METHOD, SYSTEM AND APPARATUS FOR ACCESSING A RESOURCE BASED ON DATA SUPPLIED BY A LOCAL USER

US 20090024853A1
Filed: 07/16/2008
Published: 01/22/2009
Est. Priority Date: 07/16/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

acquiring candidate data in association with a request for accessing a resource, said candidate data comprising first data and second data;

processing said first data with a first key in an attempt to effect decryption of said first data, thereby to obtain first processed data;

processing the second data with a second key in an attempt to effect decryption of said second data, thereby to obtain second processed data;

granting said request if a pre-determined portion of said first processed data is derivable from said second processed data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, comprising: acquiring candidate data in association with a request for accessing a resource, said candidate data comprising first data and second data; processing said first data with a first key in an attempt to effect decryption of said first data, thereby to obtain first processed data; processing the second data with a second key in an attempt to effect decryption of said second data, thereby to obtain second processed data; and granting said request if a pre-determined portion of said first processed data is derivable from said second processed data. The method may further comprise extracting from said first processed data a group identifier and said pre-determined portion of said first processed data, and effecting a comparison of said group identifier to a reference group identifier in order to conclude whether said first data has been successfully decrypted based on an outcome of said comparison.

Citations

86 Claims

1. A method, comprising:
- acquiring candidate data in association with a request for accessing a resource, said candidate data comprising first data and second data;
  
  processing said first data with a first key in an attempt to effect decryption of said first data, thereby to obtain first processed data;
  
  processing the second data with a second key in an attempt to effect decryption of said second data, thereby to obtain second processed data;
  
  granting said request if a pre-determined portion of said first processed data is derivable from said second processed data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 2. The method of claim 1, wherein said first data and said second data are separate portions of said candidate data.
  - 3. The method of claim 1, wherein said first data is contained within said second data.
  - 4. The method of claim 1, wherein said second data is contained within said first data.
  - 5. The method of claim 1, further comprising extracting from said first processed data a group identifier and said pre-determined portion of said first processed data.
  - 6. The method of claim 5, further comprising effecting a comparison of said group identifier to a reference group identifier and concluding whether said first data has been successfully decrypted based on an outcome of said comparison.
  - 7. The method of claim 6, wherein said first data is considered to have been successfully decrypted if said group identifier corresponds to said reference group identifier, and wherein said first data is considered to have been unsuccessfully decrypted if said group identifier does not correspond to said reference group identifier.
  - 8. The method of claim 7, further comprising obtaining said reference group identifier by consulting a record populated prior to said acquiring.
  - 9. The method of claim 8, wherein said candidate data further comprises an index, said method further comprising consulting said record based on said index to obtain said reference group identifier.
  - 10. The method of claim 5, further comprising effecting a comparison of said group identifier to each of a plurality of reference group identifiers stored in memory, and concluding whether said first data has been successfully decrypted based on an outcome of said comparison.
  - 11. The method of claim 6, further comprising receiving said second key prior to processing said second data.
  - 12. The method of claim 11, wherein said second key is received from a user via a keypad.
  - 13. The method of claim 11, further comprising issuing a query for said second key, wherein said second key is received in response to issuance of said query.
  - 14. The method of claim 13, wherein said issuing said query is performed only if said first data has been successfully decrypted.
  - 15. The method of claim 5, further comprising acquiring transaction data associated with said request.
  - 16. The method of claim 15, further comprising:
    - deriving a personal identifier from the second processed data; and
      
      transmitting said transaction data and said personal identifier to an entity associated with said group identifier.
  - 17. The method of claim 16, wherein said transmitting is effected via a communication network to an address associated with said entity, said method further comprising extracting an index from said candidate data, and consulting a record at a location associated with said index to obtain said address.
  - 18. The method of claim 17, wherein said communication network comprises the internet, and said address is an internet address.
  - 19. The method of claim 1, further comprising applying a hash function to said second processed data to yield a hash value and wherein said pre-determined portion of said first processed data is considered to be derivable from said second processed data when said hash value corresponds to said pre-determined portion of said first processed data.
  - 20. The method of claim 19, wherein said second processed data has a greater number of bits than said pre-determined portion of said first processed data.
  - 21. The method of claim 19, wherein the hash function is pre-determined.
  - 22. The method of claim 19, further comprising extracting the hash function from the candidate data.
  - 23. The method of claim 19, further comprising denying said request if said pre-determined portion of said first processed data is not derivable from said second processed data.
  - 24. The method of claim 19, wherein when said pre-determined portion of said first processed data is derivable from said second processed data, said second processed data conveys a personal identifier associated with a user pre-authorized to access said resource.
  - 25. The method of claim 24, wherein said first key is a first decryption key, and said first data is encrypted by an entity using a first encryption key associated with said first decryption key.
  - 26. The method of claim 25, wherein the user is pre-authorized to access said resource by said entity.
  - 27. The method of claim 26, said entity being a first entity, wherein said granting is performed by a second entity and wherein said first entity is in a trust relationship with said second entity.
  - 28. The method of claim 25, wherein said second key comprises a second decryption key, and said second data is encrypted using a second encryption key associated with said second decryption key.
  - 29. The method of claim 28, said first encryption key and said first decryption key are asymmetric.
  - 30. The method of claim 29, said second encryption key and said second decryption key are identical.
  - 31. The method of claim 28, wherein said first data comprises said second encryption key.
  - 32. The method of claim 19, wherein when said pre-determined portion of said first processed data is derivable from said second processed data, said second processed data conveys biometric data associated with a user pre-authorized to access said resource.
  - 33. The method of claim 32, wherein said biometric data is indicative of at least one of a fingerprint scan, a skin scan and an iris scan.
  - 34. The method of claim 1, wherein access to said resource is associated with a fee;
    - and wherein said candidate data further comprises transaction data representative of an amount available to be applied against payment of said fee.
  - 35. The method of claim 34, further comprising denying said request if said fee exceeds said amount.
  - 36. The method of claim 35, further comprising deriving new transaction data based on said transaction data and said fee, and replacing said transaction data in said candidate data by said new transaction data.
  - 37. The method of claim 1, further comprising issuing a query, wherein said receiving candidate data occurs in response to issuing said query.
  - 38. The method of claim 37, wherein said query comprises a non-contact query, said receiving candidate data comprising receiving a non-contact signal in response to said non-contact query and extracting said candidate data from said non-contact signal.
  - 39. The method of claim 38, wherein said non-contact query comprises an RFID read request, and said non-contact signal comprises an RFID signal.
  - 40. The method of claim 37, wherein said query comprises a contact tag read request, said receiving candidate data comprising receiving contact tag data in response to said contact tag read request, and extracting said candidate data from said contact tag data.
  - 41. The method of claim 40, wherein said contact tag read request comprises a magnetic swipe card read request.
  - 42. The method of claim 40, wherein said contact tag read request comprises a smart card read request.
  - 43. The method of claim 1, wherein said resource comprises at least one of, an automated teller machine, a component of an automated teller machine, a computer, a terminal for accessing a communication network, a point of sale terminal, and a physical access point.

44. A computer-readable medium comprising computer-readable program code which, when interpreted by a computing apparatus, causes the computing apparatus to execute a method, the computer-readable program code comprising:
- first computer-readable program code for causing the computing apparatus to acquire candidate data in association with a request for accessing a resource, said candidate data comprising first and second data;
  
  second computer-readable program code for causing the computing apparatus to process said first data with a first key in an attempt to effect decryption of said first data, thereby to obtain first processed data;
  
  third computer-readable program code for causing the computing apparatus to process the second data with a second key in an attempt to effect decryption of said second data, thereby to obtain second processed data; and
  
  fourth computer-readable program code for causing the computing apparatus to grant said request if a pre-determined portion of said first processed data is derivable from said second processed data.

45. A method comprising:
- receiving a request for accessing a resource, said request comprising first data and second data;
  
  processing said first data with a key in an attempt to effect decryption of said first data, thereby to obtain processed data;
  
  granting said request if a pre-determined portion of said processed data is derivable from said second data.
- View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
- - 46. The method of claim 45, wherein said first data and said second data are separate portions of said candidate data.
  - 47. The method of claim 45, wherein said first data is contained within said second data.
  - 48. The method of claim 45, wherein said second data is contained within said first data.
  - 49. The method of claim 45, further comprising extracting from said first processed data a group identifier and said pre-determined portion of said first processed data.
  - 50. The method of claim 49, further comprising effecting a comparison of said group identifier to a reference group identifier and concluding whether said first data has been successfully decrypted based on an outcome of said comparison.
  - 51. The method of claim 50, wherein said first data is considered to have been successfully decrypted if said group identifier corresponds to said reference group identifier, and wherein said first data is considered to have been unsuccessfully decrypted if said group identifier does not correspond to said reference group identifier.
  - 52. The method of claim 51, further comprising obtaining said reference group identifier by consulting a record populated prior to said acquiring.
  - 53. The method of claim 52, wherein said candidate data further comprises an index, said method further comprising consulting said record based on said index to obtain said reference group identifier.
  - 54. The method of claim 49, further comprising effecting a comparison of said group identifier to each of a plurality of reference group identifiers stored in memory, and concluding whether said first data has been successfully decrypted based on an outcome of said comparison.
  - 55. The method of claim 45, further comprising applying a hash function to said second data to yield a hash value and wherein said pre-determined portion of said first processed data is considered to be derivable from said second data when said hash value corresponds to said pre-determined portion of said first processed data.
  - 56. The method of claim 55, wherein said second data has a greater number of bits than said pre-determined portion of said first processed data.
  - 57. The method of claim 55, wherein the hash function is pre-determined.
  - 58. The method of claim 55, further comprising extracting the hash function from the candidate data.
  - 59. The method of claim 55, further comprising denying said request if said pre-determined portion of said first processed data is not derivable from said second data.
  - 60. The method of claim 55, wherein when said pre-determined portion of said first processed data is derivable from said second data, said second data conveys a personal identifier associated with a user pre-authorized to access said resource.
  - 61. The method of claim 60, wherein said first key is a first decryption key, and said first data is encrypted by an entity using a first encryption key associated with said first decryption key.
  - 62. The method of claim 61, wherein the user is pre-authorized to access said resource by said entity.
  - 63. The method of claim 62, said entity being a first entity, wherein said granting is performed by a second entity and wherein said first entity is in a trust relationship with said second entity.
  - 64. The method of claim 45, wherein said resource comprises at least one of, an automated teller machine, a component of an automated teller machine, a computer, a terminal for accessing a communication network, a point of sale terminal, and a physical access point.
  - 65. The method of claim 45, wherein access to said resource is associated with a fee;
    - and wherein said candidate data is stored on a medium and further comprises transaction data, said transaction data representative of an amount available to be applied against payment of said fee.
  - 66. The method of claim 65, further comprising denying said request if said fee exceeds said amount.
  - 67. The method of claim 66, further comprising deriving new transaction data based on said transaction data and said fee, and storing said transaction data on said medium.
  - 68. The method of claim 67, wherein storing said new transaction data on said medium comprises replacing said transaction data with said new transaction data.

69. A method of pre-authorizing a user to access a resource, comprising:
- determining a user identifier associated with the user;
  
  applying a hash function to said user identifier to create a hash value;
  
  determining a second identifier associated with a group of users pre-authorized to access the resource, said group including said user;
  
  encrypting the second identifier and at least one of the user identifier and the hash value with an encryption key to produce first data;
  
  providing said first data and the other of the user identifier and the hash value to said user.
- View Dependent Claims (70, 71, 72, 73, 74)
- - 70. The method of claim 69, wherein said providing comprises sending a message to said user, said message comprising said first data and the other of the first identifier and the hash value.
  - 71. The method of claim 69, further comprising storing said first data and the other of the first identifier and the hash value in a memory of a tag and providing said tag to said user.
  - 72. The method of claim 69, further comprising providing a decryption key to said user, said decryption key for decrypting data encrypted with said second encryption key.
  - 73. The method of claim 69, wherein said first data is provided in encrypted form.
  - 74. The method of claim 73, wherein said encryption key is a first encryption key associated with a first decryption key, and wherein said encrypted form is generated as a result of encrypting said first data with a second encryption key associated with an associated second decryption key.

75. The method of said 74, further comprising providing said second decryption key to said user.
- View Dependent Claims (76, 77)
- - 76. The method of claim 75, further comprising providing said wherein said first decryption key to an entity that controls access to said resource.
  - 77. The method of claim 76, wherein a priori knowledge of (I) the first decryption key and (II) the second identifier, allows said entity, when provided with (I) the first data and the other of the user identifier and the hash value and (II) the second decryption key, to confirm that the user has been pre-authorized to access the resource.

78. A tag, comprising:
- a memory storing an encrypted version of first data and an encrypted version of second data, said first data capable of being retrieved by decryption using a first key received from a first entity, said second data capable of being retrieved by decryption using a second key received from a user of the tag, wherein a pre-determined portion of said first data is derivable from said second data when the user is pre-authorized by the first entity to access a resource associated with a second entity having a trust relationship with the first entity.
- View Dependent Claims (79, 80, 81, 82, 83, 84)
- - 79. The tag of claim 78, further comprising an interface for conveying said encrypted version of said first data and said encrypted version of said second data to a reader.
  - 80. The tag of claim 79, wherein said interface comprises an antenna and a transponder operative to send a signal through said antenna, the signal being representative of said encrypted version of said first data and said encrypted version of said second data stored in said memory.
  - 81. The tag of claim 80, wherein said transponder is operative to send the signal in response to the receipt of a query signal through said antenna.
  - 82. The tag of claim 80, wherein said memory comprises an RFID memory, said antenna comprises an RFID antenna, and said transponder comprises an RFID transponder.
  - 83. The tag of claim 79, wherein said memory comprises a smart card memory, and said interface comprises a smart card communication interface.
  - 84. The tag of claim 78, wherein said memory comprises a magnetic strip.

85. A method, comprising;
- informing a user of a data element indicative of said user being pre-authorized to access a resource to which access is controlled by a gateway entity;
  
  receiving usage data from said gateway entity, said usage data being indicative of said user accessing said resource via said gateway entity; and
  
  compensating said gateway entity for said user'"'"'s access to said resource.
- View Dependent Claims (86)
- - 86. The method defined in claim 85, further comprising:
    - debiting said user based on said usage data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BCE Incorporated
Original Assignee
BCE Incorporated
Inventors
YEAP, Tet Hin, O'BRIEN, William G.

Granted Patent

US 8,812,859 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/104   Grouping of entities

H04L 9/0822   using key encryption key

H04L 9/083   involving central third par...

METHOD, SYSTEM AND APPARATUS FOR ACCESSING A RESOURCE BASED ON DATA SUPPLIED BY A LOCAL USER

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

86 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, SYSTEM AND APPARATUS FOR ACCESSING A RESOURCE BASED ON DATA SUPPLIED BY A LOCAL USER

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

86 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links