Method and system for protecting information on a computer system

US 20040054935A1
Filed: 09/03/2003
Published: 03/18/2004
Est. Priority Date: 01/18/2002
Status: Active Grant

First Claim

Patent Images

1. A method for securing information stored on a computer system, comprising:

creating a user ID and personal password for a user to access said computer system;

generating an access code in response to said user scheduling a start time and duration to access said information on said computer system;

at least at said scheduled start time, said computer system receiving said access code, user ID and personal password from said user; and

responsive to said access code, user ID and personal password said computer system allowing said user to access said information for said duration.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for protecting sensitive information, for example, a user'"'"'s personal information, stored on a database where the information is accessible via a communications network such as the Internet. An exemplary embodiment stores the sensitive information on an off-line server. The off-line server is connected to an on-line server. The on-line server is connected to the user via the Internet. The user interfaces with the on-line server, and at a scheduled time window, the sensitive information is made available to the on-line server by the off-line server. Outside of the time window, none of the sensitive information is kept on the on-line server. Thus by placing the sensitive information on-line for only limited periods of time the risk of compromise to the sensitive information is greatly reduced.

Citations

26 Claims

1. A method for securing information stored on a computer system, comprising:
- creating a user ID and personal password for a user to access said computer system;
  
  generating an access code in response to said user scheduling a start time and duration to access said information on said computer system;
  
  at least at said scheduled start time, said computer system receiving said access code, user ID and personal password from said user; and
  
  responsive to said access code, user ID and personal password said computer system allowing said user to access said information for said duration.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising receiving from said user said access code and said personal password that is authenticated by the user before an end time, said end time, comprising a sum of duration added to said start time.
  - 3. The method of claim 1 wherein said personal password is encrypted when received by said computer system and wherein said encrypted password is authenticated using an encrypted password file.
  - 4. The method of claim 3 wherein only said encrypted password file is stored on said computer system and not an unencrypted password file.
  - 5. The method of claim 1 wherein said personal password is associated with said user via said user ID.
  - 6. The method of claim 5 further comprising at said scheduled start time, said computer system further receiving said user ID from said user;
    - and wherein said computer system further receives said user ID before allowing said user to access said information for said duration.
  - 7. The method of claim 1 wherein said user logs on to said computer system using another computer system connected to said computer system via a communications network.
  - 8. The method of claim 7 wherein said communications network is the Internet.

9. A security system for protecting information stored on a database, comprising:
- a first server computer comprising said database;
  
  a second server computer connected to said first server computer by a first communications path;
  
  a user computer connected to said second server computer by a second communications path, wherein said user computer'"'"'s only connection to said database is via said second server computer; and
  
  an access code generated by said first server computer in response to a user scheduling a start time and a duration to access said information on said database; and
  
  wherein responsive to receiving said access code at or after said scheduled start time from said user computer, said first server computer copying a portion of said information to said second server computer, said portion accessible to said user computer.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The security system of claim 9 wherein said second communications path is an Internet path.
  - 11. The security system of claim 9 wherein said access code is received by said user via a third communications path, comprising a public telephone line.
  - 12. The security system of claim 9 wherein said portion of said information comprises a document log, said document log having a hyperlink to a medical record of a patient.
  - 13. The security system of claim 9 wherein said information comprises a user'"'"'s medical records.
  - 14. The security system of claim 9 further comprising:
    - a password for use by said user in accessing said information; and
      
      an encrypted password file stored on said database for authenticating said user computer by using said password, before said portion of said information is accessible to said user computer.

15. A security system for protecting information stored on a database, comprising:
- a first server computer comprising said database;
  
  a second server computer connected to said first server computer by a first communications path;
  
  a user computer for a user to access said information, said user computer connected to said second server computer by a second communications path, wherein said user computer'"'"'s only connection to said database is via said second server computer;
  
  a phone system, comprising a telephone connection to said user and a third communications path to said first server computer; and
  
  an access code generated by said first server computer after a request by said user via said phone system, wherein said user enters said access code into said user computer to access said information.
- View Dependent Claims (16, 17)
- - 16. The security system of claim 15 wherein said phone system is fully automated.
  - 17. The security system of claim 15 wherein said phone system further includes a telephone for communicating with said user and a PC for communicating with said first server computer.

18. A method for providing security for information stored on a first server system, said first server system connected to a second server system, wherein said second server system is connected to a user computer, said method comprising:
- said first server system generating a code in response to a user scheduling a time period to access information on said first server system;
  
  sending said code to said user;
  
  at said scheduled time period receiving said code by said second server system from said user computer system; and
  
  said second server system responsive to said code, loading at least part of said information stored on said first server system for use by said user computer during said scheduled time period.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The method of claim 18 wherein said scheduling is via a first communications path of said communications network.
  - 20. The method of claim 19 wherein said receiving is via a second communications path of said communications network, wherein said second communications path is different from said first communications path.
  - 21. The method of claim 18 wherein said first server system generating a code in response to a user scheduling a time period further comprises:
    - authenticating said user using a predetermined user ID and a predetermined user password; and
      
      only after said authenticating, generating said code.
  - 22. The method of claim 18 wherein said first server system generating a code in response to a user scheduling a time period further comprises:
    - authenticating said user using a predetermined user ID and a prerecorded user voice-print; and
      
      only after said authenticating, generating said code.
  - 23. The method of claim 18 further comprising:
    - receiving a predetermined password from said user computer system;
      
      after receiving said code by said second server system from said user computer system, authenticating said code by said second server system;
      
      encrypting said predetermined password; and
      
      authenticating said encrypted predetermined password by said first server system, wherein said encrypted predetermined password must be authenticated before said loading at least part of said information stored on said first server system occurs.

24. A method for accessing information stored on a system, comprising a computer, said system connected to a user computer via a communications network, said method comprising:
- a user scheduling a time and duration when said user computer is allowed to access information on said system, said scheduling via a first communications path of said communications network;
  
  receiving from said system an access code, said access code based on said scheduled time and duration;
  
  at said scheduled time said user computer connecting to said system using said access code and a predetermined password, said connecting via a second communications path of said communications network, wherein said second communications path is different from said first communications path; and
  
  said user computer having access to said information for said duration.
- View Dependent Claims (25, 26)
- - 25. The method of claim 24 wherein said user scheduling a time and duration is via a telephone connection to a service provider representative.
  - 26. The method of claim 24 wherein said user scheduling a time and duration is via a telephone connection to a service provider'"'"'s automated voice recognition unit (VRU).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Peoplechart Corporation
Original Assignee
Peoplechart Corporation
Inventors
Holvey, R. David, Jopling, Arthur Douglas

Granted Patent

US 7,370,349 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

G16H 10/60 for patient-specific data, ...

G16H 30/20 for handling medical images...

Method and system for protecting information on a computer system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for protecting information on a computer system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links