Authenticating access to confidential information by unregistered requestor

US 20160352725A1
Filed: 08/09/2016
Published: 12/01/2016
Est. Priority Date: 04/08/2014
Status: Abandoned Application

First Claim

Patent Images

1. A method for providing access to confidential information of an individual, comprising:

receiving, at a computer from an unregistered requestor, a personal identification number associated with the individual and a name of the unregistered requestor;

determining, by the computer, whether an authority approves the requestor for access to the confidential information of the individual;

determining, by the computer, whether the name is in a trusted database;

determining, by the computer, whether the individual consents to access of their confidential information by the requestor;

determining, by the computer, whether the requestor has a valid payment account with a third party;

determining, by the computer, a location of the requestor;

determining, by the computer, whether the requestor is authenticated based on the authority approval determination, the trusted database determination, the individual consent determination, the payment account determination and the location determination; and

when the authentication determination is that the requestor is authenticated, enabling, by the computer, the requestor to access the confidential information of the individual.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An unregistered requestor requests access to confidential information of an individual stored at a computer. In one embodiment, the requestor is authenticated by the computer using at least two authentication tests. When the requestor is authenticated, the computer determines access permission for the requestor based on information provided from the requestor, and provides, to the requestor, access to the confidential information of the individual based on the access permission. In another embodiment, the computer presents a series of challenges to the requestor, and if any of the challenges is passed, access is granted.

6 Citations

View as Search Results

20 Claims

1. A method for providing access to confidential information of an individual, comprising:
- receiving, at a computer from an unregistered requestor, a personal identification number associated with the individual and a name of the unregistered requestor;
  
  determining, by the computer, whether an authority approves the requestor for access to the confidential information of the individual;
  
  determining, by the computer, whether the name is in a trusted database;
  
  determining, by the computer, whether the individual consents to access of their confidential information by the requestor;
  
  determining, by the computer, whether the requestor has a valid payment account with a third party;
  
  determining, by the computer, a location of the requestor;
  
  determining, by the computer, whether the requestor is authenticated based on the authority approval determination, the trusted database determination, the individual consent determination, the payment account determination and the location determination; and
  
  when the authentication determination is that the requestor is authenticated, enabling, by the computer, the requestor to access the confidential information of the individual.

2. A method for providing access to confidential information of an individual stored at a computer, comprising:
- receiving, at the computer, a request for the confidential information from a requestor;
  
  determining, by the computer, whether the requestor is registered;
  
  when the requestor is determined to be unregistered, determining, by the computer, whether the requestor should be authenticated based on at least two authentication tests;
  
  when the requestor is authenticated, determining, by the computer, access permission for the requestor based on information provided from the requestor; and
  
  providing, from the computer to the requestor, access to the confidential information of the individual based on the access permission.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 3. The method of claim 2, wherein the authentication tests are selected from an approval test, a trusted database test, a credit card test, an individual consent test, and a location test.
  - 4. The method of claim 2, wherein access permission is determined based on a profile chosen from a set of profiles in accordance with the results of the at least two authentication tests.
  - 5. The method of claim 2, wherein access permission is determined based on scores corresponding to the at least two authentication tests.
  - 6. The method of claim 5, wherein the authentication tests are associated with respective weighting factors for the respective scores.
  - 7. The method of claim 5, wherein at least one of the scores is based on information received in response to a query generated by the computer.
  - 8. The method of claim 7, wherein the query is sent to a trusted database.
  - 9. The method of claim 5, wherein at least one of the scores is based on a determination by the computer that no response was received due to technical difficulties.
  - 10. The method of claim 5, wherein at least one of the scores is based on a previous determination relating to the requestor stored at the computer.
  - 11. The method of claim 5, wherein at least one of the scores is based on information stored in a record for a registered user, the registered user being other than the requestor and other than the individual.
  - 12. The method of claim 2, further comprising sending a one-time code associated with the access permission from the computer to the requestor.
  - 13. The method of claim 2, further comprising notifying the individual that access to the confidential information has been provided to the requestor.
  - 14. The method of claim 2, further comprising notifying the requestor that access to the confidential information has been provided to the requestor.
  - 15. The method of claim 2, further comprising notifying at least one contact associated with the individual that access to the confidential information has been provided to the requestor.
  - 16. The method of claim 2, further comprising storing data in the computer relating to the extent of access by the requestor to the confidential information of the individual.
  - 17. The method of claim 2, wherein information about the requester is used to determine which authentication tests should be applied.

18. A method for providing access, to an unregistered requestor, to personal information of a registered individual, comprising:
- receiving, at a computer from the unregistered requestor, a personal identification number associated with the registered individual and a name of the unregistered requestor;
  
  providing, from the computer to the unregistered requestor, a first challenge;
  
  when the unregistered requestor does not pass the first challenge, providing, from the computer to the unregistered requestor, a second challenge;
  
  when the unregistered requestor does not pass the second challenge, providing, from the computer to the unregistered requestor, a third challenge;
  
  when the unregistered requestor passes one of the first, second and third challenges, providing, from the computer to the unregistered requestor, access to the personal information of the registered individual; and
  
  when the unregistered requestor passes none of the first, second and third challenges, denying, from the computer to the unregistered requestor, access to the personal information of the registered individual.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, wherein the scope of access provided for the personal information depends on which of the challenges are passed.
  - 20. The method of claim 18, wherein at least one of the challenges is a multi-part challenge.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aric Sean Kupper
Original Assignee
Aric Sean Kupper
Inventors
Kupper, Aric Sean, Pomerance, Brenda

Application Number

US15/232,228
Publication Number

US 20160352725A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6245   Protecting personal data, e...

G06F 2221/2111   Location-sensitive, e.g. ge...

G16H 10/60   for patient-specific data, ...

H04L 63/08   for authentication of entit...

H04L 63/0853   using an additional device,...

H04L 63/102   Entity profiles

H04L 67/10   in which an application is ...

H04L 67/306   User profiles

H04L 9/3271   using challenge-response

H04W 12/02   Protecting privacy or anony...

H04W 12/06   Authentication

H04W 4/90   Services for handling of em...

Authenticating access to confidential information by unregistered requestor

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

6 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Authenticating access to confidential information by unregistered requestor

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others