SECURING PERSONAL INFORMATION

US 20160048700A1
Filed: 08/14/2014
Published: 02/18/2016
Est. Priority Date: 08/14/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method of controlling access to information, comprising:

receiving a request from a requester, the request identifying a user record and an action to be performed on the user record;

determining whether the requester has a permission to perform the action on the user record;

performing the action, when it is determined that the requester has the permission to perform the action by;

challenging the requester to present a hardware-based credential of an owner of the user record; and

communicating with the hardware-based credential to obtain the permission for taking the action on the user record.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A database containing personal information of a user can be selectively read from and written to by multiple entities. Access level rules determine who gets access to which entries of a user record in the database. Access to some entries and actions taken on some entries may be possible only by producing, in real time, a smartcard-based authorization for such access or actions.

309 Citations

20 Claims

1. A method of controlling access to information, comprising:
- receiving a request from a requester, the request identifying a user record and an action to be performed on the user record;
  
  determining whether the requester has a permission to perform the action on the user record;
  
  performing the action, when it is determined that the requester has the permission to perform the action by;
  
  challenging the requester to present a hardware-based credential of an owner of the user record; and
  
  communicating with the hardware-based credential to obtain the permission for taking the action on the user record.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the communicating with the hardware-based credential includes sending a passcode query and receiving a passcode response.
  - 3. The method of claim 1, further including:
    - receiving an access level of the requester, wherein the access level is indicative of types of actions for which the requester is authorized.
  - 4. The method of claim 1, wherein the action comprises reading a value from a field of the user record and wherein the determining includes checking from an access list associated with the user record whether the field of the user record is accessible by the requester, based on the access level of the requester.
  - 5. The method of claim 1, further including:
    - taking the action on the user record after the permission is obtained; and
      
      updating a user record log with an entry indicative of the action taken.
  - 6. The method of claim 5, wherein the log is located on the hardware-based credential.
  - 7. The method of claim 1, wherein the hardware-based credential comprises a secure processor and a non-volatile memory.

8. An apparatus for controlling access to personal information;
- comprising;
  
  a storage unit that stores personal information records for one or more users;
  
  a request reception unit that receives a request from a requester, the request comprising a logical expression query, evaluation of which uses a personal information record;
  
  a request control unit that determines whether the received request conforms to a set of access rules;
  
  a request rejection unit that rejects the request when the request does not conform to the set of access rules;
  
  an evaluation unit that evaluates the logical expression query using data contained in the personal information record to produce a query result; and
  
  a response unit that responds to the request using the query result.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 9. The apparatus of claim 8, wherein one of the set of access rule includes an access rule based on an identity of the requester.
  - 10. The apparatus of claim 8, wherein the request control units determines whether the logical expression query is a one-way function of the personal information record, wherein a value of the personal information determines an output value of the one-way function but the output value of the one-way function does not uniquely determine the value of the personal information.
  - 11. The apparatus of claim 10, wherein the request rejection unit rejects the request when the logical expression query is not a one-way function.
  - 12. The apparatus of claim 8, further comprising:
    - a record management unit that receives a record management message for changing the personal information record; and
      
      a record management control unit determines whether the received record management message conforms to the set of access rules, whereinthe record management messages makes a change to the personal information record when the record management control unit determines that the record management message conforms to the set of access rules.
  - 13. The apparatus of claim 12, wherein the record management message includes at least one action from creating a new personal information record entry, altering an existing personal information record entry, and deleting a personal information record entry.
  - 14. The apparatus of claim 8, wherein the request rejection unit includes a temporary access unit that prompts the requester to provide additional credential when the request does not conform to the set of access rules.
  - 15. The apparatus of claim 8, wherein the request control unit determines an access level of the requester.
  - 16. The apparatus of claim 8, further including a rules programming unit that receives a new rule and modifies the evaluation unit based on the received new rule.
  - 17. The apparatus of claim 8, wherein the storage unit stores the personal information records in an encrypted format.

18. A system for performing a transaction using personal information of a user, comprising:
- a storage unit that stores personal information record of one or more users;
  
  a hardware-based credential for each user; and
  
  a personal information controller that controls access to the personal information stored in the storage unit;
  
  wherein, upon receiving a request from a requester to perform an action on a user record, the personal information controller;
  
  determines whether the requester has a permission to perform the action to the user record, andwhen it is determined that the requester has the permission to perform the action, then the personal information controller challenges the requester to present the hardware-based credential andcommunicates with the hardware-based credential to obtain the permission for taking the action on the user record.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the hardware-based credential for each user includes a micro-processor and a non-volatile memory.
  - 20. The system of claim 18, wherein the storage unit is a distributed storage unit such that at least some personal information records are stored on the hardware-based credential.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nagravision SA (Kudelski SA)
Original Assignee
Nagravision SA (Kudelski SA)
Inventors
Stransky-Heilkron, Philippe

Application Number

US14/460,209
Publication Number

US 20160048700A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/34   involving the use of extern...

G06F 21/6245   Protecting personal data, e...

H04L 63/083   using passwords cryptograph...

SECURING PERSONAL INFORMATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

309 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURING PERSONAL INFORMATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

309 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links