SYSTEM FOR MANAGING TRANSACTIONAL DATA

US 20180349643A1
Filed: 05/31/2017
Published: 12/06/2018
Est. Priority Date: 05/31/2017
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a plurality of transaction storage devices, each transaction storage device of the plurality of transaction storage devices comprising a data store configured to;

receive, from a first entity, a request to push a detailed transaction corresponding to a secure identifier, wherein the secure identifier is generated, using an encoding function, from a user identifier of a user; and

store the detailed transaction based on a first determination to trust the first entity;

an access controller configured to perform the first determination by applying a first security rule corresponding to a type of the secure identifier to the request to push the detailed transaction; and

a registry configured to store at least the first security rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system may include transaction storage devices. Each transaction storage device may include a data store configured to receive, from a first entity, a request to push a detailed transaction corresponding to a secure identifier. The secure identifier may be generated, using an encoding function, from a user identifier of a user. The data store may be further configured to store the detailed transaction based on a first determination to trust the first entity. The system may further include an access controller configured to perform the first determination by applying a first security rule corresponding to a type of the secure identifier to the request to push the detailed transaction, and a registry configured to store at least the first security rule.

15 Citations

View as Search Results

21 Claims

1. A system, comprising:
- a plurality of transaction storage devices, each transaction storage device of the plurality of transaction storage devices comprising a data store configured to;
  
  receive, from a first entity, a request to push a detailed transaction corresponding to a secure identifier, wherein the secure identifier is generated, using an encoding function, from a user identifier of a user; and
  
  store the detailed transaction based on a first determination to trust the first entity;
  
  an access controller configured to perform the first determination by applying a first security rule corresponding to a type of the secure identifier to the request to push the detailed transaction; and
  
  a registry configured to store at least the first security rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the access controller is further configured to:
    - determine, based on the first security rule indicating that an identity check should be performed, whether the first entity is listed in a whitelist.
  - 3. The system of claim 1, wherein the access controller is further configured to:
    - determine, based on the first security rule indicating that an identity check should be performed, whether the number of entries corresponding to the first entity in a greylist exceeds a threshold.
  - 4. The system of claim 1, wherein the registry is further configured to:
    - receive, from the user, a request to register a universal resource identifier (URI) of a first data store with the secure identifier; and
      
      store the URI of the first data store with the secure identifier.
  - 5. The system of claim 4, wherein the registry is further configured to:
    - receive, from a second entity, a request to lookup a data store registered with the secure identifier;
      
      retrieve the URI of the first data store in response to the request to lookup the data store; and
      
      transmit the URI of the first data store to the second entity, based on a second determination to trust the second entity, wherein the second determination comprises applying a second security rule corresponding to the type of the secure identifier to the request to lookup the data store, wherein the second determination is performed by the access controller.
  - 6. The system of claim 5, wherein the second security rule indicates that challenge-based access control should be performed, wherein performing the second determination further comprises:
    - generating a series of challenges in response to a series of requests received from the second entity;
      
      transmitting each challenge of the series of challenges to the second entity in response to the corresponding request of the series of requests;
      
      receiving a result from the second entity in response to the challenge; and
      
      determining whether the result is correct.
  - 7. The system of claim 6, wherein performing the challenge-based access control is based on the number of requests received from the second entity exceeding a predetermined minimum value and not exceeding a predetermined maximum value within a predetermined time interval.
  - 8. The system of claim 1, further comprising:
    - a service provider configured to provide the request to push the detailed transaction to the data store when the access controller trusts the service provider.

9. A method, comprising:
- receiving, from a first entity, a request to push a detailed transaction corresponding to a secure identifier, wherein the secure identifier is generated, using an encoding function, from a user identifier of a user; and
  
  storing the detailed transaction based on a first determination to trust the first entity, wherein the first determination comprises applying a first security rule corresponding to a type of the secure identifier to the request to push the detailed transaction.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein the first determination further comprises:
    - determining, based on the first security rule indicating that an identity check should be performed, whether the first entity is listed in a whitelist.
  - 11. The method of claim 9, wherein the first determination further comprises:
    - determining, based on the first security rule indicating that an identity check should be performed, whether the number of entries corresponding to the first entity in a greylist exceeds a threshold.
  - 12. The method of claim 9, further comprising:
    - receiving a request to register a universal resource identifier (URI) to a first data store with the secure identifier; and
      
      storing the URI of the first data store with the secure identifier.
  - 13. The method of claim 12, further comprising:
    - receiving, from a second entity, a request to lookup a data store registered with the secure identifier;
      
      retrieving the URI of the first data store in response to the request to lookup the data store; and
      
      transmitting the URI of the first data store to the second entity, based on a second determination to trust the second entity, wherein the second determination comprises applying a second security rule corresponding to the type of the secure identifier to the request to lookup the data store.
  - 14. The method of claim 13, wherein the second security rule indicates that challenge-based access control should be performed, wherein the second determination further comprises:
    - generating a series of challenges in response to a series of requests received from the second entity;
      
      transmitting each challenge of the series of challenges to the second entity in response to the corresponding request of the series of requests;
      
      receiving a result from the second entity in response to the challenge; and
      
      determining whether the result is correct.
  - 15. The method of claim 14, wherein performing the challenge-based access control is based on the number of requests received from the second entity exceeding a predetermined minimum value and not exceeding a predetermined maximum value within a predetermined time interval.

16. A method, comprising:
- receiving a request to register a universal resource identifier (URI) to a first data store with a first secure identifier, wherein the secure identifier is generated, using an encoding function, from a user identifier of a user;
  
  storing the URI of the first data store with the secure identifier;
  
  receiving a request to lookup a data store registered with the secure identifier;
  
  retrieving the URI of the first data store in response to the request to lookup the data store; and
  
  transmitting the URI of the first data store.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method of claim 16, further comprising:
    - making a first determination to trust an entity that transmitted the request to lookup the data store, wherein the first determination comprises applying a first security rule corresponding to a type of the secure identifier to the request to lookup the data store, wherein transmitting the URI is based on the determination to trust the entity.
  - 18. The method of claim 17, wherein the first determination further comprises:
    - determining, based on the first security rule indicating that an identity check should be performed, whether the entity is listed in a whitelist.
  - 19. The method of claim 17, wherein the first determination further comprises:
    - determining, based on the first security rule indicating that an identity check should be performed, whether the number of entries corresponding to the entity in a greylist exceeds a threshold
  - 20. The method of claim 17, wherein the first security rule indicates that challenge-based access control should be performed, wherein the first determination further comprises:
    - generating a series of challenges in response to a series of requests received from the entity;
      
      transmitting each challenge of the series of challenges to the entity in response to the corresponding request of the series of requests;
      
      receiving a result from the entity in response to the challenge; and
      
      determining whether the result is correct.
  - 21. The method of claim 20, wherein performing the challenge-based access control is based on the number of requests received from the entity exceeding a predetermined minimum value and not exceeding a predetermined maximum value within a predetermined time interval.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intuit, Inc.
Original Assignee
Intuit, Inc.
Inventors
Kunjachan, George Chiramattel, Arya, Amit, Vogel, Peter Allen

Granted Patent

US 10,509,921 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 21/6245   Protecting personal data, e...

G06F 21/6263   during internet communicati...

G06Q 20/047   using payment protocols inv...

G06Q 20/3827   Use of message hashing

G06Q 20/383   Anonymous user system

G06Q 20/385   using an alias or single-us...

G06Q 20/389   Keeping log of transactions...

G06Q 20/405   Establishing or using trans...

G06Q 40/00   Finance; Insurance; Tax str...

H04L 63/101   Access control lists [ACL]

H04L 63/205   involving negotiation or de...

SYSTEM FOR MANAGING TRANSACTIONAL DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM FOR MANAGING TRANSACTIONAL DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links