| CPC G06Q 20/3674 (2013.01) [G06Q 20/3672 (2013.01); G06Q 20/3678 (2013.01); G06Q 20/38215 (2013.01); G06Q 20/3829 (2013.01); G06Q 20/401 (2013.01); H04L 9/008 (2013.01); H04L 9/3213 (2013.01); G06Q 2220/10 (2013.01); H04L 2209/603 (2013.01)] | 29 Claims |
|
1. A computer-based data exchange system comprising:
at least one computer-readable, non-transitory memory storing software instructions;
at least one private database storing private data records associated with an authorized computing device having an authorization identifier, wherein the private data records comprise field-value entries; and
at least one processor coupled with the at least one computer-readable, non-transitory memory and that executes the software instructions and thereby performs operations of:
receiving, over a network, a request from a requestor device for at least some of the private data records, the request including a requested field of interest from at least one field from the at least some of the private data records;
generating, in the at least one computer-readable, non-transitory memory, a data access token responsive to the request and based on the authorization identifier, the data access token comprising at least:
a data access token identifier,
a token owner identifier representing a computing device associated with ownership of the data access token, and
a data access activation protocol that includes:
data access restriction criteria,
a homomorphic context, and
protocol instructions executable by the computing device to initiate access to at least one value corresponding to the requested field of interest, the at least one value being accessible from the at least some of the private data records rather than the data access token;
recording the data access token on a record-keeping system;
authenticating the computing device and validating the computing device by at least using the data access token identifier to look up the data access token and determining the token owner identifier from the data access token;
enabling, upon authentication and validation of the computing device and by at least using a homomorphic workspace that is external to the computing device and that is set according to the homomorphic context of the data access activation protocol and to execution of the protocol instructions by the computing device, the computing device to access the at least one value of the at least one field of interest from the at least one private database;
receiving a request to change ownership of the data access token to a second computing device;
recording an update to the data access token on the record-keeping system, the update indicating the second computing device as having ownership of the data access token and recorded without providing access to the private data records to the second computing device;
receiving, from the second computing device, an access request that includes the at least one field of interest; and
enabling, upon authentication and validation of the second computing device and according to another execution of the data access activation protocol, the second computing device to access the at least one value of the at least one field of interest from the at least one private database.
|