System and method for providing limited access to data

US 10,454,923 B2
Filed: 09/21/2017
Issued: 10/22/2019
Est. Priority Date: 05/12/2010
Status: Active Grant

First Claim

Patent Images

1. A system for providing access to data of a first party, comprising:

a database that stores at least one virtual authentication credential, at least one access rights, and at least one party identifier;

a computer processor associated with the database having a computer readable storage medium, the computer readable storage medium comprising computer-executable instructions stored therein causing the processor to;

receive a first party identifier from a first party device;

authenticate the first party using the first party identifier;

generate, upon receipt of a request from the first party device, a virtual authentication credential using a random or pseudo-random generator;

store, in the database, the virtual authentication credential;

receive a selection from the first party device of a second party and a third party for receiving the virtual authentication credential;

associate the virtual authentication credential with a second party identifier stored in the database and second party limited access rights for the data of the first party, wherein the second party limited access rights are based on second party data and stored in the database;

associate the virtual authentication credential with a third party identifier stored in the database and third party limited access rights for the data of the first party, wherein the third party limited access rights are based on third party data and stored in the database;

receive at least a portion of the second party identifier from a device associated with the second party;

receive at least a portion of the third party identifier from a device associated with the third party;

authenticate the second party and the third party using the at least a portion of the second party identifier, the at least a portion of the third party identifier, the second party identifier stored in the database, and the third party identifier stored in the database;

receive the virtual authentication credential from the second party device;

receive the virtual authentication credential from the third party device;

authenticate the virtual authentication credential for the second party device and the third party device by comparing the virtual authentication credential received from the second party device and the third party device with the virtual authentication credential stored in the database;

receive a payment from the second party device;

process the payment from the second party device, and;

when the payment is successfully processed;

provide the second party device with limited access to the data of the first party as defined in the second party limited access rights;

when the payment is not successfully processed;

transmit an alert to the second party device that the payment could not be processed;

provide the third party device with limited access to the data of the first party as defined in the third party limited access rights;

determine usage information for the virtual authentication credential; and

provide the first party with the usage information.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and computer-implemented method for providing access to data of a first party including receiving information for identifying the first party, authenticating the first party using the received information for identifying the first party and generating a first read-only personal identification number (PIN). The first read-only PIN is associated with a first set of access rights for the data of the first party and provided to a second party. The first read-only PIN is stored with the first set of access rights in a computer database. A third party receives the first read-only PIN from the second party, authenticates the received first read-only PIN using the stored first read-only PIN and provides the second party with access to at least a portion of the data of the first party using the first set of access rights associated with the first read-only PIN if the received first read-only PIN is authenticated.

22 Citations

18 Claims

1. A system for providing access to data of a first party, comprising:
- a database that stores at least one virtual authentication credential, at least one access rights, and at least one party identifier;
  
  a computer processor associated with the database having a computer readable storage medium, the computer readable storage medium comprising computer-executable instructions stored therein causing the processor to;
  
  receive a first party identifier from a first party device;
  
  authenticate the first party using the first party identifier;
  
  generate, upon receipt of a request from the first party device, a virtual authentication credential using a random or pseudo-random generator;
  
  store, in the database, the virtual authentication credential;
  
  receive a selection from the first party device of a second party and a third party for receiving the virtual authentication credential;
  
  associate the virtual authentication credential with a second party identifier stored in the database and second party limited access rights for the data of the first party, wherein the second party limited access rights are based on second party data and stored in the database;
  
  associate the virtual authentication credential with a third party identifier stored in the database and third party limited access rights for the data of the first party, wherein the third party limited access rights are based on third party data and stored in the database;
  
  receive at least a portion of the second party identifier from a device associated with the second party;
  
  receive at least a portion of the third party identifier from a device associated with the third party;
  
  authenticate the second party and the third party using the at least a portion of the second party identifier, the at least a portion of the third party identifier, the second party identifier stored in the database, and the third party identifier stored in the database;
  
  receive the virtual authentication credential from the second party device;
  
  receive the virtual authentication credential from the third party device;
  
  authenticate the virtual authentication credential for the second party device and the third party device by comparing the virtual authentication credential received from the second party device and the third party device with the virtual authentication credential stored in the database;
  
  receive a payment from the second party device;
  
  process the payment from the second party device, and;
  
  when the payment is successfully processed;
  
  provide the second party device with limited access to the data of the first party as defined in the second party limited access rights;
  
  when the payment is not successfully processed;
  
  transmit an alert to the second party device that the payment could not be processed;
  
  provide the third party device with limited access to the data of the first party as defined in the third party limited access rights;
  
  determine usage information for the virtual authentication credential; and
  
  provide the first party with the usage information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein the computer readable storage medium further comprises computer-executable instructions stored therein for causing said computer processor to:
    - cancel the virtual authentication credential to prevent any access by the second party device to the data of the first party.
  - 3. The system of claim 2, wherein the computer readable storage medium further comprises computer-executable instructions stored therein for causing said computer processor to:
    - generate a new virtual authentication credential after the virtual authentication credential has been cancelled;
      
      associate the new virtual authentication credential with the third party limited access rights for the data of the first party;
      
      provide the new virtual authentication credential to the third party device;
      
      store the new virtual authentication credential with the third party limited access rights in the database;
      
      receive the new virtual authentication credential from the third party device;
      
      authenticate the new virtual authentication credential by comparing the new virtual authentication credential with the new virtual authentication credential stored in the database; and
      
      provide the third party device with limited access to first party data as defined in the third party limited access rights.
  - 4. The system of claim 1, wherein the second party limited access rights to data of the first party comprises at least one of:
    - rights to read the data, rights to view the data, rights to modify the data, rights to manipulate the data, rights to download the data, rights to upload the data, rights to transfer the data, rights to share the data, rights to aggregate the data, rights to mine the data, rights to analyze the data, access rights to a subset of the data, duration of access rights to the data, time of access rights to the data, payment requirements for receiving access rights to the data, terms and conditions for the data, and combinations thereof.
  - 5. The system of claim 1, wherein the second party limited access rights comprise rights to view data and rights to modify a subset of data.
  - 6. The system of claim 3, wherein the third party limited access rights comprise rights to view data and rights to modify a subset of data.
  - 7. The system of claim 5, the computer readable storage medium further comprising computer-executable instructions stored therein for causing said computer processor to:
    - store the data of the first party in a first computer file of the database; and
      
      store the subset of the data of the first party in a second computer file of the database.
  - 8. The system of claim 1, wherein the second party limited access rights comprise payment requirements for receiving additional access rights to data.
  - 9. The system of claim 3, wherein the third party limited access rights comprise payment requirements for receiving additional access rights to data.

10. A non-transitory computer readable storage medium comprising instructions for causing a processor to execute a computer-implemented method for providing access to data of a first party, comprising:
- receiving a first party identifier from a first party device;
  
  authenticating the first party using the first party identifier;
  
  generating, upon receipt of a request from the first party device, a virtual authentication credential using a random or pseudo-random generator;
  
  storing, in a database, the virtual authentication credential;
  
  receiving a selection from the first party device of a second party for receiving the virtual authentication credential;
  
  associating the virtual authentication credential with a second party identifier stored in the database and second party limited access rights for the data of the first party, wherein the second party limited access rights are based on second party data and stored in the database;
  
  transmitting a request for payment to the second party for use of the virtual authentication credential;
  
  receiving at least a portion of the second party identifier from a device associated with the second party;
  
  authenticating the second party using the at least a portion of the second party identifier and the second party identifier stored in the database;
  
  receiving the virtual authentication credential from the second party device;
  
  authenticating the virtual authentication credential by comparing the virtual authentication credential received from the second party device with the virtual authentication credential stored in the database;
  
  receiving a payment from the second party device;
  
  processing the payment from the second party device, and when the payment is successfully processed;
  
  providing the second party device with limited access to the data of the first party as defined in the second party limited access rights;
  
  when the payment is not successfully processed;
  
  transmitting an alert to the second party device that the payment could not be processed;
  
  determine usage information for the virtual authentication credential; and
  
  provide the first party with the usage information.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The non-transitory computer readable storage medium of claim 10, wherein the non-transitory computer readable storage medium further comprises computer-executable instructions stored therein for causing said computer processor to:
    - cancel the virtual authentication credential to prevent any access by the second party device to the data of the first party.
  - 12. The non-transitory computer readable storage medium of claim 11, wherein the non-transitory computer readable storage medium further comprises computer-executable instructions stored therein for causing said computer processor to:
    - generate a new virtual authentication credential after the virtual authentication credential has been cancelled;
      
      associate the new virtual authentication credential with third party limited access rights for the data of the first party, wherein the third party limited access rights are based on third party data;
      
      provide the new virtual authentication credential to a third party device;
      
      store the new virtual authentication credential with the third party limited access rights in the database;
      
      receive the new virtual authentication credential from the third party device;
      
      authenticate the new virtual authentication credential by comparing the new virtual authentication credential from the third party device with the new virtual authentication credential stored in the database; and
      
      provide the third party device with limited access to first party data as defined in the third party limited access rights.
  - 13. The non-transitory computer readable storage medium of claim 10, wherein the second party limited access rights to data of the first party comprises at least one of:
    - rights to read the data, rights to view the data, rights to modify the data, rights to manipulate the data, rights to download the data, rights to upload the data, rights to transfer the data, rights to share the data, rights to aggregate the data, rights to mine the data, rights to analyze the data, access rights to a subset of the data, duration of access rights to the data, time of access rights to the data, payment requirements for receiving access rights to the data, terms and conditions for the data, and combinations thereof.
  - 14. The non-transitory computer readable storage medium of claim 10, wherein the second party limited access rights comprise rights to view data and rights to modify a subset of data.
  - 15. The non-transitory computer readable storage medium of claim 12, wherein the third party limited access rights comprise rights to view data and rights to modify a subset of data.
  - 16. The non-transitory computer readable storage medium of claim 14, the computer readable storage medium further comprising computer-executable instructions stored therein for causing said computer processor to:
    - store the data of the first party in a first computer file of the database; and
      
      store the subset of the data of the first party in a second computer file of the database.
  - 17. The non-transitory computer readable storage medium of claim 10, wherein the second party limited access rights comprise payment requirements for receiving additional access rights to data.
  - 18. The non-transitory computer readable storage medium of claim 12, wherein the third party limited access rights comprise payment requirements for receiving additional access rights to data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Capital One Services LLC (Capital One Financial Corporation)
Original Assignee
Capital One Services LLC (Capital One Financial Corporation)
Inventors
Chapman, Jeffrey Michael
Primary Examiner(s)
Wang, Harris C

Application Number

US15/710,978
Publication Number

US 20180013749A1
Time in Patent Office

761 Days
Field of Search

726 7
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06Q 30/06   Buying, selling or leasing ...

G07F 7/1025   Identification of user by a...

H04L 63/083   using passwords cryptograph...

H04W 12/069   using certificates or pre-s...

System and method for providing limited access to data

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing limited access to data

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links