Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020220119 - SYSTEM AND METHOD FOR USER-CONTROLLABLE CLOUD-BASED DATA SHARING

Note: Text based on automatic Optical Character Recognition processes. Please use the PDF version for legal matters

[ EN ]
TITLE: SYSTEM AND METHOD FOR USER-CONTROLLABLE CLOUD-BASED DATA

SHARING

FIELD

[0001] The described embodiments relate to a system and method for data sharing, and in particular, to a system and method for user-controllable cloud-based data sharing.

BACKGROUND

[0002] The growth of the Internet has resulted in large amounts of personal user data being shared, collected and exchanged online. For example, personal data is increasingly shared and collected through the use of social media platforms, use of online services (e.g., retail, banking and financial), as well as through the growing emergence of the“Internet of Things” (loT).

[0003] With the increasing rise in data sharing and collection, serious concerns have also emerged over user data privacy, and user data ownership. For example, in many cases, users may not be aware of the types of data that are being collected about them by data collection entities (e.g., social media platforms). Further, data collection entities may share or distribute user data, to third parties, without the knowledge or consent of users. In other cases, data collection entities may also sell (or re-sell) user data to third parties, for large financial gain, but with little to no compensation to the user for the sale of their data. Still further, rising occurrences of third-party attacks on unsecured data banks and reservoirs has resulted in exposure of sensitive data for millions of users, and in turn, in rising cases of identity theft and/or credit fraud.

SUMMARY

[0004] In at least one broad aspect, there is provided a method of user-controllable cloud-based data sharing, the method comprising: a user device transmitting a dataset request to a data provider; in response to the dataset request, the data provider identifying at least one dataset associated with the dataset request and transmitting an indication of the at least one dataset to the user device; the user device associating the at least one dataset with a user data profile located on an external server; the user device authorizing release of a selected dataset of the at least one dataset to the user data profile on the external server; in response to the user device authorizing release of the selected dataset, the data provider retrieving the selected

dataset and transmitting the selected dataset to the user data profile on the external server; and the external server receiving and storing the selected dataset in association with the user data profile.

[0005] In some cases, the selected dataset comprises at least one of online public user data, online private user data, and offline user data.

[0006] The method may further comprise, prior to receiving dataset request, the data provider receiving the at least one dataset from one or more data collection server.

[0007] In some cases, wherein a first dataset from a first data collection server is encrypted using a first encryption key associated with the first data collection server.

[0008] In some cases, the first dataset is decryptable using a user decryption key associated with the user device.

[0009] In some cases, authorizing release of the selected dataset comprises decrypting the selected dataset using the user decryption key and encrypting the selected dataset with a data provider encryption key.

[0010] The method may further comprise, the data provider decrypting the selected dataset prior to transmitting the dataset to the external server.

[001 1] In some cases, the user device authorizing release of a selected dataset of the at least one dataset comprises the user device determining the external server to which the selected dataset will be released.

[0012] In some cases, the user device authorizing release of a selected dataset of the at least one dataset comprises identifying the selected dataset from the at least one dataset.

[0013] In some cases, the selected dataset is a subset of the at least one dataset.

[0014] In some cases, the external sever is configured to store, in association with the user data profile, a plurality of datasets received from a plurality of data providers.

[0015] In some cases, the external server is configured to generate a profile summary report of the datasets stored in association with the user data profile, and the external server is further configured to transmit the profile summary report to the user device.

[0016] In some cases, the user device is configured to periodically transmit dataset requests to the data provider in order to update datasets stored on the external server in associations with the user data profile.

[0017] In some cases, the dataset request is transmitted from the user device to the data provider in response to the user device receiving a notification from the data provider of an updated dataset.

[0018] The method may further comprise: the external server generating releasable data using datasets located on the external server in association with the user data profile; the user device authorizing release of the releasable data to at least one third party; and the external server processing the releasable data by transmitting the releasable data to the at least one third party.

[0019] In some cases, the processing of the releasable data further comprises: receiving, at the external server, a compensation amount in respect of the releasable data from the at least one third party; and associating, by the external server, the compensation amount with the user data profile.

[0020] In some cases, the processing of the releasable data further comprises: receiving, at the external server, a compensation offer in respect of the releasable data from the at least one third-party; transmitting, by the external server, the compensation offer to the user device; receiving, by the external server, an acceptance of the compensation offer from the user device; and transmitting, by the external server, the releasable data to the at least one third party.

[0021] In some cases, the generating of the releasable data, further comprises: generating an aggregate dataset by combining an external dataset with at least a subset of the dataset located on the external server in association with the user data profile; analyzing the aggregate dataset to generate insight data, wherein the insight data comprises the releasable data; and storing the insight data on the external server in association with the user data profile.

[0022] In some cases, the insight data comprises at least one of financial insight data, commercial insight data and cybersecurity insight data.

[0023] In some cases, the external dataset comprises datasets stored on the external server in association with a plurality of other user data profiles.

[0024] In another broad aspect, there is provided a non-transitory computer readable medium storing computer-executable instructions, which when executed by a computer processor, cause the processor to carry out the methods as described herein.

[0025] In another broad aspect, there is provided a system for user-controllable cloud-based data sharing, the system comprising: a user device comprising a processor, a non-transitory memory and a data management application stored in the non-transitory memory; an external server in communication with the user device, wherein the external server is configured to: receive at least one dataset from at least one data provider; store the at least one dataset in association with a user data profile associated with the user device; generate releasable data using the at least one dataset; receive, from the user data management application operating on the user device, an indication authorizing release of the releasable data to at least one third party; and process the releasable data by transmitting the releasable data to at least one third party.

[0026] In another broad aspect, there is provided a method for user-controllable cloud-based data sharing, the method comprising: receiving, at an external server, at least one dataset from at least one data provider; storing, at the external server, the at least one dataset in association with a user data profile associated with a user device; generating, by the external server, releasable data using the at least one dataset; receiving, at the external server from the user device, an indication authorizing release of the releasable data to at least one third party; and processing, by the external server, the releasable data by transmitting the releasable data to the at least one third party.

BRIEF DESCRIPTION OF THE DRAWINGS

[0027] A preferred embodiment of the present invention will now be described in detail with reference to the drawings, in which:

[0028] FIG. 1 is a block diagram of an example embodiment of a user-controllable cloud-based data sharing system in accordance with at least some embodiments;

[0029] FIG. 2A is a simplified block diagram of an example embodiment of a server;

[0030] FIG. 2B is a simplified block diagram of an example embodiment of a user device;

[0031] FIG. 3 is an example process flow showing a method for transferring data from an external data provider to a user’s profile account on a cloud hosting service;

[0032] FIG. 4 is an example message flow for the method of FIG. 3 for transferring data from an external data provider to a user’s profile account on a cloud hosting service;

[0033] FIG. 5A is an example process flow showing a method for user-initiated data surfacing, in accordance with some embodiments; and

[0034] FIG. 5B is an example process flow showing a method for third-party initiated data surfacing, in accordance with some embodiments.

DESCRIPTION OF EXEMPLARY EMBODIMENTS

[0035] It will be appreciated that for simplicity and clarity of illustration, where considered appropriate, reference numerals may be repeated among the figures to indicate corresponding or analogous elements or steps. In addition, numerous specific details are set forth in order to provide a thorough understanding of the exemplary embodiments described herein. However, it will be understood by those of ordinary skill in the art that the embodiments described herein may be practiced without these specific details, or with other methods, components, materials, etc. In other instances, well-known methods, procedures and components have not been described in detail since these are known to those skilled in the art. Furthermore, it should be noted that this description is not intended to limit the scope of the embodiments described herein, but rather as merely describing one or more exemplary implementations.

[0036] Unless the context requires otherwise, throughout the specification and claims which follow, the word“comprise” and variations thereof, such as,“comprises” and“comprising” are to be construed in an open, inclusive sense, that is as“including, but not limited to.”

[0037] It should be noted that terms of degree such as "substantially", "about" and "approximately" when used herein mean a reasonable amount of deviation of the modified term such that the end result is not significantly changed. These terms of degree should be construed as including a deviation of the modified term if this deviation would not negate the meaning of the term it modifies.

[0038] Reference throughout this specification to “one embodiment” or “an embodiment” means that a particular feature, structures, or characteristics may be combined in any suitable manner in one or more embodiments.

[0039] As used in this specification and the appended claims, the singular forms “a,”“an,” and“the” include plural referents unless the content clearly dictates otherwise. It should also be noted that the term“or” is generally employed in its broadest sense, that is as meaning“and/or” unless the content clearly dictates otherwise.

[0040] The headings and Abstract of the Disclosure provided herein are for convenience only and do not interpret the scope or meaning of the embodiments.

[0041] The terms “coupled” or “coupling” as used herein can have several different meanings depending in the context in which these terms are used. For example, the terms coupled or coupling may be used to indicate that an element or device can electrically, optically, or wirelessly send data to another element or device as well as receive data from another element or device.

[0042] Similarly, throughout this specification and the appended claims the term “communicative” as in “communicative pathway,” “communicative coupling,” and in variants such as “communicatively coupled,” is generally used to refer to any engineered arrangement for transferring and/or exchanging information. Exemplary communicative pathways include, but are not limited to, electrically conductive pathways (e.g., electrically conductive wires, electrically conductive traces), magnetic pathways (e.g., magnetic media), optical pathways (e.g., optical fiber), electromagnetically radiative pathways (e.g., radio waves), or any combination thereof. Exemplary communicative couplings include, but are not limited to, electrical couplings, magnetic couplings, optical couplings, radio couplings, or any combination thereof.

[0043] Throughout this specification and the appended claims, infinitive verb forms are often used. Examples include, without limitation:“to detect,”“to provide,”“to transmit,”“to communicate,”“to process,”“to route,” and the like. Unless the specific context requires otherwise, such infinitive verb forms are used in an open, inclusive sense, that is as“to, at least, detect,” to, at least, provide,”“to, at least, transmit,” and so on.

[0044] The example embodiments of the systems and methods described herein may be implemented as a combination of hardware or software. In some cases, the

example embodiments described herein may be implemented, at least in part, by using one or more computer programs, executing on one or more programmable devices comprising at least one processing element, and a data storage element (including volatile memory, non-volatile memory, storage elements, or any combination thereof). These devices may also have at least one input device (e.g. a keyboard, mouse, touchscreen, or the like), and at least one output device (e.g. a display screen, a printer, a wireless radio, or the like) depending on the nature of the device.

[0045] It should also be noted that there may be some elements that are used to implement at least part of one of the embodiments described herein that may be implemented via software that is written in a high-level computer programming language such as one that employs an object-oriented paradigm. Accordingly, the program code may be written in Java, C++ or any other suitable programming language and may comprise modules or classes, as is known to those skilled in object-oriented programming. Alternatively, or in addition thereto, some of these elements implemented via software may be written in assembly language, machine language or firmware as needed. In either case, the language may be a compiled or interpreted language.

[0046] At least some of these software programs may be stored on a storage media (e.g. a computer readable medium such as, but not limited to, ROM, EEPROM, magnetic disk, optical disc) or a device that is readable by a general or special purpose programmable device. The software program code, when read by the programmable device, configures the programmable device to operate in a new, specific and predefined manner in order to perform at least one of the methods described herein.

[0047] The term “software application” or “application” refers to computer-executable instructions, particularly computer-executable instructions stored in a non-transitory medium, such as a non-volatile memory, and executed by a computer processor. The computer processor, when executing the instructions, may receive inputs and transmit outputs to any of a variety of input or output devices to which it is coupled. Software applications may include mobile applications or“apps” for use on mobile devices such as smartphones and tablets or other“smart” devices.

[0048] A software application can be, for example, a monolithic software application, built in-house by the organization and possibly running on custom hardware; a set of interconnected modular subsystems running on similar or diverse hardware; a

software-as-a-service application operated remotely by a third party; third party software running on outsourced infrastructure, etc. In some cases, a software application also may be less formal, or constructed in ad hoc fashion, such as a programmable spreadsheet document that has been modified to perform computations for the organization’s needs.

[0049] Software applications may be deployed to and installed on a computing device on which it is to operate. Depending on the nature of the operating system and/or platform of the computing device, an application may be deployed directly to the computing device, and/or the application may be downloaded from an application marketplace. For example, user of the user device may download the application through an app store such as the Apple App Store™ or Google™ Play™.

[0050] The description sets forth various embodiments of the systems, devices and/or processes via the use of block diagrams, schematics, and examples. Insofar as such block diagrams, schematics, and examples contain one or more functions and/or operations, it will be understood by those skilled in the art that each function and/or operation within such block diagrams, flowcharts, or examples can be implemented, individually and/or collectively, by a wide range of hardware, software, firmware, or virtually any combination thereof. In one embodiment, the present subject matter may be implemented via Application Specific Integrated Circuits (ASICs). However, those skilled in the art will recognize that the embodiments disclosed herein, in whole or in part, can be equivalently implemented in standard integrated circuits, as one or more computer programs executed by one or more computers (e.g., as one or more programs running on one or more computer systems), as one or more programs executed by on one or more controllers (e.g., microcontrollers) as one or more programs executed by one or more processors (e.g., microprocessors, central processing units, graphical processing units), as firmware, or as virtually any combination thereof, and that designing the circuitry and/or writing the code for the software and or firmware would be well within the skill of one of ordinary skill in the art in light of the teachings of this disclosure.

[0051] When logic is implemented as software and stored in memory, logic or information can be stored on any processor-readable medium for use by or in connection with any processor-related system or method. In the context of this

disclosure, a memory is a processor-readable medium that is an electronic, magnetic, optical, or other physical device or means that contains or stores a computer and/or processor program. Logic and/or the information can be embodied in any processor-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions associated with logic and/or information.

[0052] In the context of this specification, a“non-transitory computer-readable medium” can be any element that can store the program associated with logic and/or information for use by or in connection with the instruction execution system, apparatus, and/or device. The processor-readable medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus or device. More specific examples (a non-exhaustive list) of the computer readable medium would include the following: a portable computer diskette (magnetic, compact flash card, secure digital, or the like), a random access memory (RAM), a read only memory (ROM), an erasable programmable read-only memory (EPROM, EEPROM, or Flash memory), a portable compact disc read-only memory (CDROM), digital tape, and other non-transitory media.

[0053] As stated in the background, the growth of the Internet has resulted in large amounts of personal user data being shared and collected online. For example, personal data is increasingly shared through the use of social media networking platforms, use of online services (e.g., retail, banking and financial), as well as through the growing emergence of the“Internet of Things” (loT).

[0054] With the increased rise in data sharing and collection, serious concerns have also emerged over user data privacy, protection and ownership. For example, in many cases, users may not understand or appreciate the types of data that are being collected about them by data collection entities. Further, user data collected by third parties may often be shared or distributed to other third parties without the knowledge or consent of users. In other cases, user data may also be sold (or re-sold) by third parties for large financial gain, but with little to no compensation to the user for the sale of their data. Still further, rising occurrences of data breaches and third-party attacks on

unsecured data banks and reservoirs has resulted in exposure of sensitive data for millions of users.

[0055] Attempts to date at resolving these issues have been limited, or otherwise ineffective. For example, in many cases, data privacy laws have been enacted to limit the way in which third parties can collect, use and distribute data, and further, to dictate minimum requirements that third parties must undertake in the wake of data breaches. In various cases, privacy legislation may also mandate adoption of privacy policies by third parties which disclose how user data is gathered and managed by these parties.

[0056] However, notwithstanding these laws and policies, many concerns over misuse of user data continue to be unaddressed. For example, third-party privacy policies are often drafted to favor the interests of third parties over end users. Accordingly, users may have no alternative but to acquiesce to unfavorable terms over the use and distribution of their data, or otherwise, to forgo access to important services offered by these third parties. In many cases, lengthy and complex privacy policies may make it difficult for laymen users to understand what types of data are being collected about them, and for what purpose the data is being collected. Still further, even if users are able to read and understand these policies, there is no mechanism for users to review, at any given point in time, the totality of data that has been collected about them and stored by these third-party entities. Current privacy legislation also makes no provision for compensating users for the sale of their data. As such, third parties continue to sell user data for large financial gain, but with no reciprocal obligation to compensate users for the sale of their data. Even further still, privacy legislation has not otherwise prevented re-occurring attacks on unsecured data banks and reservoirs which continue to expose personal and sensitive data for countless users.

[0057] Accordingly, and in view of the foregoing, embodiments disclosed herein relate to a user-controllable cloud-based data sharing system and method which provides for enhanced user data privacy, protection and ownership.

[0058] In at least some embodiments described herein, the described systems and methods may be implemented as a cloud-based service which allows users to store, manage and share user data located on a cloud storage. In at least some embodiments, the cloud-based service may be deployed, for example, using a Software

as a Service (SaaS) model which allows the service to be accessed by users through an application or a browser interface located on a user device.

[0059] In at least some embodiments, users may transfer user data, or a sub-set of user data, from an external data provider (e.g., a social media networking platform or a financial institution) to a user data profile account located on the cloud storage. For example, in various cases, users may transfer any public or private, online or offline data which is otherwise associated with that user, and which is retrievable from an external data provider. In this manner, users may aggregate all, or any subset, of the totality of their data into a single data repository. In some embodiments, the external data provider may also be an Internet Service Provider (ISP), which may have access to a user’s online public or private data from other external data sources. Accordingly, users may retrieve and transfer their online public or private data directly from the ISP to their user data profile account on the cloud storage.

[0060] In some embodiments, the cloud based service may include different cloud storage units for storing different types of user data. For example, in various cases, the cloud service may include at least a public online storage unit, a private online storage unit, and a private offline storage unit. The online public storage unit may be configured to store online public data associated with a user (e.g., social media interaction data, online search query data, etc.). The offline public storage unit may be configured to store online private data associated with the user (e.g., financial data). Further, the private offline storage unit may be configured to store offline private associated with the user (e.g., data located on a memory of a user device). In at least some embodiments, users may request that data providers transfer user data into an appropriate storage unit, based on the type of data being transferred. In other cases, the cloud service may be configured to automatically analyze user cloud data, profile the data based on data type, and store the data into the appropriate storage unit. In still other cases, users may manually move cloud data into the appropriate storage unit through an application or browser interface located on a user device.

[0061] In at least some embodiments, in order to provide users with a better understanding of the types of data being collected about them by data collection entities (e.g., external data providers), the cloud service may allow users to view “profile summary reports”. In various cases, the“profile reports” may summarize all user data

that has been transferred into the cloud storage units from one or more external data providers. The“profile reports” may accordingly allow users to view, in a condensed manner, a summary of all data which has been collected about them by the external data providers. In at least some embodiments, the“profile reports” may be provided to users in real time, or near real time, in order to allow users to review, at any given point in time, all collected data.

[0062] In various embodiments, to provide for enhanced data protection and privacy, user data located on the cloud storages may be encrypted. For example, in various cases, user data may be encrypted using a unique encryption key. Users may then be required to submit a private encryption and/or decryption key in order to decrypt and access their cloud data. For instance, in at least some embodiments, users may submit their private keys through an application or browser interface located on their user device. In this manner, unauthorized access of user data by un-scrupulous third parties may be prevented. In some cases, as an additional security measure, users may also be required to verify their identity, prior to accessing cloud data, by entering private authentication information. In at least some cases, where data is encrypted using authenticated encryption, data may be automatically decrypted once the correct authentication information has been entered by the user.

[0063] In accordance with various other embodiments provided herein, the systems and methods provided herein may allow users to generate value from their cloud data by“surfacing” (e.g., making available) certain of the data for use by third parties. For example, in various cases, users may have an option to consent (e.g., authorize) release of their data to a data analytics program, or a third-party data analytics service provider. The analytics program, or service provider, may aggregate the user’s released data with a larger set of data composed of similar, or identical, data to generate an aggregate dataset. For example, the data may be aggregated with data released by other users of the cloud hosting service, or data retrieved from public or private data sources (e.g., government data, or data from data brokers). The aggregate dataset is then analyzed to identify various insights (e.g., correlations, patterns, or trends) which may be of value to different third-party entities (e.g., commercial entities, advertisers, etc.). Insights may then be stored into the cloud storage in association with the user’s data profile. In various cases, the user’s“profile summary” report may include summary information of a user’s generated insights.

[0064] In at least some embodiments, users may be presented with an option to share (e.g., release) all, or any subset, of their cloud data with third parties. For example, in various cases, users may have an option to generate releasable data (e.g., insight data) and share the releasable data with third-party entities (e.g., commercial entities or advertiser) in exchange for compensation (e.g., a compensation amount). For instance, users may consent to sharing their data in return for monetary or non monetary payments, including discounts over products and services offered by third parties, cashbacks, loyalty points, or other suitable compensation. As explained in further detail herein, third parties may seek to acquire, for example, insight data, in order to identify marketplace trends among different segments of users, and accordingly, to create new products and services which respond to these trends. In at least some embodiments, prior to sharing data with a third party, users may be able to review (or otherwise request) information regarding how the third party intends to use the user’s data.

[0065] Accordingly, the system and method provided herein may allow for enhanced user data ownership and privacy as users are now able to control which sub set of their data is being shared, with whom the data is being shared, and for what purpose the data is being used. Still further, users may now control the surfacing of their data, and may receive compensation over the release of that data to third parties.

[0066] In still further embodiments, users may be able to subscribe, or otherwise consent, to services offered by one or more third-party service providers. For example, in at least some embodiments, users may consent to personal data monitoring offered, for example, by a cybersecurity service provider (or a credit monitoring service). In these cases, data located on the cloud storage may be monitored for cybersecurity threats or other suspicious activity. In other cases, users may also subscribe (e.g., consent) to personal identity insurance services. In still other cases, users may subscribe or consent to anti-malware or anti-virus protection that may allow users to install anti-malware or anti-virus software on their user devices. The anti-malware and anti-virus software may protect user device data, and also may prevent viruses and malware from accessing user’s cloud storage via the user device. As such, various services may be provided to users in order to enhance user data protection and security, as well as to improve the user’s experience of the cloud-hosting service.

[0067] In view of the foregoing, the provided method and system overcomes a number of extant problems relating to user data privacy, and user data ownership.

[0068] Referring now to FIG. 1 , there is shown an example embodiment of a block diagram of a user-controllable cloud-based data sharing system 100. The user-controllable data sharing system 100 provides the environment in which the methods described herein may generally operate.

[0069] As shown, system 100 generally includes a server 105, which may be in communication with one or more user devices 1 10, storage units 1 15a - 1 15c and 120, as well as one or more third-party service providers 135a - 135n. In various embodiments, system 100 may also include one or more third-party data providers 125a - 125c in communication with the one or more storage units 1 15a - 1 15c.

[0070] The communication between the various components of the system 100 may occur over a network (not shown so as not to obscure description), which in some cases, may be connected to the Internet. In various cases, the connection between the network and the Internet may be made, for example, via a firewall server. In some cases, there may be multiple links or firewalls, or both, between the communication network and the Internet. Some organizations may operate multiple networks or virtual networks, which can be Internetworked or isolated. The communication network may be constructed from one or more computer network technologies, such as IEEE 802.3 (Ethernet), IEEE 802.1 1 and similar technologies.

[0071] Server 105 may be a computer server. As with all devices shown in the system 100, there may be multiple servers 105, although not all are shown. Further, it will be understood that server 105 need not be a dedicated physical computer, but for example, may be a“cloud” hosting service. For example, in various cases, the server 105 may be cloud hosting service deployed, for example, using a Software as a Service (SaaS) model which allows the service to be accessed by users using an application or a browser interface located on user devices 1 10.

[0072] Referring now to FIG. 2A, and with continued reference to FIG. 1 , there is shown a simplified block diagram of the server 105.

[0073] As shown, server 105 may generally include a processor 105a, a memory

105b, a user profile database 105c, a data analytics program 105d, a user profile monitoring program 105e, and a data exchange program 105f. In various cases, the user profile database 105c, data analytics program 105d, user profile monitoring program 105e, and data analytics program 105d may be stored on memory 105b. In at least some embodiments, server 105 may also include a display 105g, a communication interface 105h, and an input/output (I/O) interface 105i for connecting various auxiliary devices to server 105.

[0074] Processor 105a is a computer processor, such as a general purpose microprocessor. In some other cases, processor 105a may be a field programmable gate array, application specific integrated circuit, microcontroller, or other suitable computer processor.

[0075] Processor 105a is coupled, via a computer data bus, to memory 105b. Memory 105b may include both volatile and non-volatile memory. Non-volatile memory stores computer programs consisting of computer-executable instructions, which may be loaded into the volatile memory for execution by processor 105a as needed. It will be understood by those of skill in the art that references herein to server 105 as carrying out a function or acting in a particular way imply that processor 105a is executing instructions (e.g., a software program) stored in memory 105b and possibly transmitting or receiving inputs and outputs via one or more interface. Memory 105b may also store data input to, or output from, processor 105a in the course of executing the computer-executable instructions. As stated previously, user profile database 105c, data analytics program 105d, user profile monitoring program 105e, and data analytics program 105d may be located on memory 105b. Further, and as explained in further detail herein, memory 105b may also include storage 1 15a— 1 15d, 120 of system 100.

[0076] User profile database 105c may be a database of user accounts for users of user devices 1 10. Users may generate user accounts on server 105 in order to store and manage user data on server 105. For example, in various cases, users may use an application or web-browser interface, located on user devices 1 10, in order to remotely access server 105 and to generate a profile account. In other embodiments, user profile database 105c may be managed by a server administrator. For instance, the user profile database 105c may be managed by a server administrator who may remotely access server 105 using an administrator computer which is in communication with the server 105 over a network. In other cases, the server administrator may directly access the server 105 using, for example, an input device coupled to the I/O interface 105g (e.g., a keyboard) in conjunction with the display 105g.

[0077] User profile database 105c may also store other additional information with respect to each user’s data profile. For instance, in at least some embodiments, user profile database 105c may store encryption information with respect of each user’s data profile. For example, and as explained in further detail herein, user data located on storage units 1 15, 120 may be encrypted to ensure user data privacy and protection. Accordingly, users may be assigned private encryption and/or decryption keys, and may be required to enter their private keys into an application or browser interface on user device 1 10 in order to decrypt and access their stored data.

[0078] In still other embodiments, user profile database 105c may also store authentication information with respect of each user profile. The authentication information may verify the user’s identity as an added security measure. For example, in various cases, in order to access and manage cloud data, users may be required to input authentication data into an application or browser interface on their user device 1 10. Authentication data may include, for example, user passcodes, verification codes, user biometric indicators (e.g., finger print data, facial data, voice data, etc.), personal identification data (e.g., e-mail, address, secret questions and answers), blockchain keys or seeds, as well as other unique user device identifiers. As explained herein, in at least some cases, two-factor authentication (2FA) may be used or required in order to access cloud data.

[0079] In still further embodiments, users may be able subscribe, or otherwise consent, to services offered by third-party service providers 135. Accordingly, user profile database 105c may store information regarding services associated with each user profile account. For example, in various cases, users may consent or subscribe to personal profile data monitoring provided, for example, by a third-party cybersecurity provider. In other cases, users may also subscribe or consent to personal identification insurance. In still other cases, users may subscribe or consent to anti-malware and anti virus services which may provide users with anti-malware and anti-virus software for installation on user devices 1 10. Accordingly, user profile database 105c may store information regarding an array of services which are subscribed, or consented to, by a user of a user account.

[0080] In still yet further embodiments, user profile database 105c may also store additional information relating to a user’s bank account information, business or home address, accounts with third-party service providers (e.g., a user’s account with an online commercial retailer). In various cases, this information may be provided by users through an application or browser interface located on user device 1 10. Further, and as explained herein, this information may be used when processing transactions between users and third parties for user data.

[0081] Data analytics program 105d may be an application that is configured to analyze user cloud data with a view to extracting relevant information from that data. For example, in various cases, users may consent (e.g., authorize) release of a sub-set of their cloud data to analytics program 105d. Analytics program 105d may then receive the released data and may sort through the data to identify different data subsets, data types, or data sub-groupings. Analytics program 105d may then select and extract a particular subset of data (e.g., corresponding to a specific data-type or data sub-group), and may aggregate the data subset with a larger set of data to generate an aggregate dataset. For example, analytics program 105d may aggregate the user’s data with similar or identical data released by other users on the cloud hosting service. In other cases, user data may be aggregated with a larger set of data received from third-party public or private data sources (e.g., government data, or data purchased from data brokers). The aggregate dataset is then analyzed to identify insights, such as hidden data correlations, patterns, or trends.

[0082] In at least some example embodiments, analytics program 105d may receive a user dataset, and may be configured to identify user financial data (e.g., payment transaction data, credit card data, credit scores, loan and debt information, stock portfolio and investment data, etc.), as well as user demographic data (e.g., user age, marital status, occupation, etc.) from the released dataset. The user financial and demographic data may then be extracted and aggregated with financial and demographic data received from other users. The aggregated dataset is then analyzed for financial“insights”, such as correlations between user spending patterns and user demographics.

[0083] In various cases, and as explained herein, the “financial insights”, generated by analytics program 105d, may have value to specific third-party entities. For example, the insights may be valuable to financial institutions (e.g., banks or credit units) which may use the “financial insights” to generate new financial products or services which are customized to different client demographics based on predicted spending patterns. In other cases, “financial insights” may be used by financial and cybersecurity entities, alike, in order to enhance fraud-prevention and risk management services. For example, unusual spending patterns (e.g., resulting from identity theft or credit fraud) may be flagged based on predicted spending patterns for different customer demographics. As explained in further detail herein, in various cases, users may be able to share their“financial insights” with interested third parties in return for compensation. In this manner, users may be able control surfacing of their data.

[0084] In other cases, other types of insights may be generated by combining and analyzing different subsets of user data. For example, in other cases, user purchase history data and/or online search history data may be combined with user demographic data. This data may be analyzed to generate“commercial insights”, such as correlations between user purchase preferences and user demographics. In various cases, “commercial insights” may be of value to retail entities, and/or advertising agencies. For example, retail entities and advertisers may use“commercial insights” in order to identify new marketplace trends, and accordingly, generate new products, services or advertisements which respond to these trends.

[0085] Accordingly, as will be appreciated, as more data is stored by users on the cloud storage, users will have greater opportunities to benefit from the surfacing of their data. In particular, this is because as users store more data on the cloud storage, analytics program 105d will have access to a greater variety of data which can be used for generating a greater variety of insights. It will also be appreciated that, as the number of users on the cloud service increases, the value of the insights generated by the analytics program 105d also increases. This is because, as more users store data on the cloud storage, a greater amount of data is available for generating aggregate datasets. Accordingly, insights (e.g., correlations, trends, and patterns) are generated by analyzing data over a greater cross-section of users. This, in turn, may allow insights to be of greater value to third-party entities.

[0086] In at least some embodiments, in order to enhance the process of generating insights, analytics program 105d may incorporate “intelligent” algorithms

(e.g., Artificial Intelligence (Al) and/or machine learning). The “intelligent” algorithms may be used, for example, to analyze user data and identify opportunities for insight creation. For example, the“intelligent” algorithms may quickly profile user data, and identify data subsets which may be useful for generating insights of value to different third-party entities.

[0087] In various cases, once insights are generated by analytics program 105d, the insights are returned for storage on insight storage unit 120 in association with a user’s profile account. As explained previously, users may then select to release some, or all, of their stored insights to third parties in return for compensation (e.g., monetary or non-monetary payments). Accordingly, users may realize direct value from the data they generate, and may directly control who may receive the value of that data.

[0088] In other embodiments, insights may not be generated by analytics program 105d, but may be generated by a third-party data analytics service provider 135 (e.g., a service provider which performs big data analytics). For example, users may consent to release of their data, in anonymized or non-anonymized form, to a data analytics service provider 135. The insights generated by the third-party provider may then be returned for storage on insight storage 120, in association with a user’s profile account.

[0089] Referring still to FIG. 2A, and with continued reference to FIG. 1 , the server 105 may also include a user profile monitoring program 105e. In various cases, user profile monitoring program 105e may scan data stored in storage units 1 15, 120 in association with each user profile account. Based on the data scan, the monitoring program 105e may then generate a “user profile report” which summarizes, in a condensed manner, all data stored in the user’s profile, including insights generated by analytics program 105d (or other external analytics service providers). Accordingly, and as explained herein, the profile report may provide users with a complete review of all data otherwise associated with the user. In at least some embodiments, the profile monitoring program 105e may generate reports in real-time or near real-time by scanning the user’s data at continuous p re-determined time intervals, or at continuous pre-determ ined frequencies.

[0090] In at least some embodiments, user profile monitoring program 105e may also incorporate cybersecurity monitoring features. For example, the monitoring

program 105e may be configured to monitor user data to identify, for example, inconsistencies in the data. In various cases, data inconsistencies may indicate that a user’s data has been compromised (e.g., as a result of identity theft or credit fraud). For instance, as explained herein, in various cases, users may be able to transfer and store personal data, into storage units 1 15, from a user’s account at an external data provider 125. Accordingly, an inconsistency in the data may indicate that a user’s account at the external data provider has been compromised (e.g., a user’s bank account has been breached). In these cases, the user may be notified of the potential breach, or otherwise, of any other suspicious activity on the user’s account. In other cases, which are discussed in further detail herein, the security monitoring may not be performed by monitoring program 105e, but rather, may be performed by a third-party cybersecurity provider which is granted access to monitor the user’s data repository.

[0091] Data exchange program 105f may be configured to act as virtual

‘marketplace’ to link users of user devices 1 10 to prospective third-party buyers of user’s data. As explained herein, data exchange program 105f may, in various cases, allow users to realize direct value from their stored data.

[0092] In various embodiments, data exchange program 105f may receive datasets (e.g., insight data) a user may wish to release in order to sell (or otherwise share in return for compensation). This data may be referred to as“releasable data”. The data exchange program 105f may then transmit the user’s offer to sell the releasable data to one or more interested third parties (e.g., financial or retail entities). The third parties may receive the user’s sale offer and may, in turn, submit bids (e.g., a compensation offer) in order to acquire the data. For example, in various cases, in exchange for receiving the user’s data, third parties may offer monetary or non monetary payments, including discounts over products or services offered by these third parties, cashbacks, loyalty points, or other forms of compensation. In various cases, third parties may also provide additional information in conjunction with the offer, including, an explanation of how the third party intends to use the user’s data (e.g., for market research). Using an application or browser interface located on the user device 1 10, users may view the third-party compensation offers and may accept the most favorable offer. In other cases, users may accept more than one offer in respect of the same dataset. In still other cases, a user may not be satisfied with any third-party offer, and accordingly, the user may select to decline all offers.

[0093] In cases where the user accepts one or more offers (e.g., compensation offers), data exchange program 105f may process the transaction by transferring (e.g., transmitting) the user’s releasable data (in anonymized or non-anonymized form, as the user selects) to the relevant third party. The data exchange program 105f may then, in turn, transmit the offered compensation amount (e.g., the monetary or non-monetary payment) back to the user. For example, in some cases, the data exchange program 105f may associate the compensation amount with the user’s data profile. In other cases, the data exchange program 105f may facilitate deposit of a monetary payment, offered by the third party, directly into a user’s bank account. For example, in various cases, a user may store bank account information in association with their user data profile 105c. The data exchange program 105f may then access the bank account information to carry-out a direct deposit. The data exchange program 105f may also provide, with user consent, the bank account information directly to the third party for the third party to carry out the direct deposit. In other cases, the monetary payment be offered in a physical form (e.g., by mailing cash or cheque to the user’s address, as stored in user data profile 105c). In still other cases, in exchange for user data, a third party may offer, for example, discounts over certain goods and services. Accordingly, the user may receive a discount code from the third party. The user may then apply the discount code to any subsequent in-store or online purchase from the third party. In still yet other cases, the third party may offer loyalty points to the user. In these cases, the user may store their third-party account information in user profile database 105c, and the data exchange program 105f may transfer (or apply) the loyalty point information to the user’s account with the third party. In other cases, the third party may apply the loyalty-points directly to a user’s online account with the third party (in these cases, the user may not able to exchange their data anonymously). Accordingly, it will be appreciated that the transaction between the user and the third party may be carried-out using any one of a number of suitable methods.

[0094] In still other embodiments, data exchange program 105f may be configured to pair users with customized offers. For example, exchange program 105f may analyze user data (e.g., insight data) to identify user preferences. The exchange program 105f may then transmit these preferences, with user consent, to interested third parties (e.g., in anonymized or non-anonymized form). Third parties may then bid over user data by submitting customized offers which are tailored to the user’s preferences (e.g., customized discounts over particular products or services). In other cases, users may be asked to complete surveys or questionnaires in order to determine their preferences. For example, the surveys or questionnaires may be completed in an application or browser interface on user device 1 10.

[0095] In still yet other embodiments, rather than third parties bidding over user data, data exchange program 105f may present all users with“general offers” from third parties for specific datasets (e.g., insight data). Each user may receive the“general offers”, and may determine whether or not they possess the requested datasets. If the user possesses the requested datasets, the user may then accept one or more of the “general offers”. In at least some embodiments, data exchange program 105f may also automatically determine whether the user possesses the requested dataset, and may filter“general offers” on this basis (e.g., the user may only view“general offers” for datasets they possess). In still other cases, data exchange program 105f may only present “general offers” to users if the “general offers” corresponds to the user preferences.

[0096] In various other embodiments, users may receive offers (general or custom) for insight data which they do not possess. The data analytics program 105d may then work in conjunction with the profile monitoring program 105e to determine whether, based on the user’s available data, there is a potential to generate the requested insight data. If there is potential, the user may have an opportunity to consent to insight generation, and further, to accept the offer from the third party over the requested insights.

[0097] Data exchange program 105f may be configured to carry out the transaction between the user and the third party using any one of a number of communication protocols and application programming interfaces (e.g., HTTP and REST).

[0098] In other cases provided herein, server 105 may not include a data exchange program 105f, but rather, a third-party virtual marketplace service provider 135 may be used to facilitate exchange of data and offers between users and third parties.

[0099] Processor 105a may also be coupled to display unit 105e, which may be any suitable display for outputting information and data as needed by various computer programs (e.g., a screen). In various cases, display 105e may display a graphical user interface (GUI) which provides an administrator of server 105 with a user-friendly environment for managing data on server 105 (e.g., managing user profile database 105c). In some cases, the display 105e may be omitted from server 105, for instance where the server 105 is configured to operate autonomously.

[00100] Communication interface 105h is one or more data network interface, such as an IEEE 802.3 or IEEE 802.1 1 interface, for communication over a network with other components of system 100.

[00101 ] Input and output (I/O) interface 105i may include an interface for connecting any other accessory to server 105 (e.g., an input device, such as a keyboard or touch screen, for interacting with the server 105).

[00102] Referring now back to FIG. 1 , system 100 may also include one or more storage units 1 15a - 1 15c and 120. Storage units 1 15, 120 may be any non-volatile memory. Each storage unit 1 15, 120 may have one or more memory storage compartments in order to store data in association with different user profile accounts on user profile database 105c. While shown separately from server 105, it will be appreciated that in various cases, storage units 1 15, 120 may be located in memory 105b of server 105. Where server 105 is a cloud hosting service, the storage units 1 15, 120 may be accordingly cloud storage units.

[00103] As further shown, each of storage units 1 15a - 1 15c may be in communication with one or more data providers 125a - 125c, respectively. As explained herein, data providers 125 may be any third-party entities which collect or store data in association with a user of user device 1 10. In various cases, users may transfer (e.g., migrate) data from data providers 125 to a user’s account on storage units 1 15.

[00104] In various cases, the communication between storage units 1 15 and data providers 125 may occur over a network. In cases where storage units 1 15 are located on memory 105b of server 105, storage units 1 15 may communicate with data providers 125 using communication interface 105h of server 105. In various embodiments, the communication between cloud storages 1 15 and data providers 125 may be facilitated by one or more Application Programming Interfaces (APIs) 130a - 130c, respectively. For example, the storage units 1 15 (or memory 105b) may be configured to store one or more web-based APIs 130 associated with one or more data providers 125.

[00105] As shown, storage units 1 15 may generally include an online public storage unit 1 15a, an online private storage unit 1 15b, and an offline private storage unit 1 15c. In at least some embodiment, the system 100 may also include an “insight” storage unit 120.

[00106] Online public storage 1 15a may be configured to store various online public data which is associated with a user of user device 1 10. In various cases, online public data may be received, for example, from a user’s account located with an online public data provider 125a. For example, in at least some embodiments, online public storage unit 1 15a may be configured to store a user’s online social interaction data received from a user’s account on a social media networking platform 125a (e.g., Facebook™, Instagram™ or Linkedln™). Social interaction data may include, for example, data in respect of a user’s social network (e.g., friend or connection lists), media files uploaded by the user (e.g., images, videos or audio), geo-locational tagging data, memberships or affiliations (e.g., political, cultural or social), as well as other historical or statistical user data. In other cases, a user’s online public data may also include search query data received from a user’s account on an online search engine provider. For example, the search query data may include search strings entered by the user, as well as data about when (or where) these search queries were entered. In other cases, search query data may also include data regarding websites, or search results accessed by the user. In still other cases, online public data may include a growing volume data that is increasingly generated through the “Internet of Things” (loT). Accordingly, it will be appreciated that online public data may encompass the totality of all data that is generated, or otherwise associated, with a user’s online and public presence.

[00107] Online private storage 1 15b may be configured to store various offline, and confidential public data in association with a user of user device 1 10. In various cases, online private data may be received, for example, from an online private data provider 125b. For instance, in various embodiments, private online data may include financial data received from a user’s account at a financial institution (e.g., bank or credit union). Financial data may include, for example, user’s debit and credit account information, payment transaction history, debts, loans, payment defaults, credit purchase history, investment portfolio data, stock purchases/sales history, and savings account information. In various cases, financial investment data may also include data received from a user’s account with an investment or portfolio management service. In still other cases, online private data may include data received from credit bureaus (e.g., credit reports, etc.), as well as government data (e.g., user health care data, health card number, social insurance number, employment data, tax filings, criminal record, citizenship status, etc.). In various cases, online private data may also include a user’s purchase history or click-history data which may be received, for example, from on online retailer 125b (e.g., Amazon™). Accordingly, it will be appreciated that offline public data may encompass the totality of all data that is privately or confidentially stored online in association with a user.

[00108] In various cases, one or both of the online public data provider 125a and online private data provider 125b may be an ISP. For example, an ISP may have access to a user’s online public and private data from other third-party data sources. Accordingly, in these cases, the user’s online public and private data may be retrieved directly from the ISP. In at least some cases, where a user’s online public and private data are transferred from an ISP, an API 130 may not be required to facilitate the transfer of data between the ISP and the online public and private storages 1 15a, 1 15b.

[00109] Offline private storage 1 15c may be configured to store all other user data that is generated privately, and offline by the user. In various cases, offline private data may be received, for example, from one or more offline private data providers 125c. In at least some embodiments, offline private data may be received from user device 1 10. For example, and as explained in further detail herein, offline private data on user device 1 10 may include data located on memory 1 10b of user device 1 10, including media and audio files, SMS and text messages sent and received, phone call records (e.g., missed and received calls), data stored in association with any application operating on the user device, a list of applications installed on the user device, geo tagging data, browsing history on device web-browsers, device setting data (e.g., processor configuration, language preferences, Wi-Fi or Internet settings, RAM usage), as well as other data that may be captured by a data collection application operating on the user device 1 10 as explained herein (e.g., key stroke information, interval screenshots of user device, etc.).

[001 10] In view of the foregoing, it will be understood that data which may be transferred and stored on storage units 1 15 may potentially include the entirety of all data which is associated with a user of user device 1 10, and which may be located online or offline and which is otherwise made public or private. In this manner, storage units 115 may permit aggregation of all associated user data into a single data repository. This, in turn, may allow users to manage and access their data in one location, rather than in multiple locations.

[001 1 1 ] In various cases, users may benefit from transferring more data from data providers 125 into storage units 1 15. For example, as previously stated, as more user data is transferred to storage units 1 15, profile monitoring program 105e may be able to generate more holistic profile reports. These holistic profile reports may allow users to better understand, or appreciate, all data that has been collected about them by data providers 125, and is now stored on storage units 1 15. Further, in cases where the profile monitoring program 105e is configured to perform cybersecurity monitoring (or the user is subscribed to cybersecurity monitoring service), users may also benefit from a more complete security assessment. In particular, the security assessment may now examine inconsistencies, or suspicious activity, across the totality of user data. Still further, in various cases, as more data is transferred into storage units 1 15, users are provided with greater opportunities to control and benefit from the surfacing of their data. For example, as users transfer more social media data, search query data, financial data, government data, and user device data to storage units 1 15, data analytics program 105d (or other analytics service providers) are provided with a larger set of data which can be used for generating a larger numbers of insights which are of value to a larger variety of third-party entities. Users may then exchanges these greater number of insights for more compensation from third parties. Accordingly, in this manner, users may be incentivized to transfer more data into storage units 1 15.

[001 12] In various embodiments, in order to transfer data from a data provider 125 to storage unit 1 15, a“dataset request” may be transmitted by a user, of user device 1 10, to a data provider 125. The“dataset request” may be transmitted, for example, using an application or web-browser interface located on user device 1 10. The“dataset request” may request release of user data, or a subset of user data, from the user’s account on data provider 125 to a relevant storage unit 1 15. The data provider 125 may receive the request, identify the relevant dataset, and transmit the relevant dataset to the storage unit 1 15.

[001 13] In other embodiments, prior to transmitting the dataset to storage unit 1 15, the data provider 125 may first identify the relevant dataset in the dataset request. The data provider 125 may then transmit an‘indication’ of the dataset back to the user device 1 10. The user device 1 10 may receive the indication, and may authorize release of the indicated dataset, or a selected subset of the indicated dataset (e.g., only a portion of the dataset). For example, while the dataset request may identify all data associated with a user’s account on a social media networking platform, the user may select to release only a select subset of that information (e.g., only data in respect of a user’s connection list, or only data generated within a recent period of time). Accordingly, the user device may transmit a“release authorization message”, back to the data provider 125, indicating the dataset, or the data subset, the users wishes to release. In various cases, the “release authorization message” may also contain information in respect of the server 105, the user’s profile on server 105, and the particular storage unit 1 15 which the user would like the data to be transmitted. Accordingly, data provider 125 may transmit the requested dataset, or subset of data, to the correct server, user profile, and storage unit, as indicated in the “release authorization message”.

[001 14] In still yet other embodiments, prior to releasing data to storage units 1 15, the data provider 125 may also retrieve the selected dataset, or subset of data, from a data collection server (e.g., associated with the data provider 125). In some cases, data, on the data collection server, may be encrypted. Accordingly, the data provider 125 may decrypt the data after, or before, the data is retrieved. For example, in some cases, data may be encrypted with an encryption key which is unique to the user’s account on the data provider. As such, the data must be decrypted with a private user encryption and/or decryption key. Accordingly, in at least some embodiments, the user may be required to submit their decryption key (as well as other authenticating information) to the data provider 125 in the initial dataset request and/or in the release authorization message. Once the data is decrypted, the data may be transmitted to the appropriate storage unit 1 15.

[001 15] In various cases, in order to keep user data in storage units 1 15 up to date, the server 105 may periodically retrieve updated data from data providers 125 (e.g., via an automatic cache refresh or a web hook). In other cases, the data provider 125 may notify the server 105 of an update to the user’s data, and the server 105 may automatically retrieve the updated dataset, or otherwise, transmit a notification to user device 1 10 confirming whether the user would like server 105 to update the dataset.

[001 16] As previously explained, in various embodiments, in order to ensure data privacy and protection, and to otherwise prevent data breaches by third parties, data located on storage units 1 15, 120 may be securely encrypted. The data may be encrypted using any suitable cryptographic technique, including, for example, symmetric key encryption (e.g., Advanced Encryption Standard (AES) 256-bit or 512-bit encryption) or asymmetric key encryption (public-key encryption) (e.g., block-chain data encryption). In various cases, data which is transferred (e.g., migrated) from data providers 125 to storage units 1 15 may be automatically encrypted, prior to storage, with an encryption key that is unique to each user profile account. Users may then be required to submit a private encryption or decryption key, for example, through a web-browser interface or application located on user device 1 10, in order to decrypt and access data on storage units 1 15, 120. Once the data is decrypted, the data may be transmitted to the user device 1 10 using any secure or unsecure network protocol (e.g., Hypertext Transfer Protocol (HTTP), Hypertext Transfer Protocol Secure (HTTPS), File Transfer Protocol (FTP), or FTP secured with Secure Socket Layers (SSL)/Transport Layer Security (TLS) (FTPS)). In still other embodiments discussed herein, users may also be required to authenticate before accessing data on storage units 1 15, 120.

[001 17] Still referring to FIG. 1 , system 100 may also include an insight storage unit 120. Insight storage unit 120 may be configured to store insight data generated by data analytics program 105d, or otherwise generated by an external third-party data analytics service provider.

[001 18] Referring now to FIG. 2B, and with continued reference to FIG. 1 , there is shown a simplified block diagram of the user device 1 10.

[001 19] User devices 1 10 may be any suitable computing device capable of executing an application. In various cases, user devices 1 10 may refer to desktop or laptop computers, but may also refer to smartphones, tablet computers, as well as a wide variety of “smart” devices capable of data communication. Increasingly, this encompasses a wide variety of devices as more devices become networked through the “Internet of Things”.

[00120] Similar to server 105, user device 1 10 may generally include a processor 1 10a, a memory 1 10b, a display 1 10c, a communication interface 1 10d, and an input/output interface 1 10e. In various embodiments, user device 1 10 may also include a user data management application 1 10f, a data collection application 1 10g, and one or more third-party service provider programs 1 1 Oh. In at least some embodiments, the data management application 11 Of, data collection application 1 10g as well as the third-party service provider programs 1 1 Oh may be stored on memory 1 10b. Further, while data management application 1 1 Of and data collection application 1 10g have been shown as separate applications, in other cases, these application may be configured as a single application.

[00121 ] Data management application 1 10f may be configured to allow users, of user devices 1 10, to view, access and manage user data on storage units 1 15, 120. For example, in various cases, where the server 105 is a cloud hosting service, management application 1 1 Of may allow users to remotely access services offered by the cloud service. In various cases, data management application 1 1 Of may be configured as a stand-alone application located, for example, on a mobile user device. In other cases, data management application 1 10f may refer to a web-browser program located on a user device (e.g., users may be able to access the cloud service via a web-browser interface). In other cases, management application 1 1 Of may refer to an extension, or plug-in, to a browser interface.

[00122] In at least some embodiments, and as stated previously, users may use management application 1 10f in order to transfer (e.g., migrate) data from data providers 125 to a relevant storage unit 1 15. For example, users may use management application 1 1 Of to transmit a“dataset request” as well as data“release authorization messages” to data providers 125, as previously explained.

[00123] Once data is stored on storage units 1 15 (or insight storage unit 120), users may then use the management application 1 10f to access and manage their data. In various cases, where data is encrypted on the cloud storage, users may also use the management application 1 10f to submit their private decryption key. The decryption key is transmitted to the server 105, and if the key is determined to be correct, the data may be decrypted and transmitted back to the user device 1 10 (e.g., via a secure or unsecure network protocol).

[00124] In at least some embodiments, access to cloud data may also require user’s to verify their identity. For example, users may be required to submit authentication information through the management application 1 10f (e.g., passcodes, verification codes, user biometric indicators (e.g., user finger print data, facial data, voice data), personal identification data, etc.). The authentication information may then be transmitted to the server 105, and may be compared against authentication information stored in association with the user’s data profile on user profile database 105c. If the authentication information is correct, the user may then be granted access to the decrypted data. In at least some embodiments, two-factor authentication (2FA) may be required in order grant access to user data. In various embodiments, where data is encrypted using authenticated encryption, entering the authentication information may also automatically decrypt the data.

[00125] Data management application 1 1 Of may also provide various additional features which further allow users to better manage their cloud data. For example, in various cases, data management application 1 1 Of may allow users to view“profile summaries” (or“profile reports”) generated, for example, by profile monitoring program 105e on server 105. The“profile report” may offer a condensed summary of all user data located on storage units 1 15, 120. Where a user has migrated (e.g., transferred) a majority of their online and offline, private and public data, to storage units 1 15, the “profile reports” may allow users to view, in a consolidated manner, all data which is otherwise associated with that user. In this manner, users may review the “profile reports” to determine, for example, all data which has been collected about them by different data collection entities (e.g., data providers 125). In other cases, users may also review the“profile reports” to determine inconsistencies resulting, for example, from identity theft and/or credit fraud. In various cases, the“profile report” may also include a summary of all‘insights’ generated by data analytics program 105d (or any other third-party data analytics service provider) and which are stored on insight storage unit 120. In various embodiments, the profile summaries may be provided to the user in real-time, or near real-time. Accordingly, users may be able to review, at any given point in time, all data that has been collected about them, and is otherwise stored on storage units 1 15, 120.

[00126] In still other embodiments, users may use data management application 1 10f to authorize release of their data (or a subset of their data) from storage units 1 15, to data analytics program 105d (or an external data analytics service provider) for insight generation. For example, users may be provided with an option to generate releasable data (e.g., valuable insights) from a subset of their data located on storage units 1 15. The user may then consent to data surfacing by authorizing release of the data subset to the analytics program 105d, or to the external service provider. The user may then, in turn, receive insights to be stored in insight storage 120 in association with their user profile. In various cases, where data is being released to an external service provider for insight creation, the user may also select whether to release the data in anonymized or non-anonymized form.

[00127] In still yet other embodiments, users may also use data management application 1 10f in order to exchange (e.g., share) their stored data with third-party entities. For example, application 1 1 Of may allow users to view and accept offers from third parties for data on storage units 1 15, 120. As explained previously, the data exchange may be facilitated by data exchange program 105f on server 105, or otherwise, by any other third-party virtual marketplace provider.

[00128] In at least some embodiments, users may use data management application 1 10f in order to complete or answer informational questions (e.g., questionnaires or surveys). The users’ responses to these questions or surveys may be transmitted to server 105, and may be used by data exchange program 105f in order to determine users’ preferences. Based on the determined user preferences, the data exchange program 105f may then locate relevant or personalized offers by third parties for user data. In other cases, the users preferences may be transmitted to any other external virtual marketplace provider.

[00129] In various embodiments, the data management application 1 10f may be configured with a graphical user interface (GUI) in order to present information (e.g., user profile summaries or third-party offers) in a user-friendly manner (e.g., using visuals, graphics, charts, etc.).

[00130] User device 1 10 may also include a data collection application 1 10g. In at least some embodiments, data collection application 1 10g may be configured, with user consent, to monitor user activity and user data on user device 1 10. For instance, and by way of non-limiting examples, the application 1 1 Of may be configured to record key strokes on user device 110, track messages (e.g., SMS messages) received or sent,

monitor and record call information (e.g., missed and received calls), monitor geolocation tagging or geo-locational data (e.g., GPS data), capture screenshots of the device at pre-determ ined time intervals, capture RAM usage, monitor Internet setting (e.g., wireless bandwidth), monitor device settings (e.g., language and time preferences), access and monitor data stored on memory 1 10b (e.g., media and audio files, or any other data stored in association with any application operating on user device 1 10), monitor a list of applications installed on the user device, and monitor and record browsing history on a web-browser operating on user device 1 10. Accordingly, it will be appreciated that data collection application 1 10g may monitor and collect the aggregate of all data which is generated or otherwise stored on user device 1 10. In various cases, as previously explained, data collected by data collection application 1 10g may be transmitted to offline private storage 1 15c.

[00131 ] In various embodiments, user device 1 10 may further include one or more third-party service programs 11 Oh. For example, and as explained herein, this may include software which is provided by third-party service providers 135a - 135n. Third-party service program 1 1 Oh may include, for example, anti-virus and anti-malware software for protecting user data on device 1 10, as well as for ensuring that viruses and malware are not transmitted from the user device 1 10 to the user’s cloud storage. In other cases, the third-party service program 1 1 Oh may include a program associated with a third-party virtual market place provider. For example, the program may allow users to view offers for user data from third parties, and accept or decline these offers.

[00132] Referring now back to FIG. 1 , system 100 may also include one or more third-party service providers 135a - 135n. Service providers 135 may provide various services (e.g., subscription services) to users of user devices 1 10. For example, in some cases, services providers 135 may include cyber-security monitoring services, or credit monitoring services. For example, users may consent to cybersecurity monitoring services which provide continuous monitoring of user’s cloud data. The cybersecurity monitoring service may monitor the user’s data to identify suspicious activity or possible cybersecurity threats. For instance, in some cases, the cybersecurity monitoring service may identify an inconsistency in stored data. The inconsistency may result from a breach of a user’s account with an external data provider, e.g., which is transmitting data to the storage units 1 15. For example, the cybersecurity monitoring service may monitor user’s financial data to detect unusual spending patterns which may result from a breach of a user’s account with a financial institution. The user may be then accordingly notified of the data inconsistency. In other cases, the cybersecurity monitoring service may monitor data for any other suspicious activity, or possible cyber threats. In at least some cases, based on the identified suspicious activity or potential cyber threats, the user may also be offered personalized personal identification insurance options, which may be provided either by the cybersecurity provider or a separate insurance service provider 135. In at least some embodiments, users may also receive more personalized, or enhanced, monitoring services, by selling or sharing insight data to the cyber security monitoring services. For example, as stated previously, financial insight data may be shared with a cybersecurity monitoring provider in order to better allow the provider to flag unusual spending patterns.

[00133] In still other cases, service providers 135 may also include an array of other“partner” entities which also provide user data hosting services. For example, service providers 135 may include file management service providers which allow users to store, organize, and share documents (e.g., FutureVault™, Dropbox™, etc.). User data located with these“partner” providers may be migrated to a user’s storage unit 1 15. In various cases, with user consent, some or all of the user data located on storage units 1 15 may also be reciprocally migrated to a user’s account with the “partner” providers (e.g., financial documents, government documents, etc.).

[00134] In still yet other cases, as previously stated, service providers 135 may also include a data analytics service provider, which may generate insight data. Service providers 135 may also include a ‘virtual’ marketplace service provider, to facilitate exchange of user data with third parties.

[00135] In various cases, the communication between server 105 and the service providers 135 may be facilitated by one or more web-based API interfaces 140.

[00136] Referring now to FIG. 3, there is shown an example process flow for a method 300 for transferring data from a data provider 125 to a user’s profile account on storage units 1 15. Method 300 can be carried out, for example, using the processor 1 10a of user device 1 10.

[00137] At 302, a user of user device 1 10 may transmit a dataset request to a data provider 125 (e.g., a social media networking platform). For example, in various cases, the dataset request may be transmitted using the data management application 1 1 Of located on user device 1 10.

[00138] At 304, the data provider 125 may receive the dataset request and may identify the relevant dataset associated with the dataset request. In various cases, where the user’s data on the data provider 125 is uniquely encrypted, the“dataset request” may also contain a user decryption key, as well as other appropriate authentication information. In other cases, the user decryption key and/or authentication information, may be transmitted subsequently in the“release authorization message” at 308.

[00139] At 306, the data provider may transmit, back to the user device 1 10, an ‘indication’ of the requested dataset.

[00140] At 308, the user, of user device 1 10, may receive the indication, and may authorize release of the indicated dataset, or otherwise, may authorize release of a subset of the indicated dataset. In either case, the user device 1 10 may transmit a “release authorization message”, back to the data provider 125, indicating the dataset, or data subset, which the user authorizes for release. In at least some embodiments, the “release authorization message” may also contain information with respect to the server 105, the user’s data profile on server 105, as well as the particular storage unit 1 15 to receive the data.

[00141 ] At 310, the data provider 125 may receive the “release authorization message”, and may proceed to retrieve the selected dataset. For example, in some cases, the data provider 125 may retrieve the selected dataset from a data collection server associated with the data provider. In at least some embodiments, once the dataset is retrieved from the data collection server, the dataset may be decrypted using the user decryption key. In other cases, the dataset may be decrypted prior to retrieving the dataset from the data collection server.

[00142] At 312, the data provider 125 may transmit the selected and decrypted dataset to the relevant server, account profile, and storage unit, as specified in the “release authorization message”. In at least some embodiments, once the dataset is received at the appropriate storage unit 1 15, processor 105a may encrypt the data, prior to storage, with an encryption key which is unique to a user’s profile account on the user profile database 105c.

[00143] Referring now to FIG. 4, there is shown an example message flow 400 for the method 300 of FIG. 3 for transferring data from an external data provider to a user’s profile account on storage units 1 15.

[00144] Message flow 400 begins at 404, where a dataset request is transmitted from user device 1 10 to data provider 125. In some cases, the dataset request may include a user decryption key, in association with a user’s account on the data provider, and/or user authentication information. In other cases, the encryption and/or authentication information may be provided later on, in the release authorization message. The data provider 125 receives the dataset request, and at 406, returns an indication of the requested dataset back to the user device 1 10. At 408, the user device 1 10 receives the indication, and the user may then transmit a release authorization message, back to data provider 125, authorizing release of either the indicated dataset or a selected subset of the indicated dataset. In various cases, the release authorization message may also include information with respect to the server, profile account, and storage unit the user would like the data transmitted. The data provider 125 receives the release authorization message, and may in turn, transmit at 410, a request for the selected dataset from a data collection server 402 (e.g., associated with the data provider 125). At 412, the data collection server may return the encrypted dataset to the data provider 125. At 414, the data provider may decrypt the dataset using the user decryption key in the dataset request and/or release authorization message, and at 414, may transmit the decrypted dataset to the relevant storage unit 1 15. In other cases, the data may be decrypted prior to retrieving the dataset at 412.

[00145] Referring now to FIG. 5A, there is shown an example process flow for a method 500a for user-initiated data surfacing in accordance with some embodiments. Method 500a can be carried out, for example, using the processor 105a of server 105.

[00146] At 502a, the user may consent to releasing a subset of stored data (e.g., insight data) to interested third parties (e.g., consent to releasing of releasable data). For example, the user may request or consent to release of a particular data subset using data management application 1 1 Of. In various cases, the user may also select to release the data subset in either anonymized or non-anonymized form.

[00147] At 504a, the data exchange program 105f may receive the request or consent from the user, and transmit an indication of the released (or releasable) data subset to one or more interested third parties. The third parties may then receive the indicated data subset, and may submit bids (e.g., offers) in order to acquire the data subset. For example, as stated previously, the third parties may submit monetary or non-monetary offers, including payments, discount offers, loyalty points, or other suitable compensation. In various cases, data exchange program 105f may also determine user preferences based on insight data, or survey data, and may transmit the user preferences to the third parties. Accordingly, third parties may submit tailored or customized offers based on the determined user preferences (e.g., customized discount offers over user purchase preferences). The offers may then be transmitted back to the user device 1 10.

[00148] At 506a, the user may view the offers, and may either accept a favorable offer, or may otherwise decline the offers. In at least some cases, the user may accept more than one offer on the same dataset. In various cases, the user may view and accept or decline offers using data management application 1 10f on user device 1 10.

[00149] At 508a, if the user accepts an offer (or more than one offer), the user may enter their decryption key in order to decrypt the relevant data subset.

[00150] At 510a, the transaction is processed by the data exchange program 105f, and the user dataset is transmitted to the relevant third party (e.g., in anonymized or non-anonymized form, as selected by the user) in return for the offered compensation.

[00151 ] In other cases, if the user does not accept any of the offers, than at 514a, the users data remains stored on storage unit 1 15.

[00152] In various other embodiments, instead of using the data exchange program 105f, the method 500a may be facilitated by a third-party virtual marketplace service provider 135. Further, the user may view offers using a third-party marketplace program 1 10h on user device 1 10.

[00153] Referring now to FIG. 5B, there is shown an example process flow for a method 500b for third-party initiated data surfacing in accordance with some embodiments. Method 500b can be carried out, for example, using the processor 105a of server 105.

[00154] At 502b, a third party may submit an offer for a particular, or desired set of insights (e.g., financial insights). In some cases, the third party may submit the offer as a “general” offer to all users. In other cases, the third party may send the offers to specific users, and may customize the offers based on information received from data exchange program 105f regarding the user’s preferences. In various cases, the offers may be received by either the data exchange program 105f on server 105, or otherwise, a third-party virtual marketplace service provider.

[00155] At 504b, it may be determined whether the user is in possession of the desired insights. For example, profile monitoring program 105e may analyze the user’s stored insights to determine whether the desired insight is stored in association with the user’s data profile. Otherwise, the user may determine, from a“profile report” generated by the user profile monitoring program 105e, whether they are in possession of the desired insights.

[00156] At 506b, if the user is not in possession of the desired insights, the user may be offered the option of generating the desired insights using the user’s stored data. For example, in at least some embodiments, the user profile monitoring program 105e may review the user’s stored data and may determine whether it is possible to generate the desired insights from the available data. In various cases, the user profile monitoring program 105e may also operate in conjunction with the data analytics program 105d (or an external data analytics service provider) to determine whether it is possible to generate the desired insights from the user data. If the programs identify a potential opportunity to generate insights, the user may then have an option to authorize release of the relevant data subset to data analytics program 105d (or an external data analytics service provider) for insight generation. In at least some embodiments, the data exchange program 105f (or virtual marketplace provider) may not display the third party offer to the user unless it is first determined that the desired insights may be generated using the available user data.

[00157] At 508b, if the user does not consent to insight generation, then the method 500b ends.

[00158] At 510b, if the user consents to insight generation, the relevant subset of the user’s data may then be released to data analytics program 105d, or any other external data analytics service provider, for insight generation. The generated insights may then be encrypted and stored on insight storage unit 120 in association with the user’s profile.

[00159] At 512b, if the user is already in possession of the desired insights at 504b, or otherwise, the user has generated the desired insights at 510b, the user may select whether or not to accept the third-party offer.

[00160] At 514b, if the user does not accept the third-party offer, the insights may remain stored on insight storage 120 in association with the user’s profile for use at a future point in time.

[00161 ] Otherwise, at 516b, if the user accept the offers, the user may enter the decryption key in order to decrypt the insight data in insight storage 120.

[00162] At 518b, the data exchange program 105f may then process the transaction between the user and the third party.

[00163] The present invention has been described here by way of example only, while numerous specific details are set forth herein in order to provide a thorough understanding of the exemplary embodiments described herein. However, it will be understood by those of ordinary skill in the art these embodiments may, in some cases, be practiced without these specific details. In other instances, well-known methods, procedures and components have not been described in detail so as not to obscure the description of the embodiments. Various modifications and variations may be made to these exemplary embodiments without departing from the spirit and scope of the invention, which is limited only by the appended claims.