TRUSTED CARD SYSTEM USING SECURE EXCHANGE
First Claim
1. A system for secure, role-based exchange of information between a client and at least one provider of services to the client, said system comprising:
- a client device comprising a memory, said memory including data relating to the client, at least a portion of the data controlled by the client, a user access component, a queuing application, a routing application, and an enforcement agent stored therein;
a central server comprising an authentication method, a queuing application, a routing application, and a roles server running thereon, said central server including the data relating to the client; and
an interface device capable of communications with said central server and capable of communicative coupling with said client device, said system operable to;
upon a communicative coupling between said interface device and said client device, activate said user access component, in conjunction with said authentication method, to ensure that the client is the proper holder of said client device;
said enforcement agent operable with said roles server and user interface input from the client to define and maintain access rights to the data relating to the client for the at least one provider of services to the client, the provider of services to the client having access to said central server, the provider of services able to update said memory of said client device, and the data at said central server, based on the access rights defined by the client and contained within said enforcement agent.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for secure, role-based exchange of information between a client and providers of services is described. The system includes a client device having a memory that includes a portion of the data relating to the client, a user access component, and an enforcement agent. The system also includes a central server running an authentication methodology and a roles server. The central server includes the data relating to the client. The system further includes an interface device capable of communications with the central server and capable of communicative coupling with the client device. The system is operable to, upon a communicative coupling between the interface device and the client device, activate the user access method, in conjunction with the authentication method, to ensure that the client is the proper holder of the client device. The enforcement agent is operable with the roles server and user interface input from the client to define access rights to the client data for the providers of services, who also have access to the central server.
-
Citations
38 Claims
-
1. A system for secure, role-based exchange of information between a client and at least one provider of services to the client, said system comprising:
-
a client device comprising a memory, said memory including data relating to the client, at least a portion of the data controlled by the client, a user access component, a queuing application, a routing application, and an enforcement agent stored therein; a central server comprising an authentication method, a queuing application, a routing application, and a roles server running thereon, said central server including the data relating to the client; and an interface device capable of communications with said central server and capable of communicative coupling with said client device, said system operable to; upon a communicative coupling between said interface device and said client device, activate said user access component, in conjunction with said authentication method, to ensure that the client is the proper holder of said client device; said enforcement agent operable with said roles server and user interface input from the client to define and maintain access rights to the data relating to the client for the at least one provider of services to the client, the provider of services to the client having access to said central server, the provider of services able to update said memory of said client device, and the data at said central server, based on the access rights defined by the client and contained within said enforcement agent. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for providing controlled access by various providers of services to data related to a client, a portion of the data maintained within a client device, another portion of the data maintained at a central server, the providers of services and the client device communicatively coupled to the central server that includes an authentication method and a roles server running thereon, said method comprising:
-
authenticating that the holder of the client device is the client using a user access method stored within the client device in conjunction with the authentication method running at the central server; providing a level of access to the data by the client, the level of access based on a role defined for the client within the roles server, the level of access enforced by an enforcement agent running on the client device; and providing a level of access to the data for the various providers, the level of access for each provider based on a role defined for each provider within the roles server, the level of access for each provider enforced by an enforcement agent running on the client device, the client capable of defining, within the enforcement agent, at least a portion of the level of access to the data for at least one of the providers. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A method for securing communications between a portable memory device and a server, said method comprising:
-
starting a client application when the portable memory device is connected to an interface capable of capable of communications with a server; establishing a secure channel between the client application and the server; authenticating a user of the portable memory device by; encrypting, at the server, a sessionID and sequence number using a public key associated with the portable memory device; encrypting, the encrypted sessionID and sequence number using a private key associated with the server to form an authentication transaction; sending, the sessionID and sequence number, encrypted with both the public key and the private key to the client application; decrypting, with the client application, the authentication transaction with a public key associated with the server; decrypting, with the client application, the sessionID and sequence number using a private key associated with the portable memory device; and using the sessionID and sequence number in transactions between the portable memory device and the server. - View Dependent Claims (25, 26)
-
-
27. A portable device for secure storage of personal records, said portable device comprising:
-
a physical interface for communicative coupling to an external device; and a memory accessible via said physical interface, said memory comprising; a data section operable for storage of the personal records; a user access component operable to provide an interface to records stored in said data section via the external device; and a security component, said security component activated upon communicative coupling of said physical interface to an external device, said security component operable with a roles server running external to said portable device to provide restricted access to portions of the personal records to a plurality of authorized users, the accessible portions for such authorized users based on roles for the authorized users as defined within said user access component by a person to whom said portable device has been allocated. - View Dependent Claims (28, 29, 30, 31, 32, 33)
-
-
34. A method for maintaining personal record data on a portable memory device, said device allocated to a first user, the personal record data relating to the first user, said method comprising:
-
authenticating the first user; authenticating that a second user has access to the personal record data; granting access to the second user, upon authentication, to an application operable to provide a user interface for accessing the personal record data; allocating a role to the second user, the second user role defined by the first user; and providing access and update privileges to the second user, to at least a portion of the personal record data relating to the first user, the privileges restricted based on the role allocated to the second user, the restricted privileges and allocated role enforced by an enforcement agent application resident on the portable memory device. - View Dependent Claims (35, 36, 37, 38)
-
Specification