Confidential information access via social networking web site

US 9,419,967 B2
Filed: 09/24/2014
Issued: 08/16/2016
Est. Priority Date: 01/08/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a server computing device for a social networking web site, a user confidential information regarding the user;

associating, by the server computing device, the confidential information regarding the user with an export group identifier identifying a type of the confidential information regarding the user and not identifying a group that other users of the social networking web site are able to join; and

associating, by the server computing device, the export group identifier with a password required to access the confidential information,wherein the export group identifier and the password are adapted to be shared by the user to a third party to permit the third party to access the confidential information through the social networking web site, where knowledge of a user name of the user, the export group identifier, and the password are required for the third party to input to access the confidential information, the password being different than the export group identifier.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server computing device for a social networking web site receives from a user, via access of the web site, confidential information regarding the user, including information that the user does not socially share on the web site. The device associates the confidential information with a user identifier that uniquely identifies the user on the web site, and with an export group identifier corresponding to a type of the confidential information. The device associates the export group identifier with a password different from a user password the user employs to access the web site. The device receives, from a third party, a purported user identifier, a purported export group identifier, and a purported password, which the device validates against the user identifier, the export group identifier, and the password. Where validation is successful, the device permits access to the confidential information by the third party.

39 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, by a server computing device for a social networking web site, a user confidential information regarding the user;
  
  associating, by the server computing device, the confidential information regarding the user with an export group identifier identifying a type of the confidential information regarding the user and not identifying a group that other users of the social networking web site are able to join; and
  
  associating, by the server computing device, the export group identifier with a password required to access the confidential information,wherein the export group identifier and the password are adapted to be shared by the user to a third party to permit the third party to access the confidential information through the social networking web site, where knowledge of a user name of the user, the export group identifier, and the password are required for the third party to input to access the confidential information, the password being different than the export group identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - receiving, by the server computing device for the social networking web site from a third party via access of the social networking web site, a purported user identifier, a purported export group identifier, and a purported password;
      
      validating, by the server computing device for the social networking web site, the purported user identifier, the purported export group identifier, and the purported password against the user identifier, the export group identifier, and the password, respectively; and
      
      ,where validation is successful, permitting, by the server computing device for the social networking web site, access to the confidential information regarding the user by the third party.
  - 3. The method of claim 2, wherein permitting access to the confidential information regarding the user by the third party comprises permitting one of:
    - read-only access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve the confidential information but is not permitted to modify or add to the confidential information;
      
      append-only access to the confidential information regarding the user by the third party, such that the third party is permitted to add to the confidential information but is not permitted to retrieve or modify the confidential information;
      
      read-and-append access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve and add to the confidential information but is not permitted to modify the confidential information;
      
      read-and-change access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve and modify the confidential information but is not permitted to add to the confidential information;
      
      read-append-and-change access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve, add to, and modify the confidential information.
  - 4. The method of claim 2, further comprising:
    - associating, by the server computing device for the social networking web site, the export group identifier with a permissible third party type;
      
      authenticating, by the server computing device for the social networking web site, a type of the third party from which the purported user identifier, the purported export group identifier, and the purported password have been received;
      
      after authenticating the type of the third party, continuing to validate the purported user identifier, the purported export group identifier, and the purported password received from the third party, by the server computing device for the social networking web site only where the type of the third party matches the permissible third party type,such that even where the third party has knowledge of the user identifier, the export group identifier, and the password, the third party cannot gain access to the confidential information regarding the user if the type of the third party does not match the permissible third party type.
  - 5. The method of claim 2, wherein receiving the purported user identifier, the purported export group identifier, and the purported password from the third party comprises receiving a secure transaction that includes a markup language form indicating the confidential information being requested,and wherein permitting access to the confidential information regarding the user by the third party comprises populating the markup language form with the confidential information that has been requested and transmitting the markup language form back to the third party.
  - 6. The method of claim 1, wherein the password is specific just to the export group identifier and not to an identity of the third party.
  - 7. The method of claim 1, wherein the password is specific both to the export group identifier and to an identity of the third party.
  - 8. The method of claim 1, wherein the password has a validity period, such that the password is invalid and does not permit access to the confidential information outside of the validity period.
  - 9. The method of claim 1, wherein the password has a maximum number of uses, such that the password is invalid and does not permit access to the confidential information after the password has been used more than the maximum number of uses.

10. A method comprising:
- receiving, by a server computing device for a social networking web site from a third party via access of the social networking web site, a purported user identifier, a purported export group identifier, and a purported password;
  
  validating, by the server computing device for the social networking web site, the purported user identifier, the purported export group identifier, and the purported password against a user identifier, an export group identifier, and a password, respectively,wherein confidential information regarding a user is associated with the export group identifier, the export group identifier identifying a type of the confidential information regarding the user and not identifying a group that other users of the social networking web site are able to join,wherein the export group identifier is associated with a password required to access the confidential information,wherein the export group identifier and the password are adapted to be shared by the user to the third party to permit the third party to access the confidential information through the social networking web site, where knowledge of a user name of the user, the export group identifier, and the password are required for the third party to input to access the confidential information, the password being different than the export group identifier; and
  
  where validation is successful, permitting, by the server computing device for the social networking web site, access to the confidential information regarding the user by the third party.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10, wherein permitting access to the confidential information regarding the user by the third party comprises permitting one of:
    - read-only access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve the confidential information but is not permitted to modify or add to the confidential information;
      
      append-only access to the confidential information regarding the user by the third party, such that the third party is permitted to add to the confidential information but is not permitted to retrieve or modify the confidential information;
      
      read-and-append access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve and add to the confidential information but is not permitted to modify the confidential information;
      
      read-and-change access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve and modify the confidential information but is not permitted to add to the confidential information;
      
      read-append-and-change access to the confidential information regarding the user by the third party, such that the third party is permitted to retrieve, add to, and modify the confidential information.
  - 12. The method of claim 10, further comprising:
    - authenticating, by the server computing device for the social networking web site, a type of the third party from which the purported user identifier, the purported export group identifier, and the purported password have been received,where the export group identifier is associated with a permissible third party type;
      
      after authenticating the type of the third party, continuing to validate the purported user identifier, the purported export group identifier, and the purported password received from the third party, by the server computing device for the social networking web site only where the type of the third party matches the permissible third party type,such that even where the third party has knowledge of the user identifier, the export group identifier, and the password, the third party cannot gain access to the confidential information regarding the user if the type of the third party does not match the permissible third party type.
  - 13. The method of claim 10, wherein receiving the purported user identifier, the purported export group identifier, and the purported password from the third party comprises receiving a secure transaction that includes a markup language form indicating the confidential information being requested,and wherein permitting access to the confidential information regarding the user by the third party comprises populating the markup language form with the confidential information that has been requested and transmitting the markup language form back to the third party.
  - 14. The method of claim 10, wherein the password is specific just to the export group identifier and not to an identity of the third party.
  - 15. The method of claim 10, wherein the password is specific both to the export group identifier and to an identity of the third party.
  - 16. The method of claim 10, wherein the password has a validity period, such that the password is invalid and does not permit access to the confidential information outside of the validity period.
  - 17. The method of claim 10, wherein the password has a maximum number of uses, such that the password is invalid and does not permit access to the confidential information after the password has been used more than the maximum number of uses.

18. A computer program product comprising:
- a storage device storing computer-readable code executable by a processor by a server computing device for a social networking web site and comprising;
  
  first computer-readable code to receive from a user confidential information regarding the user;
  
  second computer-readable code to associate the confidential information regarding the user with an export group identifier identifying a type of the confidential information regarding the user and not identifying a group that other users of the social networking web site are able to join; and
  
  third computer-readable code to associate the export group identifier with a password required to access the confidential information,wherein the export group identifier and the password are adapted to be shared by the user to a third party to permit the third party to access the confidential information through the social networking web site, where knowledge of a user name of the user, the export group identifier, and the password are required for the third party to input to access the confidential information, the password being different than the export group identifier.
- View Dependent Claims (19)
- - 19. The computer program product of claim 18, wherein the computer-readable code further comprises:
    - fourth computer-readable code to receive, from a third party via access of the social networking web site, a purported user identifier, a purported export group identifier, and a purported password;
      
      fifth computer-readable code to validate the purported user identifier, the purported export group identifier, and the purported password against the user identifier, the export group identifier, and the password, respectively; and
      
      ,sixth computer-readable code to, where validation is successful, permit access to the confidential information regarding the user by the third party.

20. A system comprising:
- a server computing device;
  
  a social networking web site component implemented at the server computing device to provide a social networking web site;
  
  a confidential information access component implemented at the server computing device to;
  
  receive, from a third party via access of the social networking web site, a purported user identifier, a purported export group identifier, and a purported password;
  
  validate the purported user identifier, the purported export group identifier, and the purported password against a user identifier, an export group identifier, and a password, respectively,wherein confidential information regarding a user is associated with the export group identifier, the export group identifier identifying a type of the confidential information regarding the user and not identifying a group that other users of the social networking web site are able to join,wherein the export group identifier is associated with a password required to access the confidential information,wherein the export group identifier and the password are adapted to be shared by the user to the third party to permit the third party to access the confidential information through the social networking web site, where knowledge of a user name of the user, the export group identifier, and the password are required for the third party to input to access the confidential information, the password being different than the export group identifier; and
  
  where validation is successful, permit access to the confidential information regarding the user by the third party.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kritt, Barry A., Law, Douglas A., Sremaniak, Shawn K., Mazzeo, Thomas S.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US14/495,026
Publication Number

US 20150012993A1
Time in Patent Office

692 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06Q 50/01   Social networking

H04L 2209/42   Anonymization, e.g. involvi...

H04L 51/52   for supporting social netwo...

H04L 63/04   for providing a confidentia...

H04L 63/083   using passwords cryptograph...

H04L 63/0846   using time-dependent-passwo...

H04L 63/104   Grouping of entities

Confidential information access via social networking web site

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Confidential information access via social networking web site

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links