Consumer-controlled limited and constrained access to a centrally stored information account

US 7,016,877 B1
Filed: 11/07/2001
Issued: 03/21/2006
Est. Priority Date: 08/04/2000
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for providing access to consumer information comprising:

storing an information account in a central data repository that is accessible via a distributed computer network, the information account containing consumer information elements that are changed by the consumer;

associating consumer authentication information with the information account using a server such that access to the information account by the consumer is conditioned upon receipt and verification of the consumer authentication information by the server;

further associating a temporary authorization with the information account using an authentication module running on the server, the temporary authorization having consumer-defined attributes that define access privileges that will be granted to a person who presents the temporary authorization along with a request for access to the information account;

receiving the temporary authorization from the distributed computer network;

comparing the temporary authorization to data in an authentication table associated with the information account using the authentication module in order to determine at least one of;

whether the temporary authorization is being used by an authorized party who is not the consumer, whether the temporary authorization has expired, and what level of access to the information account is associated with the temporary authorization; and

granting a level of access to the information account by the authentication module based on the temporary authorization if the temporary authorization is found valid based on the comparing step.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Consumer authentication information is associated with an information account stored in a central database, such that access to the information account by the consumer is conditioned upon receipt and verification of the consumer authentication information. A temporary authorization may also be associated with the information account. The temporary authorization has consumer-defined attributes that define access privileges to be granted to a person who presents the temporary authorization along with a request for further access to the information account. The temporary authorization may be transmitted to the consumer for presentation to a third-party of the consumer'"'"'s choice. Alternately, the temporary authorization may be transmitted to a designated third-party or device on behalf of the consumer.

255 Citations

59 Claims

1. A computer-implemented method for providing access to consumer information comprising:
- storing an information account in a central data repository that is accessible via a distributed computer network, the information account containing consumer information elements that are changed by the consumer;
  
  associating consumer authentication information with the information account using a server such that access to the information account by the consumer is conditioned upon receipt and verification of the consumer authentication information by the server;
  
  further associating a temporary authorization with the information account using an authentication module running on the server, the temporary authorization having consumer-defined attributes that define access privileges that will be granted to a person who presents the temporary authorization along with a request for access to the information account;
  
  receiving the temporary authorization from the distributed computer network;
  
  comparing the temporary authorization to data in an authentication table associated with the information account using the authentication module in order to determine at least one of;
  
  whether the temporary authorization is being used by an authorized party who is not the consumer, whether the temporary authorization has expired, and what level of access to the information account is associated with the temporary authorization; and
  
  granting a level of access to the information account by the authentication module based on the temporary authorization if the temporary authorization is found valid based on the comparing step.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. A computer readable medium having stored thereon computer executable instructions for performing the method of claim 1.
  - 3. The method of claim 1, wherein the consumer-defined attributes comprise at least one of the access privileges relating to:
    - a number of times that the temporary authorization may be used to access the information account, a period of validity associated with the temporary authorization, a type of the consumer information elements that can be accessed, and a specification of read, write and/or modify privileges.
  - 4. The method of claim 1, wherein the consumer-defined attributes include a filter identifier that identifies a filter to be used to ensure that only authorized data is filtered for release to the party who presents the temporary authorization.
  - 5. The method of claim 1, further comprising the step of transmitting the temporary authorization to the consumer;
    - andwherein the consumer presents the temporary authorization to a third-party.
  - 6. The method of claim 1, further comprising the step of transmitting the temporary authorization to a designated third-party on behalf of the consumer.
  - 7. A computer readable medium having stored thereon computer executable instructions for performing the method of claim 6.
  - 8. The method of claim 6, wherein transmitting the temporary authorization to the designated third-party comprises emailing the temporary authorization to an email account designated by the consumer.
  - 9. The method of claim 6, wherein transmitting the temporary authorization to the third-party comprises embedding the temporary authorization as a parameter in uniform resource locator and re-directing a browser operated by the consumer to a web page associated with the third-party using the uniform resource locator;
    - andwherein a server hosting the web page is configured to extract the temporary authorization from the uniform resource locator and to transmit a request for access to the information account along with the temporary authorization on behalf of the third-party.
  - 10. The method of claim 6, wherein transmitting the temporary authorization to the third-party comprises storing the temporary authorization in a second information account stored in the central data repository and associated with the third-party.
  - 11. The method of claim 1, wherein the information account stores the consumer information elements as a tagged data structure.

12. A computer-implemented method for providing access to consumer information comprising:
- presenting to a host server via a distributed computer network a request for access by a consumer to an information account along with consumer authentication information, the information account being stored in a central data repository that is accessible by the host server via the distributed computer network, the information account containing consumer information elements that are changed by the consumer;
  
  receiving from the host server an acknowledgment that the consumer has been authenticated based on the consumer authentication information and thereby granted access to the information account;
  
  in response to the acknowledgment, transmitting to the host server a request by the consumer for generation of a temporary authorization having consumer-defined attributes that define access privileges that are granted to a person who presents the temporary authorization along with a subsequent request for access to the information account;
  
  receiving the temporary authorization from the distributed computer network with an authentication module running on the host server;
  
  comparing the temporary authorization to data in an authentication table associated with the information account using the authentication module in order to determine at least one of;
  
  whether the temporary authorization is being used by an authorized party who is not the consumer, whether the temporary authorization has expired, and what level of access to the information account is associated with the temporary authorization; and
  
  granting a level of access to the information account with the authentication module based on the temporary authorization if the temporary authorization is found valid based on the comparing step.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. A computer readable medium having stored thereon computer executable instructions for performing the method of claim 12.
  - 14. The method of claim 12, wherein the consumer-defined attributes comprise at least one of the access privileges relating to:
    - a number of times that the temporary authorization may be used to access the information account, a period of validity associated with the temporary authorization, a type of the consumer information elements that can be accessed, and a specification of read, write and/or modify privileges.
  - 15. The method of claim 12, wherein the consumer-defined attributes include a filter identifier that identifies a filter to be used to ensure that only authorized data is filtered for release to the party who presents the temporary authorization.
  - 16. The method of claim 12, further comprising the steps of:
    - receiving the temporary authorization from the host server; and
      
      presenting the temporary authorization to the consumer for delivery to a third-party.
  - 17. The method of claim 12, wherein the host server generates the temporary authorization and transmits the temporary authorization to a designated third-party on behalf of the consumer.
  - 18. A computer readable medium having stored thereon computer executable instructions for performing the method of claim 17.
  - 19. The method of claim 17, wherein transmitting the temporary authorization to the designated third-party comprises emailing the temporary authorization to an email account designated by the consumer.
  - 20. The method of claim 17, wherein transmitting the temporary authorization to the third-party comprises embedding the temporary authorization as a parameter in a uniform resource locator and redirecting a browser operated by the consumer to a web page associated with the third-party using the uniform resource locator;
    - andwherein a server hosting the web page is configured to extract the temporary authorization from the uniform resource locator and to transmit a request for access to the information account along with the temporary authorization on of the third-party.
  - 21. The method of claim 17, wherein transmitting the temporary authorization to the third-party comprises storing the temporary authorization in a second information account stored in the central data repository and associated with the third-party.
  - 22. The method of claim 12, wherein the information account stores the consumer information elements as a tagged data structure.

23. A computer-implemented method for providing access to consumer information via a distributed computer network comprising:
- receiving a request with a first server for access to an information account and consumer authentication information from a client device executing a browser, the information account being stored in a central data repository and containing consumer information elements that are changed by the consumer;
  
  authenticating the consumer with the first server to access the information account based on the consumer authentication information;
  
  in response to authenticating the consumer by the first server to access the information account based on the consumer authentication information, generating a temporary authorization with an authentication module running on the first server having consumer-defined attributes that define access privileges that are granted to an entity that presents the temporary authorization along with a further request for access to the information account;
  
  embedding the temporary authorization as a parameter in a uniform resource locator with the authentication module and redirecting the browser of the client device with the first server to a web page hosted by a second server and associated with a third-party using the uniform resource locator;
  
  subsequently receiving a communication with the first server from the second server hosting the web page comprising the further request for access to the information account along with the temporary authorization; and
  
  in response to receiving the temporary authorization with the first server, authenticating the third-party with the authentication module to access the information account according to the access privileges associated with the temporary authorization.
- View Dependent Claims (24, 25, 26, 27, 28, 29)
- - 24. A computer readable medium having stored thereon computer executable instructions for performing the method of claim 23.
  - 25. The method of claim 23, wherein the consumer-defined attributes comprise at least one of the access privileges relating to:
    - a number of times that the temporary authorization may be used to access the information account, a period of validity associated with the temporary authorization, a type of the consumer information elements that can be accessed, and a specification of read, write and/or modify privileges.
  - 26. The method of claim 23, wherein the consumer-defined attributes include a filter identifier that identifies a filter to be used to ensure that only authorized data is filtered for release to the party who presents the temporary authorization.
  - 27. The method of claim 23, wherein the information account stores the consumer information elements as a tagged data structure.
  - 28. The method of claim 23, wherein the communication from the second server is generated by a server-side application.
  - 29. The method of claim 28, wherein the communication conforms with Simple Object Access Protocol.

30. A compute system for providing access to consumer information comprising:
- a central data repository accessible via a distributed computer network for storing an information account containing consumer information elements that are changed accessed, retrieved and altered by the consumer;
  
  a communication device for receiving from the consumer via the distributed computer network consumer authentication information, a request for a temporary authorization and consumer-defined attributes defining access privileges that are granted to a person who presents the temporary authorization along with a request for further access to the information account; and
  
  a processor configured for executing computer-executable instructions for;
  
  in response to receiving the consumer, authentication information, accessing an authentication table to determine whether the consumer authentication information is associated with the information account, such that the consumer may be provided with access to the information account,in response to determining that the consumer authentication information is associated with the information account and in response to the request for the temporary authorization, generating the temporary authorization having the consumer-defined attributes;
  
  receiving the temporary authorization from the distributed computer network;
  
  comparing the temporary authorization to data in the authentication table associated with the information account in order to determine at least one of;
  
  whether the temporary authorization is being used by at least one of an authorized person and authorized third-party who is not the consumer, whether the temporary authorization has expired, and what level of access to the information account is associated with the temporary authorization; and
  
  granting a level of access to the information account based on the temporary authorization if the temporary authorization is found valid based on the comparing step.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
- - 31. The system of claim 30, wherein the consumer-defined attributes comprise at least one of the access privileges relating to:
    - a number of times that the temporary authorization may be used to access the information account, a period of validity associated with the temporary authorization, a type of the consumer information elements that can be accessed, and a specification of read, write and/or modify privileges.
  - 32. The system of claim 30, wherein the consumer-defined attributes include a filter identifier that identifies a filter to be used to ensure that only authorized data is filtered for release to the party who presents the temporary authorization.
  - 33. The system of claim 30, wherein the processor is further configured for executing computer-executable instructions for transmitting the temporary authorization to the consumer for delivery to a third-party.
  - 34. The system of claim 30, wherein the processor is further configured for executing computer-executable instructions for transmitting the temporary authorization to a designated third-party on behalf of the consumer.
  - 35. The system of claim 34, wherein transmitting the temporary authorization to the designated third-party comprises emailing the temporary authorization to an email account designated by the consumer.
  - 36. The system of claim 34, wherein transmitting the temporary authorization to the third-party comprises embedding the temporary authorization as a parameter in a uniform resource locator and re-directing a browser operated by the consumer to a web page associated with the third-party using the uniform resource locator;
    - andwherein a server hosting the web page is configured to extract the temporary authorization from the uniform resource locator and to transit a request for access to the information account along with the temporary authorization on behalf of the third-party.
  - 37. The system of claim 34, wherein transmitting the temporary authorization to the third-party comprises storing the temporary authorization in a second information account stored in the central data repository and associated with the third-party.
  - 38. The system of claim 30, wherein the information account stores the consumer information elements as a tagged data structure.

39. A computer-implemented method for providing access to an information account, comprising the steps of:
- storing the information account on a central data repository;
  
  receiving with a server, over a distributed computer network, requests from different network devices for access to the information account, each of said requests comprising an authorization identifier;
  
  in response to each of the requests, comparing each authorization identifier to data in an authentication table associated with the information account using an authentication module running on the server in order to determine at least one of;
  
  whether the authorization identifier is being used by an authorized party who is not the consumer, whether the authorization identifier has expired, and what level of access to the information account is associated with the authorization identifier;
  
  if the comparing step is successful for a particular authorization identifier, then retrieving a set of authorization parameters associated with the particular authorization identifier using the authentication module, said authorization parameters being defined by the entity whose information is stored in the information account; and
  
  granting access to each of the network devices the authentication module if the comparing step is successful and in accordance with the authorization parameters retrieved in response to the network device'"'"'s request.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47)
- - 40. The method of claim 39, wherein said authorization parameters specify a number of times the authorization identifier can be used to access the information account.
  - 41. The method of claim 39, wherein said authorization parameters specify a period of time over which the authorization identifier can be used to access the information account.
  - 42. The method of claim 39, wherein said authorization parameters specify what portion of the information account can be accessed.
  - 43. The method of claim 39, wherein said authorization parameters specify whether the requestor is authorized to write information to the information account and whether the requestor is authorized to modify existing information in the information account.
  - 44. The method of claim 39, further comprising the steps of:
    - receiving, over the distributed computer network, a request to define access privileges to the information account for a specified network device;
      
      authenticating the request to define access privileges;
      
      storing a set of authorization parameters specifying the access privileges for the specified network device;
      
      associating an authorization identifier with the stored set of authorization parameters; and
      
      transmitting the authorization identifier to the specified network device, said authorization identifier thereafter being useable to provide the specified network device with access to the information account according to the stored set of authorization parameters.
  - 45. The method of claim 44, wherein said step of transmitting the authorization identifier to the specified network device comprises the step of transmitting the authorization identifier to an account associated with the specified network device.
  - 46. The method of claim 44, wherein said step of transmitting the authorization identifier to the specified network device comprises the step of storing the authorization identifier in an electronic account associated with the specified network device.
  - 47. The method of claim 44, wherein said step of transmitting the authorization identifier to the specified network device comprises the steps of embedding the authorization identifier in a network address tag, and transmitting the network address tag to a remote browser, such that the browser is redirected to the specified network device, thereby permitting the specified network device to extract the authorization identifier.

48. A system for providing access to an information account, comprising:
- a data repository storing an information account;
  
  a computer network interface for receiving, over a distributed computer network, requests from different network devices for access to the information account, each of said requests comprising an authorization identifier; and
  
  a processor for comparing each authorization identifier to data in an authentication table associated with the information account in order to determine at least one of;
  
  whether the authorization identifier is being used by an authorized party who is not the entity whose information is stored in the information account whether the authorization identifier has expired, and what level of access to the information account is associated with the authorization identifier, said processor configured to retrieve a set of authorization parameters associated with the authorization identifier if a comparison between a respective authorization identifier and data in the authentication table is successful, said processor granting access to each of the network devices in accordance with the authorization parameters retrieved in response to the network device'"'"'s request and if a comparison between a respective authorization identifier and data in the authentication table is successful;
  
  wherein said authorization parameters are defined by the entity whose information is stored in the information account.
- View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56)
- - 49. The system of claim 48, wherein said authorization parameters specify a number of times the authorization identifier can be used to access the information account.
  - 50. The system of claim 48, wherein said authorization parameters specify a period of tine over which the authorization identifier can be used to access the information account.
  - 51. The system of claim 48, wherein said authorization parameters specify what portion of the information account can be accessed.
  - 52. The system of claim 48, wherein said authorization parameters specify whether the requester is authorized to write information to the information account and whether the requester is authorized to modify existing information in the information account.
  - 53. The system of claim 48, wherein said network interface is configured to receive, over the distributed computer network, a request to define access privileges to the information account for a specified network device, and wherein said processor is further configured to store a set of authorization parameters specifying the access privileges for the specified network device, associate an authorization identifier with the stored set of authorization parameters, and provide the authorization identifier to the specified network device, said authorization identifier thereafter being useable to provide the specified network device with access to the information account according to the stored set of authorization parameters.
  - 54. The system of claim 53, wherein the authorization identifier is provided to the specified network device by transmitting the authorization identifier to an account associated with the specified network device.
  - 55. The system of claim 53, wherein the authorization identifier is provided to the specified network device by storing the authorization identifier in an electronic account associated with the specified network device.
  - 56. The system of claim 53, wherein the authorization identifier is provided to the specified network device by embedding the authorization identifier in a network address tag and transmitting the network address tag to a remote browser, such that the browser is redirected to the specified network device, thereby permitting the specified network device to extract the authorization identifier.

57. A computer-implemented method for providing selective access to a consumer information account, the method comprising the steps of:
- storing data for a consumer information account;
  
  providing an interface whereby an owner of the consumer information account can specify the terms by which third parties can access the consumer information account;
  
  storing the terms for future use in an authentication module of a server;
  
  associating the stored terms with one or more authorization tickets;
  
  transmitting the authorization tickets to specified third parties;
  
  receiving the authorization tickets from a distributed computer network;
  
  comparing the authorization tickets to data in the authentication table associated with the consumer information account using the authentication module in order to determine at least one of;
  
  whether the authorization ticket is being used by an authorized third-party who is not the consumer, whether the temporary authorization has expired, and what level of access to the information account is associated with the temporary authorization; and
  
  granting a level of access to the consumer information account based on the authorization ticket if the authorization ticket is found valid based on the comparing step.
- View Dependent Claims (58, 59)
- - 58. The method of claim 57, further comprising the steps of:
    - receiving requests from the third parties for access to the consumer information account, each of the requests comprising an authorization ticket;
      
      in response to each of the requests, retrieving the stored terms associated therewith; and
      
      granting the third parties access to the consumer information account in accordance with the stored terms associated with the third party'"'"'s authorization ticket.
  - 59. The method of claim 57, wherein each of said authorization tickets is associated with a set of authorization parameters.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CXT Systems, Inc. (Quest Patent Research Corporation)
Original Assignee
Enfo Trust Networks, Inc.
Inventors
Hawkins, Stan, Bradnan, Andrew, Steele, Nick, Maranville, Joe
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US10/007,785
Time in Patent Office

1,595 Days
Field of Search

705/50, 705/51, 705/67, 713/201
US Class Current

705/50
CPC Class Codes

G06Q 20/3674 involving authentication

G06Q 30/02 Marketing; Price estimation...

Consumer-controlled limited and constrained access to a centrally stored information account

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

255 Citations

59 Claims

Specification

Solutions

Use Cases

Quick Links

Consumer-controlled limited and constrained access to a centrally stored information account

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

255 Citations

59 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links