Method and system for protecting information on a computer system

US 7,370,349 B2
Filed: 09/03/2003
Issued: 05/06/2008
Est. Priority Date: 01/18/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method for securing information stored on a computer system, comprising:

creating a user ID and personal password for a user to access said computer system;

generating an access code in response to said user scheduling a future start time and duration to access said stored information on said computer system, wherein an end time comprises said duration added to said scheduled figure start time;

before said end time and at or after said scheduled future start time, said computer system receiving said access code, user ID and personal password from said user; and

responsive to said access code, user ID and personal password said computer system, allowing said user to access said stored information for no longer than said duration.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for protecting sensitive information, for example, a user'"'"'s personal information, stored on a database where the information is accessible via a communications network such as the Internet. An exemplary embodiment stores the sensitive information on an off-line server. The off-line server is connected to an on-line server. The on-line server is connected to the user via the Internet. The user interfaces with the on-line server, and at a scheduled time window, the sensitive information is made available to the on-line server by the off-line server. Outside of the time window, none of the sensitive information is kept on the on-line server. Thus by placing the sensitive information on-line for only limited periods of time the risk of compromise to the sensitive information is greatly reduced.

53 Citations

View as Search Results

30 Claims

1. A method for securing information stored on a computer system, comprising:
- creating a user ID and personal password for a user to access said computer system;
  
  generating an access code in response to said user scheduling a future start time and duration to access said stored information on said computer system, wherein an end time comprises said duration added to said scheduled figure start time;
  
  before said end time and at or after said scheduled future start time, said computer system receiving said access code, user ID and personal password from said user; and
  
  responsive to said access code, user ID and personal password said computer system, allowing said user to access said stored information for no longer than said duration.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 29)
- - 2. The method of claim 1 wherein said access code is generated only after receiving from said user at least said personal password created for said user.
  - 3. The method of claim 1 wherein said personal password is encrypted when received by said computer system and wherein said encrypted password is authenticated using an encrypted password file.
  - 4. The method of claim 3 wherein only said encrypted password file is stored on said computer system and not an unencrypted password file.
  - 5. The method of claim 1 wherein said personal password is associated with said user via said user ID.
  - 6. The method of claim 5 wherein the step of generating said access code is further in response to receipt of said user ID and said personal password.
  - 7. The method of claim 1 wherein said user logs on to said computer system using another computer system connected to said computer system via a communications network.
  - 8. The method of claim 7 wherein said communications network is the Internet.
  - 29. The method of claim 1, wherein said computer system allows said user to access said stored information only until said end time.

9. A security system for protecting information stored on a database, comprising:
- a first server computer comprising said database;
  
  a second server computer connected to said first server computer by a first communications path;
  
  a user computer connected to said second server computer by a second communications path; and
  
  an access code generated by said first server computer in response to a user scheduling a future start time and a duration to enable said user computer to access said information on or after said scheduled future start time and for no longer than said duration, wherein an end time comprises said duration added to said scheduled future start time; and
  
  wherein, responsive to receiving said access code before said end time and at or after said scheduled future start time from said user computer, said first server computer copying a portion of said information to said second server computer, and wherein said user computer has access to said portion of said information only on said second server computer.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The security system of claim 9 wherein said second communications path is an Internet path.
  - 11. The security system of claim 9 wherein said access code is received by said user via a third communications path, comprising a public telephone line.
  - 12. The security system of claim 9 wherein said portion of said information comprises a document log, said document log having a hyperlink to a medical record of a patient.
  - 13. The security system of claim 9 wherein said information comprises a user'"'"'s medical records.
  - 14. The security system of claim 9 further comprising:
    - a password for use by said user in accessing said information; and
      
      an encrypted password file stored on said database for authenticating said user computer by using said password, before said portion of said information is accessible to said user computer.

15. A security system for protecting information stored on a database, comprising:
- a first server computer comprising said database;
  
  a second server computer connected to said first server computer by a first communications path;
  
  a user computer for a user to access said information, said user computer connected to said second server computer by a second communications park;
  
  a phone system, comprising a telephone connection to said user and a third communications path to said first server computer; and
  
  an access code generated by said first server computer after a request by said user via said phone system to access said information during a future time period, wherein said user enters said access code into said user computer to access said information, and wherein said first server computer copies a portion of said information to said second server computer, and wherein said user computer has access to information in said database only when said information resides on said second server computer.
- View Dependent Claims (16, 17, 27, 28)
- - 16. The security system of claim 15 wherein said phone system is fully automated.
  - 17. The security system of claim 15 wherein said phone system further includes a telephone for communicating with said user and a PC for communicating with said first server computer.
  - 27. The security system of claim 15, wherein, responsive to receiving said access code from said user computer, said first server computer copies said portion of said information to said second server computer.
  - 28. The security system of claim 15, wherein, responsive to said request by said user, said first server computer copies said portion of said information to said second server computer.

18. A method for providing security for information stored on a first server system, said first server system connected to a second server system, wherein said second server system is connected to a user computer, said method comprising:
- said first server system generating a code in response to a user scheduling a future time period to access information on said first server system;
  
  sending said code to said user;
  
  at a time in said scheduled future time period, receiving said code by said second server system from said user computer system; and
  
  said second server system responsive to said code, loading at least part of said information stored on said first server system for use by said user computer until said scheduled future time period ends.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The method of claim 18 wherein said scheduling is via a first communications path of said communications network.
  - 20. The method of claim 19 wherein said receiving is via a second communications path of said communications network, wherein said second communications path is different from said first communications path.
  - 21. The method of claim 18 wherein said first server system generating a code in response to a user scheduling a future time period further comprises:
    - authenticating said user using a predetermined user ID and a predetermined user password; and
      
      only after said authenticating, generating said code.
  - 22. The method of claim 18 wherein said first server system generating a code in response to a user scheduling a future time period further comprises:
    - authenticating said user using a predetermined user ID and a prerecorded user voice-print; and
      
      only after said authenticating, generating said code.
  - 23. The method of claim 18 further comprising:
    - receiving a predetermined password from said user computer system;
      
      after receiving said code by said second sewer system from said user computer system, authenticating said code by said second server system;
      
      encrypting said predetermined password; and
      
      authenticating said encrypted predetermined password by said first server system, wherein said encrypted predetermined password must be authenticated before said loading at least part of said information stored on said first server system occurs.

24. A method for accessing information stored on a system, comprising a computer, said system connected to a user computer via a communications network, said method comprising:
- a user scheduling a future time and duration when said user computer is allowed to access information on said system, said scheduling via a first communications path of said communications network;
  
  receiving from said system an access code, said access code based on said scheduled future time and duration, wherein an end time comprises said duration added to said scheduled future start time;
  
  before said end time and at or after said scheduled future time, said user computer connecting to said system using said access code and a predetermined password, said connecting via a second communications path of said communications network, wherein said second communications path is different from said first communications path; and
  
  said user computer having access to said information for no longer than said duration.
- View Dependent Claims (25, 26, 30)
- - 25. The method of claim 24 wherein said user scheduling a future time and duration is via a telephone connection to a service provider representative.
  - 26. The method of claim 24 wherein said user scheduling a future time and duration is via a telephone connection to a service provider'"'"'s automated voice recognition unit (VRU).
  - 30. The method of claim 24, wherein said user computer has access to said information only until said end time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Peoplechart Corporation
Original Assignee
Peoplechart Corporation
Inventors
Holvey, R David, Jopling, Arthur Douglas
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
Lashley; Laurel

Application Number

US10/655,243
Publication Number

US 20040054935A1
Time in Patent Office

1,707 Days
Field of Search

None
US Class Current

726/5
CPC Class Codes

G16H 10/60 for patient-specific data, ...

G16H 30/20 for handling medical images...

Method and system for protecting information on a computer system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

53 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for protecting information on a computer system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links