Search

JP-2026514336-A - Access manager that restricts access to user information using authentication and verification.

JP2026514336AJP 2026514336 AJP2026514336 AJP 2026514336AJP-2026514336-A

Abstract

The embodiment uses credential authentication and user information verification to grant limited access to a user's secure information. Some information sharing protocols may require explicit authorization to share a user's secure information with a requesting entity. In some situations, such explicit authorization may be impractical, such as when a user is unable to provide it. In such situations, the Secure Information Manager embodiment may grant the authorized entity limited access to the user's secure information, for example, if the authorized entity provides an assertion that the user is unable to provide explicit authorization. For example, in an emergency situation, the Secure Information Manager may allow the authorized entity to access limited user information corresponding to the authorized entity's relationship to the user, its role in the workflow, or other preferred characteristics of the authorized entity.

Inventors

  • アンクロム,ザカリー・エス
  • ハリク,カムラン

Assignees

  • オラクル・インターナショナル・コーポレイション

Dates

Publication Date
20260511
Application Date
20240326
Priority Date
20231018

Claims (20)

  1. A method for granting limited access to a user's secure information, This includes receiving requests from the computing systems of certified entities in the Secure Information Manager to access the user's secure information, The request includes the user's identification information and one or more credentials issued to the authorized entity, The aforementioned method, The process further includes verifying that the user's identification information matches a person pre-registered in the secure information manager. The user's identification information includes user information obtained by scanning the user's individual portable access point, biometric information detected from the user's person, a display of an identification document including the user's image, an image of the user's face or eyes, or any combination thereof, one or more of these. The aforementioned method, Further includes authenticating one or more of the aforementioned credentials and the aforementioned authorized entities, The one or more authenticated credentials grant the authorized entity limited access to the user's secure information for a limited period of time. The aforementioned method, A method further comprising, in response to the verification and authentication, granting the computing system associated with the authorized entity the limited-scope access to the user's secure information for the limited period of time.
  2. The method according to claim 1, wherein the one or more credentials include a token issued to the certified entity after the execution of the certification workflow.
  3. The method according to claim 2, wherein the token comprises one or more of the following: a blockchain-managed non-fungible token, an access token, a digital signature generated using a cryptographic key issued to the accredited entity, or any combination thereof.
  4. The method according to claim 2, wherein the access request includes an assertion from the authorized entity that the user is not authorized or capable of explicitly granting access to the user's secure information, and the limited access to the user's secure information is granted in response to the assertion.
  5. The method according to claim 4, wherein the limited access to the user's secure information includes access to a limited data point of the user's secure information, the limited data point includes a predetermined correspondence to the assertion from the certified entity.
  6. The method according to claim 1, wherein the certified entity includes a predetermined role for the user, and the limited access to the user's secure information includes access to a limited data point of the user's secure information corresponding to the predetermined role.
  7. The method according to claim 1, further comprising sending supplemental access permission requests to one or more additional users having a predetermined relationship with the user in response to the request to access the user's secure information, wherein the limited access is granted in response to explicit acceptance of the supplemental access permission requests.
  8. The method according to claim 7, wherein the predetermined relationship designates the additional user as the guardian of the user's secure information.
  9. The method according to claim 7, wherein the supplemental access permission request is transmitted to one or more wireless devices of the one or more additional users, and the explicit approval of the supplemental access permission request is received from the one or more wireless devices.
  10. The method according to claim 9, wherein the supplemental access request is displayed to at least one of the additional users via the at least one wireless device as a priority notification that overrides the display of at least one of the wireless devices.
  11. The method according to claim 9, wherein the supplemental access request is displayed to at least one of the additional users via at least one of the wireless devices as an expiration notice with an expiration timer, and the at least one wireless device is configured to transmit the explicit acknowledgment of the supplemental access permission request in response to an input prior to the expiration of the expiration timer.
  12. The further includes storing one or more logs of the scope-limited access to the user's secure information, The method according to claim 1, wherein the log includes one or more of the following: the certified entity, a portion of the request, the secure information of the user accessed by the computing system of the certified entity, a timestamp of access to the secure information of the user being accessed, or any combination thereof.
  13. The method according to claim 12, wherein the one or more logs are recorded as blocks on an immutable blockchain.
  14. The method according to claim 12, further comprising providing at least a portion of the one or more stored logs in response to an audit request from the user.
  15. The method according to claim 1, further comprising sending an access permission request to the user in response to the request to access the user's secure information, and sending one or more supplemental access permission requests to one or more additional users having a predetermined relationship with the user.
  16. The method according to claim 15, wherein the access permission request is transmitted to the user's wireless device, and the supplemental access permission request is transmitted to one or more wireless devices of the one or more additional users.
  17. The limited access to the user's secure information is granted prior to receiving the response to the access permission request or the supplemental access permission request. One or more responses are received to the access permission request or supplemental access permission request that prohibit the scope-limited access to the user's secure information. The method according to claim 16, wherein the limited access to the user's secure information is terminated based on one or more responses.
  18. A non-temporary computer-readable medium that, when executed by a processor, stores instructions that grant the processor limited access to the user's secure information, When executed, the instruction is: The processor is instructed to receive a request from the computing system of an authorized entity to access the user's secure information in the secure information manager. The request includes the user's identification information and one or more credentials issued to the authorized entity, The aforementioned instruction is, The processor is further instructed to verify that the user's identification information matches a person pre-registered in the secure information manager. The user's identification information includes user information obtained by scanning the user's individual portable access point, biometric information detected from the user's person, a display of an identification document including the user's image, an image of the user's face or eyes, or any combination thereof, one or more of these. The aforementioned instruction is, The processor is further instructed to authenticate one or more of the aforementioned credentials and the aforementioned authorized entities. The one or more authenticated credentials grant the authorized entity limited access to the user's secure information for a limited period of time. The aforementioned instruction is, A non-temporary computer-readable medium that, in response to the verification and authentication, further causes the processor to grant the computing system associated with the authorized entity the limited-scope access to the user's secure information for the limited period of time.
  19. The non-temporary computer-readable medium according to claim 18, wherein the one or more credentials include a token issued to the certified entity after the execution of the certification workflow.
  20. A system for granting limited access to a user's secure information, Processor and A memory for storing instructions to be executed by the aforementioned processor, Equipped with, The aforementioned instruction is, The processor is configured to receive requests from the computing system of an authorized entity to access the user's secure information in the secure information manager. The request includes the user's identification information and one or more credentials issued to the authorized entity, The aforementioned instruction is, The processor is further configured to verify that the user's identification information matches a person pre-registered in the secure information manager. The user's identification information includes user information obtained by scanning the user's individual portable access point, biometric information detected from the user's person, a display of an identification document including the user's image, an image of the user's face or eyes, or any combination thereof, one or more of these. The aforementioned instruction is, The processor is further configured to authenticate one or more of the aforementioned credentials and the aforementioned authorized entities, The one or more authenticated credentials grant the authorized entity limited access to the user's secure information for a limited period of time. The aforementioned instruction is, A system that, in response to the verification and authentication, further configures the processor to grant the computing system associated with the authorized entity the limited-scope access to the user's secure information for the limited period of time.

Description

Field: Embodiments of this disclosure generally relate to secure storage systems that use credential authentication and user information verification to grant a user limited access to secure information. Background: The proliferation of computing and connected devices is generating vast amounts of data that require management. As data size increases, the technical challenges of efficient data management become increasingly complex. For example, securely sharing data among multiple stakeholders has been a long-standing problem in the field of data management. Security technologies for users to manage secure information, such as authentication, verification, and explicit authorization workflows, are cumbersome and, in some situations, impractical. In situations that create friction with traditional data sharing protocols, security protocols that enable practical and secure data sharing can offer significant value. Overview Embodiments of this disclosure generally pertain to systems and methods for granting limited access to a user's secure information using credential authentication and user information verification. A request for access to a user's secure information may be received by a secure information manager from a computing system of an authorized entity, and this request may include the user's identification information and one or more credentials issued to the authorized entity. The user's identification information may then be verified to match a person pre-registered with the secure information manager. The user's identification information may include one or more of the following: user information obtained by scanning the user's individual portable access point, biometric information detected from the user's person, a display of an identification document including an image of the user, an image of the user's face or eyes, or any combination thereof. One or more credentials and the authorized entity may then be authenticated, and these authenticated one or more credentials may grant the authorized entity limited access to the user's secure information for a limited period of time. In response to verification and authentication, the computing system associated with the authorized entity may be granted limited access to the user's secure information for a limited period of time. The features and advantages of the embodiments are described below, become apparent therefrom, or may be ascertained through implementation of this disclosure. Other embodiments, details, advantages, and improvements will become apparent from the following detailed description of preferred embodiments, in conjunction with the accompanying drawings. This figure shows a system for granting limited access to a user's secure information using credential authentication and user verification, according to an exemplary embodiment.This is a block diagram of a computing device operably coupled to a prediction system, according to one exemplary embodiment.This figure shows a system having a secure information manager that allows limited access to secure user information, according to one exemplary embodiment.This figure shows a system having a secure information manager that allows limited access to secure user information, according to one exemplary embodiment.This is a flowchart illustrating an exemplary embodiment of granting limited access to a user's secure information using credential authentication and user verification.This is a flowchart illustrating an exemplary embodiment of reading scope-limited user information from a secure data store and recording access. Detailed Description The embodiment uses credential authentication and user information verification to allow limited access to a user's secure information. Certain information sharing protocols may require explicit authorization to share a user's secure information with the requesting computing system and/or entity. However, in some situations, such explicit authorization may be impractical and/or impossible, such as when the user is unaware of or unqualified to provide such explicit authorization. The Secure Information Manager embodiment may, in such situations, allow the authorized entity to have limited access to the user's secure information, for example, if the authorized entity provides an assertion that the user is unable to provide explicit authorization. For example, in an unexpected situation or any other suitable emergency situation, the Secure Information Manager may allow the authorized entity to access limited user information corresponding to the authorized entity's relationship to the user, its role in the workflow, or other suitable characteristics of the authorized entity. A certified entity may undergo a certification workflow that grants it specific access in such situations. For example, a certified entity could be an individual, an organization, or a group of individuals, and the certification workflow may include one or more of the following: