Storage and maintenance of personal data

US 9,853,959 B1
Filed: 03/11/2013
Issued: 12/26/2017
Est. Priority Date: 05/07/2012
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a computer server comprising;

an electronic data store storing personal data associated with a user; and

one or more computer processors configured with specific computer executable instructions in order to cause the one or more computer processors to;

receive, from the user, an indication of particular items and/or types of personal data to be stored in the electronic data store;

receive, from the user, access credentials associated with the particular items and/or types of personal data to be stored in the electronic data store;

obtain, via a computer network and using the access credentials, the particular items and/or types of personal data from a computing system of a first third-party by at least one of;

accessing an application programming interface of the computing system of the first third-party, orscraping a web page received from the computing system of the first third-party;

store, in the electronic data store, the particular items and/or types of personal data obtained from the computing system of the first third-party;

receive, from a user, and store in the electronic data store;

an indication of an association between a first default type of personal data and a first type of third-party, andan indication of an association between a second default type of personal data and second type of third-party;

generate a unique identifier that is associated with the user; and

communicate the unique identifier to a mobile computing device associated with the user;

the mobile computing device comprising;

a display; and

one or more computer processors configured with specific computer executable instructions in order to cause the one or more computer processors to;

receive the unique identifier;

generate and display, on the display, a first interactive user interface including;

an indication of the unique identifier, andone or more user-selectable elements by which the user may initiate wireless transmission of the unique identifier;

receive, via input from the user, a selection of one of the user-selectable elements of the first interactive user interface;

in response to selection of the one of the user-selectable elements of the first interactive user interface, initiate transmission of the unique identifier from the mobile computing device to a computing system of a second third-party via a wireless communications protocol, wherein the second third-party is of the first type;

in response to initiation of transmission of the unique identifier from the mobile computing device to the computing system of the second third-party, generate and display, on the display, a second interactive user interface including;

an indication of the second third-party,an indication that the first default type of personal data is accessible by the second third-party, wherein the indication of the association between the first default type of personal data and the first type of third-party was previously provided by the user, andone or more user-selectable elements by which the user may indicate additional types of personal data associated with the user to be accessible by the second third-party;

receive, via input from the user, a selection of at least one of the user-selectable elements of the second interactive user interface;

receive, via input from the user, an indication of a first purpose for which the second third-party may access personal data associated with the user; and

in response to selection of the at least one of the user-selectable elements of the second interactive user interface, authorize the second third-party to access, for the first purpose and from the electronic data store of the computer server, one or more items of personal data associated with the user that are of the first default type and the one or more additional types indicated by the at least one of the user-selectable elements;

wherein the one or more computer processors of the computer server are further configured with specific computer executable instructions in order to cause the one or more computer processors to;

receive, from the computing system of the second third-party and over the computer network;

a first request to access an item of personal data associated with the user from the electronic data store, wherein the first request includes the unique identifier and an indication of a second purpose for the first request,an indication of an identity of the second third-party, andone or more authentication data items;

authenticate, based at least in part on the indication of the identity of the second third-party and the one or more authentication data items, the identity of the second third-party;

compare the second purpose to the first purpose provided by the user;

in response to determining that the second purpose and the first purpose match, determine whether the item of personal data is one of the one or more items of personal data that are of the first default type or the one or more additional types indicated by the at least one of the user-selectable elements;

in response to determining that the item of personal data is one of the one or more items of personal data, transmit the item of personal data from the data store to the computing system of the second third-party over the computer network; and

log access data associated with the first request, wherein the access data includes the identity of the second third-party, a date and time the item of personal data was transmitted, an identification of a type of the item of personal data that was transmitted, and the second purpose for the first request;

wherein the one or more computer processors of the mobile computing device are further configured with specific computer executable instructions in order to cause the one or more computer processors to;

generate and display, on the display, a third interactive user interface including;

an indication of the identity of the second third-party,an indication of the date and time the item of personal data was transmitted,an indication of the type of the item of personal data that was transmitted,an indication of the second purpose for the first request, anda user selectable element by which the user may indicate a deauthorization of the second third-party to access the one or more items of personal data associated with the user;

receive, via input from the user, a selection of the user-selectable element of the third interactive user interface; and

in response to selection of the user-selectable element of the third interactive user interface, deauthorize the second third-party from further accessing, from the electronic data store, the one or more items of personal data associated with the user;

wherein the one or more computer processors of the computer server are further configured with specific computer executable instructions in order to cause the one or more computer processors to;

receive, from the computing system of the second third-party and over the computer network, a second request to access the item of personal data associated with the user from the electronic data store, wherein the second request includes the unique identifier;

determine that the item of personal data is one of the one or more items of personal data;

determine that the second third-party is not authorized to access the item of personal data; and

notify the user that the second third-party attempted to access the item of personal data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic personal data locker system is described in which personal data is stored, organized, accessed, and/or maintained, among others activities. In an embodiment, the personal data locker system comprises multiple personal data lockers that each store different types of personal information and/or data of a user. The personal data lockers are established by the system and may be integrated with mobile computing devices. The system may enable the sharing of the gathered data with third parties and/or may enable the user to set preferences for what data is to be shared with various third parties. The system may further provide convenience in providing personal data to third parties via a standard application programming interface (API). The system may also enable the finding and/or calculating of user-related insights based on the gathered data through correlation, aggregation, and/or analysis of the user'"'"'s personal data.

1598 Citations

4 Claims

1. A system comprising:
- a computer server comprising;
  
  an electronic data store storing personal data associated with a user; and
  
  one or more computer processors configured with specific computer executable instructions in order to cause the one or more computer processors to;
  
  receive, from the user, an indication of particular items and/or types of personal data to be stored in the electronic data store;
  
  receive, from the user, access credentials associated with the particular items and/or types of personal data to be stored in the electronic data store;
  
  obtain, via a computer network and using the access credentials, the particular items and/or types of personal data from a computing system of a first third-party by at least one of;
  
  accessing an application programming interface of the computing system of the first third-party, orscraping a web page received from the computing system of the first third-party;
  
  store, in the electronic data store, the particular items and/or types of personal data obtained from the computing system of the first third-party;
  
  receive, from a user, and store in the electronic data store;
  
  an indication of an association between a first default type of personal data and a first type of third-party, andan indication of an association between a second default type of personal data and second type of third-party;
  
  generate a unique identifier that is associated with the user; and
  
  communicate the unique identifier to a mobile computing device associated with the user;
  
  the mobile computing device comprising;
  
  a display; and
  
  one or more computer processors configured with specific computer executable instructions in order to cause the one or more computer processors to;
  
  receive the unique identifier;
  
  generate and display, on the display, a first interactive user interface including;
  
  an indication of the unique identifier, andone or more user-selectable elements by which the user may initiate wireless transmission of the unique identifier;
  
  receive, via input from the user, a selection of one of the user-selectable elements of the first interactive user interface;
  
  in response to selection of the one of the user-selectable elements of the first interactive user interface, initiate transmission of the unique identifier from the mobile computing device to a computing system of a second third-party via a wireless communications protocol, wherein the second third-party is of the first type;
  
  in response to initiation of transmission of the unique identifier from the mobile computing device to the computing system of the second third-party, generate and display, on the display, a second interactive user interface including;
  
  an indication of the second third-party,an indication that the first default type of personal data is accessible by the second third-party, wherein the indication of the association between the first default type of personal data and the first type of third-party was previously provided by the user, andone or more user-selectable elements by which the user may indicate additional types of personal data associated with the user to be accessible by the second third-party;
  
  receive, via input from the user, a selection of at least one of the user-selectable elements of the second interactive user interface;
  
  receive, via input from the user, an indication of a first purpose for which the second third-party may access personal data associated with the user; and
  
  in response to selection of the at least one of the user-selectable elements of the second interactive user interface, authorize the second third-party to access, for the first purpose and from the electronic data store of the computer server, one or more items of personal data associated with the user that are of the first default type and the one or more additional types indicated by the at least one of the user-selectable elements;
  
  wherein the one or more computer processors of the computer server are further configured with specific computer executable instructions in order to cause the one or more computer processors to;
  
  receive, from the computing system of the second third-party and over the computer network;
  
  a first request to access an item of personal data associated with the user from the electronic data store, wherein the first request includes the unique identifier and an indication of a second purpose for the first request,an indication of an identity of the second third-party, andone or more authentication data items;
  
  authenticate, based at least in part on the indication of the identity of the second third-party and the one or more authentication data items, the identity of the second third-party;
  
  compare the second purpose to the first purpose provided by the user;
  
  in response to determining that the second purpose and the first purpose match, determine whether the item of personal data is one of the one or more items of personal data that are of the first default type or the one or more additional types indicated by the at least one of the user-selectable elements;
  
  in response to determining that the item of personal data is one of the one or more items of personal data, transmit the item of personal data from the data store to the computing system of the second third-party over the computer network; and
  
  log access data associated with the first request, wherein the access data includes the identity of the second third-party, a date and time the item of personal data was transmitted, an identification of a type of the item of personal data that was transmitted, and the second purpose for the first request;
  
  wherein the one or more computer processors of the mobile computing device are further configured with specific computer executable instructions in order to cause the one or more computer processors to;
  
  generate and display, on the display, a third interactive user interface including;
  
  an indication of the identity of the second third-party,an indication of the date and time the item of personal data was transmitted,an indication of the type of the item of personal data that was transmitted,an indication of the second purpose for the first request, anda user selectable element by which the user may indicate a deauthorization of the second third-party to access the one or more items of personal data associated with the user;
  
  receive, via input from the user, a selection of the user-selectable element of the third interactive user interface; and
  
  in response to selection of the user-selectable element of the third interactive user interface, deauthorize the second third-party from further accessing, from the electronic data store, the one or more items of personal data associated with the user;
  
  wherein the one or more computer processors of the computer server are further configured with specific computer executable instructions in order to cause the one or more computer processors to;
  
  receive, from the computing system of the second third-party and over the computer network, a second request to access the item of personal data associated with the user from the electronic data store, wherein the second request includes the unique identifier;
  
  determine that the item of personal data is one of the one or more items of personal data;
  
  determine that the second third-party is not authorized to access the item of personal data; and
  
  notify the user that the second third-party attempted to access the item of personal data.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein the first purpose includes at least one of:
    - enrollment, eligibility, registration, ad targeting, loyalty point calculations, or social-networking activities.
  - 3. The system of claim 1, wherein the one or more types indicated by the at least one of the user-selectable elements include at least one of:
    - social media data, health data, professional data, credit data, or banking data.
  - 4. The system of claim 1, wherein authorizing the second third-party to access the one or more items of personal data associated with the user comprises:
    - providing, to the computer server and from the user via the mobile computing device, at least one of;
      
      a software key, a software token, authentication data, identity data, a username and password, an encryption key, a digital signature, or a mobile device identifier associated with the mobile computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Consumerinfo.com Incorporated (Experian plc)
Original Assignee
Consumerinfo.com Incorporated (Experian plc)
Inventors
Kapczynski, Mark Joseph, Dean, Michael John
Primary Examiner(s)
Obeid, Mamon
Assistant Examiner(s)
Choo, Johann

Application Number

US13/794,514
Time in Patent Office

1,751 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6245   Protecting personal data, e...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04W 12/069   using certificates or pre-s...

Storage and maintenance of personal data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

1598 Citations

4 Claims

Specification

Solutions

Use Cases

Quick Links

Storage and maintenance of personal data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1598 Citations

4 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links