Systems and methods for configuring digital storage media with multiple access privileges

US 20050125678A1
Filed: 01/07/2005
Published: 06/09/2005
Est. Priority Date: 11/14/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for controlling access by a plurality of people to information pertaining to at least one person, comprising:

securing data of a first encryption type so that it is accessible by at least a first person;

securing data of a second encryption type so that it is accessible by at least a second person so that the first person'"'"'s access to the data of the second encryption type is restricted and so that at least a third person'"'"'s access to the data of the first encryption type and the data of the second encryption type is restricted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a system for accurately storing and reading digital identifications and permissions with an access rights management component that protects the privacy and integrity of the data stored. Aspects of the invention enable effective use of smart cards for applications such as air travelers identity, medical information such as history and prescriptions, or secure employee access cards. Multiple levels of security are permitted to ensure that users of the data, programs, and other resources stored on the card may access only that data that they have been authorized to. The use of a single card for multiple user roles may be used in conjunction with multiple access methods.

Citations

32 Claims

1. A method for controlling access by a plurality of people to information pertaining to at least one person, comprising:
- securing data of a first encryption type so that it is accessible by at least a first person;
  
  securing data of a second encryption type so that it is accessible by at least a second person so that the first person'"'"'s access to the data of the second encryption type is restricted and so that at least a third person'"'"'s access to the data of the first encryption type and the data of the second encryption type is restricted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the first encryption type utilizes a first encryption key and the second encryption type uses a second encryption key.
  - 3. The method of claim 1 wherein the first encryption type utilizes a first encryption mechanism and the second encryption type uses a second encryption mechanism.
  - 4. The method of claim 3 wherein the first encryption type is decryptable using a Public Key Infrastructure (PKI) key.
  - 5. The method of claim 3 wherein the second encryption type is decryptable using a triple Data Encryption Standard key.
  - 6. The method of claim 1 wherein the first encryption type utilizes a first encryption key and the second encryption type uses a personal identification number (PIN).
  - 7. The method of claim 1 wherein restricting the first person'"'"'s access to the data of the second encryption type comprises blocking the first person from modifying the data of the second encryption type.
  - 8. The method of claim 1 wherein restricting the third person'"'"'s access to the data of the first encryption type and the second encryption type comprises blocking the third person from reading the data of the first encryption type and the second encryption type.

9. A portable data storage medium, comprising:
- data of a first encryption type accessible by at least a first person;
  
  data of a second encryption type accessible by at least a second person so that the first person'"'"'s access to the data of the second encryption type is restricted and so that at least a third person'"'"'s access to the data of the first encryption type and the data of the second encryption type is restricted.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The portable data storage medium of claim 9 wherein the first encryption type utilizes a first encryption key and the second encryption type uses a second encryption key.
  - 11. The portable data storage medium of claim 9 wherein the first encryption type utilizes a first encryption mechanism and the second encryption type uses a second encryption mechanism.
  - 12. The portable data storage medium of claim 11 wherein the first encryption type is decryptable using a Public Key Infrastructure (PKI) key.
  - 13. The portable data storage medium of claim 11 wherein the second encryption type is decryptable using a triple Data Encryption Standard key.
  - 14. The portable data storage medium of claim 9 wherein the first encryption type utilizes a first encryption key and the second encryption type uses a personal identification number (PIN).
  - 15. The portable data storage medium of claim 9 wherein restricting the first person'"'"'s access to the data of the second encryption type comprises blocking the first person from modifying the data of the second encryption type.
  - 16. The portable data storage medium of claim 9 wherein restricting the third person'"'"'s access to the data of the first encryption type and the second encryption type comprises blocking the third person from reading the data of the first encryption type and the second encryption type.

17. A method for generating a data structure, said data structure comprising a plurality of data resources accessible by a plurality of persons, said method comprising:
- associating a first data resource with a first restriction level, wherein read access to said first data resource is unrestricted, and wherein update access to said first data resource is restricted to a predefined group of people comprising at least a first person and an administrative person;
  
  associating a second data resource with a second restriction level, wherein read access to said second data resource is restricted to a predefined group of people comprising at least the first person and the administrative person;
  
  associating a third data resource with a third restriction level, wherein update access to said third data resource is restricted to a predefined group of people comprising at least the administrative person.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The method of claim 17 wherein the data structure is stored on a card, and the first person is a cardholder associated with the plurality of data resources.
  - 19. The method of claim 17 wherein update access to the second data resource is restricted to at least the first person and the administrative person.
  - 20. The method of claim 17, further comprising configuring the data structure such that the first person can grant and revoke permission of at least one additional person to read the second data resource.
  - 21. The method of claim 17, further comprising associating a fourth data resource with an order fulfillment restriction level, wherein update access to said fourth data resource is restricted to a predefined group of people comprising at least an order fulfillment person, and read access to said fourth data resource is restricted to a predefined group of people comprising at least the first person, the order fulfillment person, and the administrative person.
  - 22. The method of claim 17 wherein the at least one administrative person comprises an administrative audit person and an administrative superuser.

23. A method for controlling access to a plurality of data resources associated with at least one person, comprising:
- permitting unrestricted read-only access by the general public to a first data resource;
  
  restricting read access to a second data resource such that the general public cannot read said second data resource while the at least one person and at least one administrative person are permitted to read said second data resource;
  
  restricting update access to a third data resource such that the at least one person cannot update said third data resource while the at least one administrative person is permitted to update third data resource.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 24. The method of claim 23 wherein the at least one of the plurality of data resources is stored on a card, and wherein the at least one person is a cardholder.
  - 25. The method of claim 23 wherein update access to the second data resource is restricted to the at least one person and the at least one administrative person.
  - 26. The method of claim 23, further comprising permitting the at least one person to grant and revoke permission of at least one additional person to read the second data resource.
  - 27. The method of claim 23, further comprising restricting a fourth data resource such that read access to said fourth data resource is restricted to a predefined group of people comprising the at least one person, at least one order fulfillment person, and at least one administrative person, and update access to said fourth data resource is restricted to a predefined group of people comprising the at least one order fulfillment person and the at least one administrative person.
  - 28. The method of claim 27 wherein the fourth data resource comprises drug prescription information and the at least one order fulfillment person is a medical professional.
  - 29. The method of claim 27 wherein the fourth data resource comprises ticket information and the at least one order fulfillment person is an airline professional.
  - 30. The method of claim 27 wherein the fourth data resource comprises insurance information and the at least one order fulfillment person is an insurance professional.
  - 31. The method of claim 27 wherein the fourth data resource comprises building access information and the at least one order fulfillment person is a building access professional.
  - 32. The method of claim 23 wherein the at least one administrative person comprises an administrative audit person and an administrative superuser.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Janssen Scope LLC (Intellectual Ventures LLC)
Original Assignee
Janssen Scope LLC (Intellectual Ventures LLC)
Inventors
Murray, Joseph P., Shaw, Mari Myra

Application Number

US11/031,287
Publication Number

US 20050125678A1
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/78   to assure secure storage of...

G06F 2221/2113   Multi-level security, e.g. ...

G16H 10/65   stored on portable record c...

Systems and methods for configuring digital storage media with multiple access privileges

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for configuring digital storage media with multiple access privileges

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links