Method and device for the secure authentication and execution of programs
US-2016261592-A1 · Sep 8, 2016 · US
Systems and methods for data access control of secure memory using a short-range transceiver
US11764962B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11764962-B2 |
| Application number | US-202217881365-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 4, 2022 |
| Priority date | Oct 18, 2019 |
| Publication date | Sep 19, 2023 |
| Grant date | Sep 19, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods for controlling data access through the interaction of a short-range transceiver, such as a contactless card, with a client device are presented. Data access control may be provided in the context of creating and accessing a secure memory block in a client device, including handling requests to obtain create and access a secure memory block via the interaction of a short-range transceiver, such as a contactless card, with a client device such that, once the secure memory block is created in memory of the client device, personal user data may be stored in the secure memory block, and access to the stored personal user data may only be provided to users authorized to review the data. An exemplary system and method may include receiving from a client device of the user a user token and a request for a data storage key, the request generated in response to a tap action between a contactless card and the client device, the contactless card associated with the user, verifying that the user is authorized to create a secure memory data block on the client device, and transmitting to the client device the data storage key, such that the client device may create a secure memory data block in memory of the client device and encrypt the secure memory data block using the data storage key.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for controlling data access performed by a client application comprising instructions for execution on a client device, the client device having a secure memory block storing personal user data, the method comprising: transmitting, to a server, the user token and a request for a data access key; receiving, from the server, the data access key; storing personal user data in the secure memory block; encrypting the secure memory block using the data access key automatically after expiration of a predetermined time period; and permitting a second application on the client device to access the personal user data. 2. The method for controlling data access of claim 1 , further comprising, prior to storing personal user data in the secure memory block, decrypting the secure memory block using the data access key. 3. The method for controlling data access of claim 1 , further comprising, prior to encrypting the secure memory block using the data access key and prior to the expiration of the predetermined time period, receiving a user command to encrypt the secure memory block. 4. The method for controlling data access of claim 3 , wherein encrypting the secure memory block using the data access key occurs automatically after expiration of a predetermined time period absent receipt of the user command. 5. The method for controlling data access of claim 1 , further comprising: prior to receiving the data access key, receiving a validation token, wherein the validation token is a dynamic token generated by an algorithm. 6. The method for controlling data access of claim 5 , wherein the algorithm includes an independently verifiable parameter. 7. The method for controlling data access of claim 6 , wherein the independently verifiable parameter comprises the time. 8. The method for controlling data access of claim 6 , wherein the independently verifiable parameter comprises a temperature at a location. 9. The method for controlling data access of claim 1 , further comprising limiting the access of the second application to the personal user data to a specific time. 10. The method for controlling data access of claim 1 , further comprising limiting the access of the second application to the personal user data to a predetermined time period. 11. A data access control system, comprising: a client application comprising instructions for execution on a client device, the client device having a secure memory block storing personal user data, the client application configured to: transmit, to a server, the user token and a request for a data access key; receiving, from the server, the data access key; storing personal user data in the secure memory block; encrypting the secure memory block using the data access key automatically after expiration of a predetermined time period; and permitting a second application on the client device to access the personal user data. 12. The data access control system of claim 11 , wherein encrypting the secure memory block is performed using the data access key and a second key generated from the data access key. 13. The data access control system of claim 11 , wherein the user token comprises a user key associated with a user. 14. The data access control system of claim 13 , wherein encrypting the secure memory block is performed using the data access key and the user key. 15. The data access control system of claim 13 , wherein the user token is received in response to a tap action between the contactless card and the client device. 16. The data access control system of claim 13 , further comprising the server, wherein the server is configured to: receive the user token and the request for the data access key, identify a user based on the user token, verify that the user is authorized to access the secure memory block in the client device, and transmit to the client device the data access key. 17. The data access control system of claim 16 , wherein the server is further configured to: generate data access key based on the user key and a counter, and maintain the counter in synchronization with the client device. 18. A non-transitory machine-readable medium having stored thereon an application comprising program code for execution on a client device, the client device having a secure memory block storing personal user data, the application configured to, when executed, perform procedures comprising: transmitting, to a server, the user token and a request for a data access key; receiving, from the server, the data access key; storing personal user data in the secure memory block; encrypting the secure memory block using the data access key automatically after expiration of a predetermined time period; and permitting a second application on the client device to access the personal user data. 19. The non-transitory machine-readable medium of claim 18 , wherein encrypting the secure memory block using the data access key occurs automatically after expiration of a predetermined time period absent receipt of a user command. 20. The non-transitory machine-readable medium of claim 18 , the procedures further comprising: prior to receiving the data access key, receiving a validation token, wherein the validation token is a dynamic token generated by an algorithm.
Assignees
Inventors
Classifications
- H04L9/3213Primary
using tickets or tokens, e.g. Kerberos (network architectures or network communication protocols for entities authentication using tickets in a packet data network H04L63/0807) · CPC title
- G06F21/35Primary
communicating wirelessly · CPC title
Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage · CPC title
Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS] · CPC title
in relation to access · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11764962B2 cover?
- Systems and methods for controlling data access through the interaction of a short-range transceiver, such as a contactless card, with a client device are presented. Data access control may be provided in the context of creating and accessing a secure memory block in a client device, including handling requests to obtain create and access a secure memory block via the interaction of a short-ran…
- Who is the assignee on this patent?
- Capital One Services Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3213. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 19 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).