Security file system and method for securing data in a portable data carrier

US 4,882,474 A
Filed: 02/05/1988
Issued: 11/21/1989
Est. Priority Date: 05/16/1986
Status: Expired due to Term

First Claim

Patent Images

1. In a portable data carrier, a security file system containing both a file header region and a file data segment region, the file header region including a unique access code for verifying the identity of an individual attempting to access the data in the portable data carrier, and the file data segment region including a plurality of files for storing alterable data, each of the plurality of files having alterable data associated therewith for storage in any of multiple locations throughout the file data segment region, the portable data carrier comprising:

access means for inputting an externally provided code for accessing the data in the portable data carrier,counting means responsive to the access means for recording all access attempts, the counting means advancing a count each time the externally provided code is inputted to the portable data carrier,comparison means for comparing the unique access code with the externally provided code;

verifying means for providing an indication when the externally provided code compares favorably with the unique access code stored in the portable data carrier;

counting reset means for resetting the count advanced by the counting means to its previous count, the counting reset means being activated in response to the verifying means indicating a favorable comparison and data access is permitted, the counting reset means remaining inactive in the absence of the verifying means indicating a favorable comparison.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security file system for a portable data carrier provides improved security for the data carrier and for data contained in files in the data carrier. Although the data carrier may be embodied to look and feel much like an ordinary credit card, it contains a computer and a programmable memory with operating power and input and output data provided through a contactless interface. In order to provide security for the data carrier, the security file system on the data carrier includes a stored access code for verifying the identity of an individual attempting to access the data carrier, and an appropriate routine for limiting the number of unsuccessful attempts to access the data carrier. The security file system is also configurable to include select ones of multiple stored access codes for enabling the retrieval and modification of data in corresponding select ones of the files. The routine similarly limits the number of unsuccessful attempts to access these files. Operation of the routine is such that a counter in the data carrier is advanced a count each time a code is externally provided to the data carrier. If this external code compares favorably with the stored access code, the counter is reset to its previous count and access to the data carrier is permitted. If the external code does not compare favorably with the stored access code, however, the counter is not reset. When the counter advances to a predetermined number, the data carrier is locked preventing further access attempts or, alternatively, the data erased from the data carrier. In limiting access to select files, the routine similarly locks or erases the data in the selected file in the same manner.

Citations

13 Claims

1. In a portable data carrier, a security file system containing both a file header region and a file data segment region, the file header region including a unique access code for verifying the identity of an individual attempting to access the data in the portable data carrier, and the file data segment region including a plurality of files for storing alterable data, each of the plurality of files having alterable data associated therewith for storage in any of multiple locations throughout the file data segment region, the portable data carrier comprising:
- access means for inputting an externally provided code for accessing the data in the portable data carrier,counting means responsive to the access means for recording all access attempts, the counting means advancing a count each time the externally provided code is inputted to the portable data carrier,comparison means for comparing the unique access code with the externally provided code;
  
  verifying means for providing an indication when the externally provided code compares favorably with the unique access code stored in the portable data carrier;
  
  counting reset means for resetting the count advanced by the counting means to its previous count, the counting reset means being activated in response to the verifying means indicating a favorable comparison and data access is permitted, the counting reset means remaining inactive in the absence of the verifying means indicating a favorable comparison.
- View Dependent Claims (2, 3, 4)
- - 2. The security file system of claim 1 wherein the counting means in response to the counting reset means remaining inactive counts to a predetermined number and upon reaching this number enables carrier securing means for erasing all data from the portable data carrier.
  - 3. The security file system of claim 1 wherein the counting means in response to the counting reset means remaining inactive counts to a predetermined number and upon reaching this number enables carrier securing means for locking the portable data carrier thereby preventing further access attempts.
  - 4. The security file system of claim 3 wherein the portable data carrier further comprises multiple security levels hierarchically arranged, an authorized individual being able to obtain access to the data in the portable data carrier at a higher level than a locked level, and the higher level in the portable data carrier being able to unlock the portable data carrier at the locked level.

5. In a portable data carrier, a security file system having a file data segment region containing multiple files for storing alterable data, each of the multiple files having alterable data associated therewith for storage in any of multiple locations throughout the file data segment region, and wherein each file in the data segment region has a unique access code associated therewith for verifying the identity of an individual attempting to access the data in that particular file, the security file system comprising:
- access means for inputting an externally provided code for accessing the data in the particular file;
  
  counting means responsive to the access means for recording all access attempts, the counting means advancing a count each time the external provided code is inputted to the portable data carrier.comparison means for comparing the unique access code with the externally provided code;
  
  verifying means for providing an indication when the external provided code compares favorably with the unique access code stored in the security file system;
  
  counting reset means for resetting the count advanced by the counting means to its previous count, the counting reset means being activated in response to the verifying means indicating a favorable comparison and data access is permitted, the counting reset means remaining inactive in the absence of the verifying means indicating a favorable comparison,
- View Dependent Claims (6, 7)
- - 6. The security file system of claim 5 wherein the counting means in response to the counting reset means remaining inactive counts to a predetermined number and upon reaching this number enables file securing means for erasing all data from the file to which access is then being attempted.
  - 7. The security file system of claim 5 wherein the counting means in response to the counting reset means remaining inactive counts to a predetermined number and upon reaching this number enables file securing means for locking the file to which access is then being attempted.

8. A method of securing a portable data carrier having a file system and a unique access code associated therewith for limiting access to data in the portable data carrier, the file system including both a file header region and a file data segment region, the method comprising the steps of:
- arranging a plurality of files in the file data segment region for storing alterable data, each one of the plurality of files containing data representative of one type of application, and having alterable data associated therewith for storage in any of multiple locations throughout the file data segment region;
  
  counting and recording all access attempts, the count being advanced each time an access code is externally provided to the portable data carrier;
  
  providing a verification indication when the externally provided code compares favorably with the access code associated with the file system;
  
  resetting the count advanced by the counting and recording step back to its previous count in response to a favorable comparison provided by the verification indication, and retaining the count advanced by the counting and recording step in the absence of a favorable comparison from the verification indication, access to the file system being permitted only in response to a favorable comparison from the verification indication.
- View Dependent Claims (9, 10)
- - 9. The method of securing a portable data carrier according to claim 8 wherein the counting and recording step further includes the steps ofcounting to a predetermined number, the count being incremented in the absence of a favorable comparison from the verification indication each time the access code is externally provided to the carrier, anderasing all data from the portable data carrier upon reaching this number.
  - 10. The method of securing a portable data carrier according to claim 8 wherein the counting and recording step further includes the steps ofcounting to a predetermined number, the count being incremented in the absence of a favorable comparison from the verification indication each time the access code is externally provided to the carrier, andlocking the portable data carrier upon reaching this number thereby preventing further access attempts.

11. A method of securing a file system having multiple files in a portable data carrier and wherein each file therein is included in a data segment region and has a unique access code associated therewith for limiting access to data in that particular file, the method comprising the steps of:
- arranging the multiple files in the file data segment region for storing alterable data, each one of the multiple files containing data representative of one type of application, and having alterable data associated therewith for storage in any of multiple locations throughout the file data segment region;
  
  counting and recording all access attempts, the count being advanced each time an access code is externally provided to the portable data carrier;
  
  providing a verification indication when the externally provided code compares favorably with the access code associated with the file;
  
  resetting the count advanced by the counting and recording step back to its previous count in response to a favorable comparison provided by the verification indication, and retaining the count advanced by the counting and recording step in the absence of a favorable comparison from the verification indication, access to the data in the file being permitted only in response to a favorable comparison from the verification indication.
- View Dependent Claims (12, 13)
- - 12. The method of securing a file system according to claim 11 wherein the counting and recording step further includes the steps ofcounting to a predetermined number, the count being incremented in the absence of a favorable comparison from the verification indication each time the access code is externally provided to the carrier, anderasing all data from the file to which access is then being attempted upon reach this number.
  - 13. The method of securing a file system according to claim 11 wherein the counting and recording step further includes the steps ofcounting to a predetermined number, the count being incremented in the absence of a favorable comparison from the verification indication each time the access code is externally provided to the carrier, andlocking the file to which access is then being attempted upon reach this number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Original Assignee
American Telephone & Telegraph Company (AT&T, Inc.), AT&T Information Systems Inc. (AT&T, Inc.)
Inventors
Anderl, Ewald C., Zahavi, Avi, Frankel, Oren
Primary Examiner(s)
Faber, Alan
Assistant Examiner(s)
Weinhardt, Robert A.

Application Number

US07/153,294
Time in Patent Office

655 Days
Field of Search

235/380, 235/382, 235/382.5, 235/492, 235/487, 235/488, 235/379, 235/375, 340/825.33, 340/825.31, 340/825.32, 902/25-26
US Class Current

235/380
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3555   Personalisation of two or m...

G06Q 20/35765   Access rights to memory zones

G07C 9/28   the pass enabling tracking ...

G07F 7/1008   Active credit-cards provide...

Y10S 283/90   Medical record

Y10S 283/904   Credit card

Security file system and method for securing data in a portable data carrier

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Security file system and method for securing data in a portable data carrier

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links