Data integrity

US 20040255143A1
Filed: 02/06/2004
Published: 12/16/2004
Est. Priority Date: 08/14/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for consuming non-reconciled tokens, said method comprising:

reading a stored token from a first storage area;

calculating control information corresponding to said stored token;

reading predetermined control information corresponding to said stored token from a second storage area, wherein said first storage area is separate from said second storage area;

comparing said control information to said predetermined control information; and

consuming said stored token conditional on said control information matching said predetermined control information.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for consuming tokens used to control access to restricted resources held at a user'"'"'s machine (106) is disclosed. The method comprises: reading a stored token form a first storage area of the user'"'"'s machine (106), calculating control information for verifying the integrity of the stored token, reading predetermined control information corresponding to the stored token from a second storage area, comparing the control information to the predetermined control information; and consuming the stored token conditional on the control information matching the predetermined control information. The first and second storage areas are separate to help reduce the vulnerability of the tokens to selective replay attack.

71 Citations

109 Claims

1. A method for consuming non-reconciled tokens, said method comprising:
- reading a stored token from a first storage area;
  
  calculating control information corresponding to said stored token;
  
  reading predetermined control information corresponding to said stored token from a second storage area, wherein said first storage area is separate from said second storage area;
  
  comparing said control information to said predetermined control information; and
  
  consuming said stored token conditional on said control information matching said predetermined control information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein said stored token is stored in a token record file.
  - 3. The method of claim 2, wherein said token record file further comprises information indicating an expiry time of said stored token.
  - 4. The method of claim 1, wherein consumption of said stored token is further conditional upon a time interval between a last recorded update time and a current time not exceeding a predetermined value.
  - 5. The method of claim 2, wherein said token record file further comprises user information corresponding to said stored token.
  - 6. The method of claim 2, wherein said token record file further comprises information indicating whether said stored token is valid.
  - 7. The method of claim 2, wherein at least one further token is stored in said token record file.
  - 8. The method of claim 7, wherein said token record file further comprises information indicating an expiry time of each of said at least one further token.
  - 9. The method of claim 7, wherein said token record file further comprises user information corresponding to each of said at least one further token.
  - 10. The method of claim 7, wherein said token record file further comprises information indicating whether each of said at least one further token is valid or not.
  - 11. The method of claim 2, wherein said token record file is stored in an encrypted form in said first storage area.
  - 12. The method of claim 2, wherein said step of calculating control information corresponding to said stored token comprises calculating a message digest from said token record file.
  - 13. The method of claim 2, wherein said step of consuming said stored token comprises:
    - modifying said token record file by marking said stored token as having been used;
      
      storing said modified token record file in place of said token record file in said first storage area;
      
      calculating new predetermined control information from said modified token record file; and
      
      storing said new predetermined control information in place of said control information in said second storage area.
  - 14. The method of claim 1, comprising storing a security verification file in said second storage area.
  - 15. The method of claim 14, further comprising:
    - checking said second storage area for the presence of a plurality of security verification files; and
      
      deleting all security verification files except the most recent security verification file.
  - 16. The method of claim 1, wherein said first and second storage areas are located in a single data storage device.
  - 17. The method of claim 1, wherein data stored in said second storage area is hidden using a steganographic hiding technique.
  - 18. The method of claim 1, further comprising the step of enabling access to restricted access resources conditional on consumption of said stored token.
  - 19. The method of claim 1, further comprising the step of enabling access to pay-per-access resources conditional on consumption of said stored token.

20. A method for storing consumable non-reconciled tokens, said method comprising:
- receiving a token from a token provider;
  
  storing said token in a first storage area;
  
  obtaining predetermined control information corresponding to said token; and
  
  storing said predetermined control information in a second storage area, wherein said first storage area is separate from said second storage area.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 21. The method of claim 20, wherein the step of storing said token in a first storage area comprises storing said token in a token record file.
  - 22. The method of claim 20 or claim 21, comprising storing a security verification file in said second storage area.
  - 23. The method of claim 20, further comprising storing information indicating a time of last access to said token provider.
  - 24. The method of claim 21, further comprising storing user information corresponding to said token in said token record file.
  - 25. The method of claim 21, further comprising storing information indicating whether said stored token is valid in said token record file.
  - 26. The method of claim 21, wherein at least one further token is stored in said token record file.
  - 27. The method of claim 21, wherein said token record file is stored in an encrypted form in said first storage area.
  - 28. The method of claim 21, wherein said step of obtaining predetermined control information corresponding to said token comprises calculating said predetermined control information from said token record file.
  - 29. The method of claim 28, wherein said step of calculating said predetermined control information from said token record file comprises calculating a message digest from said token record file.
  - 30. The method of claim 20, wherein said step of obtaining predetermined control information corresponding to said token comprises downloading said predetermined control information from said token provider.
  - 31. The method of claim 20, wherein said token provider is a server.
  - 32. The method of claim 20, further comprising:
    - checking said first storage area for the presence of a token record file and/or a security verification file(s); and
      
      informing a user conditional on the token record file and/or security verification file(s), being absent that the user needs to register online before proceeding.
  - 33. The method of claim 21, wherein said step of storing said token further comprises:
    - modifying said token record file to incorporate said token; and
      
      storing said modified token record file in place of said token record file in said first storage area.
  - 34. The method of claim 20, wherein said first and second storage areas are located in a single data storage device.
  - 35. The method of claim 20, wherein data stored in said second storage area is hidden using a steganographic hiding technique.

36. A method for supplying consumable non-reconciled tokens, said method comprising:
- generating a unique token;
  
  storing a copy of said unique token in at least one data storage device;
  
  providing said unique token to a data processing apparatus to store in a first storage area; and
  
  operating said data processing apparatus to store predetermined control information corresponding to said unique token in a second storage area separate from said first storage area.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
- - 37. The method of claim 36, wherein said unique token is stored in a token record file in said first storage area.
  - 38. The method of claim 36, further comprising providing information indicating an expiry time of said unique token to said data processing apparatus.
  - 39. The method of claim 38, further comprising storing a copy of said information indicating an expiry time of said unique token in said at least one data storage device.
  - 40. The method of claim 38, wherein said information indicating an expiry time of said unique token is a time interval.
  - 41. The method of claim 36, wherein said unique token is generated using user information.
  - 42. The method of claim 36, further comprising providing information indicating that said unique token is valid to said data processing apparatus.
  - 43. The method of claim 36, further comprising reading a number indicating how many consumed tokens reside on said data processing apparatus from said data processing apparatus.
  - 44. The method of claim 43, further comprising blocking the provision of further tokens to said data processing apparatus conditional on said number of consumed tokens residing on said data processing apparatus not exceeding a first predetermined value.
  - 45. The method of claim 36, further comprising reading a number indicating how many unused tokens reside on said data processing apparatus from said data processing apparatus.
  - 46. The method of claim 45, further comprising blocking the provision of further tokens to said data processing apparatus conditional on said number of unused tokens residing on said data processing apparatus equalling or exceeding a second predetermined value.
  - 47. The method of claim 36, wherein a security verification file is stored in said second data storage area.
  - 48. The method of claim 36, comprising:
    - reading said predetermined control information from said data processing apparatus;
      
      reading said unique token from said data processing apparatus;
      
      calculating control information from said copy of said unique token; and
      
      comparing said predetermined control information to said calculated control information to determine whether there is a match, wherein an inexact match indicates fraudulent activity.
  - 49. The method of claim 48, further comprising blocking the provision of further tokens to said data processing apparatus conditional on said predetermined control information not being an exact match to said calculated control information.
  - 50. The method of claim 37, comprising:
    - reading said predetermined control information from said data processing apparatus;
      
      calculating control information from said copy of said unique token; and
      
      comparing said predetermined control information to said calculated control information to determine whether there is a match, wherein an inexact match indicates fraudulent activity, wherein said step of calculating control information corresponding to said unique token comprises calculating a message digest from said token record file.
  - 51. The method of claim 37, wherein said token record file is stored in an encrypted form in said first storage area.
  - 52. The method of claim 36, wherein said first and second storage areas are located in a single data storage device.
  - 53. The method of claim 36, wherein data stored in said second storage area is hidden using a steganographic hiding technique.
  - 54. The method of claim 36, wherein said step of providing said unique token to said data processing apparatus further comprises taking prepayment in exchange for said unique token.
  - 55. The method of claim 36, wherein said step of providing said unique token to said data processing apparatus further comprises charging a sum to a pre-existing customer credit account in exchange for said unique token.
  - 56. The method of claim 36, further comprising downloading a software update to said data processing apparatus.

57. A computer program operable to configure a data processing apparatus to implement a method for consuming non-reconciled tokens said method comprising:
- reading a stored token from a first storage area;
  
  calculating control information corresponding to said stored token;
  
  reading predetermined control information corresponding to said stored token from a second storage area wherein said first storage area is separate from said second storage area;
  
  comparing said control information to said predetermined control information; and
  
  consuming said stored token conditional on said control information matching said predetermined control information.
- View Dependent Claims (58)
- - 58. A computer carrier medium carrying a computer program according to claim 57.

59. A data processing apparatus for providing access to resources in exchange for consumption of a consumable non-reconciled token, said data processing apparatus comprising:
- a controller operable to access at least one data storage device, wherein said at least one data storage device is configured to provide at least a first and a separate second storage area, wherein said first storage area contains data encoding a stored token and said second storage area contains data encoding predetermined control information corresponding to said stored token; and
  
  a processor configured to;
  
  a) read said stored token from said first storage area;
  
  b) calculate control information corresponding to said stored token;
  
  c) read predetermined control information corresponding to said stored token from said second storage area;
  
  d) compare said control information to said predetermined control information; and
  
  e) permit access to resources and consume said stored token conditional on said control information matching said predetermined control information.
- View Dependent Claims (60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77)
- - 60. The data processing apparatus of claim 59, wherein said stored token is stored in a token record file.
  - 61. The data processing apparatus of claim 60, wherein said token record file further comprises information indicating an expiry time of said stored token.
  - 62. The data processing apparatus of claim 59, wherein consumption of said stored token is further conditional upon a time interval between a last recorded update time and a current time not exceeding a predetermined value.
  - 63. The data processing apparatus of claim 60, wherein said token record file further comprises user information corresponding to said stored token.
  - 64. The data processing apparatus of claim 60, wherein said token record file further comprises information indicating whether said stored token is valid.
  - 65. The data processing apparatus of claim 60, wherein at least one further token is stored in said token record file.
  - 66. The data processing apparatus of claim 65, wherein said token record file further comprises information indicating an expiry time of each of said at least one further token.
  - 67. The data processing apparatus of claim 65, wherein said token record file further comprises user information corresponding to each of said at least one further token.
  - 68. The data processing apparatus of claim 65, wherein said token record file further comprises information indicating whether each of said at least one further token is valid or not.
  - 69. The data processing apparatus of claim 60, wherein said token record file is stored in an encrypted form in said first storage area and said step of reading said stored token from said first storage area comprises decrypting said encrypted token record file and extracting said stored token.
  - 70. The data processing apparatus of claim 60, wherein said processor is configured to calculate control information corresponding to said stored token by calculating a message digest from said token record file.
  - 71. The data processing apparatus of claim 60, wherein said processor is configured to consume said stored token by:
    - modifying said token record file by marking said stored token as having been used;
      
      storing said modified token record file in place of said token record file in said first storage area;
      
      calculating new predetermined control information from said modified token record file; and
      
      storing said new predetermined control information in place of said control information in said second storage area.
  - 72. The data processing apparatus of claim 59, wherein said processor is configured to store a security verification file in said second storage area.
  - 73. The data processing apparatus of claim 72, wherein said processor is further configured to:
    - check said second storage area for the presence of a plurality of security verification files; and
      
      delete all security verification files except the most recent security verification file.
  - 74. The data processing apparatus of claim 59, wherein said first and second storage areas are located in a single data storage device.
  - 75. The data processing apparatus of claim 59, wherein data stored in said second storage area is hidden using a steganographic hiding technique.
  - 76. The data processing apparatus of claim 59, wherein said resources comprise a software application.
  - 77. The data processing apparatus of claim 76, wherein said processor is configured to consume said stored token when data is saved from said software application.

78. A data processing apparatus for generating and distributing consumable non-reconciled tokens, said data processing apparatus comprising:
- a communications interface;
  
  at least one data storage device; and
  
  a processor configured to;
  
  a) generate a unique token;
  
  b) provide a copy of said unique token to said at least one data storage device for storage; and
  
  c) provide said unique token via said communications interface to a further data processing apparatus to store in a first storage area, wherein said data processing apparatus stores predetermined control information corresponding to said unique token in a second storage area separate from said first storage area.
- View Dependent Claims (79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98)
- - 79. The data processing apparatus of claim 78, wherein said further data processing apparatus is operable to store said unique token in a token record file in said first storage area.
  - 80. The data processing apparatus of claim 78, wherein said processor is further configured to provide time information to said further data processing apparatus.
  - 81. The data processing apparatus of claim 80, wherein said time information is a time interval after which tokens are unusable.
  - 82. The data processing apparatus of claim 80, wherein said processor is further configured to store a copy of time information in said at least one data storage device.
  - 83. The data processing apparatus of claim 78, wherein said processor is configured to generate said unique token using user information.
  - 84. The data processing apparatus of claim 78, wherein said processor is configured to provide information to said further data processing apparatus indicating that said unique token is valid.
  - 85. The data processing apparatus of claim 78, wherein said processor is configured to read from said further data processing apparatus a number indicating how many consumed tokens reside on said further data processing apparatus.
  - 86. The data processing apparatus of claim 85, wherein said processor is configured to block the provision of further tokens to said further data processing apparatus conditional on said number of consumed tokens not exceeding a first predetermined value.
  - 87. The data processing apparatus of claim 78, wherein said processor is configured to read from said further data processing apparatus a number indicating how many unused tokens reside on said further data processing apparatus.
  - 88. The data processing apparatus of claim 87, wherein said processor is configured to block the provision of further tokens to said further data processing apparatus conditional on said number of unused tokens equalling or exceeding a second predetermined value.
  - 89. The data processing apparatus of claim 78, wherein a security verification file is stored in said second data storage area.
  - 90. The data processing apparatus of claim 78, wherein said processor is further configured to:
    - read said predetermined control information from said further data processing apparatus;
      
      read said unique token from said further data processing apparatus;
      
      calculate control information from said copy of said unique token; and
      
      compare said predetermined control information to said calculated control information to determine whether there is a match, an inexact match being indicative of possible fraudulent activity.
  - 91. The data processing apparatus of claim 90, wherein said processor is configured to block the provision of further tokens to said further data processing apparatus conditional on said predetermined control information not being an exact match to said calculated control information.
  - 92. The data processing apparatus of claim 90, wherein said further data processing apparatus is operable to store said unique token in a token record file in said first storage area, and wherein said processor is configured to calculate said control information by calculating a message digest from said token record file.
  - 93. The data processing apparatus of claim 78, wherein said processor is operable to encrypt said unique token before providing an encrypted version of said unique token via said communications interface.
  - 94. The data processing apparatus of claim 78, wherein said first and second storage areas of said further data processing apparatus are located in a single data storage device.
  - 95. The data processing apparatus of claim 78, wherein data stored in said second storage area of said further data processing apparatus is hidden using a steganographic hiding technique.
  - 96. The data processing apparatus of claim 78, wherein said processor is configured to provide said unique token to said further data processing apparatus in exchange for a prepayment.
  - 97. The data processing apparatus of claim 78, wherein said processor is configured to provide said unique token to said further data processing apparatus following addition of a charge to a pre-existing customer credit account.
  - 98. The data processing apparatus of claim 78, wherein said processor is configured to supply a software update to said further data processing apparatus.

99. A method for hiding data, comprising:
- generating a digital fingerprint from a data file stored in a first storage area; and
  
  hiding said digital fingerprint by storing at least part of said digital fingerprint in a second storage area, wherein said first storage area is separate from said second storage area.
- View Dependent Claims (100, 101, 102, 103, 104, 105)
- - 100. The method of claim 99, wherein said second storage area is not directly user-accessible.
  - 101. The method of claim 99, wherein said digital fingerprint is a message digest generated from at least said data file.
  - 102. The method of claim 99, wherein said at least part of said digital fingerprint is hidden using a steganographic technique.
  - 103. The method of claim 102, wherein said steganographic technique comprises encoding at least one bit of said digital fingerprint by storing a security verification file at one location selected from a plurality of predetermined file locations.
  - 104. The method of claim 103, wherein said steganographic technique comprises encoding at least one further bit of said digital fingerprint by modifying a file time stamp of said security verification file.
  - 105. The method of claim 102, wherein said steganographic technique comprises encoding at least one bit of said digital fingerprint by modifying a file time stamp of a security verification file.

106. A computer program operable to configure a data processing apparatus to implement a method for storing consumable non-reconciled tokens, said method comprising:
- receiving a token from a token provider;
  
  storing said token in a first storage area;
  
  obtaining predetermined control information corresponding to said token; and
  
  storing said predetermined control information in a second storage area, wherein said first storage area is separate from said second storage area.
- View Dependent Claims (107)
- - 107. A computer carrier medium carrying a computer program according to claim 106.

108. A computer program operable to configure a data processing apparatus to implement a method for storing consumable non-reconciled tokens, said method comprising:
- generating a unique token;
  
  storing a copy of said unique token in at least one data storage device;
  
  providing said unique token to a data processing apparatus to store in a first storage area; and
  
  operating said data processing apparatus to store predetermined control information corresponding to said unique token in a second storage area separate from said first storage area.
- View Dependent Claims (109)
- - 109. A computer carrier medium carrying a computer program according to claim 108.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ELAN Trading Limited
Original Assignee
ELAN Trading Limited
Inventors
Olech, Anthony Feliks, Wemyss, Kevin

Application Number

US10/486,183
Publication Number

US 20040255143A1
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2107   File encryption

G06Q 20/00   Payment architectures, sche...

G06Q 20/06   Private payment circuits, e...

G06Q 20/12   specially adapted for elect...

G06Q 20/145   Payments according to the d...

G06Q 20/26   Debit schemes, e.g. "pay now"

Data integrity

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

109 Claims

Specification

Solutions

Use Cases

Quick Links

Data integrity

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

109 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links