Mobile device with built-in access control functionality

US 10,216,913 B2
Filed: 05/19/2017
Issued: 02/26/2019
Est. Priority Date: 01/25/2017
Status: Active Grant

First Claim

Patent Images

1. A mobile device with built-in access control functionality comprising:

an access control unit that includesa storage module to which access is to be controlled, anda control module storinga permissions table configured to record a reference user identification (ID), and a user authority that corresponds to the reference user ID and that specifies what operation is allowed on said storage module, andan ID-password table configured to record the reference user ID and a reference user password that corresponds to the reference user ID;

a memory unit that is configured to store an application program; and

a processing unit that is electrically connected to said access control unit and said memory unit, and that is configured to execute instructions of the application program so as to transmit credential information associated with the application program to said access control unit in an attempt to gain access to said storage module;

wherein when it is verified by said control module that the application program is authentic based on the credential information, said control module allows said processing unit to create data connection with said control module;

wherein said processing unit which executes the instructions of the application program is configured to transmit an asserted user ID and an asserted user password to said control module;

wherein said control module is configuredto look up in the permissions table the user authority based on the asserted user ID,to enable, when it is determined by the control module that the asserted user ID and the asserted user password conform respectively to the reference user ID and the reference user password in the ID-password table, said processing unit to perform the operation allowed on said storage module based on the user authority,to arrange storage spaces of a hidden area in said storage module,to enable said processing unit to establish, via said control module, a plurality of private spaces in said hidden area,to enable said processing unit to access said hidden area of said storage module when it is determined by said control module that the user authority thus looked up allows access to said hidden area and that the asserted user ID and the asserted user password conform respectively to the reference user ID and the reference user password in the ID-password table, andto enable, when it is determined by said control module that the user authority thus looked up allows access to at least one of said plurality of private spaces and that the asserted user ID and the asserted user password conform respectively to the reference user ID and the reference user password in the ID-password table, said processing unit to access said at least one of said plurality of private spaces, such that said control module is capable of encrypting data obtained from said processing unit and storing the data thus encrypted in said at least one of said plurality of private spaces, and is capable of decrypting data obtained from said at least one of said plurality of private spaces and transmitting the data thus decrypted to said processing unit.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile device includes an access control unit including a storage module and a control module, a memory unit storing an application program, and a processing unit connected to the aforementioned components. The processing unit executes the application program so as to transmit credential information to the access control unit for verification. When the application program is verified as authentic, the control module allows the processing unit to transmit an asserted user ID and an asserted user password thereto, looks up in a permissions table a user authority based on the asserted user ID, and enables the processing unit to operate the storage module based on the user authority, the asserted user ID, the asserted user password and an ID-password table.

10 Citations

12 Claims

1. A mobile device with built-in access control functionality comprising:
- an access control unit that includesa storage module to which access is to be controlled, anda control module storinga permissions table configured to record a reference user identification (ID), and a user authority that corresponds to the reference user ID and that specifies what operation is allowed on said storage module, andan ID-password table configured to record the reference user ID and a reference user password that corresponds to the reference user ID;
  
  a memory unit that is configured to store an application program; and
  
  a processing unit that is electrically connected to said access control unit and said memory unit, and that is configured to execute instructions of the application program so as to transmit credential information associated with the application program to said access control unit in an attempt to gain access to said storage module;
  
  wherein when it is verified by said control module that the application program is authentic based on the credential information, said control module allows said processing unit to create data connection with said control module;
  
  wherein said processing unit which executes the instructions of the application program is configured to transmit an asserted user ID and an asserted user password to said control module;
  
  wherein said control module is configuredto look up in the permissions table the user authority based on the asserted user ID,to enable, when it is determined by the control module that the asserted user ID and the asserted user password conform respectively to the reference user ID and the reference user password in the ID-password table, said processing unit to perform the operation allowed on said storage module based on the user authority,to arrange storage spaces of a hidden area in said storage module,to enable said processing unit to establish, via said control module, a plurality of private spaces in said hidden area,to enable said processing unit to access said hidden area of said storage module when it is determined by said control module that the user authority thus looked up allows access to said hidden area and that the asserted user ID and the asserted user password conform respectively to the reference user ID and the reference user password in the ID-password table, andto enable, when it is determined by said control module that the user authority thus looked up allows access to at least one of said plurality of private spaces and that the asserted user ID and the asserted user password conform respectively to the reference user ID and the reference user password in the ID-password table, said processing unit to access said at least one of said plurality of private spaces, such that said control module is capable of encrypting data obtained from said processing unit and storing the data thus encrypted in said at least one of said plurality of private spaces, and is capable of decrypting data obtained from said at least one of said plurality of private spaces and transmitting the data thus decrypted to said processing unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The mobile device as claimed in claim 1, wherein said control module is configured to store a reference program ID and a reference program password that are associated with the application program, and to verify that the application program is authentic when an asserted program ID and an asserted program password included in the credential information conform respectively to the reference program ID and the reference program password.
  - 3. The mobile device as claimed in claim 1, wherein:
    - said hidden area is configured to store a secret key; and
      
      said control module stores a signing program, obtains from said processing unit data to be signed, and is configured to, when it is determined by said control module that the user authority thus looked up allows access to said hidden area and that the asserted user ID and the asserted user password conform respectively to the reference user ID and the reference user password in the ID-password table, obtain the secret key stored in said hidden area, execute the signing program to generate a message authentication code (MAC) based on the data to be signed using the secret key, and transmit the MAC to said processing unit.
  - 4. The mobile device as claimed in claim 1, wherein:
    - said hidden area is configured to store a secret key; and
      
      said control module includes a financial chip that stores a signing program, obtains from said processing unit data to be signed, and is configured to, when it is determined that the user authority thus looked up allows access to said hidden area and said financial chip and that the asserted user ID and the asserted user password conform respectively to the reference user ID and the reference user password in the ID-password table, obtain the secret key stored in said hidden area, such that said financial chip is provided with the secret key and the data to be signed and executes the signing program to generate a message authentication code (MAC) based on the data to be signed using the secret key, said control module transmitting the MAC to said processing unit.
  - 5. The mobile device as claimed in claim 1, wherein said control module is configured to enable said processing unit to update the permissions table and/or the ID-password table when it is determined by said control module that the user authority thus looked up allows updating the permissions table and/or the ID-password table and that the asserted user ID and the asserted user password conform respectively to the reference user ID and the reference user password in the ID-password table.
  - 6. The mobile device as claimed in claim 1, further comprising an input unit that is electrically connected to said processing unit and that is configured to be operated to input the asserted user ID and the asserted user password, and to transmit the asserted user ID and the asserted user password to said processing unit.
  - 7. The mobile device as claimed in claim 1, wherein said control module includes a financial chip that stores a secret key and a signing program, obtains from said processing unit data to be signed, and is configured in such a way that, when it is determined that the user authority thus looked up allows access to said financial chip and that the asserted user ID and the asserted user password conform respectively to the reference user ID and the reference user password in the ID-password table, said financial chip is provided with the data to be signed and executes the signing program to generate a message authentication code (MAC) based on the data to be signed using the secret key, and to transmit the MAC to said processing unit.
  - 8. The mobile device as claimed in claim 1, further comprising a motherboard, wherein:
    - said processing unit is mounted on said motherboard; and
      
      said access control unit is implemented by an access control chip mounted on said motherboard.
  - 9. The mobile device as claimed in claim 1, further comprising a motherboard, wherein:
    - said processing unit is mounted on said motherboard;
      
      said control module is implemented by a first chip mounted on said motherboard; and
      
      said storage module is implemented by a second chip mounted on said motherboard.
  - 10. The mobile device as claimed in claim 1, further comprising a motherboard and a circuit board that is electrically connected to said motherboard, wherein:
    - said processing unit is mounted on said motherboard; and
      
      said access control unit is mounted on said circuit board.
  - 11. The mobile device as claimed in claim 1, further comprising a motherboard and a circuit board that is electrically connected to said motherboard, wherein:
    - said processing unit is mounted on said motherboard;
      
      said control module is mounted on said circuit board; and
      
      said storage module is mounted on said motherboard.
  - 12. The mobile device as claimed in claim 1, wherein said mobile device is implemented by at least one of a smartphone, a tablet, or a notebook computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Chien-Kang Yang
Original Assignee
Chien-Kang Yang
Inventors
Yang, Chien-Kang
Primary Examiner(s)
Lai, Daniel

Application Number

US15/600,143
Publication Number

US 20180211018A1
Time in Patent Office

648 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/44   Program or device authentic...

G06F 21/62   Protecting access to data v...

G06F 2221/2141   Access rights, e.g. capabil...

H04W 12/02   Protecting privacy or anony...

H04W 12/03   Protecting confidentiality,...

H04W 88/02   Terminal devices

Mobile device with built-in access control functionality

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile device with built-in access control functionality

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links