SYSTEM AND METHOD TO PROVIDE SECURE ACCESS TO PERSONAL INFORMATION
First Claim
1. A method performed by a computing device having a memory and a processor for providing secure access to user information associated with a plurality of users, the method comprising:
- for each of a plurality of users, each user having an associated information repository that stores values of one or more attributes of the user,receiving first authentication information from the user,authenticating the user based on the received first authentication information, andreceiving an indication of a plurality of access rules, each access rule defining permissions of at least one third party for accessing the information repository associated with the user; and
for each of a plurality of third parties,receiving second authentication information from the third party,authenticating the third party based on the received second authentication information,receiving from the third party an indication of a first request to access a first information repository associated with a first user, andupon determining, based at least in part on at least one access rule defined by the first user, that the third party is permitted to access the first information repository in accordance with the first request,accessing the first information repository in accordance with the first request.
1 Assignment
0 Petitions
Accused Products
Abstract
A personal information system allowing users to securely collect, store, and transfer personal information is disclosed. The personal information system provides a central location for users to store information, and allows third parties to securely access the information in accordance with user-defined access rules. By providing a central storage area that may be electronically accessed by third parties, the personal information system facilitates the transfer of user information to these third parties. In order to control access to a user'"'"'s stored personal information, user-defined access rules define the conditions under which third parties may access the stored information. The system also provides user authentication devices that include biometric recognition components and a touch screen display. The user authentication devices may be installed at third party locations to enable a user to authorize the transfer of personal information to third parties.
138 Citations
20 Claims
-
1. A method performed by a computing device having a memory and a processor for providing secure access to user information associated with a plurality of users, the method comprising:
-
for each of a plurality of users, each user having an associated information repository that stores values of one or more attributes of the user, receiving first authentication information from the user, authenticating the user based on the received first authentication information, and receiving an indication of a plurality of access rules, each access rule defining permissions of at least one third party for accessing the information repository associated with the user; and for each of a plurality of third parties, receiving second authentication information from the third party, authenticating the third party based on the received second authentication information, receiving from the third party an indication of a first request to access a first information repository associated with a first user, and upon determining, based at least in part on at least one access rule defined by the first user, that the third party is permitted to access the first information repository in accordance with the first request, accessing the first information repository in accordance with the first request. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable storage medium containing instructions, that when executed by a computing device having a memory and a processor, cause the computing device to perform a method for accessing personal information, the method comprising:
-
identifying, based on a received biometric password, a user, the user being associated with personal information stored in an information repository and a set of access rules for accessing the personal information stored in the information repository; identifying, based on received credentials, a third party; identifying at least one form associated with the third party, each form containing at least one field; and for each of the identified at least one forms, for each of the at least one field of the form, upon determining, based at least in part on the access rules stored by the information repository, that the third party is permitted to access the information repository to populate the field, retrieving a value of an attribute of personal information from the information repository, and populating the field with the retrieved attribute value, and sending an indication of the form containing fields populated with attribute values to the third party. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computing device having a memory and a processor for authenticating a user accessing an information repository associated with the user, the computing device comprising:
-
a component that collects biometric data; a component that, upon determining that the collected biometric data corresponds to a user, authenticates the user; a component that displays a navigation menu for navigating the information repository associated with the user, the component configured to allow a user to specify access rules to personal information associated with the user that is stored in the information repository; and a component that accesses the information repository associated with the user based at least in part on commands received from the user through the displayed navigation menu to retrieve personal information of the user in accordance with the access rules. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification