that must be followed, pose significant challenges to the information technology (IT) sector of modern businesses and their ultimate profit and loss. [Overview of the project] [Problems that the invention aims to solve]

[0007]

[0007] Therefore, a solution that mitigates risk by maintaining just-in-time access to user data when needed, without having to permanently store data, while alleviating many of the above concerns, would be beneficial to many users and businesses. What is needed is a distributed system that either stores user permissions or requests user permissions on request, but is otherwise virtually transparent to the user, which verifies the user, delivers the information needed for use to the requesting party at just the right time, and disposes of it quickly without long-term storage. [Brief explanation of the drawing]

[0008] [Figure 1] This is a schematic diagram of one embodiment of an information sharing system based on local permits according to the present invention. [Figure 2] This flowchart shows a set of steps included in an exemplary process for provisioning a mobile phone used within the system shown in Figure 1, according to one embodiment of the present invention. [Figure 3-1] This flowchart shows a set of steps included in an exemplary process for verifying and completing the exchange of personal information using the system shown in Figure 1, according to one embodiment of the present invention. [Figure 3-2] Same as above [Modes for carrying out the invention]

[0009]

[0011] For the purpose of facilitating an understanding of the principles of the present invention, embodiments shown in the drawings will be described hereby with reference and using specific terminology. However, it will be understood that this is not intended to limit the scope of the invention in any way. Any modifications and further changes in the embodiments described, and any further applications of the principles of the invention described herein, will be considered to be ordinarily conceivable to those skilled in the art to which the present invention relates.

[0010]

[0012] Figure 1 shows one embodiment of a personal information sharing system based on localized authorization. Advantageously, this system allows users to securely store their personal information locally, under their management and control, and to temporarily provide it to the requesting authorized user for immediate use and disposal upon request. Such personal information may include, but is not limited to, and is not required to include, personally identifiable information, contact information, payment information, credit information, access information, health information, travel credential information, and reservation information. In other forms, some of a user's personal information may be stored elsewhere, but not in amounts that would cause concern if it fell into the wrong hands, and / or would not be used for any heinous purpose. Thus, the collection of at least some portion of a user's personal information from the user is required for any use.

[0011]

[0013] System 10 includes a user side 100, a service side 200, and a third-party side 300. These are merely logical divisions, and entities control the hardware, software, and data flow within these areas of System 10 based on them, and do not necessarily indicate the location of various components. Within System 10, communication may utilize the network 20 and other known methods of data exchange, such as wireless transmission (including Bluetooth® or other known point-to-point standards), and it should be acknowledged that the network 20 potentially belongs to no logical side, either entirely or partially. Various communication paths, such as communication paths represented as lines or wireless waves, connect to the network 20 and further connect between devices and from one logical side to the other through the network 20 to transmit data. As shown in this embodiment, the network 20 can be a local area network (LAN), a city area network (MAN), a wide area network (WAN) such as the Internet, a satellite or cellular network, any combination thereof, or other network configurations conceivable to those skilled in the art. It should be understood that more or fewer devices than those shown in Figure 1 can be combined through the network 20 and in various alternative configurations.

[0012]

[0014] In the illustrated configuration, network 20 may include numerous separate networks and multiple paths, and may include the Internet and a cellular network in part. The cellular network may be a Universal Mobile Communications System (UTMS), a Pan-European Digital Mobile Telephone System (GSM), and a Code Division Multiple Access (CDMA) network, or similar technologies. Within network 20, the cellular network utilizes cell towers to establish a wireless bidirectional transmission link between the user device 110 and other devices connected to the cellular network, including the device shown in Figure 1. This wireless bidirectional transmission link may also include wireless data links such as Evolution-Data Optimized (EVDO), Enhanced Data rates for GSM Evolution (EDGE), 3G, LTE, 5G, WiMAX, Ultra Wideband, Orthogonal Frequency Division Multiple Access (OFDMA), or other wireless data connections.

[0013]

[0015] Moving to the user side 100, the main component in the illustrated embodiment is the user device 110. In the illustrated embodiment, this is the user's smartphone, such as an Apple iPhone® running Apple's iOS® operating system, or a Samsung® or another company's smartphone running the Android operating system. It should be noted that other electronic devices, such as smartwatches, tablets, special wireless tokens, implants, Bluetooth appliances, etc., may be used in addition to or instead of the user device 110. In the illustrated embodiment, the user device 110 includes at least one biosensor 112, such as a camera, infrared camera, true depth camera, facial recognition sensor, fingerprint reader, palm / hand scanner, iris scanner, voice recognition microphone, or any other known biosensor or identity verification sensor. In other embodiments, a separate biosensor 112 may be used, or a biosensor 112 may not be required. In one embodiment, the user device 110 also includes an installed application 114. In one form, the installed application 114 may be provided by a service provider operating the service side 200, and in another form, it may be provided by an operator of the third-party side 300 (optionally including functions provided by the service provider operating the service side 200). The installed application 114 may be provided through a known mobile application distribution platform such as Apple's App Store or Google Play Store. Alternatively, the functionality of the application may be partially or entirely integrated into the installed application 114, reside within the operating system, or otherwise reside within the user device 110, or within a web page, applet, etc.

[0014]

[0016] The user device 110 is preferably capable of mobile voice and / or data communication through a cellular tower network such as network 20 or one or more other networks, and it is known that mobile phones such as the user device 110 are capable of operation and wireless communication through network 20 via conventional Wi-Fi networks. In addition to the standard voice functions of a mobile phone, the user device 110 preferably supports many additional services and accessories such as SMS for text messaging, email, packet switching for internet access, downloading of third-party applications, Bluetooth, infrared, NFC, and / or GPS. It should be acknowledged that while the use of a vast number of user devices such as the user device 110 is conceivable within system 100, only one is shown for the sake of clarity.

[0015]

[0017] The user device 110 also includes a user data vault 116. The user data vault 116 may be a segment of memory located within the user device, or a segment of memory that is securely accessible by the user device (but located remotely) and capable of securely storing the user's personal information. In one embodiment, this personal information is stored in a secure and / or encrypted form to protect it from unauthorized access.

[0016]

[0018] Moving to the service side 200, the service side 200 includes a gateway 210, a user terminal 220, and a server 230, the server 230 containing or connected to a database 232. The gateway 210 is shown as a special server for facilitating the sharing of personal information and is connected to network 20. It should be acknowledged that, in alternative configurations, the gateway 210 and / or server 230, and any other servers described herein, may be implemented as one or more virtual services operating in the cloud, such as using one or more conventional servers, virtual machines, or Amazon Web Services (AWS).

[0017]

[0019] The user terminal 220 is a device for local communication with the user device 110 when the user device 110 approaches the user terminal 220. The user terminal 220 acts to verify the user expected to be with the user device 110 and enables the sharing of trusted temporary personal information with the user terminal 220 and various other local components of the rest of the system 10, as described below. To achieve the objectives of the business logic described herein, the gateway 210 works in cooperation with the terminal 220. The user terminal 220 may be an Apple iPad® running Apple's iOS operating system, or a Samsung® or other third-party tablet running the Android operating system, or a dedicated hardware solution, or a combination thereof. It should also be acknowledged that other electronic devices, such as smart displays, smart televisions, Bluetooth appliances, and special appliances, may be used in addition to or instead of the terminal 220. The terminal 220 also includes a biosensor 222. In the illustrated embodiment, the biosensor 222 is a camera, oriented toward the transaction zone where the customer typically stands to complete the transaction. In one embodiment, the camera is a high-resolution camera with a lens and / or field of view that encompasses at least the entire transaction area. In addition, the biosensor 222 may also include a LIDAR or other type of sensor to assist in a selected type of biometric verification. In the illustrated embodiment, the biometric verification is facial recognition. Alternatively, the biosensor 222 may be one of any other known types of biosensors, including the sensor specified herein as a substitute for sensor 112.

[0018]

[0020] In addition, terminal 220 may be equipped with a high-granularity proximity detection system, such as the one disclosed in PCT / US2019 / 032774, entitled “Radio Frequency Antenna and System for Detecting Presence within a Strictly Defined Wireless Zone.” By citing this patent application, its entire content is included in this application. The proximity detection system employs short-range wireless communication to detect the proximity of a user device within a strictly defined wireless zone, such as a transaction zone, thereby inducing a desired action. The desired action, in this invention, is either granting authorization to proceed with a transaction or biometric verification, or identifying the precise area within the transaction zone where the user is standing in order to inform terminal 220 which area of ​​the image generated by the camera contains the user's face. By intelligently focusing on the selected area, the accuracy, security, and speed of biometric verification can be further improved. In other configurations, the functions of terminal 220 may exist externally and independently of the POS terminal.

[0019]

[0021] In one embodiment, terminal 220 includes a display and also includes an installed application 224. In one embodiment, application 224 may be provided by an operator of a third-party side 300 (optionally including functions provided by a service provider operating a service side 200). As previously described, the installed application 224 may also be provided through a known mobile application distribution platform, and the functions of application 224 may be partially or entirely integrated into the installed application, reside within the operating system, reside within terminal 220, or reside within a web page, applet, etc. Terminal 220 is preferably connected to network 20 via a physical network connection and / or wireless connection. The connection of terminal 220 to network 20 or elsewhere enables terminal 220 to communicate with exchange 210. This will be further described herein.

[0020]

[0022] Server 230 works with Gateway 210 to implement the business logic of System 10 as described herein. The business logic includes maintaining user accounts, user preferences, vendor accounts, data sharing audit trails, etc. Computers and devices such as Gateway 210, User-facing terminals 220, Server 230, and other devices within the third-party side 300 may each include one or more processors or CPUs and one or more types of memory. Each processor may consist of one or more components configured as a single unit. Alternatively, in a multi-component configuration, a processor may have one or more components spaced apart from the other components. One or more components of each processor may be digital circuits, analog circuits, or various electronic components defining both. In one embodiment, each processor is a conventional integrated circuit microprocessor configuration, such as one or more Xenon® processors supplied by Intel Corporation at 2200 Mission College Boulevard, Santa Clara, California 95052, USA.

[0021]

[0023] It should be understood that any of the devices shown within system 10 may be deployed to include both clients and servers, or to constitute dedicated hardware, or to constitute a combination of conventional hardware that is appropriately adjusted using software. Also, although a number of devices and servers are shown, in alternative embodiments, more or fewer than these may be utilized, including integrating two or more of the illustrated devices into one, and further, a number of user-facing terminals 220 are provided assuming their localization, and it should be understood that one or more of them may be placed at each franchise store, business, vendor, etc. Further, depending on the required traffic and capacity, multiple servers such as server 230 may be provided to collectively share the workload and balance the burden on server 230 illustrated and described herein, or instead of all or part of server 230, multiple virtual cloud-based services may be used.

[0022]

[0024] Regarding third party side 300, any number of vendor servers (including vendor servers 310A, 310B, and 310N) are included, and these are operated and controlled by individual third party entities. For example, vendor server 310A may belong to an airline company, vendor server 310B may belong to a coffee shop, and vendor server 310N may belong to a hotel. It should be recognized that more vendor servers may be included within system 100 depending on the number of third party vendors that desire to securely receive user personal information and act based thereon to conduct transactions and provide services to one or more of the users of system 100. In other forms, these vendor servers 310 may be one or more virtual services operating in the cloud, such as using Amazon Web Services (AWS), etc.

[0023]

[0025] In addition, an identification information verification source 320 and a payment processor 330 are also provided. The identification information verification source 320 is a third-party reliable server or service, and enables the system 100 to verify the user's identification information by using a driver's license, a passport, or other government-certified documents, cards, etc. The identification information verification source 320 may be a government or personal server or service, such as a state driver's license verification system, a credit reporting service, etc., that enables the system to verify the user's identification information at the required level of trust. In addition, the payment processor 330 may be a payment system that enables the processing of transactions for goods and services that can be conducted between the user and third parties within the system 100. Also, these may be one or more virtual services operating in the cloud.

[0024]

[0026] Note that much of the description of the retail environment in this specification is intended to be limited to illustrative purposes only, and it should be understood that the concepts in this specification are generally applicable to other transactions and are not limited to commercial transactions or retail purchases. To avoid doubt, commercial transactions include, but are by no means limited to, the purchase of products, the purchase of services, credit card payments, debit card payments, gift card repayments, electronic wallet payments, cryptocurrency payments, wire transfers, ACH transfers, etc.

[0025]

[0027] Moving to Figure 2, a set of steps included in an exemplary process for provisioning a user device 110 for use with the gateway 210 and terminal 220, as well as the rest of system 10. This process begins at starting point 201, where the user installs a dedicated application 114 on their user device 110, such as by using an application source like the Apple App Store or Google Play Store. The application 114 may also be distributed by the service provider 200, credit card issuers, payment processors, mobile phone suppliers, retailers, airlines, hotels, or any other third-party integrated logistics provider. Once installed, the user uses the application 114 on their user device 110 to create an account or profile with the server 230 (step 203). On the user device 110, the account or profile is stored locally in its complete form only within the user data vault 116, and the user enters their own personal information into their profile within the application 114 (step 205). Server 230 can be notified of what information items are being shared by users and what information items are stored in the user's data vault 116, but the actual personal information itself is neither transmitted nor made known in its entirety to Server 230 or other devices within System 100.

[0026]

[0028] For System 100 to function, certain threshold levels of information must be shared, but other personal information items may be shared with certain users but not with others, according to preference. However, in such cases, it is not necessary to enable certain additional features as a result of such choices. Here again, this personal information may include, but is not limited to, and is not required to include, personally identifiable information, contact information, payment information, credit information, health information, driver's license or government-issued ID, travel authorization information, and reservation information.

[0027]

[0029] In addition to providing personal information, the user may also provide an electronic wallet with one or more payment methods, such as a credit card, debit card, or other suitable payment information, within the application 114 on the user device 110 (step 207). This information may also include credit card number, expiration date, and security code, or other alternative information sufficient to enable payment, such as Venmo or PayPal. This information can be verified, in whole or in part, by the payment processor 330, or simply maintained within the data vault 116 for future use. Next, the user is asked for biometric information about themselves, and the user provides this biometric information to the application (step 209). This information can be entered using a sensor 112 that resides on the user device 110, as already described earlier. Alternatively, the user may be provided with an auxiliary sensor that can be used with the phone, such as via Bluetooth, USB, or other hardwired connection, and which allows the user to enter their biometric information. Depending on the cost, the auxiliary sensor may be kept by the user or returned to the service provider. In other forms, users may be required to provide their biometric information using other devices at a designated location.

[0028]

[0030] In other forms, a verification step is required to confirm that the user entering biometric information is indeed an authorized person for various payment methods. This may be done by requiring the user to take a photograph of their government-issued identification using user device 110 (step 211). The photograph may include the user's photograph and information on the front of the ID, and may also include the barcode or other independently verifiable information above it. These can be validated using various known identification verification services. Server 230 then attempts to verify the authenticity of the ID by using the ID verification server 320 to verify the government-issued ID and biometric information uploaded by the user (step 213). Verification server 230 may be a third-party service, a federal government service, or any other service operating on a trusted government information database. Examples include ID.me or Persona (available at withpersona.com). Alternatively, or in addition, the gateway 210 and / or server 230 may, through the mobile application 114, select and present to the user a difficult question to verify that the person claiming to be them is indeed that person (step 215). Examples of these questions may include the name of a city where the user previously lived, a city where the user previously resided, the name of an entity on which the user has outstanding loans, or other questions that are often automatically presented during background checks, credit checks, etc.

[0029]

[0031] Subsequently, server 230 uses the user's biometric information entered in steps 209 and optionally 211, and potentially also uses the user's photograph from a government-issued ID, to verify and construct the user's biometric profile, or to request and receive it from a third party (step 217). The user's biometric profile may be constructed in part using other components of the service side 200, but must be protected for privacy concerns. Assuming that all processes are completed without validity issues, the process ends, the user's biometric profile is created and stored in the user's user device 110, such as in the data store 116 (step 219). This biometric profile is sufficient to verify the user, but preferably not sufficient to allow reverse construction of the user's appearance, making any fraudulent attempts virtually impossible. Part of the biometric profile may be stored by gateway 210 or server 230, but at least the remainder should be stored in the user device 110 to make a complete copy editable and to be used when desired and authorized by the user device 110. This charring function allows for the storage of certain data without triggering restrictions, resulting in improved efficiency and security.

[0030]

[0032] In addition, users can optionally supply default personal information sharing rules to gateway 210 or server 230, through application 114, and specify which parts(s) of their personal information may be shared with which entities, either collectively or on an entity-by-entity basis (step 221). This specification includes both sharing without biometric verification at the time of sharing, sharing without biometric verification, and sharing that requires actual real-time user input and consent. For example, users may share their name and loyalty account number with a particular cocktail bar without verification or authorization, but to share payment information, they may require their biometric verification at the time of sharing, and perhaps even their explicit consent to share their age, date of birth, driver's license information, etc. This process ends at endpoint 223.

[0031]

[0033] Next, as shown in Figure 3, a set of steps included in an exemplary process for completing the exchange of verified personal information using System 100 is illustrated. It should be acknowledged that consumers are known to have various loyalty accounts with vendors, and the existence of such accounts for users and vendors should be assumed. These accounts can continue in their current form, but personal information can be deleted from persistent storage, and only a unique user ID can be maintained and associated with all data, so that personal information can be requested, used, and destroyed when requested, thereby reducing the vendor's exposure and easing their responsibility to maintain such information, as well as enhancing user privacy and improving vulnerability to data breaches. This method effectively moves each user in the vendor's database to an unknown user, but they can be quickly moved back to a known user when needed, such as when the user arrives at the vendor's site.

[0032]

[0034] This process begins at starting point 301, when the user and their user device 110 enter a wireless transmission zone around or directly in front of terminal 220 (step 303). In one embodiment, terminal 220 repeatedly broadcasts a signal such as a Bluetooth beacon containing a unique ID, so the user's user device 110 detects terminal 220, for example, through application 114 (step 305). In an alternative embodiment, terminal 220 may detect user device 110, achieving a similar effect. However, in the illustrated embodiment, the user does not need to take their user device 110 out of their pocket, wallet, etc., nor do they need to provide any input to user device 110 to perform this step. In yet another embodiment, the connection zone may be strictly defined, such as in front of a transaction counter, by including a more precise presence detection system as described earlier.

[0033]

[0035] Once detected, the user device 110, as well as either the gateway 210 and / or terminal 220, attempt to establish an authentication handshake (stage 307). This can be done using a username and password, a unique digital token, or some other known authorization / authentication method. Once authorized, the user device 110 shares the user's biometric profile, stored using the user data vault 116, with the terminal 220 (stage 309). This can be done in one of many ways, all of which can be secure and / or encrypted. In one form, the user device 110 transmits the user's biometric token to the gateway 210 via the network 20, so that the gateway 210 can then pass the user's biometric token to the terminal 220. In another form, the user device 110 can also transmit the user's biometric token directly to the terminal 220 without using the network 20, such as by Bluetooth or some other suitable point-to-point transmission method. Alternatively, the user device 110 may transmit the user's biometric token to the terminal 220 via the network 20. In yet another form, the user device 110 may enhance security by dividing the user's biometric profile into two or more incomplete but recombinable elements, transmitting the first part along one path and the second part along another different path. The method used may vary depending on the service, vendor, or user preference and configuration, or may be determined at least in part by the types of connections available to the user device 110, gateway 210, and terminal 220.

[0034]

[0036] In yet another form, the user device 110 may transmit only a portion of the user's biometric profile, which is then combined with an incomplete portion of a known or accessible biometric profile stored in the gateway 210 to obtain a complete biometric profile, which the terminal 220 can then transmit and use. In this way, the user's biometric profile can be charred. This means that since only an incomplete biometric profile is permanently stored outside the user's device, some portion of the biometric profile must be provided from the user's device before it can become useful in any form.

[0035]

[0037] At this point, the user's biometric profile is obtained, and it is known that the user's user device 110 is nearby, so the terminal 220 attempts to confirm the presence of the user 220 using its biosensor 222 (step 311). It should be acknowledged that various biometric verification methods exist, including facial recognition, palm recognition, iris scanning, and fingerprint reading, and the use of any of these models or other known methods is conceivable. For example, in this embodiment utilizing facial recognition, the biosensor 222 of the terminal 220 can create a model by identifying and measuring facial features from a raw video stream showing the user. In other embodiments, a 3-D facial recognition model may be used. Alternatively, voice recognition, fingerprint recognition, iris scanning, etc., may be used, provided that suitable information for performing such matching is provided in the user's biometric profile and is authorized by the service and the user.

[0036]

[0038] Assuming that terminal 220 is capable of doing so, gateway 210 receives confirmation from trusted user terminal 220 and then requests specific confirmed personal information, and potentially other information, from user device 110 (step 313). In addition, terminal 220 may request and retrieve information from gateway 210 or server 230.

[0037]

[0039] Depending on the type of vendor on which terminal 220 is located, a specific set of personal information is requested by terminal 220 for use and / or to supply it to the vendor's vendor server 310A (step 315). This personal information may include a unique identifier (or something that can be converted into a unique identifier) ​​that links the user to a profile inside the vendor's vendor server 310A. In addition, depending on the type of transaction, additional data such as various specific items of personal information may also be requested. The application 114 on user device 110 then receives the request for personal information and, using predefined permissions and rules, decides whether to share the requested personal information and, if so, determines the conditions under which it will be shared (step 317). Assuming that authorization for the requested information has been previously granted by the user with respect to the requesting vendor, the application 114 on user device 110 sends at least some, and possibly all, of the requested information to terminal 220 (step 319). In this case as well, this can be transmitted directly, such as by Bluetooth or some other point-to-point protocol, or indirectly, such as through the gateway 210 and the network 20. Once the user terminal 220 has the user's personal information, it can perform any number of actions. These actions include completing a purchase using one or more authorized payment methods, interacting with a loyalty account, presenting a dedicated interface including the user's preferred options, completing check-in or reservations (such as for hotels, flights, etc.), having the user check their luggage, or having the user check many different transactions that may thus occur (stage 321). It should be noted that, depending on the specific transaction(s) to be performed, one or more vendor servers 310 may be selected to be associated with the appropriate vendors in order to provide these functions.As part of this stage, terminal 220 may selectively share the user's personal information with vendor server 310A (or other servers) and use the vendor's back-end system to complete the desired exchange / transaction. In yet another form, additional user input may be requested to complete the transaction, or additional user authorization may be requested to share additional information required or desired by terminal 200 and the vendor. This input can be completed on terminal 220, for example, by using the user interface and / or touchscreen. After the transaction is completed, if no further processing is expected or requested, terminal 220 and any vendor servers that may have received the user's personal information completely erase it or erase any significant part thereof (stage 323). Thus, the user's device 110 remains the sole location of the user's personal information.

[0038]

[0040] One of the main advantages of this embodiment of the present invention is that a biometric profile can be created locally within the memory of the user's user device 110, and this biometric profile can be transferred to the terminal 220 when requested and authorized by the user. This establishes a decentralized system in which the user controls their information, trust is placed on the terminal, and the received biometric information is locally verified before authorizing the release of the user's personal information or the processing of transactions.

[0039]

[0041] Furthermore, in certain configurations, the entire process shown in Figure 3 can be completed without the user removing the user device 110 from their pocket, wallet, etc., or without providing any input at all on the user device 110 to perform the steps. This eliminates the complexity of requiring users to authenticate themselves using a vendor terminal or kiosk, separately using their phone, by scanning a QR code (registered trademark), or by some other more complex authentication process.

[0040]

[0042] For a simple purchase, the process in Figure 300 may include selection from a list of authorized cards or accounts permitted to be shared with the vendor, which can be specified by the user either by direct input into terminal 200 or by using previously specified defaults. In such a case, terminal 220 can execute the transaction without the user having to input anything into user device 110, and in some cases can execute the transaction using user device 110 and its stored information, and even wirelessly or via a cellular connection.

[0041]

[0043] In further enhanced security configurations, the process in Figure 3 may include additional authentication factors before the transaction is settled in step 321. Specifically, during the initial setup in Figure 2, the user may be asked to input a selected gesture, such as waving, touching their nose, winking, or other easily recognizable and distinct movements, or other biometric indicators such as voice. Terminal 220 then attempts to detect that the user is performing this gesture or to detect that additional biometric indicators, such as voice, are being matched by prompting the user to vocalize and confirm. In addition, if not previously identified, Terminal 220 may prompt the user to perform this gesture or speak at the end of another stage or at some point close to it.

[0042]

[0044] In various embodiments, thresholds may be set for further biometric verification requirements. For example, biometric verification may not be required for common transactions that are known to occur for a given user. However, for special transactions exceeding a certain threshold, such as $50 or $100, or for additional restrictions such as the purchase of controlled substances like alcohol, tobacco, pharmaceuticals, or other medications, a biometric verification step may be required.

[0043]

[0045] This disclosure is applicable to all areas, enabling one or more desired transactions through the verification of an identifiable customer or other individual, thereby ensuring the security of one or more actions such as purchases in retail stores, entry into or approach to structures, vehicles, venues, or any other type of restricted area. For everyday sales transactions such as purchasing coffee or fast food items, using the proximity of a smartphone to a vending machine or sales counter, combined with user input on the smartphone, is sufficient to authorize the sales transaction without adding any other verification layers to the transaction. However, for other transactions where enhanced certainty is desired, biometric verification according to the present invention may be made mandatory and can function as two-factor authentication, provided that the user does not need to unlock their smartphone or otherwise interact with their smartphone. In other situations, additional verification may be optionally added as the risk increases, such as purchases exceeding a predetermined threshold in areas outside the user's local area.

[0044]

[0046] Furthermore, in addition to sharing personally identifiable information, System 10 can also be used to enable various data exchanges without the user needing to interface with or interact with User Device 10. For example, System 10 can be used to allow access to a designated security area or space automatically, securely and / or without contact; to enable an elevator to take a user to a specified floor; or to enable a restaurant to present a dedicated display or menu to the user for ordering. Once the user's presence is identified and securely verified, the potential applications are limitless.

[0045]

[0047] Although the present invention has been illustrated and described in detail in the drawings and the preceding description, this description should be considered illustrative rather than limiting, merely illustrating and describing preferred embodiments. It should be understood that all equivalents, modifications, and alterations relating to the spirit of the invention described herein and / or the spirit of the invention as defined in the following claims are also protected.

[0046]

[0048] Therefore, the proper scope of the present invention should be determined solely by the broadest interpretation of the appended claims, so as to encompass not only all such modifications but also all relationships equivalent to those shown in the drawings and described herein.

Claims

1. A method for selectively sharing personally identifiable information using an authorization system, A step of storing multiple user profiles, wherein each user profile is associated with a user and further linked to a biometric profile of the user, the user's mobile device, and a set of personally identifiable information about the user. A step of storing multiple user permissions together with each user profile, wherein each user permission grants user consent for a specific entity to receive at least a specified portion of the personally identifiable information relating to the user associated with the user profile; A step of determining that a first user device associated with a first user has been detected at a first location, using a first wireless terminal operating at a first location associated with a trading party, wherein the first wireless terminal includes a biosensor and the first user device includes at least a portion of the set of personally identifiable information relating to the first user stored therein; The first wireless terminal receives a first biometric profile associated with a user associated with the first user device, The steps include: using the biosensor to acquire a first bio-capture from at least one person at the first location; The steps include: electronically comparing the first biological capture with the first biological profile and determining that the first biological capture matches the first biological profile; A step of receiving one set of requested personal information from the set of personal identification information requested by the aforementioned trading party, A step of confirming that the user profile associated with the first user device and the permission associated with it permits the sharing of the requested set of personal information, The steps include: extracting from the first user device at least a portion of the personal identification information that matches the set of requested personal information; The steps include sending the requested set of personal information associated with the first user to the first wireless terminal for use by the transaction party, Methods that include...

2. A method according to claim 1, wherein the step of determining that a first user device associated with a first user has been detected at the first location utilizes detection by a wireless beacon signal broadcast from the first wireless terminal and received by the first user device.

3. A method according to claim 1, wherein the step of determining that a first user device associated with a first user has been detected at the first location utilizes detection by a wireless beacon signal broadcast by the first user device and received by the first wireless terminal.

4. A method according to claim 1, wherein the verification step, the extraction step, and the sending step are each performed without any user input to the first user device.

5. A method according to claim 1, wherein the first portion of the first biometric profile is transmitted directly from the user device to the first wireless terminal.

6. The method according to claim 5, wherein a first portion of the first biometric profile is transmitted directly from the user device to the first wireless terminal using a first wireless protocol, and a second portion of the second biometric profile is transmitted from the first user device to the first wireless terminal using a second wireless protocol, wherein the first wireless protocol is different from the second wireless protocol.

7. The method according to claim 1, wherein at least a first portion of the set of requested personal information associated with the first user is transmitted directly from the user device to the first wireless terminal using a first wireless protocol, and a second portion of the set of requested personal information associated with the first user is transmitted from the first user device to the first wireless terminal using a second wireless protocol, wherein the first wireless protocol is different from the second wireless protocol.

8. A method according to claim 1, wherein the biometric profile associated with the user profile is stored at least partially on the user device associated with the user profile.

9. A method according to claim 8, wherein the set of personally identifiable information relating to the user associated with the user profile is stored at least partially on the user device associated with the user profile.

10. A method according to claim 9, wherein the biometric profile associated with the user profile and the set of personal identification information relating to the user profile are stored in an encrypted form.

11. A method according to claim 9, wherein the set of personally identifiable information relating to the user associated with the user profile is stored collectively on the user device associated with the user profile.

12. A method according to claim 11, wherein the set of personally identifiable information relating to the user associated with the user profile is permanently stored only on the user device associated with the user profile, and is not permanently stored anywhere in the authorization system.

13. A method according to claim 1, wherein at least a subset of the bioprofiles is evaluated for effectiveness using a third-party effectiveness evaluation service.

14. A method according to claim 1, wherein at least a subset of the biometric profiles is deemed valid using photographic identification issued by at least one government.

15. The method according to claim 1, wherein the set of requested personal information includes at least one of a date of birth, a social security number, or a credit card number and expiration date.

16. A method according to claim 1, wherein each biometric profile includes a facial recognition profile.

17. The method according to claim 1, wherein the first wireless terminal is a tablet computer.

18. The method according to claim 1, wherein the biosensor is a camera.

19. The method according to claim 1, wherein the first user device is a smartphone or a smartwatch.

20. A method according to claim 1, further comprising the step of using the first wireless terminal to detect a first gesture from the user from whom the first biometric capture has been taken, and verifying that the first gesture matches a default gesture which is part of the user profile associated with the first user, before processing the transaction.

21. A method according to claim 1, wherein the first wireless terminal deletes at least partially each element of the set of requested personal information associated with the first user after the transaction with the first user has been completed.

22. A method according to claim 1, wherein the first wireless terminal does not permanently store the set of personal information associated with the first user.