Customer support account with restricted patient data access

US 8,819,849 B2
Filed: 02/20/2012
Issued: 08/26/2014
Est. Priority Date: 12/22/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A method for accessing a user'"'"'s account by customer support without viewing the user'"'"'s private data, the method comprising:

receiving, in an application module communicating with a web service, a request for authentication by a support person using a linked user-support login name that includes a concatenation of the support person'"'"'s login name, the user'"'"'s login name and a prefix;

authenticating the user, by the application, using the user'"'"'s login name extracted from the linked user-support login name;

authenticating the support person, by the application, using the support person'"'"'s login name extracted from the linked user-support login name;

retrieving, by the application, a current user session as viewed by the user on an electronic screen of a processing device of the user, the retrieval being performed in response to the authentication of the user and the support person;

dynamically redacting private data of the user from the user session to create a redacted user session, where the prefix acts as a trigger for activating a redaction module for redacting the user'"'"'s current session; and

delivering the redacted user session for display in an electronic screen of a processing device of the support person.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for accessing a user'"'"'s account by customer support without viewing the user'"'"'s private data includes receiving, in an application module communicating with a web service, a request for authentication by a support person using a linked user-support login name. The method includes authenticating the user, authenticating the support person and retrieving a current session of the user as viewed by the user on an electronic screen of a processing device of the user. The method further includes dynamically redacting private data of the user from the user session to create a redacted user session, and delivering the redacted user session for display in an electronic screen of a processing device of the support person.

19 Citations

View as Search Results

20 Claims

1. A method for accessing a user'"'"'s account by customer support without viewing the user'"'"'s private data, the method comprising:
- receiving, in an application module communicating with a web service, a request for authentication by a support person using a linked user-support login name that includes a concatenation of the support person'"'"'s login name, the user'"'"'s login name and a prefix;
  
  authenticating the user, by the application, using the user'"'"'s login name extracted from the linked user-support login name;
  
  authenticating the support person, by the application, using the support person'"'"'s login name extracted from the linked user-support login name;
  
  retrieving, by the application, a current user session as viewed by the user on an electronic screen of a processing device of the user, the retrieval being performed in response to the authentication of the user and the support person;
  
  dynamically redacting private data of the user from the user session to create a redacted user session, where the prefix acts as a trigger for activating a redaction module for redacting the user'"'"'s current session; and
  
  delivering the redacted user session for display in an electronic screen of a processing device of the support person.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 16)
- - 2. The method of claim 1, further comprising:
    - recording in an audit log the request of authentication by the support person.
  - 3. The method or claim 1, wherein the linked user-support login name is a string including a prefix as a trigger for activating a redaction module for redacting the user'"'"'s current session.
  - 4. The method of claim 3, wherein the authentication credentials of the support person include the support person'"'"'s unique password.
  - 5. The method of claim 4, wherein the prefix and the concatenation are separated by a symbol.
  - 6. The method of claim 1, wherein the request of authentication by the support person using the linked user-support login includes the support person'"'"'s anatomic authentication credentials for the application module.
  - 7. The method of claim 1, wherein dynamically redacting the user session includes dynamically redacting private information of the user.
  - 8. The method of claim 7, wherein redacting private information includes identifying fields pre-tagged as private in an electronic file of the user'"'"'s current session and redacting values associated with the pre-tagged fields.
  - 9. The method of claim 7, wherein redacting private information includes identifying areas pre-tagged as private in an electronic file of the user'"'"'s current session and redacting the pre-tagged areas.
  - 10. The method of claim 7, wherein the application module is a health management module.
  - 11. The method of claim 7, wherein the application module is a management module for diabetes care.
  - 12. The method of claim 1, wherein the current session of the user displays an error message from the application module in the electronic screen of the user.
  - 16. The method of claim 1, wherein the current session of the user displays an error message from the health management module in the electronic screen of the user.

13. A method for accessing a user'"'"'s account by customer support without viewing the user'"'"'s private data, the method comprising:
- receiving, in a health management module communicating with a web service, a request for authentication by a support person, wherein the request includes a user-support login string that concatenates a notification prefix with a user'"'"'s login name with a support person'"'"'s login name, along with the support person'"'"'s password for the health management module;
  
  parsing, by the health management module, the user-support login string;
  
  authenticating, by the health management module, the user using the user'"'"'s login name extracted from the user-support login string, wherein in response to the user-support login string having the notification prefix, the method further comprises;
  
  authenticating, by the health management module, the support person using the support person'"'"'s login name extracted from the user-support login string;
  
  retrieving a current session of the user as viewed by the user in an electronic screen of a processing device of the user;
  
  identifying in an electronic file of the current session of the user fields pre-tagged as private;
  
  dynamically redacting values of the pre-tagged fields to create a redacted electronic file for a redacted user session;
  
  sending the redacted electronic file to a support module of the web service; and
  
  displaying the redacted user session in an electronic screen of a processing device of the authenticated support person based on the redacted electronic file.
- View Dependent Claims (14, 15)
- - 14. The method of claim 13, further comprising:
    - recording in an audit log the request of authentication by the support person.
  - 15. The method of claim 13, wherein the health management module is a diabetes care module.

17. A system for accessing a user'"'"'s account by customer support without viewing the user'"'"'s private data, the system comprising:
- a web service;
  
  a health management module communicating with the web service and accessible by a user having an account and authentication credentials with the web service;
  
  a support module communicating with the web service and accessible by a support person having a support account and authentication credentials with the web service;
  
  an authentication service communicating with the web service and programmed to;
  
  (a) authenticate the user with the user'"'"'s authentication credentials;
  
  (b) authenticate the support person with the support person'"'"'s authentication credentials; and
  
  (c) authenticate the support person with linked user-support credentials for a limited access of the user'"'"'s account, wherein the linked user-support credentials include a concatenation of the user'"'"'s credentials, the support person'"'"'s credentials and a prefix; and
  
  a redaction module communicating with the authentication service and programmed, in response to the prefix, to dynamically redact private data from a user'"'"'s session with the web service and send the redacted user session to the support module for access by the support person, when the support person and the user are authenticated with the linked user-support credentials, wherein the prefix serves as a trigger for activating the redaction module.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, further comprising an audit log for logging a request for linked user-support authentication.
  - 19. The system of claim 17, wherein the redaction module is programmed to redact portions of the user'"'"'s session that are pre-tagged for redaction in an electronic file of the current session prior to providing access to the support person.
  - 20. The system of claim 19, wherein the user'"'"'s current session includes an error message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Roche Diabetes Care Inc. (Roche Holding AG)
Original Assignee
Roche Diagnostics Operations Incorporated (Roche Holding AG)
Inventors
Birtwhistle, Daniel P., Reinke, Robert E.
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
JHAVERI, JAYESH M

Application Number

US13/400,313
Publication Number

US 20130167249A1
Time in Patent Office

918 Days
Field of Search

726 26- 30, 713182-186
US Class Current

726/28
CPC Class Codes

G06Q 10/10   Office automation; Time man...

G16H 10/60   for patient-specific data, ...

G16H 40/67   for remote operation

Customer support account with restricted patient data access

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Customer support account with restricted patient data access

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links