Method and system for facilitating data access and management on a secure token
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06Q-040/00
G06F-021/62
G06F-021/77
G06Q-020/34
G07F-007/10
H04L-029/06
출원번호
US-0975679
(2013-08-26)
등록번호
US-9430666
(2016-08-30)
발명자
/ 주소
Reed, Sonia
Aabye, Christian
출원인 / 주소
Visa International Service Association
대리인 / 주소
Kilpatrick Townsend & Stockton LLP
인용정보
피인용 횟수 :
0인용 특허 :
106
초록▼
A system for facilitating data access and management on a smart card is provided. According to one exemplary aspect of the system, a storage architecture is provided in the smart card which allows data stored thereon to be shared by multiple parties. Access to data stored on the smart card is contro
A system for facilitating data access and management on a smart card is provided. According to one exemplary aspect of the system, a storage architecture is provided in the smart card which allows data stored thereon to be shared by multiple parties. Access to data stored on the smart card is controlled by various access methods depending on the actions to be taken with respect to the data to be accessed.
대표청구항▼
1. A method of using a server computer operated by a value added service provider, the method comprising: receiving a directory identifier by the server computer from an issuer bank server computer corresponding to a first directory instance of multiple directory instances in a file system on a secu
1. A method of using a server computer operated by a value added service provider, the method comprising: receiving a directory identifier by the server computer from an issuer bank server computer corresponding to a first directory instance of multiple directory instances in a file system on a secure token device, wherein the file system includes an open storage architecture having a common data storage space shared by multiple value added service providers, and wherein the first directory instance is associated with a first value added service provider for use with the secure token device,providing, over a network via a network interface, access parameters from the server computer to a first value-added application associated with the first value added service provider stored on a client device, wherein the client device is configured to store multiple value-added applications associated respectively with the multiple value added service providers for access to the common data storage space of the secure token device, andwherein data stored in the common data storage space associated with the first value added service provider is shared among the first value-added application and a second value-added application associated with a second value added service provider when a customer is participating in a joint promotional program of the first value added service provider and the second value added service provider, andwherein the data associated with the first value added service provider is only accessible by the first value-added application when the customer is not participating in the joint promotional program of the first value added service provider and the second value added service provider. 2. The method of claim 1 wherein the client device communicates with the secure token device and the server computer operated by the value added service provider in cooperation with the first value-added application, and wherein the access parameters provide the first value-added application with access and management of the first directory instance and its associated subdirectories and storage cells on the secure token device, and wherein the first value-added application accesses the first directory instance and its associated subdirectories and storage cells based on the access parameters. 3. The method of claim 1 wherein each directory instance of the multiple directory instances is configured to access the common data storage space and is associated with one or more subdirectory instances, and wherein each subdirectory instance is associated with one or more storage cells, wherein the access parameters are configured for setting access at different levels for the multiple value-added applications including a directory level, a subdirectory level, and a storage cell level. 4. The method of claim 1 further comprising associating one or more directory attributes with the first directory instance, wherein each directory attribute determines a level of access to the first directory instance, and wherein the one or more directory attributes are configured to permit access to the first directory instance by the first value-added application and the second value-added application of the second value added service provider, and to deny access to the first directory instance by a third value-added application of a third value added service provider. 5. The method of claim 4 further comprising associating one or more subdirectory attributes with a first subdirectory of the first directory instance, wherein each subdirectory attribute determines a level of access to the first subdirectory, and wherein the one or more subdirectory attributes are configured to permit access to the first subdirectory by the first value-added application of the first value added service provider and the second value-added application of the second value added service provider, and to deny access to the first subdirectory by the third value-added application of the third value added service provider. 6. The method of claim 4 further comprising associating one or more storage cell attributes with a first storage cell of a first subdirectory of the first directory instance, wherein each storage cell attribute determines a level of access to the first storage cell, and wherein the one or more storage cell attributes are configured to permit access to the first storage cell by the first value-added application of the first value added service provider and the second value-added application of the second value added service provider, and to deny access to the first storage cell by the third value-added application of the third value added service provider. 7. The method of claim 6 wherein the one or more storage cell attributes associated with a first storage cell of the first subdirectory further control operations on contents of the first storage cell by the multiple value-added applications in a manner wherein the one or more storage cell attributes permit a first set of operations on the contents of the first storage cell by the first value-added application and permit a second set of operations on the contents of the first storage cell by the second value-added application, wherein the first set of operations is different from the second set of operations. 8. The method of claim 1, wherein the file system includes a table of contents associated with each directory instance that is configured to translate between logical addresses provided by the value-added applications and physical addresses associated with storage cells in the common storage space of the secure token device in a manner wherein data on the secure token device can be accessed by the client device in cooperation with a value-added application without requiring the client device to know the underlying details of the physical address of the storage cell containing the data. 9. The method of claim 1 wherein a file in the file system of the secure token device is protected by different keys that relate to different commands including read commands and update commands. 10. The method of claim 1 wherein multiple files in the file system of the secure token device are protected by a same key for all commands including read commands and update commands. 11. The method of claim 1 wherein the first value added service provider provides control parameters to both the issuer bank server computer and the client device for setting directory attributes, subdirectory attributes, and storage cell attributes. 12. The method of claim 7 wherein the first set of operations includes read only access and the second set of operations includes read access and update access for the first directory instance. 13. A server operated by a value added service provider comprising: a processor coupled with a network interface for communicating over a network, wherein the server is associated with a first value added service provider and is configured to:receive a directory identifier from an issuer bank server computer corresponding to a first directory instance of multiple directory instances in a file system on a secure token device, wherein the file system includes an open storage architecture having a common data storage space shared by multiple value added service providers, and wherein the first directory instance is associated with the first value added service provider for use with the secure token device,provide access parameters to a first value-added application associated with the first value added service provider stored on a client device, wherein the client device is configured to store multiple value-added applications associated respectively with the multiple value added service providers for access to the common data storage space of the secure token device, andwherein data stored in the common data storage space associated with the first value added service provider is shared among the first value-added application and a second value-added application associated with a second value added service provider when a customer is participating in a joint promotional program of the first value added service provider and the second value added service provider, andwherein the data associated with the first value added service provider is only accessible by the first value-added application when the customer is not participating in the joint promotional program of the first value added service provider and the second value added service provider. 14. The server of claim 13 wherein the client device communicates with the secure token device and the server operated by the value added service provider in cooperation with the first value-added application, and wherein the access parameters provide the first value-added application with access and management of the first directory instance and its associated subdirectories and storage cells on the secure token device, and wherein the first value-added application accesses the first directory instance and its associated subdirectories and storage cells based on the access parameters. 15. The server of claim 13 further comprising one or more directory attributes associated with the first directory instance, wherein each directory attribute determines a level of access to the first directory instance, and wherein the one or more directory attributes are configured to permit access to the first directory instance by the first value-added application and the second value-added application of the second value added service provider, and to deny access to the first directory instance by a third value-added application of a third value added service provider. 16. The server of claim 15 further comprising one or more subdirectory attributes associated with a first subdirectory of the first directory instance, wherein each subdirectory attribute determines a level of access to the first subdirectory, and wherein the one or more subdirectory attributes are configured to permit access to the first subdirectory by the first value-added application of the first value added service provider and the second value-added application of the second value added service provider, and to deny access to the first subdirectory by the third value-added application of the third value added service provider. 17. The server of claim 15 further comprising one or more storage cell attributes associated with a first storage cell of a first subdirectory of the first directory instance, wherein each storage cell attribute determines a level of access to the first storage cell, and wherein the one or more storage cell attributes are configured to permit access to the first storage cell by the first value-added application of the first value added service provider and the second value-added application of the second value added service provider, and to deny access to the first storage cell by the third value-added application of the third value added service provider. 18. The server of claim 17 wherein the one or more storage cell attributes associated with a first storage cell of the first subdirectory further control operations on contents of the first storage cell by the multiple value-added applications in a manner wherein the one or more storage cell attributes permit a first set of operations on the contents of the first storage cell by the first value-added application and permit a second set of operations on the contents of the first storage cell by the second value-added application, wherein the first set of operations is different from the second set of operations. 19. The server of claim 13 wherein the first value added service provider provides control parameters to both the issuer bank server computer and the client device for setting directory attributes, subdirectory attributes, and storage cell attributes. 20. The server of claim 18 wherein the first set of operations includes read only access and the second set of operations includes read access and update access for the first directory instance.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (106)
Wobber Edward (Menlo Park CA) Abadi Martin (Palo Alto CA) Birrell Andrew (Los Altos CA) Lampson Butler (Cambridge MA), Access control subsystem and method for distributed computer system using locally cached authentication credentials.
Russell Edward A. (Acton MA), Authorization system for obtaining in single step both identification and access rights of client to server directly fro.
Proust Philippe,FRX ; Laget Anne,FRX ; Huet Cedric,FRX, Communication system for managing safely and independently a plurality of applications by each user card and corresponding user card and management method.
Barlow Douglas C. (Redmond WA), Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding s.
Jones, Julian Hamilton; Lambert, Howard Shelton; Orchard, James Ronald Lewis, Data processing system using active tokens and method for controlling such a system.
Bublitz Hermann (Boeblingen DEX) Rindtorff Klaus (Weil im Schoenbuch DEX), Device and method for the simplified generation of tools for the initialization and personalization of and communication.
Krajewski ; Jr. Marjan (Acton MA) Chipchak John C. (Dracut MA) Chodorow David A. (Groton MA) Trostle Jonathan T. (Lexington MA) Baldwin Peter T. (Rowley MA), Electronic information network user authentication and authorization system.
Hershey Antoinette F. (Acton MA) French Andrew H. (Lexington MA) Boire Christopher P. (Westborough MA), License mangagement system and license storage key.
Lee Robert D. ; Curry Stephen M. ; Bolan Michael L. ; Kurkowski Hal ; Diaz Donald R. ; Scherpenberg Francis A. ; Peirling Kevin E., Metal token having units of value stored therein using a single wire communication method.
Lang Gerald S. (812 Downs Dr. Silver Spring MD 20904), Method and apparatus for protecting material on storage media and for transferring material on storage media to various.
Kaufman Charles W. (Northboro MA) Gasser Morrie (Hopkinton MA) Lampson Butler W. (Cambridge MA) Tardo Joseph J. (Concord MA) Alagappan Kannan (Cambridge MA), Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system.
Kaufman James Harvey ; Sincerbox Glenn Tavernia, Method and means for limiting adverse use of counterfeit credit cards, access badges, electronic accounts or the like.
Angelo Michael F. ; Collins David L. ; Kim Donald D. ; Jansen Kenneth A., Method for securely communicating remote control commands in a computer network.
Everett David Barrington,GBX ; Miller Stuart James,GBX ; Peacham Anthony David,GBX ; Simmons Ian Stephen,GBX ; Richards Timothy Philip,GBX ; Viner John Charles,GBX, Multi-application IC card with delegation feature.
Maes Stephane Herman ; Sedivy Jan,CSX, Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security.
Bruwer Frederick Johannes,ZAX ; Pretorius Pieter Jacobus,ZAX ; Dippenaar Theodor Johannes,ZAX, Secure token integrated circuit and method of performing a secure authentication function or transaction.
Carlisle William Reid (Morristown NJ) Curtis Lydia Anne (Bridgewater NJ) Murphy Kathleen M. (Bedminster NJ) Skibo Richard John (Skillman NJ), Smart card with multiple charge accounts and product item tables designating the account to debit.
Mandelbaum Richard (Manalapan NJ) Sherman Stephen A. (Hackettstown NJ) Wetherington Diane R. (Bernardsville NJ), Smartcard adapted for a plurality of service providers and for remote installation of same.
Bertina Johannes Marinus George (Canning Vale AUX) Oliver Quentin Rees (South Perth AUX), System and method for performing transactions and a portable intelligent device therefore.
Kaufman Charles W. (Northborough MA) Pearlman Radia J. (Acton MA) Gasser Morrie (Hopkinton MA), System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authe.
Nguyen Trong ; Subramanian Mahadevan P. ; Haller Daniel R., System, method and article of manufacture for a gateway system architecture with system administration information acce.
Weber Jay C. ; Rowney Kevin T. B. ; Kramer Glenn A., System, method and article of manufacture for exchanging software and configuration data over a multichannel, extensible, flexible architecture.
Williams Humphrey ; Hughes Kevin ; Parmar Bipinkumar G., System, method and article of manufacture for network electronic authorization utilizing an authorization instrument.
Michaels Wayne David,GBX ; Timson Anthony Richard,GBX ; Dervan Aden William,GBX, Telecommunications system with value added service directory and an integrated circuit module therefor.
Hoffman Ned (Berkeley CA) Pare ; Jr. David F. (Berkeley CA) Lee Jonathan A. (Berkeley CA), Tokenless identification system for authorization of electronic transactions and electronic transmissions.
Abraham Dennis G. (Concord NC) Aden Steven G. (Charlotte NC) Arnold Todd W. (Charlotte NC) Neckyfarow Steven W. (Charlotte NC) Rohland William S. (Charlotte NC), Transaction system security method and apparatus.
Abraham Dennis G. (Concord NC) Aden Steven G. (Charlotte NC) Arnold Todd W. (Charlotte NC) Neckyfarow Steven W. (Charlotte NC) Rohland William S. (Charlotte NC), Transaction system security method and apparatus.
Okamoto Toshio,JPX ; Shimbo Atsushi,JPX ; Ishiyama Masahiro,JPX, User identification data management scheme for networking computer systems using wide area network.
Wilkinson Timothy J.,GBX ; Guthery Scott B. ; Krishna Ksheerabdhi ; Montgomery Michael A., Using a high level programming language with a microcontroller.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.