US2016352725A1PendingUtilityA1

Authenticating access to confidential information by unregistered requestor

Assignee: KUPPER ARIC SEANPriority: Apr 8, 2014Filed: Aug 9, 2016Published: Dec 1, 2016
Est. expiryApr 8, 2034(~7.7 yrs left)· nominal 20-yr term from priority
H04L 67/306G06F 21/6245H04W 12/06H04W 4/90H04L 63/102H04L 63/0853G06F 2221/2111H04L 63/08H04W 12/02G16H 10/60H04L 67/10H04L 9/3271G06F 21/31
39
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

An unregistered requestor requests access to confidential information of an individual stored at a computer. In one embodiment, the requestor is authenticated by the computer using at least two authentication tests. When the requestor is authenticated, the computer determines access permission for the requestor based on information provided from the requestor, and provides, to the requestor, access to the confidential information of the individual based on the access permission. In another embodiment, the computer presents a series of challenges to the requestor, and if any of the challenges is passed, access is granted.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for providing access to confidential information of an individual, comprising:
 receiving, at a computer from an unregistered requestor, a personal identification number associated with the individual and a name of the unregistered requestor;   determining, by the computer, whether an authority approves the requestor for access to the confidential information of the individual;   determining, by the computer, whether the name is in a trusted database;   determining, by the computer, whether the individual consents to access of their confidential information by the requestor;   determining, by the computer, whether the requestor has a valid payment account with a third party;   determining, by the computer, a location of the requestor;   determining, by the computer, whether the requestor is authenticated based on the authority approval determination, the trusted database determination, the individual consent determination, the payment account determination and the location determination; and   when the authentication determination is that the requestor is authenticated, enabling, by the computer, the requestor to access the confidential information of the individual.   
     
     
         2 . A method for providing access to confidential information of an individual stored at a computer, comprising:
 receiving, at the computer, a request for the confidential information from a requestor;   determining, by the computer, whether the requestor is registered;   when the requestor is determined to be unregistered, determining, by the computer, whether the requestor should be authenticated based on at least two authentication tests;   when the requestor is authenticated, determining, by the computer, access permission for the requestor based on information provided from the requestor; and   providing, from the computer to the requestor, access to the confidential information of the individual based on the access permission.   
     
     
         3 . The method of  claim 2 , wherein the authentication tests are selected from an approval test, a trusted database test, a credit card test, an individual consent test, and a location test. 
     
     
         4 . The method of  claim 2 , wherein access permission is determined based on a profile chosen from a set of profiles in accordance with the results of the at least two authentication tests. 
     
     
         5 . The method of  claim 2 , wherein access permission is determined based on scores corresponding to the at least two authentication tests. 
     
     
         6 . The method of  claim 5 , wherein the authentication tests are associated with respective weighting factors for the respective scores. 
     
     
         7 . The method of  claim 5 , wherein at least one of the scores is based on information received in response to a query generated by the computer. 
     
     
         8 . The method of  claim 7 , wherein the query is sent to a trusted database. 
     
     
         9 . The method of  claim 5 , wherein at least one of the scores is based on a determination by the computer that no response was received due to technical difficulties. 
     
     
         10 . The method of  claim 5 , wherein at least one of the scores is based on a previous determination relating to the requestor stored at the computer. 
     
     
         11 . The method of  claim 5 , wherein at least one of the scores is based on information stored in a record for a registered user, the registered user being other than the requestor and other than the individual. 
     
     
         12 . The method of  claim 2 , further comprising sending a one-time code associated with the access permission from the computer to the requestor. 
     
     
         13 . The method of  claim 2 , further comprising notifying the individual that access to the confidential information has been provided to the requestor. 
     
     
         14 . The method of  claim 2 , further comprising notifying the requestor that access to the confidential information has been provided to the requestor. 
     
     
         15 . The method of  claim 2 , further comprising notifying at least one contact associated with the individual that access to the confidential information has been provided to the requestor. 
     
     
         16 . The method of  claim 2 , further comprising storing data in the computer relating to the extent of access by the requestor to the confidential information of the individual. 
     
     
         17 . The method of  claim 2 , wherein information about the requester is used to determine which authentication tests should be applied. 
     
     
         18 . A method for providing access, to an unregistered requestor, to personal information of a registered individual, comprising:
 receiving, at a computer from the unregistered requestor, a personal identification number associated with the registered individual and a name of the unregistered requestor;   providing, from the computer to the unregistered requestor, a first challenge;   when the unregistered requestor does not pass the first challenge, providing, from the computer to the unregistered requestor, a second challenge;   when the unregistered requestor does not pass the second challenge, providing, from the computer to the unregistered requestor, a third challenge;   when the unregistered requestor passes one of the first, second and third challenges, providing, from the computer to the unregistered requestor, access to the personal information of the registered individual; and   when the unregistered requestor passes none of the first, second and third challenges, denying, from the computer to the unregistered requestor, access to the personal information of the registered individual.   
     
     
         19 . The method of  claim 18 , wherein the scope of access provided for the personal information depends on which of the challenges are passed. 
     
     
         20 . The method of  claim 18 , wherein at least one of the challenges is a multi-part challenge.

Join the waitlist — get patent alerts

Track US2016352725A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.