Secure information vault, exchange and processing system and method

US 7,587,366 B2
Filed: 10/14/2004
Issued: 09/08/2009
Est. Priority Date: 10/14/2004
Status: Active Grant

First Claim

Patent Images

1. A secure information repository system, comprising:

a trusted third party having data storage for securely storing encrypted information, associated with an account holder;

a deposit system for securely depositing encrypted information into the data storage by the account holder;

a system structured and arranged to allow the account holder to designate information provided by the account holder to the trusted third party as private, shareable, and commercial, wherein;

the private information is information accessible to the account holder but not to a second party;

the sharable information is information accessible to the account holder and the second party as provided by contract; and

the commercial information is information accessible to the account holder and the second party when the second party pays a fee for the commercial information;

a system of the trusted third party for allowing the account holder to provide permission to the second party to read an agreed upon set of personal information;

an information access system for accessing the encrypted information stored in the data storage;

an information withdrawal system for removing the encrypted information stored in the data storage; and

a tracking system for logging at least any one of a deposit to the data storage, a withdrawal from the data storage, a deletion to the data storage, an account creation, an account deletion, and an access to the data storage,wherein the account holder is an owner of personal data and the system allows the owner of personal data to control and manage access and dissemination of the personal data such that the trusted third party prevents the second party from seeing designated personal information and makes available to the second party designated information of the account holder.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing an information vault so that individual owners of personal data may control and manage the access and dissemination of the personal data and provides for the owner of the personal data to receive compensation for the use of the personal data, thus, in effect, the personal data becomes a valuable commodity analogous to money. A business model is provided that allows competitive, unbiased trusted third parties whose business is protecting the information analogous to how a commercial bank protects money. Centralized protected storage of personal data is provided, thereby minimizing the number of copies that may be in existence. Second party access to the centralized storage of personal data may be made on-demand, as required for commerce, with a provision for assessing fees for accesses.

146 Citations

39 Claims

1. A secure information repository system, comprising:
- a trusted third party having data storage for securely storing encrypted information, associated with an account holder;
  
  a deposit system for securely depositing encrypted information into the data storage by the account holder;
  
  a system structured and arranged to allow the account holder to designate information provided by the account holder to the trusted third party as private, shareable, and commercial, wherein;
  
  the private information is information accessible to the account holder but not to a second party;
  
  the sharable information is information accessible to the account holder and the second party as provided by contract; and
  
  the commercial information is information accessible to the account holder and the second party when the second party pays a fee for the commercial information;
  
  a system of the trusted third party for allowing the account holder to provide permission to the second party to read an agreed upon set of personal information;
  
  an information access system for accessing the encrypted information stored in the data storage;
  
  an information withdrawal system for removing the encrypted information stored in the data storage; and
  
  a tracking system for logging at least any one of a deposit to the data storage, a withdrawal from the data storage, a deletion to the data storage, an account creation, an account deletion, and an access to the data storage,wherein the account holder is an owner of personal data and the system allows the owner of personal data to control and manage access and dissemination of the personal data such that the trusted third party prevents the second party from seeing designated personal information and makes available to the second party designated information of the account holder.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1, wherein the data storage, the deposit system, the information access system, and the information withdrawal system are services of an information vault and each service accessible via a network.
  - 3. The system of claim 1, wherein the deposit system, the information access system and the information withdrawal system use a dual key security mechanism to authenticate a transaction.
  - 4. The system of claim 1, further comprising a charging system for charging a user for at least any one of a deposit of information into the information vault, a withdrawal of information from the information vault, and an access to information in the data storage.
  - 5. The system of claim 1, wherein the data storage stores personal information associated with the account holder including at least any one of a credit card information, a demographic information, a medical record, a user identification information, an age, a date of birth, an address, and a financial information.
  - 6. The system of claim 1, wherein the deposit system provides for a user to identify an item of information with a handle and associate the item of information with an account, the item of information being encrypted with a private key associated with the user or account holder and the item is identified as being one of sharable, commercial, and private.
  - 7. The system of claim 1, wherein the information access system provides for a user to access an item of information identified by a handle.
  - 8. The system of claim 7, wherein the user is other than the account holder and the user gains access to the item of information via a contract, wherein the contract specifies at least the account holder'"'"'s public key, the user'"'"'s public key, and contract details.
  - 9. The system of claim 8, wherein the contract is digitally signed by the user by hashing the contract using a private key of the user and encrypting a result of the hashing.
  - 10. The system of claim 9, wherein the contract defines access restriction to the item of information to entities specified in the contract.
  - 11. The system of claim 1, further comprising a contract data token that specifies the account holder as a first party and the second party, the second party being another user given access to the encrypted information by the first party.
  - 12. The system of claim 11, wherein the contract data token is provided to the second party for accessing the encrypted information and controls the functions that the second party may perform with the encrypted information.
  - 13. The system of claim 11, wherein the contract data token is digitally signed and encrypted with a private key of the first party.
  - 14. The system of claim 12, wherein the contract data token is authenticated by one of the information access system and information withdrawal system when the second party presents the contract data token for accessing the at least one item of first party information.

15. A system for providing a protected information repository, comprising:
- a trusted third party having an information vault having data storage comprising;
  
  a system structured and arranged to allow an account holder to designate information provided by the account holder to the trusted third party as private, shareable, and commercial, wherein;
  
  the private information is information accessible to the account holder but not to a second party;
  
  the sharable information is information accessible to the account holder and the second party as provided by contract; and
  
  the commercial information is information accessible to the account holder and the second party when the second party pays a fee for the commercial information;
  
  a system configured to securely create an account for the account holder in the information vault;
  
  a system configured to securely delete information in the information vault;
  
  a system configured to allow the account holder to provide permission to the second party to read an agreed upon set of personal information;
  
  a system configured to access information in the information vault; and
  
  a system configured to charge for transactional activity involving the information,wherein the system for providing a protected information repository allows the account holder to control and manage access and dissemination of the personal information such that the trusted third party prevents the second party from seeing designated personal information and makes available to the second party designated information of the account holder.
- View Dependent Claims (16, 17, 18)
- - 16. The system of claim 15, further comprising:
    - a system configured to create a digital certificate;
      
      a system configured to track transactional activity with the information vault; and
      
      a system configured to mutually authenticate parties using the digital certificate during a transaction with the information vault.
  - 17. The system of claim 15, further comprising:
    - a system configured to expire information associated with the account in the information vault;
      
      a system configured to remove information from the account;
      
      a system configured to read information from the account; and
      
      a system configured to delete the account.
  - 18. The system of claim 15, further comprising:
    - a system configured to create a second party contract;
      
      a second party contract fulfillment system;
      
      a commercial information deposit system; and
      
      a system configured to provide commercial access to the commercial information.

19. A method of providing an information repository, comprising:
- accessing an information vault of a trusted third party to perform a transaction involving a secured item of information stored in the information vault;
  
  providing a system structured and arranged to allow an account holder to designate information provided by the account holder to the trusted third party as private, shareable, and commercial, wherein;
  
  the private information is information accessible to the account holder but not to a second party;
  
  the sharable information is information accessible to the account holder and the second party as provided by contract; and
  
  the commercial information is information accessible to the account holder and the second party when the second party pays a fee for the commercial information;
  
  authenticating an identity of the second party;
  
  executing the transaction on computer infrastructure when the identity of the second party is authenticated; and
  
  logging the transaction,wherein the method allows the account holder, who is an owner of personal data, to control and manage access and dissemination of the personal information such that the trusted third party prevents the second party from seeing designated personal information and makes available to the second party designated information of the owner of personal information.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 20. The method of claim 19, further comprising charging a fee for the transaction.
  - 21. The method of claim 20, wherein at least a portion of the fee is remitted to the owner of personal information.
  - 22. The method of claim 19, further comprising creating a digital certificate for use in authenticating the identity of the entity.
  - 23. The method of claim 19, further comprising:
    - creating a digital certificate for an applicant associated with the secured item of information and authenticating the applicant using a witness and third party identity authenticator; and
      
      accessing the information vault to create an account associated with the applicant and presenting the digital certificate as identity.
  - 24. The method of claim 19, wherein the authenticating authenticates using a trusted third party authenticator.
  - 25. The method of claim 19, wherein the accessing includes at least any one of depositing the item of information, reading the item of information, removing the item of information, deleting an account, depositing commercial information, and querying commercial information.
  - 26. The method of claim 25, wherein the deleting account includes removing all user information from an information vault map.
  - 27. The method of claim 19, further comprising:
    - searching the contents of the information vault for information for information about to expire;
      
      notifying an owner of the information about to expire; and
      
      when the owner permits the information to expire, deleting all information, associated metadata, and associated contracts for the information that has expired.
  - 28. The method of claim 19, further comprising:
    - verifying a contract token by validating the digital signature of the contract token;
      
      verifying that the second party is the second party as specified by the contract token;
      
      performing the functions as specified by the contract token; and
      
      returning any results of the performed functions to the second party completing the transaction.
  - 29. The method of claim 28, wherein when the any results is data, the any results is decrypted with the information vault'"'"'s private key and re-encrypted with the second party'"'"'s public key.
  - 30. The method of claim 29, further comprising decrypting the any results using the second party'"'"'private key.
  - 31. The method of claim 19, wherein the accessing is a deposit of commercial information by an owner of the commercial information and the secured item of information is an item of commercial information, wherein the commercial information item has at least any one of an expiration time, an identifier, a permission, a format type, a security level, one or more keywords and an owner ID.
  - 32. The method of claim 31 further comprising building a commercial information index.

33. A method of charging for personal information comprising:
- depositing personal data by an owner into an information vault of computer infrastructure of a trusted third party;
  
  providing a system structured and arranged to allow the owner to open an account and become an account holder, wherein the account holder can designate information provided by the account holder to the trusted third party as private, shareable, and commercial, wherein;
  
  the private information is information accessible to the account holder but not to a second party;
  
  the sharable information is information accessible to the account holder and the second party as provided by contract; and
  
  the commercial information is information accessible to the account holder and the second party when the second party pays a fee for the commercial information;
  
  establishing a contract with the second party and the owner to enable access to the personal data by the at least one entity;
  
  allowing via the trusted third party the owner of personal data to provide permission to the second party to read an agreed upon set of personal data;
  
  accessing the personal data by the second party according to terms of the contract;
  
  preventing the second party from seeing designated personal data and making available to the second party designated data of the owner of personal data;
  
  charging a fee to the second party for accessing the designated personal data of the owner of the personal data; and
  
  remitting at least a portion of the fee to the owner of the personal data.
- View Dependent Claims (34, 35, 36, 37, 38)
- - 34. The method of claim 33, wherein the personal data is encrypted using the owner'"'"'s public key.
  - 35. The method of claim 33, wherein the accessing step includes authenticating at least the at least one entity.
  - 36. The method of claim 33, wherein the establishing the contract includes authenticating the identity of the owner and the identity of the second party, and specifying terms of the contract, the terms defining functions that the second party can perform with the personal data.
  - 37. The method of claim 33, wherein the information vault authenticates the owner and the second party.
  - 38. The method of claim 33, wherein the depositing provides for the owner to encrypt the personal data with a private key associated with the owner.

39. A computer program product comprising a computer usable medium having readable program code embodied in the medium, the computer program product includes at least one component to:
- allow an owner of personal data to control and manage, via the internet, access and dissemination of the personal data wherein the owner of personal data provides permission to an entity to read an agreed upon set of personal data;
  
  preventing the entity from seeing designated personal data and making available to the entity a secured item of personal data stored in the information vault;
  
  access an information vault of a trusted third party to perform a transaction involving the secured item of personal data stored in the information vault;
  
  authenticate an identity of the entity performing the accessing;
  
  execute the transaction when the identity of the entity is authenticated; and
  
  log the transaction,wherein the computer program product is implemented with a system structured and arranged to allow the owner to open an account and become an account holder, wherein the account holder can designate information provided by the account holder to the trusted third party as private, shareable, and commercial, wherein;
  
  the private information is information accessible to the account holder but not to the entity;
  
  the sharable information is information accessible to the account holder and the entity as provided by contract; and
  
  the commercial information is information accessible to the account holder and the entity when the entity pays a fee for the commercial information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Grim, Clifton III, Wilson, John D., Schmidt, Christopher I.
Primary Examiner(s)
Trammell; James P
Assistant Examiner(s)
Tran; Hai

Application Number

US10/965,592
Publication Number

US 20060085344A1
Time in Patent Office

1,790 Days
Field of Search

705/51
US Class Current

705/51
CPC Class Codes

G06Q 20/40 Authorisation, e.g. identif...

G06Q 30/02 Marketing; Price estimation...

Secure information vault, exchange and processing system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

146 Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Secure information vault, exchange and processing system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

146 Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links