(19) United States
`(12) Patent Application Publication (10) Pub. No.: US 2006/0230462 A1
`(43) Pub. Date: Oct. 12, 2006
`
`Prabakar
`
`US 20060230462A1
`
`(54)
`
`INTERNET-BASED SECURE ACCESS
`CONTROL WITH CUSTOM
`AUTHENTICATION
`
`(75)
`
`Inventor: Nagarajan Prabakar, Miami, FL (US)
`
`Correspondence Address:
`MARSHALL, GERSTEIN & BORUN LLP
`233 S. WACKER DRIVE, SUITE 6300
`SEARS TOWER
`
`CHICAGO, IL 60606 (US)
`
`(73) Assignee: THE FLORIDA INTERNATIONAL
`UNIVERSITY BOARD OF TRUST-
`
`EES, Miami, FL (US)
`
`(21) Appl. No.:
`
`10/907,637
`
`(22)
`
`Filed:
`
`Apr. 8, 2005
`
`Publication Classification
`
`(51)
`
`Int. Cl.
`(2006.01)
`H04L 9/32
`(2006.01)
`H04L 9/00
`(2006.01)
`G06F 17/30
`(2006.01)
`H04K 1/00
`(2006.01)
`G06F 7/04
`(2006.01)
`G06K 9/00
`(2006.01)
`H03M 1/68
`(2006.01)
`H04N 7/16
`(52) U.S.C1.
`............................ 726/27; 713/182; 713/151;
`713/183
`
`(57)
`
`ABSTRACT
`
`A method of providing an owner with secure online control
`of private information comprises providing an owner-edit-
`able set of private information. Allowing the owner to edit
`at least one item of private information and allowing the
`owner to create a first relationship between a symbolic name
`and the item of private information. Allowing the owner to
`create a second relationship between a communication
`application and the symbolic name. Allowing the owner to
`create a third relationship between the symbolic name and a
`client, the third relationship arranged to prevent the client
`from accessing the item of private information, and provid-
`ing a website, the website arranged to enable the client to
`access the symbolic name.
`
`//2w
`
`Communicate Authentication
`Information
`
`
`,
`,
` \
`Owner Control
`
`, 0,
`_.
`W,"
`Web Page:
`
`
`Owner Selects
`Communication
`Applications
`
`
`
`Owner Creates Private
`Information and Associates
`
`1",
`'
`
`,
`
`205
`7'
`/
`
`,, //
`
`‘)1
`
`\
`‘ ‘ ‘ Symbolic Names
`~ A \ ‘
`i/
`;
`i
`
`.
`anat‘?
`Information
`
`WWWIIIIII
`
`I
`
`II
`Communication Applications
`Use Private Information
`
`Client Invokes
`///
`230 ,,/-"’/ Communication Application
`
`
`
`7‘
`.
`Client
`Authentication
`fl
`W
`‘
`Control of
`L Client Access x
`7 fl ,
`,.. .
`u“
`
`W
`
`
`I
`
`
`
`Client Access
`
`3
`
`215
`\
`
`\\*~ T
`
`220
`\
`\
`
`225
`\\\
`
`\
`
`Exhibit 1029
`
`Page 01 of 18
`
`Adobe Inc. v.
`
`Exhibit 1029
`
`Express Mobile, |nc.,
`|PR2021 -XXXXX
`
`US. Pat. 9,471,287
`
`Exhibit 1029
`Page 01 of 18
`
`

`

`Patent Application Publication Oct. 12, 2006 Sheet 1 0f 8
`
`US 2006/0230462 A1
`
`F G
`
`E
`
`
`
`Exhibit 1029
`
`Page 02 of 18
`
`Exhibit 1029
`Page 02 of 18
`
`

`

`AtnmaP
`
`n
`
`f
`
`US 2006/0230462 Al
`
`.\s;mmcozmomaa<
`2,_33.52002comma—:25_1_._.
`
`
`
`1380.26\.a:2:1.Mxiiklili/#520_.mmm
`
`
`
`
`
`
`cosmoEzEEoop«wwwwfiiu\/,floflmwSagom..... w:o.wW\\3&2...»._00mmnIImmmoo<E250.N
`
`.mmomIIII
`
`
`
`
`
`.m3:52238$III.1;1/.w$56826cmcoszEuEflI/PEmaimmwmmho5:303N
`
`.mcoMHmELEE
`
`
`
`.m\commoncmfisd.BmoEzEEoomcoma\
`
`Exhibit 1029
`
`Page 03 of 18
`
`OWN-l/
`
`
`f//63mmmmm
`.mztS/.\
`
`NGE
`
`
`8scumELoE2925mm:_
`
`MmeowmoifiwcosmoEzEEoo\i.IcowmgfigcozmoEzEEoo\x\\.omm
`
`
`
`
`tx\_II3:35E26\\e\ImXI;\a:S\\.11IlrllLfi:x1/11/
`
`
`
`
`
`Exhibit 1029
`Page 03 of 18
`
`
`
`
`

`

`Patent Application Publication Oct. 12, 2006 Sheet 3 of 8
`
`US 2006/0230462 A1
`
`2.132005
`
`FIG. 3
`
`. 25/2005
`
`Owner Authorization
`
`: -—-‘Owaernamk:
`
`’I'Pasmrd:
`
`W
`;
`
`Mam-om 15 char wehm :piczz)
`
`Ghmum 13 that mm no spams}
`
`
`41 5
`
`Login
`
`i
`
`(Mia‘fi'nyir‘mfde
`
`3
`
`\
`
`_\\
`
`FIG. 4
`
`Exhibit 1029
`
`Page 04 of 18
`
`Exhibit 1029
`Page 04 of 18
`
`

`

`Patent Application Publication Oct. 12, 2006 Sheet 4 0f 8
`
`US 2006/0230462 A1
`
`21'5/2005
`
`
`635
`
`215/2005
`
`62D
`\
`610\w’
`615‘~~//
`
`Exhibit 1029
`
`Page 05 of 18
`
`Choose a Eask
`
`FIG. 5
`
`Owner
`
`Private Information
`
`'33
`5‘ with three tum? I‘J‘CPHIHYZH by a aviifici
`ti Smaunflm 1n_}31u1z,¢elmunbex Seriicgprwzdzzmusuztxz
`The same ntzvate tmomeion can else be axsociated Vizh
`i an: chem an: :yufialu: nausea.
`g The maximum Jams}: 13-: a amclic name is 15 chatncners lung.
`f Exmwu privnzi saxonvacwn zaprgstn=luun5
`# mom 807562345 mobita vtazlmm
`fl mommy 8127562345 mobzlemtextcom
`it dad 801TETZES7 messaginuspnnlpcsLom
`
`3g
`
`iudge 8427782963 messaging spdntpcs mm
`piainllfl 8125475236 mahibmydnguiaimm
`alerxla'nl 5125426809 mobdeytemmom
`
`,.
`
`- 3553932.
`
`]
`
`Hess!
`
`S
`
`, fianqsi- ,
`
`Ki
`
`\\
`
`\\
`“
`
`\
`
`625
`
`630
`
`“a
`\
`
`x
`
`Exhibit 1029
`Page 05 of 18
`
`

`

`Patent Application Publication Oct. 12, 2006 Sheet 5 0f 8
`
`US 2006/0230462 A1
`
`
`21512005
`Owner
`am am
`
`700
`
`i
`
`i
`
`Client Infarmation
`
`i Congas»: Lines CM be inciutsed "112}:
`'fi'
`11: CM 11Y3E comma
`33
`Biank line: can he added tn: 5115!:an and (endabllity
`
`Vltb IIEJd3 [swarmed by fipacarl a2
`Fa: Each chem “an, (3211; one line an intarmaLiun 1:: given 1min»
`Cliennfiam Cl mmFassmra Listotfimnhrfiws
`
`7051‘
`
`/’
`
`
`
`
`
`m:Maura-lawn
`
`720
`
`flalice
`cheetah dais/id man
`Example than: continuation:
`'x-
`anvil: Jaguar my dad 311m:
`ig‘
`710‘\_\‘
`i
`\ \Wgttnnuce per._ktri devid
`"kinaniel dog piainlifffudge
`\iiljfi‘aul pan defendant
`l
`
`. Have“:
`
`swam i
`l\
`
`. cums:
`
`:
`
`
`
`
`
`
`
`
`
`
`
`2/5/2005
`
`Crime:
`
`9:05 am
`
`Client Events Log
`
`i
`'4.
`
`3 Log file of clients’ access
`810
`it
`\\
`““ 2005J02/01 09:45:15 “Iogin‘ 193.615.2263 Daniel :dog
`815
`\»w_’ 2005102101 09:46:35 From: Daniel - To: plaintiff
`
`
`
`
`
`
`82Q
`i\\
`
`\‘\
`
`Message: Settlement discussion at noon?
`~— Daniel
`k“ ' 2005f02/01 10:15:15 “iogin’ 198532263 Paul :pan
`4200502101 $013635 From: Paul ~ To: defendant
`3 Message: Confirmed. See you alnoon.
`«w 33am
`
`pi
`i
`Mix/I
`
`395
`//
`
`
`
`
`
`Exhibit 1029
`
`Page 06 of 18
`
`Exhibit 1029
`Page 06 of 18
`
`

`

`Patent Application Publication Oct. 12, 2006 Sheet 6 0f 8
`
`US 2006/0230462 A1
`
`215/2905
`
`Text Message
`
`
`
`FVCi.9
`
`_
`‘
`‘
`"I em Message
`
`
`
`2/5/2005
`Client Alzéhcrization
`
`
`
`9:19 am
`
`3000
`F
`
`/Ciiem name: i
`
`_,Passwurrl;
`
`
`
`
`Hum 15 that: with no spacts)
`
`(Maximm: if: charwvfimo spams)
`
`
`\<MMH<:WMMWWMWMWWWHMMWMWMW
`1615
`1620
`
`
`
`FVGi 10
`
`Exhibit 1029
`
`Page 07 of 18
`
`Exhibit 1029
`Page 07 of 18
`
`

`

`Patent Application Publication Oct. 12, 2006 Sheet 7 0f 8
`
`US 2006/0230462 A1
`
`' 21512005
`
`/11/
`
`‘ thpifim {Fim‘fifl/
`Massage: {m 120 char mciutfing spaces)
`
`Settlement discussion at nouna »'
`“3205
`
`FIG. 11
`
`215/2005
`
`Text M essaga
`
`Your message (30 chars) has been sent
`f«
`
`I:
`
`.936???
`‘\
`
`FIG. 12
`
`Exhibit 1029
`
`Page 08 of 18
`
`Exhibit 1029
`Page 08 of 18
`
`

`

`Patent Application Publication Oct. 12, 2006 Sheet 8 0f 8
`
`US 2006/0230462 A1
`
`25/2005
`Client Profile
`
`
`
`Ten Message
`
`9:30 am 5
`
`F
`
`
`
`{Mamwm lfi char «nah m blanks}
`// —4- Password: fducln
`I
`'Cs‘ntél
`E
`‘I‘
`1 31 0
`Jflpdpie prfifile-
`y
`, V+.W7,m.__.v.w_._WW WWW. ._._.____... _.._._. W.
`
`.
`
`.
`
`.
`
`.
`
`W K
`
`_,
`
`N
`
`_
`
`\\
`1 3 1 5
`
`FIG. 13
`
`Exhibit 1029
`
`Page 09 of 18
`
`Exhibit 1029
`Page 09 of 18
`
`

`

`US 2006/0230462 A1
`
`Oct. 12, 2006
`
`INTERNET-BASED SECURE ACCESS CONTROL
`WITH CUSTOM AUTHENTICATION
`
`BACKGROUND
`
`[0001] Many online systems attempt to maintain informa-
`tion in a secure and/or private fashion. However, on many
`such systems the owner of the information cannot conve-
`niently or immediately access the information. Instead, the
`owner must overcome various protective measures before
`the owner can gain access to the information. Such protec-
`tive measures may include keeping the information, such as
`telephone numbers, account numbers, passwords and/or
`social security numbers, in a safe location until the infor-
`mation is needed.
`
`[0002] For example, an account owner typically needs an
`account number in order to gain access to his/her own
`account. The account owner also may wish to allow others
`to access the account, such as service professionals or other
`persons or organizations that require access to the owner’s
`account. For example, the owner may grant access to his or
`her financial planner so that the financial planner can buy/
`sell stocks, or withdraw, deposit or transfer money. When the
`account owner reveals the account number and perhaps an
`associated password to the financial planner, the owner gains
`the benefit of the financial planner’s services. However, the
`account owner simultaneously gives up absolute control of
`that account number and the associated password. As such,
`the account owner may be at risk of intentional or uninten-
`tional security risks if, for example, the financial planner has
`unscrupulous motives, or if the financial planner simply
`leaves any sensitive information in public view.
`
`[0003] While the owner of the sensitive information may,
`in some circumstances, change a username and password at
`any time when an apparent breach may have occurred, some
`sensitive information may not be easily modified. For
`example,
`it is a common business practice to require a
`username for many accounts, such as bank accounts, insur-
`ance policies, and health insurance policies. In many cir-
`cumstances, that username may itself be sensitive informa-
`tion. For example, many financial accounts use the account
`owner’s social security number as the username. Such
`common business practices often needlessly elevate the
`account owner’s risk of identity theft.
`
`[0004] Therefore, owners of sensitive information desire a
`practical solution to the aforementioned problems that will
`allow the owner of sensitive information to maintain full
`
`control over sensitive information, while still allowing the
`owner to conveniently access the information in a secure and
`private fashion.
`
`SUMMARY
`
`In accordance with an aspect of this invention, a
`[0005]
`method of providing an owner with secure online control of
`private information comprises providing an owner-editable
`set of private information. Allowing the owner to edit at least
`one item of private information and allowing the owner to
`create a first relationship between a symbolic name and the
`item of private information. Allowing the owner to create a
`second relationship between a communication application
`and the symbolic name. Allowing the owner to create a third
`relationship between the symbolic name and a client, the
`third relationship arranged to prevent the client from access-
`
`ing the item of private information, and providing a website,
`the website arranged to enable the client to access the
`symbolic name.
`
`In further accordance with a preferred embodi-
`[0006]
`ment, the method comprises providing a secure socket layer
`connection for transmitting and receiving the item of private
`information, and allowing the owner to edit at least one item
`of private information,
`including at least one of adding
`information, deleting information, or modifying informa-
`tion. The owner may create the first relationship of associa-
`tion or disassociation between the symbolic name and the
`item of private information in which a relationship of
`association permits a linked reference between the symbolic
`name and the private information, and a relationship of
`disassociation disables the linked reference between the
`
`symbolic name and the private information.
`
`[0007] The owner may create a second relationship of
`association or disassociation between the communication
`
`application and the symbolic name. A relationship of asso-
`ciation of the communication application with the symbolic
`name further permits the communication application to use
`the symbolic name, while disassociation of the communi-
`cation application from the symbolic name prevents the
`communication application from using the symbolic name.
`
`Still preferably, the owner may create a third rela-
`[0008]
`tionship of association or disassociation between the sym-
`bolic name and the client. A relationship of association of the
`symbolic name with the client permits the client to use the
`symbolic name, while disassociation of the symbolic name
`and the client disables the client from using the symbolic
`name. Permission for the client provides client access to
`functionality of the communication application.
`
`[0009] Additionally, the method further includes the com-
`munication application comprising at least one of wireless
`text messaging, telephone calling, or electronic mail. The
`owner may create the third relationship which may further
`include allowing the owner to assign a client name and
`password to the client, and assign access time limitations on
`at least one of the client or the symbolic name for client
`authentication.
`
`[0010] Further still, the method provides a website which
`includes providing a client name, an owner name, or a
`password field, secure authentication for at least one of the
`client or the owner with the secure authentication uses at
`
`least one of a client name, an owner name or password. The
`secure authentication may further comprise a secure socket
`communication layer. The website may, additionally, enable
`the owner to monitor client activity.
`
`In accordance with another aspect of the invention,
`[0011]
`a computer readable medium having computer executable
`instructions for providing an owner with secure online
`control of private information comprises computer execut-
`able instructions for providing an owner-editable set of
`private information and allowing the owner to edit at least
`one item of private information. The computer readable
`medium further comprises allowing the owner to create a
`first relationship between a symbolic name and the item of
`private information, allowing the owner to create a second
`relationship between a communication application and the
`symbolic name, and allowing the owner to create a third
`relationship between the symbolic name and a client, the
`
`Exhibit 1029
`
`Page 10 of 18
`
`Exhibit 1029
`Page 10 of 18
`
`

`

`US 2006/0230462 A1
`
`Oct. 12, 2006
`
`third relationship arranged to prevent the client from access-
`ing the item of private information. The computer readable
`medium also comprises computer readable instructions for
`providing a website,
`the website arranged to enable the
`client to access the symbolic name.
`
`In accordance with yet another aspect of the inven-
`[0012]
`tion, a system for providing an owner with secure online
`control of private information comprises a display unit that
`is capable of generating video images, an input device, and
`a processing apparatus operatively coupled to the display
`unit and the input device, the processing apparatus compris-
`ing a processor and a memory operatively coupled to the
`processor. A network interface connected to a network and
`to the processing apparatus, the processing apparatus being
`programmed to provide an owner-editable set of private
`information, to allow the owner to edit at least one item of
`private information, and to allow the owner to create a first
`relationship between a symbolic name and the item of
`private information. The processing apparatus also allows
`the owner to create a second relationship between a com-
`munication application and the symbolic name, and allows
`the owner to create a third relationship between the symbolic
`name and a client, the third relationship arranged to prevent
`the client from accessing the item of private information.
`The processing apparatus also being programmed to provide
`a website, the website arranged to enable the client to access
`the symbolic name.
`
`In accordance with yet another aspect of the inven-
`[0013]
`tion, a method of private information control comprises
`providing an owner with a set of private information,
`enabling the owner to edit at
`least one item of private
`information in the set, enabling the owner to associate a
`symbolic name and the item of private information, and
`enabling the owner to associate the symbolic name with a
`communication application. The method also comprises
`providing a website arranged to enable the client to access
`the symbolic name and enables the owner to associate the
`symbolic name with a client, whereby the client is able to
`invoke the communication application without access to the
`item of private information, the communication application
`rendering services to the client.
`
`DRAWINGS
`
`[0014] FIG. 1 is an exemplary block diagram of a com-
`puter system that may operate with a system or method of
`secure access control with custom authentication.
`
`[0015] FIG. 2 is an exemplary block diagram illustrating
`components of a secure access control system having cus-
`tom authentication.
`
`[0016] FIG. 3 is an exemplary initial owner display screen
`for use with the system of FIG. 1.
`
`[0017] FIG. 4 is an exemplary owner authentication
`screen for use with the system of FIG. 1.
`
`[0018] FIG. 5 is an exemplary task selection screen for
`use with the system of FIG. 1.
`
`[0019] FIG. 6 is an exemplary private information edit
`screen for use with the system of FIG. 1.
`
`[0020] FIG. 7 is an exemplary client
`screen for use with the system of FIG. 1.
`
`information edit
`
`[0021] FIG. 8 is an exemplary client event log screen for
`use with the system of FIG. 1.
`
`[0022] FIG. 9 is an exemplary initial client display screen
`for use with the system of FIG. 1.
`
`[0023] FIG. 10 is an exemplary client authentication
`screen for use with the system of FIG. 1.
`
`[0024] FIG. 11 is an exemplary trusted application client
`screen for use with the system of FIG. 1.
`
`[0025] FIG. 12 is an exemplary trusted application results
`screen for use with the system of FIG. 1.
`
`[0026] FIG. 13 is an exemplary client profile screen for
`use with the system of FIG. 1.
`
`DESCRIPTION
`
`[0027] Although the following text sets forth a detailed
`description of numerous different embodiments, it should be
`understood that the legal scope of the invention is defined by
`the words of the claims set forth at the end of this patent. The
`detailed description is to be construed as exemplary only and
`does not describe every possible embodiment since describ-
`ing every possible embodiment would be impractical, if not
`impossible. Numerous alternative embodiments could be
`implemented, using either current technology or technology
`developed after the filing date of this patent, which would
`still fall within the scope of the claims.
`
`It should also be understood that, unless a term is
`[0028]
`expressly defined in this patent using the sentence “As used
`herein, the term ‘
`’ is hereby defined to mean .
`.
`. ” or
`a similar sentence, there is no intent to limit the meaning of
`that term, either expressly or by implication, beyond its plain
`or ordinary meaning, and such term should not be inter-
`preted to be limited in scope based on any statement made
`in any section of this patent (other than the language of the
`claims). To the extent that any term recited in the claims at
`the end of this patent is referred to in this patent in a manner
`consistent with a single meaning, that is done for sake of
`clarity only so as to not confuse the reader, and it is not
`intended that such claim term be limited, by implication or
`otherwise, to that single meaning. Finally, unless a claim
`element is defined by reciting the word “means” in conjunc-
`tion with a function without the recital of any structure, it is
`not intended that the scope of any claim element be inter-
`preted based on the application of 35 U.S.C. § 112, sixth
`paragraph.
`
`[0029] The claimed method and apparatus may be imple-
`mented on an exemplary computing system shown in FIG.
`1. The system 100 includes functionality similar to well
`known computing systems including desktop computers,
`laptop computers, servers, handheld computers, and micro-
`processor systems, to name a few.
`
`[0030] An exemplary computer 102 includes a CPU 104,
`a memory 106, a video interface 108, a power supply 110,
`and an audio interface 112. The memory 106 may include
`several types of computer readable media including ROM,
`RAM, flash memory, and EEPROM. Such memory may
`store computer programs, routines, and various data struc-
`tures. Similarly, an I/O (Input/Output) interface 114 may
`permit external memory devices, such as floppy disk drives
`116 and CDROM drives 118, to store computer programs,
`routines, and data structures. The I/O interface 114 may also
`
`Exhibit 1029
`
`Page 11 of 18
`
`Exhibit 1029
`Page 11 of 18
`
`

`

`US 2006/0230462 A1
`
`Oct. 12, 2006
`
`permit; client and owner input Via a keyboard 120 and a
`mouse 122, client and owner output Via a printer 124, and
`bi-directional
`input/output to/from the computer 102 Via
`Various ports 126 (e.g., RS-232, RS-485, parallel, firewire,
`Bluetooth, etc.). The Video interface 108 may support a
`display 128 and a camera 130, and the audio interface 112
`may support speakers 132 and a microphone 134.
`
`[0031] A network interface 136 may support remote com-
`puter system 138 access Via intemet and intranet access 140,
`or permit access to the computer 102 Via a modem 142.
`Additionally, the network interface 136 may support Various
`configurations of local area networks (LAN) and wide area
`networks (WAN). Furthermore, the network interface 136
`may support wired or wireless methods of network connec-
`tiVity.
`
`[0032] FIG. 2 shows a block diagram for internet based
`secure access control with custom authentication, in accor-
`dance with an example of the present inVention. The block
`diagram may represent functional elements for a system, a
`method, an apparatus, or a software application directed to
`internet based secure access control with custom authenti-
`
`cation. An owner 200 may create and control a set or item
`of priVate information 205. The set may include Various
`items of priVate information, such as telephone numbers,
`social security numbers, or any other type of information in
`which the owner 200 requires priVacy. An owner 200 may
`include, but is not limited to,
`indiViduals, groups, and/or
`organizations. The owner 200 may also create symbolic
`names to associate with the set or item of priVate information
`205. Such symbolic names may use nomenclature suggest-
`ing the content of the priVate information 205 without
`explicitly disclosing the details of that
`information. For
`example,
`if the item 205 is a nine-digit social security
`number, then the owner 200 may create a symbolic name of
`“SSN,”“Smith SSN,” or “HMO Identification,” to name a
`few.
`
`[0033] An owner 200 may also select a communication
`application 210 that uses the item 205 to pr0Vide some
`functionality. The communication application 210 may be a
`software application, a system, or a serVice pr0Vider, to
`name a few. For example, if the communication application
`210 is a wireless telephone application, that application may
`use a wireless telephone number, i.e., the item of priVate
`information 205, to place a call or forward a text message.
`
`[0034] The owner 200 may also create a website 230 for
`clients 215, 220, 225. AltematiVely, the system and method
`may generate a website 230 for clients 215, 220, 225 through
`Various known techniques including ActiVe Server Pages
`(ASP) and Common Gateway lnterface (CGI) scripts. Addi-
`tionally,
`the owner 200 may also assign authentication
`credentials, such as client names and passwords, to particu-
`lar clients 215, 220, 225. The owner 200 may also assign
`particular symbolic names to those clients 215, 220, 225.
`The owner may inform the clients 215, 220, 225 about the
`website 230 and pr0Vide them with the appropriate authen-
`tication credentials which will authorize access to the web-
`
`site 230 and permit client access to particular symbolic
`names.
`
`[0035] The clients 215, 220, 225 may access the website
`230 by using the assigned authentication credentials. Once
`authenticated, the website 230 may permit the clients 215,
`220, 225 to inVoke the serVices of a particular communica-
`
`tion application 210 by using the symbolic name assigned to
`that particular client 215, 220, 225.
`
`[0036] For example, an owner 200, Dr. Smith, may create
`an item in the form of a wireless telephone number, e.g.,
`123-4567. She 200 may also create a symbolic name of
`“Doctor Smith Cell” and associate the wireless telephone
`number with that symbolic name. Dr. Smith 200 may further
`select a communication application 210, such as a wireless
`telephone company text messaging application, to use the
`item 205, i.e., 123-4567. Additionally, Dr. Smith 200 may
`create a website 230 for Client B 220, establish authentica-
`tion credentials for the client 220, assign the symbolic name
`“Doctor Smith Cell” to him or her 220, and inform the client
`220 of the website address and corresponding authentication
`credentials that will allow the client 220 to log on to the
`website 230.
`
`[0037] Continuing with the example ab0Ve, Client B 220,
`perhaps a patient of Dr. Smith 200, may access the website
`230 using assigned credentials. The website 230 may present
`the patient 220 with a list of symbolic names that Dr. Smith
`200 has created for the patient’s 220 use. The website 230
`may also present the patient 220 with a field for entering text
`messages. The patient’s 220 use of the symbolic name
`“Doctor Smith Cell” and entry of a text message inVokes the
`communication application 210. As a result, a wireless
`telephone associated with the priVate telephone number
`123-4567 displays the text message entered by the patient
`220.
`
`[0038] The preceding example illustrates that a Virtual
`barrier 235 preVents any client 215, 220, 225 from accessing
`or Viewing the set or item of priVate information 205, while
`simultaneously allowing the authorized client 220 the ben-
`efit of the trusted application’s 210 functionality. Further-
`more, the owner 200 always maintains complete control
`0Ver the priVate information 205, the symbolic names, the
`relationships between the priVate information 205 and the
`symbolic names, which communication applications 210
`may use the priVate information 205, client authentication
`credentials, and which clients 215, 220, 225 may haVe
`access to any particular symbolic name. In other words, the
`owner 200 has complete control 0Ver all of the priVate
`information 205, and the client 215, 220, 225 has none.
`Furthermore,
`the owner 200 controls all aspects of the
`client’s ability to use the system, method, apparatus, or
`software application for intemet based secure access control
`with custom authentication.
`
`[0039] Returning to FIG. 2 in further detail, the owner 200
`may control Various facets of operation, including managing
`the set or item of priVate information 205. The set or item
`205 may include any type of information in which the owner
`200 desires to remain confidential (i.e., not Visible) from all
`clients 215, 220, 225. Such information 205 may include,
`but is not limited to, telephone numbers, social security
`numbers, addresses, account numbers, and passwords. The
`owner 200 may enter the set or item of priVate information
`205 on a computer or terminal and stored on a computer,
`server, database, or any other data storage medium, deVice,
`or system. Similarly, the owner 200 may delete and edit the
`items of priVate information 205, or the whole set of priVate
`information 205. All data transfer and storage may occur in
`a secure manner, particularly when the owner 200 adds,
`deletes, or edits priVate information 205 Via the website 230.
`
`Exhibit 1029
`
`Page 12 of 18
`
`Exhibit 1029
`Page 12 of 18
`
`

`

`US 2006/0230462 A1
`
`Oct. 12, 2006
`
`The set or items of private information 205 may be saved to
`computers,
`servers, or other
`storage mediums
`in an
`encrypted manner. The data transfer between any combina-
`tion of client 215, 220, 225, owner 200, and webpage 230
`may include a secure socket layer (SSL) connection, thereby
`helping to ensure data security.
`[0040]
`In addition to creating, editing, or deleting private
`information 205, the owner 200 may manage a relationship
`between the items of private information 205 and a symbolic
`name. The symbolic name, generated by the owner 200, may
`include alphanumeric text and may further describe the
`private information 205 in a general manner. For example,
`if the item 205 is a social security number having nine digits,
`the symbolic name may be “SSN,”“Smith SSN,” or “HMO
`ID” to name a few. If the owner 200 creates a relationship
`of association between the symbolic name and the private
`information 205, then any further use of this symbolic name,
`discussed in further detail below, will reference the nine-
`digit social security number, but will not explicitly disclose
`or publicize that number to the client 215, 220, 225. In other
`words, the item of private information 205 is invisible to the
`client 215, 220, 225 using the symbolic name,
`thereby
`protecting the owner 200 from theft, misuse, or accidental
`disclosure of the item 205. On the other hand, if the owner
`200 no longer wants the association between the symbolic
`name and the item 205, the owner 200 may disassociate the
`relationship. Each item of private information 205 may be
`associated or disassociated with a unique symbolic name.
`Alternatively, one symbolic name may be associated or
`disassociated with several pieces of private information 205,
`i.e., the set of private information.
`[0041] FIG. 2 also illustrates a communication application
`210. The owner 200 may select one or more communication
`applications 210 that utilize the private information 205. As
`discussed earlier, the communication application 210 may
`be a software application, a system, or a service provider.
`Generally speaking,
`the communication application 210
`may be any service which uses items of private information
`205, or requires such items prior to executing services
`offered by the communication application 210. In the pre-
`ceding example, a wireless telephone messaging service was
`the communication application 210 requiring the wireless
`telephone number and the text message prior to rendering
`service. In that example,
`the owner 200 of the wireless
`telephone number gained the benefit of allowing clients 215,
`220, 225 to utilize that number without concern of the
`number being abused or distributed to others. In that regard,
`if at any time the owner 200 decides that the client 215, 220,
`225 should no longer have access to the services rendered by
`the communication application 210,
`the owner 200 may
`simply disassociate that communication application 210
`from the set or item of private information 205. One way in
`which the owner may prevent client 215, 220, 225 access is
`to comment-out or delete the client’s 215, 220, 225 authen-
`tication credentials, as will be described in more detail later.
`A second way in which the owner may prevent a client from
`using the system is to modify or disassociate the client
`information from the list of symbolic names, also discussed
`later. Alternatively, if the owner 200 decides that the client
`215, 220, 225 should only have access to the symbolic name
`for a specific period of time, then the owner 200 may further
`associate dates and times for which the client’s use of the
`
`symbolic name will invoke the communication application
`210. For example, if the owner 200 is a doctor and the
`
`patient is the client 215, 220, 225 participating in a clinical
`trial lasting three months, then the doctor 200 may establish
`a three month time limitation for which the patient’s use of
`the symbolic name results in sending a text message to the
`doctor 200. Furthermore, the doctor 200 may establish a
`range of times throughout the day for which any use of the
`symbolic name will permit invocation of the communication
`application 210.
`
`[0042] Additionally, if the owner 200 chooses a different
`communication application 210, e.g., a competing wireless
`provider,
`the owner 200 may simply associate the new
`application 210 (e.g., new wireless provider) with the item
`of private information while simultaneously disassociating
`the former communication application 210 (e.g., old wire-
`less provider). As such, the clients 215, 220, 225 have no
`burden of a new or alternate symbolic name to use for
`receiving the services rendered by the new communication
`application 210. In fact, the clients 215, 220, 225 may not
`even know that the communication application 210 has
`changed at all.
`
`[0043] Wireless telephone messaging systems, however,
`illustrate only one embodiment which uses a system and
`method of internet based secure access control with custom
`
`authentication. Additional applications may include, but are
`not limited to; electronic mail systems allowing an owner
`the ability to receive e-mail without disclosing the e-mail
`address, telephone systems allowing an owner to receive
`calls without disclosing the telephone number, home auto-
`mation access, home appliance access, security system
`access, software licensing applications, and financial and
`medical account access. As an additional example,
`if a
`patient has a medical insurance plan for which the insurance
`company uses the patient’s social security number as an
`identification number, the patient is typically obligated to
`disclose that social security number to a health care provider
`(e.g., doctor’s office staff) prior to receiving care and treat-
`ment. Unfortunately, the patient typically has no control of
`the social security number after disclosing it to the health
`care provider. If the health care provider neglects to shred
`documents, the patient may be at a much greater risk of
`identity theft. Alternatively, the patient (i.e., owner 200) may
`provide