Apparatus and method for authenticated multi-user personal information database
First Claim
Patent Images
1. A method of administering registration of personal information in a data base in a manner tending to assure integrity of the personal information therein, the method comprising:
- a. obtaining, from each user with respect to whom data is to be placed in the data base, personal information of such user, the content of such personal information initially established by such user in an enrollment phase;
b. also obtaining, from each such user, a first set of physiological identifiers associated with such user, the first set of physiological identifiers initially provided by such user in the enrollment phase;
c. storing, in a digital storage medium, a data set pertinent to such user, the data set including such user'"'"'s personal information and a representation of the physiological identifiers associated with such user; and
d. permitting a subject claiming to be a specified user to modify the specified user'"'"'s personal information in the stored data set pertinent to such user only if (i) the subject provides a new set of physiological identifiers and (ii) it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as the specified user, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of assuring integrity of a personal information in a data base containing personal information provided by multiple users uses in various embodiments physiological identifiers associated with each of the users. Related systems are also provided.
512 Citations
50 Claims
-
1. A method of administering registration of personal information in a data base in a manner tending to assure integrity of the personal information therein, the method comprising:
-
a. obtaining, from each user with respect to whom data is to be placed in the data base, personal information of such user, the content of such personal information initially established by such user in an enrollment phase; b. also obtaining, from each such user, a first set of physiological identifiers associated with such user, the first set of physiological identifiers initially provided by such user in the enrollment phase; c. storing, in a digital storage medium, a data set pertinent to such user, the data set including such user'"'"'s personal information and a representation of the physiological identifiers associated with such user; and d. permitting a subject claiming to be a specified user to modify the specified user'"'"'s personal information in the stored data set pertinent to such user only if (i) the subject provides a new set of physiological identifiers and (ii) it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as the specified user, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 34, 35, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
-
17. A method for authenticating a user transaction, the method comprising:
-
obtaining a test set of physiological identifiers from a subject purporting to be a specific user; accessing information in a first data set pertinent to the specific user stored in a registration data base, the data base containing information provided by multiple users in a separate data set for each user, each data set of a specific user including (i) personal information, of the specific user, that has been established by the specific user, and (ii) a representation of a first set of physiological identifiers, associated with the specific user, that has been provided by the specific user, the data base being maintained under conditions wherein modification by a subject claiming to be a specific user of the specific user'"'"'s personal information in a stored data set pertinent to the specific user is permitted only if (i) the subject provides a new set of physiological identifiers and (ii) it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as the specific user, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification; and determining if there is a sufficient match between at least one member in the test set and a corresponding physiological identifier represented in the data set. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 32, 33)
-
-
29. A computer system comprising:
-
a digital storage medium on which has been recorded a multi-user personal information data base, the data base comprising, for each specific user, a data set pertinent to the specific user, the data set including; (a) the specific user'"'"'s personal information obtained from the specific user; (b) a representation of a first set of physiological identifiers associated with the specific user; and (c) the specific user'"'"'s emergency information obtained from the specific user; and a computer process running in association with the storage medium to cause the storage medium to be maintained under conditions wherein modification by a subject claiming to be a specific user of such specific user'"'"'s personal and emergency information in a stored data set pertinent to the specific user is permitted only if (i) the subject provides a new set of physiological identifiers and (ii) it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as the specific user, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification.
-
-
30. A system for updating a personal information database containing a data set for each one of multiple users, each data set including a user'"'"'s personal information and a representation of a first set of physiological identifiers associated with the user, the system comprising:
-
a. a physiological identifier transducer having an output representing a physiological identifier associated with a subject claiming to be a specified user; b. a user access authorization module, coupled to the physiological identifier transducer and to the database, for determining whether the output of the physiological identifier transducer sufficiently matches the representation of the first set of physiological identifiers, so that the subject is authenticated as the specified user; c. a user data set access module, coupled to the user access authorization module and to the database, for accessing the user data set pertinent to the specified user, in the event that the user access authorization module has authenticated the subject as the specified user; and d. a user data set update module, coupled to the database, to the user data set access module, and to a user input, permitting the subject to update the specified user'"'"'s personal information in the corresponding data set in the database in the event that the user data set access module has provided access to the user data set, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification.
-
-
31. A system for authenticating transactions, the system comprising:
-
a. a multi-user personal information data base, the data base comprising, for each specific user, a data set pertinent to the specific user, the data set including; (i) personal information, of the specific user, that has been established by the specific user; (ii) a representation of a first set of physiological identifiers, associated with the specific user, that has been provided by the specific user; the data base being maintained under conditions wherein modification by a subject claiming to be a specific user of the specific user'"'"'s personal information in a stored data set pertinent to the specific user is permitted only if (i) the subject provides a new set of physiological identifiers and (ii) it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as the specific user, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification; b. a multiplicity of remotely distributed terminals in communication with the data base, each terminal including a physiological identifier transducer and a communication link with a merchant; and c. an authenticity checker, which determines whether there is a sufficient match between the output of a physiological identifier transducer attributable to a subject purporting to be a user and a physiological identifier in the first set.
-
-
36. A method of administering personal information in a data base in a manner tending to assure integrity of data therein, the data base being of a type wherein a stored data set is established for each user and there has been obtained from each user with respect to such data a first set of physiological identifiers associated with such user and included in the data set, the method comprising:
-
a. obtaining from a subject seeking to modify information in the stored data set pertinent to such user a new set of physiological identifiers, and b. permitting the subject to modify such user'"'"'s personal information in the stored data set only if it is determined, by recourse to the stored data set, that there is a sufficient match between at least one member in the new set and a corresponding member of the first set, so that the subject is authenticated as such user, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification. - View Dependent Claims (37, 38)
-
-
39. A method for authenticating a user transaction using a data base of a type wherein a stored data set is established for each potential user and there has been obtained from each potential user with respect to such data a first set of physiological identifiers associated with such potential user and included in the data set, the method comprising:
-
administering the data base in a manner such that personal information in a stored data set pertinent to an individual may not be modified by a person purporting to be the individual unless there has been obtained a sufficient match between at least one physiological identifier in the stored data set and a new physiological identifier obtained from the person, so that there is established a repository of personal information using physiological identifiers to protect against unauthorized modification; obtaining a test set of physiological identifiers from a subject purporting to be a specific user; accessing information in the data set pertinent to the specific user in the data base; and determining if there is a sufficient match between at least one member in the test set and a corresponding physiological identifier represented in the data set. - View Dependent Claims (40)
-
Specification