Storage and maintenance of personal data
First Claim
1. A system comprising:
- a computer server comprising;
an electronic data store storing personal data associated with a user; and
one or more computer processors configured with specific computer executable instructions in order to cause the one or more computer processors to;
receive, from the user, an indication of particular items and/or types of personal data to be stored in the electronic data store;
receive, from the user, access credentials associated with the particular items and/or types of personal data to be stored in the electronic data store;
obtain, via a computer network and using the access credentials, the particular items and/or types of personal data from a computing system of a first third-party by at least one of;
accessing an application programming interface of the computing system of the first third-party, orscraping a web page received from the computing system of the first third-party;
store, in the electronic data store, the particular items and/or types of personal data obtained from the computing system of the first third-party;
receive, from a user, and store in the electronic data store;
an indication of an association between a first default type of personal data and a first type of third-party, andan indication of an association between a second default type of personal data and second type of third-party;
generate a unique identifier that is associated with the user; and
communicate the unique identifier to a mobile computing device associated with the user;
the mobile computing device comprising;
a display; and
one or more computer processors configured with specific computer executable instructions in order to cause the one or more computer processors to;
receive the unique identifier;
generate and display, on the display, a first interactive user interface including;
an indication of the unique identifier, andone or more user-selectable elements by which the user may initiate wireless transmission of the unique identifier;
receive, via input from the user, a selection of one of the user-selectable elements of the first interactive user interface;
in response to selection of the one of the user-selectable elements of the first interactive user interface, initiate transmission of the unique identifier from the mobile computing device to a computing system of a second third-party via a wireless communications protocol, wherein the second third-party is of the first type;
in response to initiation of transmission of the unique identifier from the mobile computing device to the computing system of the second third-party, generate and display, on the display, a second interactive user interface including;
an indication of the second third-party,an indication that the first default type of personal data is accessible by the second third-party, wherein the indication of the association between the first default type of personal data and the first type of third-party was previously provided by the user, andone or more user-selectable elements by which the user may indicate additional types of personal data associated with the user to be accessible by the second third-party;
receive, via input from the user, a selection of at least one of the user-selectable elements of the second interactive user interface;
receive, via input from the user, an indication of a first purpose for which the second third-party may access personal data associated with the user; and
in response to selection of the at least one of the user-selectable elements of the second interactive user interface, authorize the second third-party to access, for the first purpose and from the electronic data store of the computer server, one or more items of personal data associated with the user that are of the first default type and the one or more additional types indicated by the at least one of the user-selectable elements;
wherein the one or more computer processors of the computer server are further configured with specific computer executable instructions in order to cause the one or more computer processors to;
receive, from the computing system of the second third-party and over the computer network;
a first request to access an item of personal data associated with the user from the electronic data store, wherein the first request includes the unique identifier and an indication of a second purpose for the first request,an indication of an identity of the second third-party, andone or more authentication data items;
authenticate, based at least in part on the indication of the identity of the second third-party and the one or more authentication data items, the identity of the second third-party;
compare the second purpose to the first purpose provided by the user;
in response to determining that the second purpose and the first purpose match, determine whether the item of personal data is one of the one or more items of personal data that are of the first default type or the one or more additional types indicated by the at least one of the user-selectable elements;
in response to determining that the item of personal data is one of the one or more items of personal data, transmit the item of personal data from the data store to the computing system of the second third-party over the computer network; and
log access data associated with the first request, wherein the access data includes the identity of the second third-party, a date and time the item of personal data was transmitted, an identification of a type of the item of personal data that was transmitted, and the second purpose for the first request;
wherein the one or more computer processors of the mobile computing device are further configured with specific computer executable instructions in order to cause the one or more computer processors to;
generate and display, on the display, a third interactive user interface including;
an indication of the identity of the second third-party,an indication of the date and time the item of personal data was transmitted,an indication of the type of the item of personal data that was transmitted,an indication of the second purpose for the first request, anda user selectable element by which the user may indicate a deauthorization of the second third-party to access the one or more items of personal data associated with the user;
receive, via input from the user, a selection of the user-selectable element of the third interactive user interface; and
in response to selection of the user-selectable element of the third interactive user interface, deauthorize the second third-party from further accessing, from the electronic data store, the one or more items of personal data associated with the user;
wherein the one or more computer processors of the computer server are further configured with specific computer executable instructions in order to cause the one or more computer processors to;
receive, from the computing system of the second third-party and over the computer network, a second request to access the item of personal data associated with the user from the electronic data store, wherein the second request includes the unique identifier;
determine that the item of personal data is one of the one or more items of personal data;
determine that the second third-party is not authorized to access the item of personal data; and
notify the user that the second third-party attempted to access the item of personal data.
1 Assignment
0 Petitions
Accused Products
Abstract
An electronic personal data locker system is described in which personal data is stored, organized, accessed, and/or maintained, among others activities. In an embodiment, the personal data locker system comprises multiple personal data lockers that each store different types of personal information and/or data of a user. The personal data lockers are established by the system and may be integrated with mobile computing devices. The system may enable the sharing of the gathered data with third parties and/or may enable the user to set preferences for what data is to be shared with various third parties. The system may further provide convenience in providing personal data to third parties via a standard application programming interface (API). The system may also enable the finding and/or calculating of user-related insights based on the gathered data through correlation, aggregation, and/or analysis of the user'"'"'s personal data.
-
Citations
4 Claims
-
1. A system comprising:
-
a computer server comprising; an electronic data store storing personal data associated with a user; and one or more computer processors configured with specific computer executable instructions in order to cause the one or more computer processors to; receive, from the user, an indication of particular items and/or types of personal data to be stored in the electronic data store; receive, from the user, access credentials associated with the particular items and/or types of personal data to be stored in the electronic data store; obtain, via a computer network and using the access credentials, the particular items and/or types of personal data from a computing system of a first third-party by at least one of; accessing an application programming interface of the computing system of the first third-party, or scraping a web page received from the computing system of the first third-party; store, in the electronic data store, the particular items and/or types of personal data obtained from the computing system of the first third-party; receive, from a user, and store in the electronic data store; an indication of an association between a first default type of personal data and a first type of third-party, and an indication of an association between a second default type of personal data and second type of third-party; generate a unique identifier that is associated with the user; and communicate the unique identifier to a mobile computing device associated with the user; the mobile computing device comprising; a display; and one or more computer processors configured with specific computer executable instructions in order to cause the one or more computer processors to; receive the unique identifier; generate and display, on the display, a first interactive user interface including; an indication of the unique identifier, and one or more user-selectable elements by which the user may initiate wireless transmission of the unique identifier; receive, via input from the user, a selection of one of the user-selectable elements of the first interactive user interface; in response to selection of the one of the user-selectable elements of the first interactive user interface, initiate transmission of the unique identifier from the mobile computing device to a computing system of a second third-party via a wireless communications protocol, wherein the second third-party is of the first type; in response to initiation of transmission of the unique identifier from the mobile computing device to the computing system of the second third-party, generate and display, on the display, a second interactive user interface including; an indication of the second third-party, an indication that the first default type of personal data is accessible by the second third-party, wherein the indication of the association between the first default type of personal data and the first type of third-party was previously provided by the user, and one or more user-selectable elements by which the user may indicate additional types of personal data associated with the user to be accessible by the second third-party; receive, via input from the user, a selection of at least one of the user-selectable elements of the second interactive user interface; receive, via input from the user, an indication of a first purpose for which the second third-party may access personal data associated with the user; and in response to selection of the at least one of the user-selectable elements of the second interactive user interface, authorize the second third-party to access, for the first purpose and from the electronic data store of the computer server, one or more items of personal data associated with the user that are of the first default type and the one or more additional types indicated by the at least one of the user-selectable elements; wherein the one or more computer processors of the computer server are further configured with specific computer executable instructions in order to cause the one or more computer processors to; receive, from the computing system of the second third-party and over the computer network; a first request to access an item of personal data associated with the user from the electronic data store, wherein the first request includes the unique identifier and an indication of a second purpose for the first request, an indication of an identity of the second third-party, and one or more authentication data items; authenticate, based at least in part on the indication of the identity of the second third-party and the one or more authentication data items, the identity of the second third-party; compare the second purpose to the first purpose provided by the user; in response to determining that the second purpose and the first purpose match, determine whether the item of personal data is one of the one or more items of personal data that are of the first default type or the one or more additional types indicated by the at least one of the user-selectable elements; in response to determining that the item of personal data is one of the one or more items of personal data, transmit the item of personal data from the data store to the computing system of the second third-party over the computer network; and log access data associated with the first request, wherein the access data includes the identity of the second third-party, a date and time the item of personal data was transmitted, an identification of a type of the item of personal data that was transmitted, and the second purpose for the first request; wherein the one or more computer processors of the mobile computing device are further configured with specific computer executable instructions in order to cause the one or more computer processors to; generate and display, on the display, a third interactive user interface including; an indication of the identity of the second third-party, an indication of the date and time the item of personal data was transmitted, an indication of the type of the item of personal data that was transmitted, an indication of the second purpose for the first request, and a user selectable element by which the user may indicate a deauthorization of the second third-party to access the one or more items of personal data associated with the user; receive, via input from the user, a selection of the user-selectable element of the third interactive user interface; and in response to selection of the user-selectable element of the third interactive user interface, deauthorize the second third-party from further accessing, from the electronic data store, the one or more items of personal data associated with the user; wherein the one or more computer processors of the computer server are further configured with specific computer executable instructions in order to cause the one or more computer processors to; receive, from the computing system of the second third-party and over the computer network, a second request to access the item of personal data associated with the user from the electronic data store, wherein the second request includes the unique identifier; determine that the item of personal data is one of the one or more items of personal data; determine that the second third-party is not authorized to access the item of personal data; and notify the user that the second third-party attempted to access the item of personal data. - View Dependent Claims (2, 3, 4)
-
Specification