System and method for an anonymous exchange of private data

US 8,560,456 B2
Filed: 12/02/2005
Issued: 10/15/2013
Est. Priority Date: 12/02/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for exchanging private data, comprising the steps of:

registering a plurality of data providers and a plurality of data buyers;

building, by the computer, a searchable index for each of the data buyers based on at least one index of private data for sale provided from one or more of the data providers;

for each searchable index of each of the data buyers, encrypting and decrypting the searchable index by a public key unique to a respective one of the data buyers, when building the searchable index;

receiving a query that identifies a data buyer of the plurality of data buyers and defines a purchase request for the private data;

retrieving the searchable index associated with the data buyer;

determining, by the computer, whether at least one of the data providers maintains the private data requested by the data buyer by comparing the purchase request to the searchable index associated with the data buyer;

encrypting and decrypting the searchable index associated with the data buyer by a private key unique to the data buyer, when determining whether at least one of the data providers maintains the private data requested; and

in response to determining that at least one of the data providers maintains the private data requested, arranging an exchange of the private data requested with the data buyer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Facilitating the purchase and sale of private data between anonymous entities based on the use of encryption and a centralized on-line entity to exchange the private data in a secure environment. The seeker of private data, such as consumer information, transmits an encrypted query to the centralized exchange entity. The query submission includes legal representations stating the legally permissible purpose for seeking the information. The centralized exchange entity compares the encrypted query to an encrypted data index collected from at least one data provider, to determine if the query matches any private data held by a data provider. The comparison is conducted within a secure, search component to ensure the privacy of all data and all parties to the transaction. The exchange entity facilitates the anonymous exchange between the data purchaser and the data provider. A payment invoice can be generated and electronically presented by maintainer. The payment may be electronically debited from the designated account of a data purchaser and remitted to a data provider. In addition, a portion of such funds may be retained by the centralized exchange entity.

Citations

41 Claims

1. A computer-implemented method for exchanging private data, comprising the steps of:
- registering a plurality of data providers and a plurality of data buyers;
  
  building, by the computer, a searchable index for each of the data buyers based on at least one index of private data for sale provided from one or more of the data providers;
  
  for each searchable index of each of the data buyers, encrypting and decrypting the searchable index by a public key unique to a respective one of the data buyers, when building the searchable index;
  
  receiving a query that identifies a data buyer of the plurality of data buyers and defines a purchase request for the private data;
  
  retrieving the searchable index associated with the data buyer;
  
  determining, by the computer, whether at least one of the data providers maintains the private data requested by the data buyer by comparing the purchase request to the searchable index associated with the data buyer;
  
  encrypting and decrypting the searchable index associated with the data buyer by a private key unique to the data buyer, when determining whether at least one of the data providers maintains the private data requested; and
  
  in response to determining that at least one of the data providers maintains the private data requested, arranging an exchange of the private data requested with the data buyer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 32, 33, 34, 35, 36)
- - 2. The computer-implemented method of claim 1, wherein the private data requested comprises at least one of an address, a telephone number, and a social security number.
  - 3. The computer-implemented method recited by claim 1, wherein the private data requested comprises law enforcement information regarding an individual, the law enforcement information comprising at least one of a driver'"'"'s license number of the individual and information regarding a criminal history of the individual.
  - 4. The computer-implemented method recited by claim 1, further comprising the step of receiving a legal representation from the data buyer that the data buyer will use the private data requested only in accordance with stated permissible uses.
  - 5. The computer-implemented method recited by claim 1, wherein the registering comprises:
    - receiving a legal representation from each data provider that the data provider will provide the private data only in accordance stated permissible uses; and
      
      receiving a legal representation from each data buyer that the data buyer will use any received private data only in accordance with stated permissible uses.
  - 6. The computer-implemented method recited by claim 5, wherein the registering further comprises:
    - receiving registration form data entered by each of the data providers and the data buyers via an on-line registration form;
      
      validating the registration form data; and
      
      registering the data providers and data buyers based on an outcome of the validating.
  - 7. The computer-implemented method recited by claim 6, wherein the registration form data for each data provider and data buyer comprises the legal representation provided by the data provider or data buyer.
  - 8. The computer-implemented method recited by claim 1, wherein at least one of the data buyers is a collection agency.
  - 9. The computer-implemented method recited by claim 1, wherein the query comprises an encrypted query and the determining whether at least one of the data providers maintains the private data selected comprises:
    - generating a decrypted query by decrypting the encrypted query based on the public key unique to the data buyer;
      
      decrypting the searchable index associated with the data buyer based on the private key of the data buyer; and
      
      comparing the decrypted query to at least one record of the decrypted searchable index,wherein the generating a decrypted query, decrypting the searchable index, and comparing are completed within a search component to securely process the decrypted query and decrypted searchable index.
  - 10. The computer-implemented method recited by claim 1, further comprising transmitting a message to the data buyer advising that the private data requested is not available in response to determining that none of the data providers maintain the private data requested.
  - 11. The computer-implemented method recited by claim 1, wherein the step of building the searchable index for each data buyer comprises:
    - receiving a separate index from each data provider, each separate index identifying a corresponding data provider and each type of private data available from the corresponding data provider; and
      
      building each searchable index based on the separate index from each data provider.
  - 12. The computer-implemented method recited by claim 11, wherein the query comprises an encrypted query and the determining whether at least one of the data providers maintains the private data selected comprises:
    - generating a decrypted query by decrypting the encrypted query based on the public key unique to the data buyer;
      
      decrypting the searchable index associated with the data buyer based on the private key of the data buyer; and
      
      comparing the decrypted query to at least one record of the decrypted searchable index,wherein the generating a decrypted query, decrypting the searchable index, and comparing are completed within a search component to securely process the decrypted query and decrypted searchable index.
  - 13. The computer-implemented method recited by claim 1, wherein the query comprises an encrypted query.
  - 14. The computer-implemented method recited by claim 11, wherein the building a searchable index further comprises:
    - generating a compiled index by compiling the separate indices received from the data providers.
  - 32. The computer-implemented method of claim 1, wherein the private data requested comprises financial information regarding an individual, the financial information comprising at least one of information regarding a mortgage history of the individual, information regarding a loan history of the individual, and a credit status for the individual.
  - 33. The computer-implemented method of claim 1, wherein the private data requested comprises medical information regarding an individual, the medical information comprising at least one of an age of the individual, information regarding an insurance policy of the individual, a name of a doctor of the individual, and information regarding a medical history of the individual.
  - 34. The computer-implemented method of claim 9, wherein the search component comprises a sandbox container of the computer separate from all other processing activities of the computer.
  - 35. The computer-implemented method of claim 12, wherein the search component comprises a sandbox container of the computer separate from all other processing activities of the computer.
  - 36. The computer-implemented method of claim 1, wherein the method is performed by an entity other than a regulated entity under the Fair Credit Reporting Act.

15. A computer-implemented method for exchanging consumer information, comprising the steps of:
- registering a plurality of data providers and a plurality of data buyers;
  
  building, by the computer, a searchable index for each of the data buyers based on at least one index of consumer information for sale provided from one or more of the data providers;
  
  for each searchable index of each of the data buyers, encrypting and decrypting the searchable index by a public key unique to a respective one of the data buyers, when building the searchable index;
  
  receiving a query and a legal representation from a data buyer of the plurality of data buyers, the query defining a purchase request for consumer information and the legal representation indicating that the data buyer will use the consumer information requested only in accordance with stated permissible uses;
  
  retrieving the searchable index associated with the data buyer;
  
  determining, by the computer, whether at least one of the data providers maintains the consumer information requested by the data buyer by comparing the purchase request to the searchable index associated with the data buyer;
  
  encrypting and decrypting the searchable index associated with the data buyer by a private key unique to the data buyer, when determining whether at least one of the data providers maintains the consumer information requested;
  
  in response to determining that at least one of the data providers maintains the consumer information requested, arranging for an exchange of the consumer information requested with the data buyer; and
  
  arranging, by the computer, for delivery of a payment from the data buyer.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 37)
- - 16. The computer-implemented method of claim 15, wherein the consumer information requested comprises at least one of an address, a telephone number, and a social security number.
  - 17. The computer-implemented method recited by claim 15, wherein the consumer information requested comprises law enforcement information regarding an individual, the law enforcement information comprising at least one of a driver'"'"'s license number of the individual and information regarding a criminal history of the individual.
  - 18. The computer-implemented method recited by claim 15, wherein the consumer information requested comprises financial information regarding an individual, the financial information comprising at least one of information regarding a mortgage history of the individual, information regarding a loan history of the individual, and a credit status for the individual.
  - 19. The computer-implemented method recited by claim 15, wherein the registering comprises:
    - receiving registration form data entered by each of the data providers and the data buyers via an on-line registration form, the legal representation from each data buyer being received as part of the registration form data;
      
      validating the registration form data; and
      
      registering the data providers and data buyers based on an outcome of the validating.
  - 20. The computer-implemented method recited by claim 15, wherein the query comprises an encrypted query and the determining whether at least one of the data providers maintains the consumer information requested comprises:
    - generating a decrypted query by decrypting the encrypted query based on the public key unique to the data buyer;
      
      decrypting the searchable index associated with the data buyer based on the private key of the data buyer; and
      
      comparing the decrypted query to at least one record of each decrypted searchable index,wherein the generating a decrypted query, decrypting the searchable index, and comparing are completed within a search component to securely process the decrypted query and decrypted searchable index.
  - 21. The computer-implemented method recited by claim 20, wherein the search component comprises a sandbox container of the computer separate from all other processing activities of the computer.
  - 37. The computer-implemented method of claim 15, wherein the consumer information requested comprises medical information regarding an individual, the medical information comprising at least one of an age of the individual, information regarding an insurance policy of the individual, a name of a doctor of the individual, and information regarding a medical history of the individual.

22. A computer-implemented method for exchanging private data, comprising the steps of:
- registering a plurality of data providers and a plurality of data buyers, the registration of each data buyer of the plurality of data buyers comprising receiving a legal representation from the data buyer that the data buyer will use any private data requested only in accordance with stated permissible uses;
  
  building, by the computer, a searchable index for each of the data buyers based on at least one index of private data for sale provided from one or more of the data providers;
  
  for each searchable index of each of the data buyers, encrypting and decrypting the searchable index by a public key unique to a respective one of the data buyers, when building the searchable indexes;
  
  receiving an encrypted query that identifies a data buyer of the plurality of data buyers and defines a purchase request for private data;
  
  retrieving the searchable index associated with the data buyer;
  
  determining, by the computer, whether at least one of the data providers maintains the private data requested by the data buyer by comparing the purchase request to the searchable index associated with the data buyer;
  
  encrypting and decrypting the searchable index associated with the data buyer by a private key unique to the data buyer, when determining whether at least one of the data providers maintains the private data requested; and
  
  in response to determining that at least one of the data providers maintains the private data requested, transmitting a message to the data buyer comprising information about the private data requested, the cost of purchasing the private data requested, and an anonymous exchange identifier code for uniquely identifying the private data requested.
- View Dependent Claims (23, 24, 25, 26, 38, 39)
- - 23. The computer-implemented method recited by claim 22, wherein the private data requested comprises at least one of an address, a telephone number, and a social security number.
  - 24. The computer-implemented method recited by claim 22, wherein the private data requested comprises law enforcement information regarding an individual, the law enforcement information comprising at least one of a driver'"'"'s license number of the individual and information regarding a criminal history of the individual.
  - 25. The computer-implemented method recited by claim 22, wherein the registering comprises:
    - receiving registration form data entered by each of the data providers and the data buyers via an on-line registration form;
      
      validating the registration form data; and
      
      registering the data providers and data buyers based on an outcome of the validating.
  - 26. The computer-implemented method recited by claim 22, wherein determining whether at least one of the data providers maintains the private data requested further comprises:
    - generating a decrypted query by decrypting the encrypted query based on the public key unique to the data buyer;
      
      decrypting the searchable index associated with the data buyer based on the private key of the data buyer; and
      
      comparing the decrypted query to at least one record of the decrypted searchable index,wherein the generating a decrypted query, decrypting the searchable index, and comparing are completed within a search component sandbox container of the computer separate from all other processing activities of the computer.
  - 38. The computer-implemented method recited by claim 22, wherein the private data requested comprises financial information regarding an individual, the financial information comprising at least one of information regarding a mortgage history of the individual, information regarding a loan history of the individual, and a credit status for the individual.
  - 39. The computer-implemented method recited by claim 22, wherein the private data requested comprises medical information regarding an individual, the medical information comprising at least one of an age of the individual, information regarding an insurance policy of the individual, a name of a doctor of the individual, and information regarding a medical history of the individual.

27. A computer-implemented method for exchanging consumer information, comprising the steps of:
- registering a plurality of data providers and a plurality of data buyers, the registration of each data buyer of the plurality of data buyers comprising receiving a legal representation from the data buyer that the data buyer will use any consumer information requested only in accordance with stated permissible uses;
  
  building, by the computer, a searchable index for each of the data buyers based on at least one index of consumer information for sale provided from one or more of the data providers;
  
  for each searchable index of each of the data buyers, encrypting and decrypting the searchable index by a public key unique to a respective one of the data buyers, when building the searchable indexes;
  
  receiving an encrypted query that identifies a data buyer of the plurality of data buyers and defines a purchase request for consumer information;
  
  retrieving the searchable index associated with the data buyer;
  
  determining, by the computer, whether at least one of the data providers maintains the consumer information requested by the data buyer by comparing the purchase request to the searchable index associated with the data buyer;
  
  encrypting and decrypting the searchable index associated with the data buyer by a private key unique to the data buyer, when determining whether at least one of the data providers maintains the consumer information requested; and
  
  in response to determining that at least one of the data providers maintains the consumer information requested, transmitting a message to the data buyer comprising information about the consumer information requested, the cost of purchasing the consumer information requested, and an anonymous exchange identifier code for uniquely identifying the consumer information requested.
- View Dependent Claims (28, 29, 30, 31, 40, 41)
- - 28. The computer-implemented method recited by claim 27, wherein the consumer information requested comprises at least one of an address, a telephone number, and a social security number.
  - 29. The computer-implemented method recited by claim 27, wherein the consumer information requested comprises law enforcement information regarding an individual, the law enforcement information comprising at least one of a driver'"'"'s license number of the individual and information regarding a criminal history of the individual.
  - 30. The computer-implemented method recited by claim 27, wherein the registering further comprises:
    - receiving registration form data entered by each of the data providers and the data buyers via an on-line registration form;
      
      validating the registration form data; and
      
      registering the data providers and data buyers based on an outcome of the validating.
  - 31. The computer-implemented method recited by claim 27, wherein determining whether at least one of the data providers maintains the consumer information requested comprises:
    - generating a decrypted query by decrypting the encrypted query based on the public key unique to the data buyer;
      
      decrypting the searchable index associated with the data buyer based on the private key of the data buyer; and
      
      comparing the decrypted query to at least one record of the decrypted searchable index,wherein the generating a decrypted query, decrypting the searchable index, and comparing are completed within a search component sandbox container of the computer separate from all other processing activities of the computer.
  - 40. The computer-implemented method recited by claim 27, wherein the consumer information requested comprises financial information regarding an individual, the financial information comprising at least one of information regarding a mortgage history of the individual, information regarding a loan history of the individual, and a credit status for the individual.
  - 41. The computer-implemented method recited by claim 27, wherein the consumer information requested comprises medical information regarding an individual, the medical information comprising at least one of an age of the individual, information regarding an insurance policy of the individual, a name of a doctor of the individual, and information regarding a medical history of the individual.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Credigy Technologies Inc. (National Bank of Canada)
Original Assignee
Credigy Technologies Inc. (National Bank of Canada)
Inventors
Williams, Jason S.
Primary Examiner(s)
Kalinowski, Alexander
Assistant Examiner(s)
DEGA, MURALI K

Application Number

US11/293,646
Publication Number

US 20070130070A1
Time in Patent Office

2,874 Days
Field of Search

705 1- 79
US Class Current

705/67
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06Q 30/02   Marketing; Price estimation...

G06Q 30/0601   Electronic shopping [e-shop...

H04L 2209/42   Anonymization, e.g. involvi...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/04   for providing a confidentia...

H04L 9/30   Public key, i.e. encryption...

System and method for an anonymous exchange of private data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for an anonymous exchange of private data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links