Storage and maintenance of personal data

  • US 9,853,959 B1
  • Filed: 03/11/2013
  • Issued: 12/26/2017
  • Est. Priority Date: 05/07/2012
  • Status: Active Grant
  • ×
    • Pin
First Claim
Patent Images

1. A system comprising:

  • a computer server comprising;

    an electronic data store storing personal data associated with a user; and

    one or more computer processors configured with specific computer executable instructions in order to cause the one or more computer processors to;

    receive, from the user, an indication of particular items and/or types of personal data to be stored in the electronic data store;

    receive, from the user, access credentials associated with the particular items and/or types of personal data to be stored in the electronic data store;

    obtain, via a computer network and using the access credentials, the particular items and/or types of personal data from a computing system of a first third-party by at least one of;

    accessing an application programming interface of the computing system of the first third-party, orscraping a web page received from the computing system of the first third-party;

    store, in the electronic data store, the particular items and/or types of personal data obtained from the computing system of the first third-party;

    receive, from a user, and store in the electronic data store;

    an indication of an association between a first default type of personal data and a first type of third-party, andan indication of an association between a second default type of personal data and second type of third-party;

    generate a unique identifier that is associated with the user; and

    communicate the unique identifier to a mobile computing device associated with the user;

    the mobile computing device comprising;

    a display; and

    one or more computer processors configured with specific computer executable instructions in order to cause the one or more computer processors to;

    receive the unique identifier;

    generate and display, on the display, a first interactive user interface including;

    an indication of the unique identifier, andone or more user-selectable elements by which the user may initiate wireless transmission of the unique identifier;

    receive, via input from the user, a selection of one of the user-selectable elements of the first interactive user interface;

    in response to selection of the one of the user-selectable elements of the first interactive user interface, initiate transmission of the unique identifier from the mobile computing device to a computing system of a second third-party via a wireless communications protocol, wherein the second third-party is of the first type;

    in response to initiation of transmission of the unique identifier from the mobile computing device to the computing system of the second third-party, generate and display, on the display, a second interactive user interface including;

    an indication of the second third-party,an indication that the first default type of personal data is accessible by the second third-party, wherein the indication of the association between the first default type of personal data and the first type of third-party was previously provided by the user, andone or more user-selectable elements by which the user may indicate additional types of personal data associated with the user to be accessible by the second third-party;

    receive, via input from the user, a selection of at least one of the user-selectable elements of the second interactive user interface;

    receive, via input from the user, an indication of a first purpose for which the second third-party may access personal data associated with the user; and

    in response to selection of the at least one of the user-selectable elements of the second interactive user interface, authorize the second third-party to access, for the first purpose and from the electronic data store of the computer server, one or more items of personal data associated with the user that are of the first default type and the one or more additional types indicated by the at least one of the user-selectable elements;

    wherein the one or more computer processors of the computer server are further configured with specific computer executable instructions in order to cause the one or more computer processors to;

    receive, from the computing system of the second third-party and over the computer network;

    a first request to access an item of personal data associated with the user from the electronic data store, wherein the first request includes the unique identifier and an indication of a second purpose for the first request,an indication of an identity of the second third-party, andone or more authentication data items;

    authenticate, based at least in part on the indication of the identity of the second third-party and the one or more authentication data items, the identity of the second third-party;

    compare the second purpose to the first purpose provided by the user;

    in response to determining that the second purpose and the first purpose match, determine whether the item of personal data is one of the one or more items of personal data that are of the first default type or the one or more additional types indicated by the at least one of the user-selectable elements;

    in response to determining that the item of personal data is one of the one or more items of personal data, transmit the item of personal data from the data store to the computing system of the second third-party over the computer network; and

    log access data associated with the first request, wherein the access data includes the identity of the second third-party, a date and time the item of personal data was transmitted, an identification of a type of the item of personal data that was transmitted, and the second purpose for the first request;

    wherein the one or more computer processors of the mobile computing device are further configured with specific computer executable instructions in order to cause the one or more computer processors to;

    generate and display, on the display, a third interactive user interface including;

    an indication of the identity of the second third-party,an indication of the date and time the item of personal data was transmitted,an indication of the type of the item of personal data that was transmitted,an indication of the second purpose for the first request, anda user selectable element by which the user may indicate a deauthorization of the second third-party to access the one or more items of personal data associated with the user;

    receive, via input from the user, a selection of the user-selectable element of the third interactive user interface; and

    in response to selection of the user-selectable element of the third interactive user interface, deauthorize the second third-party from further accessing, from the electronic data store, the one or more items of personal data associated with the user;

    wherein the one or more computer processors of the computer server are further configured with specific computer executable instructions in order to cause the one or more computer processors to;

    receive, from the computing system of the second third-party and over the computer network, a second request to access the item of personal data associated with the user from the electronic data store, wherein the second request includes the unique identifier;

    determine that the item of personal data is one of the one or more items of personal data;

    determine that the second third-party is not authorized to access the item of personal data; and

    notify the user that the second third-party attempted to access the item of personal data.

View all claims