Confidential information access via social networking web site

US 9,210,165 B2
Filed: 03/31/2012
Issued: 12/08/2015
Est. Priority Date: 01/08/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

receiving, by a server computing device for a social networking web site from a user via access of the social networking web site, confidential information regarding the user, the confidential information including information regarding the user that the user does not socially share on the social networking web site;

associating, by the server computing device for the social networking web site, the confidential information regarding the user with a user identifier that uniquely identifies the user on the social networking web site;

associating, by the server computing device for the social networking web site, the confidential information regarding the user with an export group identifier corresponding to a type of the confidential information, the export group identifier identifying the type of the confidential information regarding the user and not identifying a group that other human users of the social networking web site are able to join, the export group identifier identifying an export group that includes the confidential information regarding the user having the type to which the export group identifier corresponds;

associating, by the server computing device for the social networking web site, the export group identifier with a password different from any user password the user that any user employs to gain access to the social networking web site, the password being required to access the confidential information; and

associating, by the server computing device, the password with a particular third party selected by the user to access the confidential information, the password different from any password that the particular third party employs to gain access to the social networking web site,wherein the export group identifier and the password are adapted to be shared by the user to a third party to permit the third party to access the confidential information through the social networking web site using the password, where knowledge of a user name of the user, the export group identifier, and the password are required for the particular third party to input to access the confidential information once the particular third party has accessed the social networking web site, the password being different than the export group identifier,and wherein access by the particular third party to the confidential information of the user via the user name of the user, the export group identifier, and the password associated with the export group identifier does not permit the user to gain access to any confidential information of the particular third party.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server computing device for a social networking web site receives from a user, via access of the web site, confidential information regarding the user, including information that the user does not socially share on the web site. The device associates the confidential information with a user identifier that uniquely identifies the user on the web site, and with an export group identifier corresponding to a type of the confidential information. The device associates the export group identifier with a password different from a user password the user employs to access the web site. The device receives, from a third party, a purported user identifier, a purported export group identifier, and a purported password, which the device validates against the user identifier, the export group identifier, and the password. Where validation is successful, the device permits access to the confidential information by the third party.

Citations

17 Claims

1. A method comprising:
- receiving, by a server computing device for a social networking web site from a user via access of the social networking web site, confidential information regarding the user, the confidential information including information regarding the user that the user does not socially share on the social networking web site;
  
  associating, by the server computing device for the social networking web site, the confidential information regarding the user with a user identifier that uniquely identifies the user on the social networking web site;
  
  associating, by the server computing device for the social networking web site, the confidential information regarding the user with an export group identifier corresponding to a type of the confidential information, the export group identifier identifying the type of the confidential information regarding the user and not identifying a group that other human users of the social networking web site are able to join, the export group identifier identifying an export group that includes the confidential information regarding the user having the type to which the export group identifier corresponds;
  
  associating, by the server computing device for the social networking web site, the export group identifier with a password different from any user password the user that any user employs to gain access to the social networking web site, the password being required to access the confidential information; and
  
  associating, by the server computing device, the password with a particular third party selected by the user to access the confidential information, the password different from any password that the particular third party employs to gain access to the social networking web site,wherein the export group identifier and the password are adapted to be shared by the user to a third party to permit the third party to access the confidential information through the social networking web site using the password, where knowledge of a user name of the user, the export group identifier, and the password are required for the particular third party to input to access the confidential information once the particular third party has accessed the social networking web site, the password being different than the export group identifier,and wherein access by the particular third party to the confidential information of the user via the user name of the user, the export group identifier, and the password associated with the export group identifier does not permit the user to gain access to any confidential information of the particular third party.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - receiving, by the server computing device for the social networking web site from a third party via access of the social networking web site, a purported user identifier, a purported export group identifier, and a purported password;
      
      validating, by the server computing device for the social networking web site, the purported user identifier, the purported export group identifier, and the purported password against the user identifier, the export group identifier, and the password, respectively; and
      
      ,where validation is successful, permitting, by the server computing device for the social networking web site, access to the confidential information regarding the user by the third party.
  - 3. The method of claim 2, wherein permitting access to the confidential information regarding the user by the third party comprises permitting one of:
    - read-only access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve the confidential information but is not permitted to modify or add to the confidential information;
      
      append-only access to the confidential information regarding the user by the third party, such that the third party is permitted to add to the confidential information but is not permitted to retrieve or modify the confidential information;
      
      read-and-append access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve and add to the confidential information but is not permitted to modify the confidential information;
      
      read-and-change access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve and modify the confidential information but is not permitted to add to the confidential information;
      
      read-append-and-change access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve, add to, and modify the confidential information.
  - 4. The method of claim 2, further comprising:
    - associating, by the server computing device for the social networking web site, the export group identifier with a permissible third party type;
      
      authenticating, by the server computing device for the social networking web site, a type of the third party from which the purported user identifier, the purported export group identifier, and the purported password have been received;
      
      after authenticating the type of the third party, continuing to validate the purported user identifier, the purported export group identifier, and the purported password received from the third party, by the server computing device for the social networking web site only where the type of the third party matches the permissible third party type,such that even where the third party has knowledge of the user identifier, the export group identifier, and the password, the third party cannot gain access to the confidential information regarding the user if the type of the third party does not match the permissible third party type.
  - 5. The method of claim 2, wherein receiving the purported user identifier, the purported export group identifier, and the purported password from the third party comprises receiving a secure transaction that includes a markup language form indicating the confidential information being requested,and wherein permitting access to the confidential information regarding the user by the third party comprises populating the markup language form with the confidential information that has been requested and transmitting the markup language form back to the third party.
  - 6. The method of claim 1, wherein the password is specific just to the export group identifier and not to an identity of the third party.
  - 7. The method of claim 1, wherein the password is specific both to the export group identifier and to an identity of the third party.
  - 8. The method of claim 1, wherein the password has a validity period, such that the password is invalid and does not permit access to the confidential information outside of the validity period.
  - 9. The method of claim 1, wherein the password has a maximum number of uses, such that the password is invalid and does not permit access to the confidential information after the password has been used more than the maximum number of uses.

10. A method comprising:
- receiving, by a server computing device for a social networking web site from a third party via access of the social networking web site, a purported user identifier, a purported export group identifier, and a purported password entered by the third party;
  
  validating, by the server computing device for the social networking web site, the purported user identifier, the purported export group identifier, and the purported password against a user identifier, an export group identifier, and a password, respectively,where confidential information regarding a user, including information regarding the user that the user does not socially share on the social networking web site, is associated with the user identifier and with the export group identifier, and the export group identifier is associated with the password,where the user identifier uniquely identifies the user on the social networking web site, the export group identifier corresponds to a type of the confidential information, the password is different from a user password that the user employs to gain access to the social networking web site, the export group identifier identifies the type of the confidential information regarding the user and does not identify a group that other human users of the social networking web site are able to join, the export group identifier identifies an export group that includes the confidential information regarding the user having the type to which the export group identifier corresponds; and
  
  ,where validation is successful, permitting, by the server computing device for the social networking web site, access to the confidential information regarding the user by the third party,wherein the password is associated with the third party as selected by the user to access the confidential information, the password different from any password that the third party employs to gain access to the social networking web site, where knowledge of a user name of the user, the export group identifier, and the password are required for the third party to input to access the confidential information once the third party has accessed the social networking web site, the password being different than the export group identifier,and wherein access by the third party to the confidential information of the user via the user name of the user, the export group identifier, and the password associated with the export group identifier does not permit the user to gain access to any confidential information of the third party.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein permitting access to the confidential information regarding the user by the third party comprises permitting one of:
    - read-only access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve the confidential information but is not permitted to modify or add to the confidential information;
      
      append-only access to the confidential information regarding the user by the third party, such that the third party is permitted to add to the confidential information but is not permitted to retrieve or modify the confidential information;
      
      read-and-append access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve and add to the confidential information but is not permitted to modify the confidential information;
      
      read-and-change access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve and modify the confidential information but is not permitted to add to the confidential information;
      
      read-append-and-change access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve, add to, and modify the confidential information.
  - 12. The method of claim 10, further comprising:
    - authenticating, by the server computing device for the social networking web site, a type of the third party from which the purported user identifier, the purported export group identifier, and the purported password have been received,where the export group identifier is associated with a permissible third party type;
      
      after authenticating the type of the third party, continuing to validate the purported user identifier, the purported export group identifier, and the purported password received from the third party, by the server computing device for the social networking web site only where the type of the third party matches the permissible third party type,such that even where the third party has knowledge of the user identifier, the export group identifier, and the password, the third party cannot gain access to the confidential information regarding the user if the type of the third party does not match the permissible third party type.
  - 13. The method of claim 10, wherein receiving the purported user identifier, the purported export group identifier, and the purported password from the third party comprises receiving a secure transaction that includes a markup language form indicating the confidential information being requested,and wherein permitting access to the confidential information regarding the user by the third party comprises populating the markup language form with the confidential information that has been requested and transmitting the markup language form back to the third party.
  - 14. The method of claim 10, wherein the password is specific just to the export group identifier and not to an identity of the third party.
  - 15. The method of claim 10, wherein the password is specific both to the export group identifier and to an identity of the third party.
  - 16. The method of claim 10, wherein the password has a validity period, such that the password is invalid and does not permit access to the confidential information outside of the validity period.
  - 17. The method of claim 10, wherein the password has a maximum number of uses, such that the password is invalid and does not permit access to the confidential information after the password has been used more than the maximum number of uses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kritt, Barry A., Law, Douglas A., Sremaniak, Shawn K., Mazzeo, Thomas S.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US13/436,932
Publication Number

US 20130179953A1
Time in Patent Office

1,347 Days
Field of Search

726/26, 726/28, 726/7, 705/319
US Class Current

1/1
CPC Class Codes

G06Q 50/01   Social networking

H04L 2209/42   Anonymization, e.g. involvi...

H04L 51/52   for supporting social netwo...

H04L 63/04   for providing a confidentia...

H04L 63/083   using passwords cryptograph...

H04L 63/0846   using time-dependent-passwo...

H04L 63/104   Grouping of entities

Confidential information access via social networking web site

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Confidential information access via social networking web site

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links