Bounded access to critical data

US 10,320,757 B1
Filed: 06/06/2014
Issued: 06/11/2019
Est. Priority Date: 06/06/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, from a first device associated with user profile data, first user data associated with a first user;

storing encrypted first user data in a data store, wherein the encrypted first user data corresponds to the first user data;

receiving, from a second device unassociated with the user profile data, a first request for data associated with a plurality of users;

sending, to the second device and after receiving the first request, the encrypted first user data;

sending, to the second device and after receiving the first request, a key used to decrypt the encrypted first user data;

receiving, from the first device, a second request to delete data associated with the user profile data;

deleting, after receiving the second request, the encrypted first user data from the data store;

determining first data generated from the encrypted first user data, the first data being generated by the second device;

determining a correlation between the first data and the encrypted first user data;

determining the correlation fails to satisfy a condition representing a lack of correlation; and

based at least in part on determining the correlation fails to satisfy the condition, sending, to the second device, a signal indicating the first data is to be deleted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure repository receives and stores user data, and shares the user data with trusted client devices. The user data may be shared individually or as part of bundled data relating to multiple users, but in either case, the secure repository associates specific data with specific users. This association is maintained by the trusted client devices, even after the data is altered by processing on the client device. If a user requests a purge of their data, the system deletes and/or disables that data on both the repository and the client devices, as well as deleting and/or disabling processed data derived from that user'"'"'s data, unless a determination has been made that the processed data no longer contains confidential information.

Citations

22 Claims

1. A computer-implemented method, comprising:
- receiving, from a first device associated with user profile data, first user data associated with a first user;
  
  storing encrypted first user data in a data store, wherein the encrypted first user data corresponds to the first user data;
  
  receiving, from a second device unassociated with the user profile data, a first request for data associated with a plurality of users;
  
  sending, to the second device and after receiving the first request, the encrypted first user data;
  
  sending, to the second device and after receiving the first request, a key used to decrypt the encrypted first user data;
  
  receiving, from the first device, a second request to delete data associated with the user profile data;
  
  deleting, after receiving the second request, the encrypted first user data from the data store;
  
  determining first data generated from the encrypted first user data, the first data being generated by the second device;
  
  determining a correlation between the first data and the encrypted first user data;
  
  determining the correlation fails to satisfy a condition representing a lack of correlation; and
  
  based at least in part on determining the correlation fails to satisfy the condition, sending, to the second device, a signal indicating the first data is to be deleted.
- View Dependent Claims (2)
- - 2. The computer-implemented method of claim 1, further comprising:
    - receiving second user data associated with second user profile data;
      
      storing encrypted second user data in the data store, the encrypted second user data corresponding to the second user data;
      
      receiving, from the second device, a third request for data associated with at least one user; and
      
      sending, to the second device and after receiving the third request, the encrypted second user data.

3. A computing system, comprising:
- at least one processor; and
  
  at least one memory including instructions that, when executed by the at least one processor, cause the computing system to;
  
  store encrypted first user data in a data store, the encrypted first user data being associated with user profile data;
  
  receive, from a first device unassociated with the user profile data, a first request for data associated with a plurality of users;
  
  send, to the first device, the encrypted first user data;
  
  receive, from a second device associated with the user profile data, a second request to delete data associated with the user profile data;
  
  delete, after receiving the second request, the encrypted first user data from the data store;
  
  determine first data generated from the encrypted first user data, the first data being generated by the first device;
  
  determine a correlation between the first data and the encrypted first user data;
  
  determine the correlation fails to satisfy a condition representing a lack of correlation; and
  
  based at least in part on determining the correlation fails to satisfy the condition, send, to the first device, a signal indicating the first data is to be deleted.
- View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 4. The computing system of claim 3, wherein the at least one memory further includes instructions that, when executed by the at least one processor, further cause the computing system to:
    - determine an expiration time for the first device to have access to the encrypted first user data; and
      
      send, to the first device, second data representing the expiration time.
  - 5. The computing system of claim 3, wherein the at least one memory further includes instructions that, when executed by the at least one processor, further cause the computing system to:
    - receive first user data;
      
      determine at least a portion of the first user data is unencrypted; and
      
      encrypt the at least a portion to generate the encrypted first user data.
  - 6. The computing system of claim 3, wherein the at least one memory further includes instructions that, when executed by the at least one processor, further cause the computing system to:
    - send, to the first device, a first key to decrypt the encrypted first user data;
      
      store encrypted second user data in the data store, the encrypted second user data being associated with second user profile data;
      
      send, to the first device, the encrypted second user data; and
      
      send, to the first device, a second key to decrypt the encrypted second user data, the first key and the second key being different.
  - 7. The computing system of claim 6, wherein the signal further indicates the first key is to be deleted.
  - 8. The computing system of claim 3, wherein the at least one memory further includes instructions that, when executed by the at least one processor, further cause the computing system to:
    - store encrypted second user data in the data store, the encrypted second user data being associated with second user profile data;
      
      send, to the first device, the encrypted second user data; and
      
      send, to the first device, a key configured to decrypt both the encrypted first user data and the encrypted second user data.
  - 9. The computing system of claim 8, wherein the signal further indicates the key is to be deleted.
  - 10. The computing system of claim 3, wherein the at least one memory further includes instructions that, when executed by the at least one processor, further cause the computing system to:
    - after receiving the second request, receive, from the first device, a third request to renew a key used to decrypt the encrypted first user data; and
      
      based at least in part on receiving the second request, prevent the key from being renewed.
  - 11. The computing system of claim 3, wherein:
    - the signal indicates a period of time; and
      
      the signal indicates the data associated with the user profile data is to be deleted when the period of time has transpired.
  - 12. The computing system of claim 3, wherein the at least one memory further includes instructions that, when executed by the at least one processor, further cause the computing system to:
    - delete, after receiving the second request, an encryption key used to generate the encrypted first user data and encrypted second user data associated with second user profile data.
  - 13. The computing system of claim 3, wherein the at least one memory further includes instructions that, when executed by the at least one processor, further cause the computing system to:
    - receive the first request via a first network; and
      
      receive the second request via a second network.

14. A computer-implemented method, comprisingstoring encrypted first user data in a data store, the encrypted first user data being associated with user profile data;
- receiving, from a first device unassociated with the user profile data, a first request for data associated with a plurality of users;
  
  sending, to the first device, the encrypted first user data;
  
  receiving, from a second device associated with the user profile data, a second request to delete data associated with the user profile data;
  
  deleting, after receiving the second request, the encrypted first user data from the data store;
  
  determining first data generated from the encrypted first user data, the first data being generated by the first device;
  
  determining a correlation between the first data and the encrypted first user data;
  
  determining the correlation fails to satisfy a condition representing a lack of correlation; and
  
  based at least in part on determining the correlation fails to satisfy the condition, sending, to the first device, a signal indicating the first data is to be deleted.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The computer-implemented method of claim 14, further comprising:
    - determining an expiration time for the first device to have access to the encrypted first user data; and
      
      sending, to the first device, second data representing the expiration time.
  - 16. The computer-implemented method of claim 14, further comprising:
    - receiving first user data;
      
      determining at least a portion of the first user data is unencrypted; and
      
      encrypting the at least a portion to generate the encrypted first user data.
  - 17. The computer-implemented method of claim 14, further comprising:
    - sending, to the first device, a first key to decrypt the encrypted first user data;
      
      storing encrypted second user data in the data store, the encrypted second user data being associated with second user profile data;
      
      sending, to the first device, the encrypted second user data; and
      
      sending, to the first device, a second key to decrypt the encrypted second user data, the first key and the second key being different.
  - 18. The computer-implemented method of claim 17, wherein the signal further indicates the first key is to be deleted.
  - 19. The computer-implemented method of claim 14, further comprising:
    - storing encrypted second user data in the data store, the encrypted second user data being associated with second user profile data;
      
      sending, to the first device, the encrypted second user data; and
      
      sending, to the first device, a key configured to decrypt both the encrypted first user data and the encrypted second user data.
  - 20. The computer-implemented method of claim 19, wherein the signal further indicates the key is to be deleted.
  - 21. The computer-implemented method of claim 14, further comprising:
    - storing encrypted second user data in a data store, the encrypted second user data being associated with second user profile data;
      
      receiving, from the first device, a third request for data associated with a second plurality of users;
      
      sending, to the first device, the encrypted second user data;
      
      receiving, from a third device associated with the second user profile data, a fourth request to delete data associated with the second user profile data;
      
      deleting, after receiving the fourth request, the encrypted second user data from the data store;
      
      determining second data generated from the encrypted second user data, the second data being generated by the first device;
      
      determining a second correlation between the second data and the encrypted second user data;
      
      determining the second correlation satisfies the condition; and
      
      based at least in part on determining the second correlation fails to satisfy the condition, permitting the second data to persist.
  - 22. The computer-implemented method of claim 14, further comprising:
    - determining the first data was further generated from encrypted second user data, the encrypted second user data being associated with second user profile data,wherein the signal further indicates a portion of the first data, corresponding to the encrypted second user data, is not to be deleted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Secker-Walker, Hugh Evan, Sivakrishnan, Nitin
Primary Examiner(s)
Poltorak, Piotr

Application Number

US14/298,181
Time in Patent Office

1,831 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/068   using time-dependent keys, ...

H04L 63/0876   based on the identity of th...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3268   using certificate validatio...

Bounded access to critical data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Bounded access to critical data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links