Bounded access to critical data
First Claim
1. A computer-implemented method, comprising:
- receiving, from a first device associated with user profile data, first user data associated with a first user;
storing encrypted first user data in a data store, wherein the encrypted first user data corresponds to the first user data;
receiving, from a second device unassociated with the user profile data, a first request for data associated with a plurality of users;
sending, to the second device and after receiving the first request, the encrypted first user data;
sending, to the second device and after receiving the first request, a key used to decrypt the encrypted first user data;
receiving, from the first device, a second request to delete data associated with the user profile data;
deleting, after receiving the second request, the encrypted first user data from the data store;
determining first data generated from the encrypted first user data, the first data being generated by the second device;
determining a correlation between the first data and the encrypted first user data;
determining the correlation fails to satisfy a condition representing a lack of correlation; and
based at least in part on determining the correlation fails to satisfy the condition, sending, to the second device, a signal indicating the first data is to be deleted.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure repository receives and stores user data, and shares the user data with trusted client devices. The user data may be shared individually or as part of bundled data relating to multiple users, but in either case, the secure repository associates specific data with specific users. This association is maintained by the trusted client devices, even after the data is altered by processing on the client device. If a user requests a purge of their data, the system deletes and/or disables that data on both the repository and the client devices, as well as deleting and/or disabling processed data derived from that user'"'"'s data, unless a determination has been made that the processed data no longer contains confidential information.
-
Citations
22 Claims
-
1. A computer-implemented method, comprising:
-
receiving, from a first device associated with user profile data, first user data associated with a first user; storing encrypted first user data in a data store, wherein the encrypted first user data corresponds to the first user data; receiving, from a second device unassociated with the user profile data, a first request for data associated with a plurality of users; sending, to the second device and after receiving the first request, the encrypted first user data; sending, to the second device and after receiving the first request, a key used to decrypt the encrypted first user data; receiving, from the first device, a second request to delete data associated with the user profile data; deleting, after receiving the second request, the encrypted first user data from the data store; determining first data generated from the encrypted first user data, the first data being generated by the second device; determining a correlation between the first data and the encrypted first user data; determining the correlation fails to satisfy a condition representing a lack of correlation; and based at least in part on determining the correlation fails to satisfy the condition, sending, to the second device, a signal indicating the first data is to be deleted. - View Dependent Claims (2)
-
-
3. A computing system, comprising:
-
at least one processor; and at least one memory including instructions that, when executed by the at least one processor, cause the computing system to; store encrypted first user data in a data store, the encrypted first user data being associated with user profile data; receive, from a first device unassociated with the user profile data, a first request for data associated with a plurality of users; send, to the first device, the encrypted first user data; receive, from a second device associated with the user profile data, a second request to delete data associated with the user profile data; delete, after receiving the second request, the encrypted first user data from the data store; determine first data generated from the encrypted first user data, the first data being generated by the first device; determine a correlation between the first data and the encrypted first user data; determine the correlation fails to satisfy a condition representing a lack of correlation; and based at least in part on determining the correlation fails to satisfy the condition, send, to the first device, a signal indicating the first data is to be deleted. - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-implemented method, comprising
storing encrypted first user data in a data store, the encrypted first user data being associated with user profile data; -
receiving, from a first device unassociated with the user profile data, a first request for data associated with a plurality of users; sending, to the first device, the encrypted first user data; receiving, from a second device associated with the user profile data, a second request to delete data associated with the user profile data; deleting, after receiving the second request, the encrypted first user data from the data store; determining first data generated from the encrypted first user data, the first data being generated by the first device; determining a correlation between the first data and the encrypted first user data; determining the correlation fails to satisfy a condition representing a lack of correlation; and based at least in part on determining the correlation fails to satisfy the condition, sending, to the first device, a signal indicating the first data is to be deleted. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
-
Specification