Method and device for the secure authentication and execution of programs
US-2016261592-A1 · Sep 8, 2016 · US
Systems and methods for data access control of secure memory using a short-range transceiver
US11444770B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11444770-B2 |
| Application number | US-202016906653-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jun 19, 2020 |
| Priority date | Oct 18, 2019 |
| Publication date | Sep 13, 2022 |
| Grant date | Sep 13, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for controlling data access through the interaction of a short-range transceiver, such as a contactless card, with a client device are presented. Data access control may be provided in the context of creating and accessing a secure memory block in a client device, including handling requests to obtain create and access a secure memory block via the interaction of a short-range transceiver, such as a contactless card, with a client device such that, once the secure memory block is created in memory of the client device, personal user data may be stored in the secure memory block, and access to the stored personal user data may only be provided to users authorized to review the data. An exemplary system and method may include receiving from a client device of the user a user token and a request for a data storage key, the request generated in response to a tap action between a contactless card and the client device, the contactless card associated with the user, verifying that the user is authorized to create a secure memory data block on the client device, and transmitting to the client device the data storage key, such that the client device may create a secure memory data block in memory of the client device and encrypt the secure memory data block using the data storage key.
First claim
Opening claim text (preview).
What is claimed is: 1. A data access control system, comprising: a contactless card comprising a communications interface, a processor, and a memory, the memory storing a user token, wherein the user token comprises a user key; and a client application comprising instructions for execution on a client device, the client application configured to: in response to a tap action between the contactless card and the client device, receive the user token from the contactless card, and transmit the user token and a request for a data storage key; receive, in response to the request, the data storage key, wherein the data storage key is generated from the user key; create a secure memory block in a memory of the client device; store personal user data in the secure memory block; encrypt the secure memory block using the data storage key; and permit a second application on the client device to access the personal user data. 2. The data access control system of claim 1 , further comprising a server configured for data communication with the client device, wherein the server is configured to: receive from the client device the user token and the request for the data storage key; identify a user based on the user token; verify that the user is authorized to create the secure memory block in the client device; and transmit to the client device the data storage key. 3. The data access control system of claim 2 , wherein the server is further configured to authenticate the user based on the user key. 4. The data access control system of claim 2 , wherein the client application is further configured to: in response a tap action between the contactless card and the client device, transmit to the server the user token and a request for a data access key; receive from the server the data access key; and decrypt the secure memory block using the data access key. 5. The data access control system of claim 4 , wherein the server is further configured to: receive from the client device the user token and the request for the data access key; identify the user based on the user token; verify that the user is authorized to access the secure memory block in the client device; and transmit to the client device the data access key. 6. The data access control system of claim 4 , wherein the client application is further configured to re-encrypt the secure memory block after a predetermined time period. 7. The data access control system of claim 4 , wherein the user token comprises a user key, and the data access key is generated from the user key. 8. The data access control system of claim 1 , wherein the personal user data comprises a digital driver's license. 9. The data access control system of claim 1 , wherein the user token comprises a user key, and wherein the client application is further configured to: in response to a tap action between the contactless card and the client device, receive the user token from the contactless card; verify that a user associated with the user token is authorized to access the secure memory block in the client device; generate a data access key based on the user key; and decrypt the secure memory block using the data access key. 10. The data access control system of claim 1 , wherein the user token further comprises a user identifier. 11. A method for controlling data access, comprising: providing a contactless card comprising a communications interface, a processor, and a memory, the memory storing a user token, the user token comprising a user key; providing a client application comprising instructions for execution on a client device, the client device having an encrypted secure memory block storing personal user data, the client application configured to: in response to a tap action between the contactless card and the client device, receive the user token from the contactless card, and transmit the user token and a request for a data access key; receive the data access key, wherein the data access key is generated based on the user key; decrypt the secure memory block using the data access key; receive from the client device the user token and the request for the data access key; identify the user based on the user token; verify that the user is authorized to access the secure memory block in the client device; transmit to the client device the data access key; and after receipt of a re-encryption instruction, re-encrypt the secure memory block. 12. The method of claim 11 , wherein decrypt the secure memory block using the data access key comprises combining the data access key with data received from the contactless card to generate a new key used for performing the decryption. 13. The method for controlling data access of claim 11 , further comprising providing a server, the server configured to: receive the user token and the request for the data access; identify a user based on the user token; verify that the user is authorized to access the secure memory block in the client device; and transmit to the client device the data access key. 14. The method of claim 13 , wherein the server is further configured to authenticate the user based on the user key. 15. The method of claim 11 , wherein the client application is further configured to receive biometric information prior to decrypting the secure memory block. 16. A non-transitory machine-readable medium having stored thereon an application comprising program code for execution on a client device, the client device configured to communicate over a short-range communication field with a contactless card, the contactless card comprising memory storing a user token comprising a user key, the application configured to, when executed, perform procedures comprising: in response to a tap action between the contactless card and the client device, receiving the user token from the contactless card, and transmitting the user token and a request for a data storage key; receiving, in response to the request, the data storage key, wherein the data storage key is generated from the user key; creating a secure memory block in a memory of the client device; storing personal user data in the secure memory block; encrypting the secure memory block using the data storage key; generating a data access key based on the user key; decrypting the secure memory block using the data access key; and re-encrypting the secure memory block using the data storage key. 17. The non-transitory machine-readable medium of claim 16 , wherein the user token comprises a user key, and wherein the application is further configured to, when executed, perform procedures comprising: in response to a tap action between the contactless card and the client device, receiving the user token from the contactless card; and verifying that a user associated with the user token is authorized to access the secure memory block in the client device. 18. The non-transitory machine-readable medium of claim 16 , wherein re-encrypting the secure memory block using the data storage key is performed after receipt of a re-encryption instruction. 19. The non-transitory machine-readable medium of claim 16 , wherein the application is further configured to, when executed, perform procedures comprising: synchronizing data with a server; and generating the data access key based on the user key and the synchronized data. 20. The non-transitory machine-readable medium of claim 19 , wherein the application is further configured to, when execu
Assignees
Inventors
Classifications
to assure secure storage of data (address-based protection against unauthorised use of memory G06F12/14; record carriers for use with machines and with at least a part designed to carry digital markings G06K19/00) · CPC title
using an additional device, e.g. smartcard, SIM or a different communication terminal (cryptographic mechanisms or cryptographic arrangements for entity authentication involving additional secure or trusted devices H04L9/3234) · CPC title
Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS] · CPC title
Key distribution {or management, e.g. generation, sharing or updating, of cryptographic keys or passwords (network architectures or network communication protocols for supporting key management in a packet data network H04L63/06)} · CPC title
Single storage device · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11444770B2 cover?
- Systems and methods for controlling data access through the interaction of a short-range transceiver, such as a contactless card, with a client device are presented. Data access control may be provided in the context of creating and accessing a secure memory block in a client device, including handling requests to obtain create and access a secure memory block via the interaction of a short-ran…
- Who is the assignee on this patent?
- Capital One Services Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/35. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 13 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).