One of the most surprising patents ever to be granted to Apple has been made public today by the US Patent and Trademark Office. It is one of the most interesting patents that I have ever read. It reads like a science fiction novel borrowing from George Orwell's 1949 book titled "Nineteen Eighty-Four." It also has shades of the 1982 movie the "Blade Runner," where the Master Cloner invents a method of implanting false memories into clones so as to provide them with a confident self-image. It also borrows from the movie "The Matrix," where fooling the bots of your presence was an everyday means of survival. Apple's patent is about saving your online identity from what they describe as the "Little Brothers Dataveillance." It's about a method of assisting users to keep their personal information hidden in a Cyberworld that is constantly building a profile on them. It appears that Apple will be able to "save us" from these Little Brothers in the future and it looks as though they're going to execute this via your iCloud ID. Today's report is deliberately lengthy so that you don't miss a detail of Apple's very important anti-big brother surveillance patent. This is really wild stuff.
Apple Wins Anti-Big Brother Surveillance Patent
Apple has received a Granted Patent for an Anti-Big Brother patent. Apple's patent background states that a significant concern with electronic commerce and with the proliferation of electronic transactions is that of privacy. Individuals, particularly American citizens, have always been suspect of the motivations and actions of their government and "Big Business." This skepticism has given rise to a variety of privacy laws and rights enjoyed by American citizens, which remains the envy of much of the rest of the world. As electronic commerce has grown by leaps and bounds in recent years, users have now become increasingly concerned with confidential information that is being gathered and collected about them. The information is being collected by lawful and unlawful enterprises and the information gathering is not exclusively limited to governments.
In some cases, the electronic information being gathered is used for illegal purposes, such as electronic identity theft. In other cases, the information is gathered for lawful purposes but is extremely annoying to users, such as when targeted and aggressive marketing tactics are used. Users are growing uncomfortable with the amount of information marketers possess today about them and many feel it is an invasion of their privacy even if the marketing is currently considered to be lawful. Moreover, even legitimate and lawful enterprises that collect confidential information about a user runs the risk of having an intruder penetrate their databases and acquiring the information for subsequent unlawful purposes.
The Little Brothers Dataveillance
Concerns about the government and its knowledge about its citizenry is often referred to in a derogatory sense as actions of "Big Brother" who is omnipresent and gathering information to use to its advantage when needed. The electronic age has given rise to what is now known as thousands of "Little Brothers," who perform Internet surveillance by collecting information to form electronic profiles about a user not through human eyes or through the lens of a camera but through data collection. This form of Internet surveillance via data collection is often referred to as "dataveillance." In a sense, thousands of "Little Brothers" or automated programs can monitor virtually every action of users over the Internet. The data about a user can be accumulated and combined with other data about the user to form electronic profiles of the users.
The Orwellian Nightmare
Even famous authors have foreseen and speculated about the problems associated with invading privacy. Consider Orwell who gave rise to the concept of an Orwellian society from the Big Brother of his novel, 1984. In that novel, Big Brother is the government, which has managed to invade privacy to the point where every dwelling was equipped with a "tele-screen" which, while providing entertainment and information access to the user, also allowed Big Brother to observe visually and audibly the occupants of the dwellings. Of course, Big Brother knew that the observed behavior of the dwelling occupants was not strictly the "true persona" of those being observed, but rather was what the "true persona" Big Brother wanted to observe. This, however, was immaterial to Big Brother because Big Brother knew that if it could foster a set of behavior that was consistently portrayed over a given period of time, then the "true persona" would begin to morph into another person that was, at its core, what the behaviors were designed to foster. Thus, Big Brother was also known as the "Thought Police," which was very successful at conditioning the masses and eliminating the non-conformists.
The Rise of Anonymizers
In fact, users are becoming so concerned about dataveillance that a booming industry has arisen that attempts to thwart the data collection. Some examples include "anonymizers" and "spyware killers." Anonymizers attempt to make transactions anonymous, such as by using a fictitious user name for a given transaction. Spyware Killers detect programs that self-install on a user's device and monitor Internet actions of that user and then report the monitoring information back to a marketer or other entity.
Even without anonymizers and spyware killers, users may still attempt as best they can to deter data collection by taking manually initiated evasive actions. For example, a user may turn off cookies within the browser and may refuse to register for a service that requests an email address or other confidential information, or may refuse to perform a transaction at all when the user is suspect of that transaction.
Yet even if all available techniques are adopted and taken by a user, information about the user is likely to still be successfully collected if the user engages in electronic commerce over the Internet, engages in information gathering over the Internet, or engages in downloading and installing services over the Internet. In a sense if the user engages in any Internet activity, information may be successfully collected about that user. Thus, even the most cautious Internet users are still being profiled over the Internet via dataveillance techniques from automated Litter Brothers.
Apple's patent relates to techniques for polluting electronic profiling. More specifically, and in one embodiment, a method for processing a cloned identity over a network is provided. An identity associated with a principal is cloned to form a cloned identity. Areas of interest are assigned to the cloned identity and actions are automatically processed over a network, where the actions are associated with the areas of interest for the cloned identity. The actions are processed in order to pollute information gathered about the principal from eavesdroppers monitoring the network. The actions appear to the eavesdroppers to be associated with the principal.
Basics of the System: A Resource
A "resource" includes a user, service, system, device, directory, data store, user, groups of users, combinations of these things, etc. A "principal" is a specific type of resource, such as an automated service or user that acquires an identity. A designation as to what is a resource and what is a principal can change depending upon the context of any given network transaction. Thus, if one resource attempts to access another resource, the actor of the transaction may be viewed as a principal.
Basics of the System: An Identity
An "identity" is something that is formulated from a one or more identifiers and secrets that provide a statement of roles and/or permissions that the identity has in relation to resources. An "identifier" is information, which may be private and permits an identity to be formed, and some portions of an identifier may be public information, such as a user identifier, name, etc. Some examples of identifiers include social security number (SSN), user identifier and password pair, account number, retina scan, fingerprint, face scan, etc. As more and more identifiers are accumulated, a confidence in a particular identity grows stronger and stronger.
Basics of the System: A Clone
A "clone" is another identity that is associated with a principal and appears to be the principal to others that interact or monitor the clone over the network. A clone is processed by an automated agent or service over the network, such as the Internet, and performs actions representing network transactions. The actions processed are driven by areas of interest assigned to the clone. A majority of these areas of interest are intentionally defined to be divergent from the principal to whom the clone is associated. Any network eavesdroppers, which are performing dataveillance on a principal, are polluted by the transactions that are in fact divergent from the true principal's areas of interest. In this manner, data collection is not prevented; rather, it is intentionally polluted so as to make any data collection about a principal less valuable and less reliable.
Basics of the System: True Persona
The principal of a clone may be viewed as a "true persona" (TP) and the clone may be viewed as a "doppelganger" or "dead ringer clone" that exhibits the behavior of the TP. This allows the TP to continue its existence over a network, such as the Internet, in secret. In some embodiments, the areas of interest for a principal and a clone are constructed as semantic aspects and represented in a formal manner.
Of course, the embodiments of the invention can be implemented in a variety of architectural platforms, operating and server systems, or applications.
The Cloning Service: A Method for Processing a Cloned Identity over a Network
Apple's patent FIG. 1 noted below is a diagram of a method (100) for processing a cloned identity over a network. The method 100 (hereinafter "cloning service") is implemented in a machine-accessible and readable medium. The cloning service is operational over and processes within a network. The network may be wired, wireless, or a combination of wired and wireless. In an embodiment, the cloning service acts as an automated agent that uses policies and other metadata to perform the processing depicted in FIG. 1 and described herein and below.
Initially, at 110, a principal's identity is cloned to form or create a cloned identity. That is, identifiers used to authenticate the principal are provided to the cloning service for purposes of posing as the principal. The cloning service acts as if it is the principal and performs automated processing over a network. The processing reflects transactions or actions over the network According to an embodiment, the network is the Internet and the actions processing reflects automated activities processed within a World-Wide Web (WWW) browser controlled by the cloning service, which masquerades as the principal.
In an embodiment, at 111, the cloned identity may have feigned confidential information assigned or associated with the cloned identity. This may include life statistics, such as data of birth, birthday club, gender, income level, marital status, number and ages of children, hair color, etc. This information may actually substantially correspond to the life statistics of the principal so as to strengthen the likelihood that the cloned identity will be accepted by eavesdroppers as the principal.
In more embodiments, at 112, the cloned identity may also be assigned an email account of its own for its own use; a funding source, such as a credit card or debit card; a phone number with a voice mail; or even a postal account, such as a Post Office (P.O.) box. This information and capabilities provided to the cloned identity and accessible to the cloning service further enhances the believability and apparent legitimacy of the cloned identity as being the principal.
Assigning Areas of Interest
At 120, the cloning service is initially configured by being assigned areas of interest for use with the cloned identity. The areas of interest are semantic areas, categories, or subjects that are related to transactions or actions over the network. For example, an area of interest may be photography or even more specifically photography of nature, such as mountains, sunsets, etc.
According to an embodiment, the areas of interest are represented in a formal manner within a data structure that is parsed and processed by the cloning service. The data structure may include identifiers for topics or areas of interest and may be further linked to lexicons and actions associated with each area of interest. In some cases, the data structure may be a vector of different areas of interest and may include weights for each particular area of interest. In fact, any formal manner for representing categories, subjects, or actions within a data structure may be used to depict the semantic areas of interest.
For example, the areas of interest may be represented as semantic abstracts or other data structures that provide for a robust semantic evaluation. Examples techniques for achieving this were supplied above and incorporated by reference herein.
Defining Your Clone to Fool the Eavesdroppers
In some embodiments, the areas of interest are manually supplied via separate interfaces by a principal that seeks to use the cloning service for purposes of establishing the clone. The interface may provide, in a structured and controlled manner, screen selections and input mechanisms for the principal to interactively define and generate the areas of interest for the clone.
In other embodiments, the areas of interest may actually be automatically derived on behalf of the principal given an existing principal's profile or desired areas of interests. The profile may be partially and automatically assembled for the principal by analyzing existing information about the principal, such as the principals Internet browser history, browser cache, cookies, etc.
In still other embodiments, the principal's identity may be semantically associated with a particular category, such as an employee, which permits the cloning service to acquire policies associated with employee identities and to further derive areas of interest for employees of a particular organization or profession.
According to an embodiment, at 121, a few of the areas of interest may actually be divergent areas of interest from that of the principal. Furthermore, some others of the areas of interest may actually be consistent with the interests of the principal. By incorporating consistent areas of interest with the principal into the cloned identity, the interests of the principal are feathered into the cloned identity so that the cloned identity is more believable to eavesdroppers that are attempting to perform dataveillance on the principal. The divergent areas of interest work to pollute the dataveillance.
At 130, the cloning service automatically processes one or more actions that are consistent with the areas of interest associated with the cloned identity. The actions may be any transaction that a principal may engage in over the network. For example, the cloning service may process an area of interest that is divergent from that of the principal such as an interest in basket weaving. This particular interest may be associated with its own lexicon and actions associated with particular Internet websites, products, services, and/or books. Actions may be defined that permit the cloning service to appear to be the principal and visit specific basket weaving websites, issue Internet searches related to basket weaving, and the like. This activity by the cloning service may be picked up by an eavesdropper and may be used to generate a polluted profile about the principal that suggests the principal is interested in basket weaving, when in fact this is not the case.
Using Policies to Identify Undesirable Interests
According to an embodiment, at 140, the cloning service may use policies to identify undesirable interests and/or actions for purposes of constraining or preventing certain actions from being processed that are associated with these undesirable types of interests. In this manner, the cloning service may be configured to perform lawful activities and activities that are not deemed morally reprehensible even if such activities are considered lawful. This ensures that activity of the cloning service is not going to embarrass the principal or potentially cause the principal legal problems from activities such as downloading pirated intellectual property, pornography, and the like.
In an embodiment, at 150, the cloning service may also be configured to restrict when and if the cloning service performs any of the actions. This may be done to prevent detection of the cloning service. For example, the cloning service may not be active when the principal is on the network and performing actions or transactions. Similarly, if the principal is not likely to be online on the network, then the cloning service is also configured to not be online. As an example, the principal may be scheduled to be on a flight during a certain date and time; during this period it may not be desirable for the cloning service to be active since an eavesdropper may detect this anomaly and may potentially detect the cloned identity. To ensure that cloning service is not operating when it should not be, the principal may manually instruct the cloning service to be down on certain dates and times. Alternatively, the cloning service may automatically detect situations where it is not desirable for it to be online, such as when it detects the principal online or for periods when it is unlikely the principal would be online, such as late at night, during a holiday, vacation, etc.
The Cloning Service Performs a Wide Range of Automated Actions so as to Pollute Data Collected
In some embodiments, at 160, the cloning service may perform a wide range of automated actions consistent with the assigned areas of interest. Examples of these actions may include, but are not limited to, performing an Internet search on a given area of interest; activating selective results that when analyzed conform semantically to the area of interest; activating advertisement banners in web pages; filling out electronic surveys; sending an email; engaging in rudimentary online chat discussion by using techniques similar to Eliza (an automated chat engine); activating embedded links within a document that conforms semantically to the area of interest; registering for services associated with the area of interest; purchasing goods or services related to the area of interest, etc.
According to an embodiment, at 170, the cloning service processes the actions on a different device than the principal's native device. This device may be close physical proximity to the principal so as to appear to be the principal to more sophisticated eavesdroppers. In some cases, the environments may be different between the cloning service and the principal. By separating the processing devices and/or environments of the cloning service and the principal, it becomes more difficult for eavesdroppers to detect activities associated with the clone and activities associated with the principal, and by making the devices or environments similar and/or in close proximity the eavesdroppers are less likely to even discover the cloned identity.
It is now understood how a novel cloning service may be implemented to thwart the growing problem of dataveillance. The service does not seek to prevent data gathering; rather, the service uses a cloned identity of a principal to automatically and actively process actions according to areas of interest over a network so as to appear to eavesdroppers to be the principal. The actions of the cloning service are in fact designed to pollute the data collected by the eavesdroppers and make electronic profiles, which are derived about the principal less reliable and less valuable to the eavesdroppers.
The Cloning Agent
In Apple's patent FIG. 2 we see a diagram of another method 200 for processing a cloned identity over a network, according to an example embodiment. The method 200 (hereinafter "cloning agent") is implemented in a machine-accessible and readable medium and is operational and accessible over a network. The cloning agent represents an alternative view to the processing depicted above with the cloning service, described with the method 100 of the FIG. 1.
Initially, a cloned identity for a principal is established. This may be achieved in any manner where an electronic identity is assigned to the principal and assumed by other resources on the network to in fact be the principal. The cloned identity is exclusively used by the cloning agent for purposes of polluting dataveillance and electronic profiles generated by eavesdroppers about the principal.
At 210, the cloning agent accesses a portion of the metadata associated with areas of interest for the cloned identity. Again, the structure of the areas of interest may include semantic definitions and other data (e.g., area-specific lexicons, area-specific websites, area-specific services, area-specific actions, etc.). In some cases the structure of the data structure representing the areas of interest may impart preference, a weight, or even a vector for each of the areas if interest defined therein.
Creating/Using Counterfeit Confidential Information
According to an embodiment, at 211, the cloning agent may also acquire metadata for the cloned identity associated with fake or partially fake confidential information for use when processing a particular area of interest. That is, it may be desirable to have some confidential information be legitimate so as to prevent an eavesdropper from distinguishing between the clone and the principal, some of this confidential information may include a birth date, an age, etc. Whereas, other confidential information may be profitably non-legitimate, such as credit card number, phone number, etc. The fake or feigned confidential information may be housed in cookies for the cloned identity and used automatically by the cloning agent when performing certain actions. In other cases, the confidential information may be directly supplied by the cloning agent when performing actions over the network with other services.
It is noted that some or perhaps even a majority of the areas of interest are intentionally designed to be divergent from legitimate or true interests of the principal. However, some others or perhaps even a minority of the areas of interest are in fact consistent with the interests of the principal. The consistent areas of interest are again a mechanism from preventing a savvy eavesdropper from detecting the cloned identity and distinguishing it from the principal. The divergent areas of interest are designed to pollute dataveillance or electronic profiling carried out by the eavesdropper against the principal.
It should also be noted that over time an eavesdropper will begin to associate divergent areas of interest for the clone as being the norm for a particular principal that the eavesdropper believes it is profiling or performing successful dataveillance on. When this is detected or suspect, the areas of divergent interests may be increased for the clone without fear of detection, because the divergent interests are now believed by the eavesdropper to be the norm.
At 220, the cloning agent selects a particular area of interest for processing. The selected area of interest may be systematically selected based on a configuration of the cloning agent, such that areas of interest are all equally processed in defined orders or in a serial fashion. Alternatively, at 221, the particular area of interest may be randomly selected for the available areas of interest.
At 230, the cloning agent automatically performs actions over the network (e.g., Internet via the WWW, etc.) posing as the cloned identity and appearing to eavesdroppers to be the principal. Again, a variety of actions may be automatically processed, such as but not limited to, sending email, reading documents, activating links, registering with services, engaging in on-line chat, taking surveys, issuing searches, and others. The action processed may correspond to a divergent area of interest from that which is associated with the principal. Thus, any eavesdroppers performing electronic profiling or dataveillance against the principal will be polluted when that action is detected and recorded over the network by the eavesdroppers. This can lead to the creation of inconsistent and unreliable profiles that are not valuable and confusing to the eavesdroppers.
According to an embodiment, at 231, the cloning agent may deny performing any action that it deems undesirable. Undesirable actions may be defined by policy and may include illegal activities and/or morally reprehensible activities, such as but not limited to, downloading pirated intellectual property, downloading obscene material, gambling, and the like.
The Cloning Agent Suspends Activity While the User is Actively Online
In yet another embodiment, at 232, the cloning agent may suspend, halt, or prevent processing any action if the principal is detected to be active on the network. That is, the cloning agent is configured to not be active on the network when the principal is active on the network. In this manner, eavesdroppers will not be able to distinguish or detect the cloned identity from the principal. This may also be more complex, such that the cloning agent is intentionally inactive for periods during which it is unlikely or nearly impossible for the principal to be active on the network. Still further, the principal may have an interface to manually shut down the cloning agent when the principal feels it is profitable to do so to avoid detection.
In an embodiment, at 233, the cloning agent may randomly select a number of subsequent actions in response to results acquired from the processing of the actions. That is, suppose the cloning agent performed an Internet search as an action that conformed to a lexicon of search terms derived from the selected area of interest. The search returns results and the results may be semantically analyzed or scored for relevance to the selected area of interest. The top tier of results may then be randomly selected or activated and processed with other subsequent actions, such as reading the documents, activating hypertext links within selected documents, etc. This makes the cloning agent appear to be a legitimate principal and provides depth to the principal making it more difficult for any eavesdropper to detect the cloned agent.
At 240, the cloning agent periodically re-processes the method 200 or re-iterates its own processing for different actions over the network. The different actions may conform to the selected area of interest or conform to a different area of interest. The frequency of iteration may be defined in a profile or configuration for the cloning agent and may be designed to make the cloning agent appear to be a legitimate and real principal to eavesdroppers.
In some embodiments, at 250, the cloning agent may also dynamically and automatically add new area of interest to the existing areas of interest associated with the cloned identity. This may occur when the cloning agent is engaging in network activity and related areas of interest are detected that similar or related to existing areas of interest for the cloned identity. Again, this makes it appear to an eavesdropper that the cloned identity is a real and legitimate principal, whose routines are not uniform and systematic but appear to be associated with interests and exhibit human characteristics or behaviors.
The more the cloning agent appears to be a legitimate and an autonomous entity over the network that acts in a consistent manner, the more difficult it will be for eavesdroppers to detect the subterfuge. Therefore, the cloning agent is designed to exhibit characteristics in manners expected by users or human network resources. The characteristics are intentionally varied to appear to be non-systematic and to take on an autonomous appearance. However, the actions taking are designed to pollute electronic profiling or dataveillance associated with a principal. Thus, data collection is not prevented; rather, it is encouraged for the cloned identity and intentionally populated with divergent information that pollutes legitimate information gathered about the principal.
The Cloned Identity System
In Apple's patent FIG. 3 below we see a diagram of a cloned identity system 300 which is implemented in a machine-accessible and readable medium and is operational over a network. The cloned identity system implements, among other things, the processing of the methods 100 and 200 of the FIGS. 1 and 2, respectively.
Apple's patent FIG. 4 is a diagram of a data structure implemented in a machine-accessible medium representing a cloned identity.
Apple credits Stephen Carter as the sole inventor of granted patent 8,205,265 which was filed in Q4 2011 and published today by the US Patent and Trademark Office. Apple lists several additional patents that are incorporated into this patent by reference.
Oh, and one more thing: this technology is already being used in some Novell network and proxy server products today. So this isn't theoretical or "just a patent" as some would bemoan. In fact, the engineer noted in our report isn't an Apple employee and he's licensed the technology to Novell in the past. Apple is noted as an assignee of this technology.
Note to Referring Sites: We ask that referring sites limit the use of our graphics to a single graphic in this report. Thank you for your cooperation.
Patently Apple presents only a brief summary of granted patents with associated graphics for journalistic news purposes as each Granted Patent is revealed by the U.S. Patent & Trademark Office. Readers are cautioned that the full text of any Granted Patent should be read in its entirety for full details. About Comments: Patently Apple reserves the right to post, dismiss or edit comments.
Check out Patent Bolt's Latest Reports Titled:
Sites Covering our Original Report
MacSurfer, Reddit, Digg, Blue's News, Twitter, Facebook, Real Clear Technology, Apple Investor News, Venture Beat, Google Reader, Macnews, iPhone World Canada,turi2 Germany, Popurls, iPhoneItalia Italy, Gizmodo, HardOCP, BGR, DSLReports, Yahoo! News, SpiegelOnline Germany, DigitalTrends, Macworld UK, Forbes, PCMagazine, Techmeme, Naked Security by Sophos, Macworld Australia, Olhar Digital Brazil, IT World, ApfelBlog Switzerland, and more.
Join in the Conversation!
The sites that we link to above offer you an avenue to make your comments about this report in other languages. These great community sites also provide our guests with varying takes on Apple's latest invention. Whether they're pro or con, you may find them to be interesting, fun or feisty. If you have the time, join in!