SECURING PERSONAL INFORMATION
First Claim
Patent Images
1. A method of controlling access to information, comprising:
- receiving a request from a requester, the request identifying a user record and an action to be performed on the user record;
determining whether the requester has a permission to perform the action on the user record;
performing the action, when it is determined that the requester has the permission to perform the action by;
challenging the requester to present a hardware-based credential of an owner of the user record; and
communicating with the hardware-based credential to obtain the permission for taking the action on the user record.
1 Assignment
0 Petitions
Accused Products
Abstract
A database containing personal information of a user can be selectively read from and written to by multiple entities. Access level rules determine who gets access to which entries of a user record in the database. Access to some entries and actions taken on some entries may be possible only by producing, in real time, a smartcard-based authorization for such access or actions.
309 Citations
20 Claims
-
1. A method of controlling access to information, comprising:
-
receiving a request from a requester, the request identifying a user record and an action to be performed on the user record; determining whether the requester has a permission to perform the action on the user record; performing the action, when it is determined that the requester has the permission to perform the action by; challenging the requester to present a hardware-based credential of an owner of the user record; and communicating with the hardware-based credential to obtain the permission for taking the action on the user record. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for controlling access to personal information;
- comprising;
a storage unit that stores personal information records for one or more users; a request reception unit that receives a request from a requester, the request comprising a logical expression query, evaluation of which uses a personal information record; a request control unit that determines whether the received request conforms to a set of access rules; a request rejection unit that rejects the request when the request does not conform to the set of access rules; an evaluation unit that evaluates the logical expression query using data contained in the personal information record to produce a query result; and a response unit that responds to the request using the query result. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- comprising;
-
18. A system for performing a transaction using personal information of a user, comprising:
-
a storage unit that stores personal information record of one or more users; a hardware-based credential for each user; and a personal information controller that controls access to the personal information stored in the storage unit; wherein, upon receiving a request from a requester to perform an action on a user record, the personal information controller; determines whether the requester has a permission to perform the action to the user record, and when it is determined that the requester has the permission to perform the action, then the personal information controller challenges the requester to present the hardware-based credential and communicates with the hardware-based credential to obtain the permission for taking the action on the user record. - View Dependent Claims (19, 20)
-
Specification