SYSTEM AND METHOD TO PROVIDE SECURE ACCESS TO PERSONAL INFORMATION

US 20100185871A1
Filed: 01/15/2010
Published: 07/22/2010
Est. Priority Date: 01/15/2009
Status: Abandoned Application

First Claim

Patent Images

1. A method performed by a computing device having a memory and a processor for providing secure access to user information associated with a plurality of users, the method comprising:

for each of a plurality of users, each user having an associated information repository that stores values of one or more attributes of the user,receiving first authentication information from the user,authenticating the user based on the received first authentication information, andreceiving an indication of a plurality of access rules, each access rule defining permissions of at least one third party for accessing the information repository associated with the user; and

for each of a plurality of third parties,receiving second authentication information from the third party,authenticating the third party based on the received second authentication information,receiving from the third party an indication of a first request to access a first information repository associated with a first user, andupon determining, based at least in part on at least one access rule defined by the first user, that the third party is permitted to access the first information repository in accordance with the first request,accessing the first information repository in accordance with the first request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A personal information system allowing users to securely collect, store, and transfer personal information is disclosed. The personal information system provides a central location for users to store information, and allows third parties to securely access the information in accordance with user-defined access rules. By providing a central storage area that may be electronically accessed by third parties, the personal information system facilitates the transfer of user information to these third parties. In order to control access to a user'"'"'s stored personal information, user-defined access rules define the conditions under which third parties may access the stored information. The system also provides user authentication devices that include biometric recognition components and a touch screen display. The user authentication devices may be installed at third party locations to enable a user to authorize the transfer of personal information to third parties.

138 Citations

20 Claims

1. A method performed by a computing device having a memory and a processor for providing secure access to user information associated with a plurality of users, the method comprising:
- for each of a plurality of users, each user having an associated information repository that stores values of one or more attributes of the user,receiving first authentication information from the user,authenticating the user based on the received first authentication information, andreceiving an indication of a plurality of access rules, each access rule defining permissions of at least one third party for accessing the information repository associated with the user; and
  
  for each of a plurality of third parties,receiving second authentication information from the third party,authenticating the third party based on the received second authentication information,receiving from the third party an indication of a first request to access a first information repository associated with a first user, andupon determining, based at least in part on at least one access rule defined by the first user, that the third party is permitted to access the first information repository in accordance with the first request,accessing the first information repository in accordance with the first request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the first authentication information includes a sequence of fingerprints.
  - 3. The method of claim 2 wherein authenticating the user based on the received first authentication information includes determining whether each fingerprint in the sequence of fingerprints belongs to the user and determining whether the sequence of fingerprints matches a stored user fingerprint password.
  - 4. The method of claim 1 wherein updating the information repository based at least in part on the received value includes storing an indication of the received value and an associated time value.
  - 5. The method of claim 1 wherein the first request is a request to retrieve a value for a first attribute of the first information repository and wherein accessing the first information repository includes retrieving from the first information repository a value for the first attribute.
  - 6. The method of claim 5, further comprising:
    - encrypting the retrieved value for the first attribute; and
      
      sending to the third party an indication of the encrypted retrieved attribute value.
  - 7. The method of claim 1 wherein the first request is a request to store a value for a first attribute of the information repository and wherein accessing the first information repository includes storing in the first information repository the value for the first attribute.

8. A computer-readable storage medium containing instructions, that when executed by a computing device having a memory and a processor, cause the computing device to perform a method for accessing personal information, the method comprising:
- identifying, based on a received biometric password, a user, the user being associated with personal information stored in an information repository and a set of access rules for accessing the personal information stored in the information repository;
  
  identifying, based on received credentials, a third party;
  
  identifying at least one form associated with the third party, each form containing at least one field; and
  
  for each of the identified at least one forms,for each of the at least one field of the form,upon determining, based at least in part on the access rules stored by the information repository, that the third party is permitted to access the information repository to populate the field,retrieving a value of an attribute of personal information from the information repository, andpopulating the field with the retrieved attribute value, andsending an indication of the form containing fields populated with attribute values to the third party.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer-readable storage medium of claim 8, the method further comprising:
    - upon determining, based on the access rules, that the third party is not permitted to access the information repository to populate the field, prompting the user.
  - 10. The computer-readable storage medium of claim 8, the method further comprising:
    - displaying an indication of at least one of the identified at least one forms; and
      
      displaying a date selector.
  - 11. The computer-readable storage medium of claim 8, wherein retrieving a value from the information repository includes retrieving a value based on the currently selected date of the displayed date selector.
  - 12. The computer-readable storage medium of claim 8, wherein the biometric password is a sequence of fingerprints.
  - 13. The computer-readable storage medium of claim 8, wherein the received credentials includes an encrypted token and an address on a computer network.

14. A computing device having a memory and a processor for authenticating a user accessing an information repository associated with the user, the computing device comprising:
- a component that collects biometric data;
  
  a component that, upon determining that the collected biometric data corresponds to a user, authenticates the user;
  
  a component that displays a navigation menu for navigating the information repository associated with the user, the component configured to allow a user to specify access rules to personal information associated with the user that is stored in the information repository; and
  
  a component that accesses the information repository associated with the user based at least in part on commands received from the user through the displayed navigation menu to retrieve personal information of the user in accordance with the access rules.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computing device of claim 14 wherein the collected biometric data is a sequence of biometric data corresponding to biometric password associated with the user.
  - 16. The computing device of claim 15, wherein the biometric password is an admin-level password requiring a sequence of at least ten biometric data values.
  - 17. The computing device of claim 16, wherein the sequence of at least ten biometric data values includes at least one fingerprint.
  - 18. The computing device of claim 16, wherein the sequence of at least ten biometric data values includes at least one biometric data value that is not a fingerprint.
  - 19. The computing device of claim 15, further comprising:
    - a component that, in response to receiving a biometric password corresponding to a duress password associated with the user, contacts emergency services.
  - 20. The computing device of claim 15, further comprising:
    - a component that displays a third party form; and
      
      a component that retrieves information from the information repository and automatically populates fields of the displayed third party form with the retrieved information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Authentiverse Incorporated
Original Assignee
Authentiverse Incorporated
Inventors
Scherrer, Jeff, Scherrer, MaryAnn

Application Number

US12/688,823
Publication Number

US 20100185871A1
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 2221/2151 Time stamp

SYSTEM AND METHOD TO PROVIDE SECURE ACCESS TO PERSONAL INFORMATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

138 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD TO PROVIDE SECURE ACCESS TO PERSONAL INFORMATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links