Search

US-12619768-B2 - Portable access point for secure user information using non-fungible tokens

US12619768B2US 12619768 B2US12619768 B2US 12619768B2US-12619768-B2

Abstract

Embodiments permit scope limited access to a user's secure information using non-fungible tokens (NFTs). A user can register with a secure information manager and control the scope with which the user's secure information is shared. For example, the user can permit a vetted entity access to the user's secure information via a portable access point. The user can select scope definition that control how the user's secure information is shared with the vetted entity. The vetted entity can scan the user's portable access point and request a credential. The credential can be a NFT that is assigned access privileges that correspond the user's selections. The vetted entity can then issue data access request(s) using the credential. The secure information manager can permit the vetted entity scope limited access to the user's secure information that corresponds to the access privileges assigned to the NFT.

Inventors

  • Zachary S. ANKROM
  • Kamran KHALIQ

Assignees

  • ORACLE INTERNATIONAL CORPORATION

Dates

Publication Date
20260505
Application Date
20230313

Claims (20)

  1. 1 . A method for permitting limited access to a user's secure information, the method comprising: receiving, at a secure information manager, a credential request for one or more credentials that permit access to a user's secure information, the credential request comprising user identifying information, entity identifying information, and a credential definition, the credential request generated in response to a visual scanning of a portable access point that corresponds to the user; validating, at the secure information manager, the user identifying information and the entity identifying information; assigning, to an entity corresponding to the entity identifying information, and in response to the validating, a non-fungible token that corresponds to the credential definition, wherein the assignment of the non-fungible token to the entity is recorded on a private blockchain that manages the non-fungible token; and permitting, in response to one or more access requests from the entity that comprises the assigned non-fungible token, scope limited access to the user's secure information corresponding to access permissions of the non-fungible token assigned to the entity.
  2. 2 . The method of claim 1 , wherein permitting scope limited access to the user's secure information further comprises: receiving, at a secure information manager, the one or more access requests, the access requests comprising an unauthenticated credential; authenticating, via the private blockchain, the unauthenticated credential as the non-fungible token assigned to the entity; and permitting, in response to the authenticating, the scope limited access to the user's secure information corresponding to access permissions of the non-fungible token.
  3. 3 . The method of claim 1 , wherein the entity comprises a vetted entity that is vetted after performance of a vetting workflow.
  4. 4 . The method of claim 1 , wherein the scope limited access to the user's secure information comprises access to scope limited data points of the user's secure information, the scope limited data points comprising a predefined correspondence to the access permissions for the non-fungible token assigned to the entity.
  5. 5 . The method of claim 1 , wherein the scope limited access to the user's secure information provided by the assigned non-fungible token comprises access to the user's secure information for a limited duration of time, the limited duration of time corresponding to the access permissions for the non-fungible token assigned to the entity.
  6. 6 . The method of claim 1 , wherein, the credential request received at a secure information manager is transmitted by a computing system of the entity, the computing system of the entity generates the credential request by scanning the portable access point of the user that encodes at least a portion of the user identifying information and a credential version, and the portion of the user identifying information and the credential definition are obtained by the computing system of the entity via scanning of the portable access point.
  7. 7 . The method of claim 6 , wherein the user selects the credential definition via input at a wireless device, and the wireless device generates the portable access point in response the selection of the credential definition.
  8. 8 . The method of claim 1 , further comprising: storing one or more logs of the scope limited access to the user's secure information, the logs comprising one or more of: an identifier for the entity, portions of the credential request, the user's secure information accessed by the entity, timestamps for the accessing of the user's secure information accessed, or any combination thereof, wherein the one or more logs are recorded as blocks of an immutable blockchain.
  9. 9 . The method of claim 8 , further comprising: providing, in response to an audit request from the user, at least a portion of the one or more stored logs.
  10. 10 . A non-transitory computer readable medium having instructions stored thereon that, when executed by a processor, cause the processor to permit limited access to a user's secure information, wherein, when executed, the instructions cause the processor to: receive, at a secure information manager, a credential request for one or more credentials that permit access to a user's secure information, the credential request comprising user identifying information, entity identifying information, and a credential definition, the credential request generated in response to a visual scanning of a portable access point that corresponds to the user; validate, at the secure information manager, the user identifying information and the entity identifying information; assign, to an entity corresponding to the entity identifying information, and in response to the validating, a non-fungible token that corresponds to the credential definition, wherein the assignment of the non-fungible token to the entity is recorded on a private blockchain that manages the non-fungible token; and permit, in response to one or more access requests from the entity that comprises the assigned non-fungible token, scope limited access to the user's secure information corresponding to access permissions of the non-fungible token assigned to the entity.
  11. 11 . The non-transitory computer readable medium of claim 10 , wherein permitting scope limited access to the user's secure information further comprises: receiving, at a secure information manager, the one or more access requests, the access requests comprising an unauthenticated credential; authenticating, via the private blockchain, the unauthenticated credential as the non-fungible token assigned to the entity; and permitting, in response to the authenticating, the scope limited access to the user's secure information corresponding to access permissions of the non-fungible token.
  12. 12 . The non-transitory computer readable medium of claim 10 , wherein the entity comprises a vetted entity that is vetted after performance of a vetting workflow.
  13. 13 . The non-transitory computer readable medium of claim 10 , wherein the scope limited access to the user's secure information comprises access to scope limited data points of the user's secure information, the scope limited data points comprising a predefined correspondence to the access permissions for the non-fungible token assigned to the entity.
  14. 14 . The non-transitory computer readable medium of claim 10 , wherein the scope limited access to the user's secure information provided by the assigned non-fungible token comprises access to the user's secure information for a limited duration of time, the limited duration of time corresponding to the access permissions for the non-fungible token assigned to the entity.
  15. 15 . The non-transitory computer readable medium of claim 10 , wherein, the credential request received at a secure information manager is transmitted by a computing system of the entity, the computing system of the entity generates the credential request by scanning the portable access point of the user that encodes at least a portion of the user identifying information and a credential version, and the portion of the user identifying information and the credential definition are obtained by the computing system of the entity via scanning of the portable access point.
  16. 16 . The non-transitory computer readable medium of claim 15 , wherein the user selects the credential definition via input at a wireless device, and the wireless device generates the portable access point in response the selection of the credential definition.
  17. 17 . The non-transitory computer readable medium of claim 10 , wherein the instructions further cause the processor to: store one or more logs of the scope limited access to the user's secure information, the logs comprising one or more of: an identifier for the entity, portions of the credential request, the user's secure information accessed by the entity, timestamps for the accessing of the user's secure information accessed, or any combination thereof, wherein the one or more logs are recorded as blocks of an immutable blockchain.
  18. 18 . The non-transitory computer readable medium of claim 17 , wherein the instructions further cause the processor to: provide, in response to an audit request from the user, at least a portion of the one or more stored logs.
  19. 19 . A system for permitting limited access to a user's secure information, the system comprising: a processor; and a memory storing instructions for execution by the processor, the instructions configuring the processor to: receive, at a secure information manager, a credential request for one or more credentials that permit access to a user's secure information, the credential request comprising user identifying information, entity identifying information, and a credential definition, the credential request generated in response to a visual scanning of a portable access point that corresponds to the user; validate, at the secure information manager, the user identifying information and the entity identifying information; assign, to an entity corresponding to the entity identifying information, and in response to the validating, a non-fungible token that corresponds to the credential definition, wherein the assignment of the non-fungible token to the entity is recorded on a private blockchain that manages the non-fungible token; and permit, in response to one or more access requests from the entity that comprises the assigned non-fungible token, scope limited access to the user's secure information corresponding to access permissions of the non-fungible token assigned to the entity.
  20. 20 . The system of claim 19 , wherein permitting scope limited access to the user's secure information further comprises: receiving, at a secure information manager, the one or more access requests, the access requests comprising an unauthenticated credential; authenticating, via the private blockchain, the unauthenticated credential as the non-fungible token assigned to the entity; and permitting, in response to the authenticating, the scope limited access to the user's secure information corresponding to access permissions of the non-fungible token.

Description

FIELD The embodiments of the present disclosure generally relate to secure storage system(s) that permit scope limited access to a user's secure information using non-fungible token(s). BACKGROUND The proliferation of computing and connected devices has generated vast amounts of data that requires management. As data grows in size, the technological challenges related to efficiently managing the data has become increasingly complex. For example, sharing secure data among multiple parties has been a longstanding problem in the field of data management. Security techniques that permit a user to manage secure information, such as authentication, validation, and permission workflows, can be cumbersome and, in some scenarios, impractical. Security protocols that achieve practical secure data sharing in scenarios that cause friction for traditional data sharing protocols can provide substantial value. SUMMARY The embodiments of the present disclosure are generally directed to systems and methods for permitting limited access to a user's secure information using credential authentication and user information verification. A credential request for one or more credentials that permit access to a user's secure information can be received at a secure information manager, the request comprising user identifying information, entity identifying information, and a credential definition. The user identifying information and the entity identifying information can be validated by the secure information manager. In response to the validating, a non-fungible token that corresponds to the credential definition can be assigned to the entity, wherein the non-fungible token assignment is recorded on a private blockchain that manages the non-fungible token. In response to one or more access requests from the entity that comprises the assigned non-fungible token, scope limited access to the user's secure information can be permitted that corresponds to access permissions of the non-fungible token. Features and advantages of the embodiments are set forth in the description which follows, or will be apparent from the description, or may be learned by practice of the disclosure. BRIEF DESCRIPTION OF THE DRAWINGS Further embodiments, details, advantages, and modifications will become apparent from the following detailed description of the preferred embodiments, which is to be taken in conjunction with the accompanying drawings. FIG. 1 illustrates a system for permitting scope limited access to a user's secure information using non-fungible tokens according to an example embodiment. FIG. 2 illustrates a block diagram of a computing device operatively coupled to a prediction system according to an example embodiment. FIG. 3 illustrates a system registering users for secure information management according to an example embodiment. FIGS. 4A, 4B, and 4C illustrate systems with a secure information manager that permit scope limited access to a user's secure information using non-fungible tokens according to an example embodiment. FIG. 5 illustrates a portable access point according to an example embodiment. FIG. 6 illustrates a flow diagram for permitting limited access to a user's secure information using credential authentication and user verification according to an example embodiment. FIG. 7 illustrates a flow diagram for retrieving scope limited user information from a secure data store and logging the access according to an example embodiment. DETAILED DESCRIPTION Embodiments permit scope limited access to a user's secure information using non-fungible tokens. A user can register with a secure information manager and control the scope with which the user's secure information is shared. The user can permit a vetted entity (e.g., service provider, health care provider, other individual, etc.) access to the user's secure information via a portable access point. The user can also select scope definitions that control how the user's secure information is shared with the vetted entity. The vetted entity can scan the user's portable access point and request a credential that permits access to the user's secure information via the scanning. For example, the credential can be a non-fungible token (NFT) and the credential can be assigned access privileges that correspond the user's selections. The vetted entity can then issue one or more data access requests using the credential. The data access request(s) can be authenticated and validated by the secure information manager and the secure information manager can permit the vetted entity scope limited access to the user's secure information. The scope limited access can correspond to the access privileges assigned to the credential. The user can dynamical revoke the access privileges assigned to the credential and/or vetted entity via the user's wireless device. The access privileges assigned to the credential can also include an expiration timer, after which the credential will no longer authent