Patent Application
20230153413
The present disclosure relates to the field of data communication and, specifically, to a user-centric data communication system and method for interaction between humans and devices in order to ensure the integrity and compliance between digital rights and legal frameworks.
In typical data communication systems, there are no adequate models that provide for the search and consumption of capabilities for potential and contracted services. Further, there are no adequate models that provide for digital service contracts that require the consent of the data owner for information that is to be shared. What is missing is a user-centric approach, where ownership of the data is kept with the user, while still maintaining the opportunity for the user to exist as a customer at various vendors/service providers simultaneously. Such a concept is an open sharing model of services on the user's terms.
Service providers (SPs) need business-related reasons and motivations to join an ecosystem. This can be achieved if the relationship between the SP and the customer is not threatened. Normal solutions risk the exposure of protected customer insights between the SPs, thus endangering the SP's core business. A natural entry point for a user is through a demand driven relationship through the SPs.
The SP is normally not aware of other already existing services in the user domain or ecosystem. Thus, the SP is incapable of combining and/or enriching its own services with other SPs. There is no current automation that exists that would allow a new service discovery/customer offering that will allow a SP in the ecosystem to be able to search for other SPs' capabilities to enable enrichment by combining its own services with others.
Further, there currently exists no hierarchal consent model to ensure users' rights in service-to-service and device relationships in a way that is not vendor specific. There currently exists a problem with a lack of interaction with the user, related to execution of user data. Consent must be owned and be revocable by the user in real time. Current models have a static or vendor defined operation and there is no way of limiting consent to cut inheritance between SPs collaborating on the next sublevel. This results in leakage of user data. There is currently no abstraction between user consent and deployed services. Each consent is gathered by the vendor (SP), resulting in a non-portable and locked-in model where the user in not in control.
Referring to
In existing systems, there are no models for securing user acceptance of data shared between SPs, no common models for creating an innovative evolution of user services beyond the scope of one single vendor (SP), no concept for storing a user's wishes available outside a vendor (SP) domain, no single point to revoke delegated sharing rights (GDPR) rights to be forgotten), and no way to automate consent-based browsing of user profile data.
Today and in the foreseeable future, it is not possible to handle the task of accepting continuous changes and consent requests in ecosystems of devices, services, and humans in an understandable and user friendly way. In the future, it will be important for humans, as the owner of data, to have the consent for use of this data in human to device/system interaction. Although artificial intelligence (AI) might be a capability from an SP, it still needs to be on the user's terms, at all times. Because the data belongs to the user, any AI processing that data must obey a user ruleset. Many vendors (SPs) are experimenting with this balance, and risking the user's rights to its data. This is a misinterpretation of data ownership. What is needed is the ability to secure availability and user ownership of data repositories independent of SPs and to assure that the user's desires will be maintained in an open and shared way with the user's consent.
Further, existing models do not recognize the user's rights if they wish to immediately revoke (“right to be forgotten”) service-to-service or device-to-device sharing of user data. Typically, the user is not in control of a common revocation tool, which makes it nearly impossible to revoke SP-to-SP connections. In the current setup of “right to be forgotten,” all logical expressions built around the user itself will also be lost. Rather, a user-centric model, where the user stores all attributes in its own repository and also ensures portability of that data, will protect the digital twin information even if a right to be forgotten is executed towards a specific SP.
What is therefore needed is a system and method to correct the aforementioned inadequacies.
A more complete understanding of the present embodiments, and the attendant advantages and features thereof, will be more readily understood by reference to the following detailed description when considered in conjunction with the accompanying drawings wherein:
Referring to
Identities are derived from sources with appropriate Level of Assurance (LOA) levels. Only true root identities like national ID can be referred to for authentication of personal data. ID-exchange is carried out to a global ID for the ecosystem. This becomes the common denominator of associations, because pure IDs cannot carry attributes properly. Other ecosystems may exist and have to be interconnected through the translator to maintain integrity (user always decides what data is shared).
Referring again to
The Service Enabling Engine portion, and its components, as shown in
Infrastructure data such as position, etc., is available for enrichments, still according to the user's terms. Devices are handled separately, through a similar mergepoint in the service enabler. This function needs to support parking of systems/devices in transit (i.e., change of ownership). External certified devices keeps track of externally certified devices (e.g., medical equipment).
Referring again to
A Type 2 SP has additional subservice capabilities available. A subservice is a container for other SPs' capability engines. The subservice is related to the SP. A typical application can be, for example, a gateway Consumer Premises based Equipment (CPE) unit for Internet access in a household that can run containerized logics for another vendor to supply home alarm or smart home services. Agreements are created between SPs with user consent through the service catalogue.
An example of a Type 3 SP is, for example, a food supplier webshop that can create its own “smart fridge” before vendors exist on the market. The service adaptor could be named, for example, “generic fridge” and its functions could be manually entered through an app built by the food supplier called, for example, “fridge inventory.” The food supplier can consume this information through the API layer (service catalogue) and thereby open up for handover to a real vendor of fridges (open API policy). The service adaptor can also be used as a custom built component to enable innovation.
In one embodiment of the present disclosure, a method and system for human-to-device collaboration through digital hub and spoke contracts between SPs with user consent is provided. In accordance to one aspect of this embodiment, an apparatus for registration of capabilities surrounding a service is provided, where the data owner can include a consent for data exchange and control between services related to the contract. A user with a customer contract to a SP can have its specific capabilities detailed in the capability database.
In this example, a user enters the hub for the first time and searches the SP registered ecosystem. The user decides to become customer with a selected set of SPs. The specific selected capabilities for each service are registered in the service and capability catalogue. The right to use is controlled by consent data and contract database. SPs can build new combined services on insights from contracted and shared capabilities. This “SP enrichment” method shall be described in further detail later in this disclosure. In one aspect of this embodiment, prerequisites include services that are able to register capabilities in a common repository, SPs that are already accepted as an ecosystem partner, the data owner has consent control, and the user has an acceptable identification method.
In this embodiment, a certificate/token is shared per capability (for example a capability might be for lights but not the fire alarm in a home automation system). Consent might be issued to control communication between services or devices with an always active revocation ability by user. Access control might be through the token/certificate or other connection using various service buses. The user is always in control through contract, consent, or a “wish and will” list. The ability to scan a user is restricted by consent and published capabilities are always controlled by the user.
The following is a non-limiting example of an application of this embodiment. Initially, an identified user registers on the hub for the first time and receive a global ID. A personal group is mandatory and is created automatically by the system with full ownership of user (e.g., same name as the user). The user then searches for registered SPs in the ecosystem. Any previously registered SPs will be displayed with their capabilities. If a user already has an existing relationship with a SP in the ecosystem, ID mapping with global ID is performed and the user's already contracted capabilities will be available.
The SP then exposes capabilities for its service, independent of the user's (data owner's) final selection. The user will see actual and optionally available capabilities in one view. The user selects a SP for contractual agreement or simulation. In case of a contract, the user is redirected to the customer page at the SP. Relevant user attributes like address, etc., are transferred upon user consent (this prohibits data mining). A dialogue is maintained through the SP API towards the hub to build necessary relations (i.e., tokens/certificates). The SP will be given access to the global ID and will use that to register user capabilities in the Service and Capability catalogue. Publishing for ecosystem search is upon user consent. Contracts are registered in the user's contracts & consent databases and in respective SP databases.
In another embodiment of the present disclosure, a method and system for onboarding SPs and their customers to an open hub is provided. In accordance with one aspect of this embodiment, an apparatus for registration of a SP in an ecosystem and also the registration and transfer of an SP customer into a global ID is provided. In one aspect of this embodiment, prerequisites require that the SP is qualified according to quality and compliance standards and the SP has the technical capabilities to connect to the ecosystem.
In this embodiment, an SP is offered connectivity to the ecosystem (hub) through an API. The SP customer base can be offered to the ecosystem and registration as users with its own hub through the hub API. The SP always retains the customer relationship. Registration of an SP includes acceptance of compliance and technical capabilities as well as commercial requirements. An SP can exist both as a commercial and non-commercial actor.
Registration contains two different processes: (1) SP registration with secure ID and related services with general capabilities; and (2) SP customer ID to Global user ID translation. The SP itself will have to register with a valid trusted ID (e.g., trusted person, firmatecknare). The second stage appears when the SP customer wants to connect to the ecosystem for the first time. In this stage, the customer ID of the SP will be mapped to the Global user ID and the user will be registered with a personal hub and availability of global service provider search.
In conjunction with
Next, consent for creating a user hub is requested from the user. At least one group is created automatically by the system with full ownership of the user (e.g., same name as the user). Already contracted capabilities are associated with the group. A consent request from the SP is then sent to the user to allow a search for other capabilities. If this is OK, the SP will run a search for known integrated capabilities and store new combinations.
In another embodiment of the present disclosure, a method and system for user-consented cross search between SPs for capabilities that might enrich their combined offering or functionality is provided. Initially, each SP has to request rights to scan the user's SP association list. SPs then evaluate new possible combinations, where new combined capabilities may occur. New capabilities are registered the same way as a non-combined capability. New combinations are classified as mutual or non-mutual SP offerings. New combinations are also detected and published by ecosystem processes. New offerings can be advertised to the user through the SP UI.
Each associated SP requests rights to scan the user's SP associations. SPs evaluate new possible combinations, where new combined capabilities may occur. New capabilities are registered the same way as a non-combined capabilities. A background process in the hub detects changes independently and advertises towards the user in a suitable way with the purpose of highlighting ongoing activities. New offerings are created by an SP or SPs and advertised to the user through the SP's UI to maintain an existing customer relationship. A new independent offering can be created by a new SP entering the hub. This offering might well be a business insight about one or several other SPs provided that data is available and not locked by other commercial agreements. Transfer of data fees might also appear.
In conjunction with
An offering is created, and the user selects the new service. The user (data owner) consents to what services and data should be available to share and tokens are delivered. A second SP (SP2) then makes a request for services from the capability database. If consent from the user is received and accepted, possible capabilities will be transferred. SP2 then requests association with possible capabilities of the other SP. If the user consents to this association, a token will be transferred for the specific capability. A “decline” can either be generated by the user, or be caused by a non-existing capability. Connection is established and dependant on Time To Live (TTL) on a token/cert or revocation from user.
In another embodiment of the present disclosure, a method and system for user consent in a database built on technologies that ensures future distribution without sacrificing the ownership of the user's data is provided. Every process of the user data has to be accepted by the user transferring a service unique and revocable token/certificate. In one aspect, in maintaining consent with user owned data, revocation is possible, and a digital twin can act on behalf of the user without restricting, i.e., “locking” this function to a specific vendor. The token/certificate is stored in a way that revocation may be possible instantly. This means, a user can stop a service from running or data to be shared at any time without needing to go into specific vendor processes. In one aspect, prerequisites include services are available in need of processing user data and user interaction or a digital twin function responds to SP-requests.
An abstraction exists to ensure a neutral interaction point, where the user's consent and other control parameters are stored in a standardized and secure way. This layer can exist on a specific hub provider or in a future distributed ledger solution. In both cases, the data has to be portable in an open way owned by the user alone, not as a customer. After consent, revocable tokens/certificates are sent to every created and agreed capability from each SP or between SPs. Each consent includes variables controlling TTL in order to avoid unnecessary traffic to the hub. In general, all traffic exchange between services and service providers are direct as long as a valid a token/certificate exists.
Because the user is involved in every issued token/certificate, a revocation is possible at any time, even if the token/certificate is issued between two SPs. Selection of a token/certificate is done based on online or offline requirements. Tokens/certificates can be one-time, based on the amount of times used, time-limited, or can have offline capability. The only situation that does not have immediate revocation capability is the offline case, where it might not be possible to check for validity at a certain time. In general, tokens are suitable for online behavior and certificates are suitable for offline use.
In conjunction with
In conjunction with
Each new user in the hub will always have a first group automatically assigned. This group is stored with the global ID. A user can own and belong to multiple groups. A user owning or belonging to a group can inherit rights and services within that group, provided that the specific token/certificate allows for this. Revocation is always possible. Delegation of consumption rights could be transferred through inheritance in several steps if the token/certificate allows for this.
A typical and non-limiting user interaction scheme for this embodiment is as follows. (a) create a first group (always the same as the owner); (b) create an add-on group to delegate: (c) create levels or classes (attribute controls like adult/child/class); (d) provide service capability filtering for consumer view; (e) invite users on behalf of administration or service consumers; (f) receive user request for consumption; (g) delete user; and (h) delete delegations.
The following is a non-limiting example of an application of this embodiment. In this example, a connected homeowner can share his/her control over services with a guest or family member. The homeowner has his/her services connected to a group called “home.” The homeowner invites a new user (consumer of services) to his/her group. The homeowner decides which services to share and allows inheritance of consumption rights to the selected user, with or without continued inheritance. The selected user receives an invitation to the group and accepts by making an appropriate identification. The selected user can now browse and add/consume available capabilities and assets in the homegroup. An SP can have knowledge of the new group member through the global ID, but can only have a customer relationship with the homeowner (group). Everyone else will use global IDs and consumption will happen on behalf of the homeowner. The selected user may add its own services for consumption by others in the same group. A revocation of rights can be done by anyone in the delegation chain, cutting all inheritance below that user.
In conjunction with
As shown, the method comprises:
(701) registering on a hub in a system;
(702) acquiring/receiving a global identity (ID) from the hub, wherein the global ID includes attributes, and wherein the global ID is mapped to a user ID of the user device;
(703) registering on the hub using the acquired global ID; wherein a personal hub is allocated to the user device;
(704) selecting a service; and
(705) creating one or more tokens/certificates for defining capabilities of the selected service.
As previously explained, the method also comprising storing the one or more tokens/certificates in a (capability) database, wherein the token(s)/certificates are revocable by the user of the user device. The method also comprising requesting and consenting to what type of services or data are available for sharing and wherein each service is associated with a token/certificate. Each of the tokens/certifications are dependent on a TTL value. The method also comprising inviting a new user to the user's allocated personal hub and deciding which services to share and allowing inheritance of consumption rights to the invited user.
There is also provided a method performed in a system comprising one or more hubs, one or more service providers (SPs) and one or more user devices, according to some previously described embodiments. the method comprising: the one or more hubs requesting association or connection to one or more SPs; the one or more SPs accepting the request for association or connection to the one or more hubs; the one or more SPs registering each to the one or more hubs with a valid service provider ID; each of said one or more service providers acquiring one or more tokens/certificates, after consent from a user device and further get access to a global ID of the user device; and the one or more SPs requesting from the user device the right to read capabilities or specific user data. Each of the one or more SPs exposing or sharing its capabilities for its service, independently of the user's selection; and the one or more SPs use the global ID of the user to register user capabilities in a service and capability catalogue. Each of the SPs scanning the user's SP associations. if consent from the user is received and accepted by one or more SPs, the one or more SPs request association with capabilities of other SPs, and if the user consents to the association, at least one token/certificate is transferred for at least one capability to a service selected by the user. A system comprising one or more hubs, one or more service providers and one or more user devices, is also provided to perform the method steps disclosed above.
In another embodiment of the present disclosure, a method and system for registration of user preferences to minimize complexity on consent decisions, is provided. This embodiment provides the ability to automate consent handling by using digital twin concepts to mirror a user's “will and wish” by creating abstraction of the user from the customer. The embodiment includes pre-seeding of requisites for SPs to act upon (certified SP services). A certified hub service is a SP capability that has been pretested and validated. A three step process can be created, where: (1) SPs can see each other if registered to the hub, but not browse users; (2) SPs can see a user's contracted SPs upon consent; and (3) SPs can see a user's contracted SP capabilities on extended consent. This creates a possibility to devise new combined capabilities and also offer them in a process where an SP is not always capable of finding out what a competitor might be already using already Cross-creation of new services opens allows for innovation. The user will have one single point of control to deny usage for all services.
In one aspect of this embodiment, prerequisites include services that are capable of reading the register of user prerequisites (“will and wish”), the ability to detect conditional actions, and the SP is registered and accepted by the hub and, at a second stage, by the user.
In conjunction with
In another embodiment of the present disclosure, a method and system for automating decisions based on a user's will and wish list, is provided. Automation is needed to achieve simple user interaction in complex systems. This will require “wish and will” contexts for users as well as “my rules” and legal alignment checks. All this has to be presented to the user showing possible consequences with simulation tools since nobody will have the capability to understand all components in a complex service. The man-machine interface has to be as simple as Boolean expressions and data has to be formatted accordingly.
“Wish and will” lists are the simplified explanation of text and graphics where a user can determine this. In the end, an AI machine will be able to interact and improve this list, the difference being that the user stills owns the rules and the machine does not store the insights at a vendor or SP location but at the user's repository in an open format. Over time, this understanding will be universal and understandable by several AI functions implemented as SP capabilities. Simultaneous use of AI machines from several vendors is possible this way, each with specific targeted tasks. Determined wish and will statements require consent by the user and then user owned as a twin.
In conjunction with
In another embodiment of the present disclosure, a method and system for revocation of services with compliance to GDPR (right to be forgotten) including automatic deletion of services and relations, is provided. An apparatus for maintaining a link between central user consents and tokens/certificates shared between services and/or devices directly is provided. This solution allows immediate revocation and full user control including chained delegated rights and SP-to-SP tokens and also allows for automated deletion of services and data. The abstraction of consent from the SP makes it possible to store profiling data at the user repository instead. This preserves attributes even if rights to be forgotten have been executed at the SP level. A new SP can interpret the user's intended “wish and will” logic by reading the old consent.
In conjunction with
In conjunction with
As shown, the method comprises:
(1001) pre-seeding of requisites for service providers to act upon certified service provider services;
(1002) allowing service providers to have knowledge of each service provider registered in a hub of a user;
(1003) allowing the service providers to have knowledge of a user's contracted service provider, upon consent of the user, and further allowing the service providers to have knowledge of the user's contracted service provider capabilities; and
(1004) registering user preferences associated with user prerequisites in terms of a will and wish of a user.
As previously described, the method further comprises, each service provider adopting its services based on the user's prerequisites in terms of said will and wish list. Further any change to the user's will and wish list automatically requires a new consent from the user. Consent handling of a user is automated using at least one digital twin to mirror the user's prerequisites in terms of said will and wish of the user. The method further comprising, storing the prerequisites in terms of the wish and will of the user in a user repository, wherein the user repository is associated with a global ID. The digital twin is created in a freestanding service provider or as part of an existing service provider.
The memory module may be configured to store code executable by control circuitry and/or other data, e.g., data pertaining to communication, e.g., configuration and/or address data of nodes, etc. The processing circuitry may be configured to control any of the methods described herein and/or to cause such methods to be performed, e.g., by the processor. Corresponding instructions may be stored in the memory module, which may be readable and/or readably connected to the processing circuitry. In some examples, the processing circuitry may include a controller, which may comprise a microprocessor and/or microcontroller and/or FPGA (Field-Programmable Gate Array) device and/or ASIC (Application Specific Integrated Circuit) device. It may be considered that the processing circuitry includes or may be connected or connectable to the memory module, which may be configured to be accessible for reading and/or writing by the controller and/or processing circuitry. The computing device may include additional components not depicted in
According to some of the embodiments previously described, the computing device is configured to register on a hub in a system; acquire/receive a global ID from the hub, wherein the global ID includes attributes, and wherein the global ID is mapped to a user ID of the computing device; register on the hub using the acquired global ID; wherein a personal hub is allocated to the computing device; select a service; and creating one or more tokens/certificates for defining capabilities of the selected service. The computing device further is configured to store the one or more tokens/certificates in a database, wherein said one or more tokens/certificates are revocable by the user of the computing device. The computing device is configured to request and consent to what type of services or data are available for sharing, wherein each service is associated with a token/certificate. The computing device is also configured to invite a new user or user device to the user's personal hub, to decide which services to share and to allow inheritance of consumption rights to the invited user device.
According to some other embodiments previously described, the computing device is configured or operated to pre-seed of requisites for service providers to act upon certified service provider services; allow service providers to have knowledge of each service provider registered in a hub of a user; allow the service providers to have knowledge of a user's contracted service provider, upon consent of the user, and further allow the service providers to have knowledge of the user's contracted service provider capabilities; and register user preferences associated with user prerequisites in terms of a will and wish of a user.
The computing device is configured to adopt for each service provider, the service provider's services based on the user's prerequisites in terms of said will and wish list. Any change to the user's will and wish list automatically require a new consent from the user. Consent handling of a user is automated using at least one digital twin to mirror the user's prerequisites in terms of said will and wish of the user. The computing device is further configured to store the user repository in a hub, or in a portion of the hub, belonging to the user. The digital twin is created in a freestanding service provider or as part of an existing service provider. The computing device is further configured to delete the user's prerequisites in terms of the will or wish of the user, upon receiving a request from the user.
Throughout this disclosure, the word “comprise” or “comprising” has been used in a non-limiting sense, i.e., meaning “consist at least of.” Although specific terms may be employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
The present disclosure can be realized in hardware, software, or a combination of hardware and software. Any kind of computing system, or other apparatus adapted for carrying out the methods described herein, is suited to perform the functions described herein.
A typical combination of hardware and software could be a specialized computer system having one or more processing elements and a computer program stored on a storage medium that, when loaded and executed, controls the computer system such that it carries out the methods described herein. The present disclosure can also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which, when loaded in a computing system is able to carry out these methods. Storage medium refers to any volatile or non-volatile storage device.
Computer program or application in the present context means any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following a) conversion to another language, code or notation; b) reproduction in a different material form.
Having described aspects of the present disclosure in detail, it will be apparent that modifications and variations are possible without departing from the scope of aspects of the present disclosure as defined in the appended claims. As various changes could be made in the above constructions, products, and methods without departing from the scope of aspects of the present disclosure, it is intended that all matter contained in the above description and shown in the accompanying drawings shall be interpreted as illustrative and not in a limiting sense.
It will be appreciated by persons skilled in the art that the invention is not limited to what has been particularly shown and described herein above. In addition, unless mention was made above to the contrary, it should be noted that all of the accompanying drawings are not to scale. A variety of modifications and variations are possible in light of the above teachings without departing from the scope and spirit of the invention, which is limited only by the following claims.
A group can consist of a combination of Users, Devices and Services. A group consists of at least of one member. There is always one Owner of a group. The Owner of a group is always a Person (human or legal). The ownership of a group can be transferred from one User to another User. When a User is registered for the first time in the “Hub,” a new group is always formed with the User as Owner. This is called the User Personal Group. An Owner can invite another User, a Device or a Service as member in the group. The right to invite members to a group can be delegated from the Owner to a group member. The User or the Owner of a Device or a Service must give consent to participate as a group member. Users, Devices and Services can be members of different groups at the same time. The invitation to a group can be permanent or temporary. The membership can be revoked at any time. Membership rights in a group are delegated separately per User, Device or Service. An example could be the right to read, change, buy and the right to invite new members. Membership rights can be one time based, time scheduled or permanent and can be changed at any time during a group membership.
This application is a national stage application, filed under 35 U.S.C. § 371, of International Patent Application No. PCT/IB2021/000289 filed on Apr. 28, 2021, and U.S. Provisional Patent Application No. 63/017,860 filed on Apr. 30, 2020, which are incorporated by reference herein in their entirety.
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/IB2021/000289 | 4/28/2021 | WO |
| Number | Date | Country | |
|---|---|---|---|
| 63017860 | Apr 2020 | US |
