Personal access management system

US 5,682,428 A
Filed: 02/13/1995
Issued: 10/28/1997
Est. Priority Date: 02/13/1995
Status: Expired due to Fees

First Claim

Patent Images

1. A communications system, comprising:

a sending device having a device file name and a set of identification information stored therein, said sending device generating a message and encrypting said message using a first key code to derive an encrypted message, said sending device further encrypting said identification information using at least a portion of a second key code to derive a set of encrypted identification information, said sending device sending said device file name, said encrypted identification information, and said encrypted message onto a first communications link;

a provider device having a user file stored therein which contains recognition parameters corresponding to said sending device including a set of reference information, said provider device receiving said device file name, said encrypted identification information, and said encrypted message via said first communications link, said provider device accessing said user file using said device file name as an index and deriving at least a portion of said second key code from said recognition parameters, said provider device decrypting said encrypted identification information using the portion of said second key code derived from said recognition parameters to derive a set of decrypted identification information, said provider device comparing said decrypted identification information with said reference information and, in response to a determination that said decrypted identification information is consistent with said reference information, said provider device sending said encrypted message onto a second communications link; and

a receiving device for receiving said encrypted message via said second communications link and storing said encrypted message, said receiving device further decrypting said encrypted message using said first key code to derive a decrypted message.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A multi-component system for linking a user to a product or service provider includes a user processing device, a storage device, and a provider device. The storage device stores provider-specific application software, user-specific data, and a file management program. The storage device and the processing device are coupled to each other to form a user device which communicates with the provider device. Under direction of the file management program, the processing device carries out a recognition methodology which determines whether the processing device and the storage device are authorized to operate with each other. This aspect of the system makes it possible to render the storage device operable only with a specific user processing device, referred to as the principal processing device. This, in turn, reduces the possibility of fraud since the storage device cannot be used without the principal processing device. Once it is determined that the processing and storage devices are authorized to interact with each other, the processing device executes the provider-specific application software to exchange information with the provider device. Together, the user and provider devices implement unique recognition and comprehension methodologies to ensure that the parties are authorized to communicate with each other and to ensure that the information exchanged cannot be understood by third parties. Overall, the system provides a highly secure mechanism for transferring information from one party to another.

141 Citations

View as Search Results

35 Claims

1. A communications system, comprising:
- a sending device having a device file name and a set of identification information stored therein, said sending device generating a message and encrypting said message using a first key code to derive an encrypted message, said sending device further encrypting said identification information using at least a portion of a second key code to derive a set of encrypted identification information, said sending device sending said device file name, said encrypted identification information, and said encrypted message onto a first communications link;
  
  a provider device having a user file stored therein which contains recognition parameters corresponding to said sending device including a set of reference information, said provider device receiving said device file name, said encrypted identification information, and said encrypted message via said first communications link, said provider device accessing said user file using said device file name as an index and deriving at least a portion of said second key code from said recognition parameters, said provider device decrypting said encrypted identification information using the portion of said second key code derived from said recognition parameters to derive a set of decrypted identification information, said provider device comparing said decrypted identification information with said reference information and, in response to a determination that said decrypted identification information is consistent with said reference information, said provider device sending said encrypted message onto a second communications link; and
  
  a receiving device for receiving said encrypted message via said second communications link and storing said encrypted message, said receiving device further decrypting said encrypted message using said first key code to derive a decrypted message.
- View Dependent Claims (2, 3, 4)
- - 2. The system of claim 1, wherein said sending device comprises:
    - a processing device comprising a processor and a communications interface coupled to said processor for forming said first communications link with said provider device; and
      
      a storage device coupled to said processor, comprising;
      
      a first storage unit for storing said device file name;
      
      a second storage unit for storing said identification information;
      
      means for causing said processor to determine whether said processing device and said storage device are authorized to interact with each other;
      
      means for causing said processor to terminate interaction between said processing device and said storage device in response to a determination that said processing device and said storage device are not authorized to interact with each other;
      
      means for causing said processor to generate said message;
      
      means for causing said processor to encrypt said message using said first key code to derive said encrypted message;
      
      means for causing said processor to retrieve said device file name and said identification information from said first and second storage units;
      
      means for causing said processor to encrypt said identification information using at least a portion of said second key code to derive said encrypted identification information; and
      
      means for causing said processor to send said device file name, said encrypted identification information, and said encrypted message onto said first communications link via said communications interface.
  - 3. The system of claim 2, wherein said provider device comprises:
    - a provider communications interface for forming said first and second communications links, said communications interface receiving said device file name, said encrypted identification information, and said encrypted message;
      
      a storage for storing said user file;
      
      means for accessing said user file in said storage using said device file name as an index;
      
      means for deriving at least a portion of said second key code using said recognition parameters;
      
      means for decrypting said encrypted identification information using the portion of said second key code derived from said recognition parameters to derive a set of decrypted identification information;
      
      means for comparing said decrypted identification information with said reference information stored in said user file; and
      
      means for sending said encrypted message onto said second communications link via said provider communications interface in response to a determination that said decrypted identification information is consistent with said reference information.
  - 4. The system of claim 3, wherein said receiving device comprises:
    - a second processing device comprising a second processor and a display coupled to said second processor;
      
      a receiving mechanism for receiving said encrypted message via said second communications link; and
      
      a second storage device coupled to said second processor and said receiving mechanism, said second storage device comprising;
      
      a third storage unit for storing said encrypted message received by said receiving mechanism;
      
      means for causing said second processor to decrypt said encrypted message using said first key code to derive a decrypted message; and
      
      means for causing said second processor to display said decrypted message on said display.

5. A communications system, comprising:
- a sending device having a device file name and a set of identification information stored therein, said sending device generating a message and encrypting said message using a first key code to derive a single-encrypted message, said sending device further encrypting said identification information and said single-encrypted message using at least a portion of a second key code to derive a set of encrypted identification information and a double-encrypted message, said sending device sending said device file name, said encrypted identification information, and said double-encrypted message onto a first communications link;
  
  a provider device having a user file stored therein which contains recognition parameters corresponding to said sending device including a set of reference information, said provider device receiving said device file name, said encrypted identification information, and said double-encrypted message via said first communications link, said provider device accessing said user file using said device file name as an index and deriving at least a portion of said second key code from said recognition parameters, said provider device decrypting said encrypted identification information using the portion of said second key code derived from said recognition parameters to derive a set of decrypted identification information, said provider device comparing said decrypted identification information with said reference information and, in response to a determination that said decrypted identification information is consistent with said reference information, said provider device decrypting said double-encrypted message using the portion of said second key code derived from said recognition parameters to re-derive said single-encrypted message, said provider device thereafter sending said single-encrypted message onto a second communications link; and
  
  a receiving device for receiving said single-encrypted message via said second communications link and storing said single-encrypted message, said receiving device further decrypting said single-encrypted message using said first key code to derive a decrypted message.
- View Dependent Claims (6, 7, 8)
- - 6. The system of claim 5, wherein said sending device comprises:
    - a processing device comprising a processor and a communications interface coupled to said processor for forming said first communications link with said provider device; and
      
      a storage device coupled to said processor, comprising;
      
      a first storage unit for storing said device file name;
      
      a second storage unit for storing said identification information;
      
      means for causing said processor to determine whether said processing device and said storage device are authorized to interact with each other;
      
      means for causing said processor to terminate interaction between said processing device and said storage device in response to a determination that said processing device and said storage device are not authorized to interact with each other;
      
      means for causing said processor to generate said message;
      
      means for causing said processor to encrypt said message using said first key code to derive said single-encrypted message;
      
      means for causing said processor to retrieve said device file name and said identification information from said first and second storage units;
      
      means for causing said processor to encrypt said identification information and said single-encrypted message using at least a portion of said second key code to derive said encrypted identification information and said double-encrypted message; and
      
      means for causing said processor to send said device file name, said encrypted identification information, and said double-encrypted message onto said first communications link via said communications interface.
  - 7. The system of claim 6, wherein said provider device comprises:
    - a provider communications interface for forming said first and second communications links, said communications interface receiving said device file name, said encrypted identification information, and said encrypted message;
      
      a storage for storing said user file;
      
      means for accessing said user file in said storage using said device file name as an index;
      
      means for deriving at least a portion of said second key code using said recognition parameters;
      
      means for decrypting said encrypted identification information using the portion of said second key code derived from said recognition parameters to derive a set of decrypted identification information;
      
      means for comparing said decrypted identification information with said reference information stored in said user file;
      
      means for decrypting, in response to a determination that said decrypted identification information is consistent with said reference information, said double-encrypted message using the portion of said second key code derived from said recognition parameters to re-derive said single-encrypted message; and
      
      means for sending said single-encrypted message onto said second communications link via said provider communications interface.
  - 8. The system of claim 7, wherein said receiving device comprises:
    - a second processing device comprising a second processor and a display coupled to said second processor;
      
      a receiving mechanism for receiving said single-encrypted message via said second communications link; and
      
      a second storage device coupled to said second processor and said receiving mechanism, said second storage device comprising;
      
      a third storage unit for storing said single-encrypted message received by said receiving mechanism;
      
      means for causing said second processor to decrypt said single-encrypted message using said first key code to derive a decrypted message; and
      
      means for causing said second processor to display said decrypted message on said display.

9. A system for voting, comprising:
- a voter device having a voter file name and a set of identification information stored therein, said voter device generating a message representing at least one voting selection, said voter device encrypting said identification information and said message using at least a portion of a key code to derive a set of encrypted identification information and an encrypted message, said voter device sending said voter file name, said encrypted identification information, and said encrypted message onto a communications link; and
  
  a voter management device having a voter file stored therein which contains recognition parameters corresponding to said voter device including a set of reference information, said voter management device receiving said voter file name, said encrypted identification information, and said encrypted message via said communications link, said voter management device accessing said voter file using said voter file name as an index and deriving at least a portion of said key code from said recognition parameters, said voter management device decrypting said encrypted identification information using the portion of said key code derived from said recognition parameters to derive a set of decrypted identification information, said voter management device comparing said decrypted identification information with said reference information and, in response to a determination that said decrypted identification information is consistent with said reference information, said voter management device decrypting said message using the portion of said key code derived from said recognition parameters to derive a decrypted message, said voter management device thereafter extracting at least one voting selection from said decrypted message and processing said one voting selection.
- View Dependent Claims (10, 11)
- - 10. The system of claim 9, wherein said voter device comprises:
    - a voter processing device comprising a processor and a communications interface coupled to said processor for forming said communications link with said voter management device; and
      
      a voter storage device coupled to said processor, comprising;
      
      a first storage unit for storing said voter file name;
      
      a second storage unit for storing said identification information;
      
      means for causing said processor to determine whether said voter processing device and said voter storage device are authorized to interact with each other;
      
      means for causing said processor to terminate interaction between said voter processing device and said voter storage device in response to a determination that said voter processing device and said voter storage device are not authorized to interact with each other;
      
      means for causing said processor to generate said message;
      
      means for causing said processor to retrieve said voter file name and said identification information from said first and second storage units;
      
      means for causing said processor to encrypt said identification information and said message using at least a portion of said key code to derive said encrypted identification information and said encrypted message; and
      
      means for causing said processor to send said voter file name, said encrypted identification information, and said encrypted message onto said first communications link via said communications interface.
  - 11. The system of claim 10, wherein said voter management device comprises:
    - a second communications interface for forming said communications link with said voter device, said second communications interface receiving said voter file name, said encrypted identification information, and said encrypted message;
      
      a storage for storing said voter file;
      
      means for accessing said voter file in said storage using said voter file name as an index;
      
      means for deriving at least a portion of said key code using said recognition parameters;
      
      means for decrypting said encrypted identification information using the portion of said key code derived from said recognition parameters to derive a set of decrypted identification information;
      
      means for comparing said decrypted identification information with said reference information stored in said voter file;
      
      means for decrypting, in response to a determination that said decrypted identification information is consistent with said reference information, said encrypted message using the portion of said key code derived from said recognition parameters to derive said decrypted message;
      
      means for extracting from said decrypted message at least one voting selection; and
      
      means for processing at least said one voting selection.

12. A transactional system, comprising:
- a user device having a user file name and a set of identification information stored therein, said user device generating a message and encrypting said identification information and said message using at least a portion of a key code to derive a set of encrypted identification information and an encrypted message, said user device sending said user file name, said encrypted identification information, and said encrypted message onto a communications link; and
  
  a provider device having a user file stored therein which contains recognition parameters corresponding to said user device including a set of reference information, said provider device receiving said user file name, said encrypted identification information, and said encrypted message via said communications link, said provider device accessing said user file using said user file name as an index and deriving at least a portion of said key code from said recognition parameters, said provider device decrypting said encrypted identification information using the portion of said key code derived from said recognition parameters to derive a set of decrypted identification information, said provider device comparing said decrypted identification information with said reference information and, in response to a determination that said decrypted identification information is consistent with said reference information, said provider device decrypting said encrypted message using the portion of said key code derived from said recognition parameters to derive a decrypted message, said provider device thereafter processing said decrypted message to carry out a transaction.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 13. The system of claim 12, wherein said user device comprises:
    - a user processing device comprising a processor and a communications interface coupled to said processor for forming said communications link with said provider device; and
      
      a user storage device coupled to said processor, comprising;
      
      a first storage unit for storing said user file name;
      
      a second storage unit for storing said identification information;
      
      means for causing said processor to determine whether said user processing device and said user storage device are authorized to interact with each other;
      
      means for causing said processor to terminate interaction between said user processing device and said user storage device in response to a determination that said user processing device and said user storage device are not authorized to interact with each other;
      
      means for causing said processor to generate said message;
      
      means for causing said processor to retrieve said user file name and said identification information from said first and second storage units;
      
      means for causing said processor to encrypt said identification information and said message using at least a portion of said key code to derive said encrypted identification information and said encrypted message; and
      
      means for causing said processor to send said user file name, said encrypted identification information, and said encrypted message onto said first communications link via said communications interface.
  - 14. The system of claim 13, wherein said provider device comprises:
    - a second communications interface for forming said communications link with said user device, said second communications interface receiving said user file name, said encrypted identification information, and said encrypted message;
      
      a storage for storing said user file;
      
      means for accessing said user file in said storage using said user file name as an index;
      
      means for deriving at least a portion of said key code using said recognition parameters;
      
      means for decrypting said encrypted identification information using the portion of said key code derived from said recognition parameters to derive a set of decrypted identification information;
      
      means for comparing said decrypted identification information with said reference information stored in said user file;
      
      means for decrypting, in response to a determination that said decrypted identification information is consistent with said reference information, said encrypted message using the portion of said key code derived from said recognition parameters to derive said decrypted message; and
      
      means for processing said decrypted message to carry out a transaction.
  - 15. The system of claim 14, wherein said decrypted message includes an encrypted application address (EAA), and wherein said provider device further comprises:
    - means for decrypting said EAA using a secret provider key code to derive an encrypted transaction address (ETA); and
      
      means for accessing an account residing at said ETA.
  - 16. The system of claim 15, wherein said decrypted message further includes a transaction instruction, and wherein said provider device further comprises:
    - means for processing said transaction instruction to manipulate resources within said account.
  - 17. The system of claim 15, wherein said decrypted message further includes a sub-address, and wherein said provider device further comprises:
    - means for accessing a sub-account residing it said sub-address.
  - 18. The system of claim 17, wherein said decrypted message further includes a transaction instruction, and wherein said provider device further comprises:
    - means for processing said transaction instruction to manipulate resources within said sub-account.
  - 19. The system of claim 15, wherein said decrypted message further includes a sub-address;
    - and wherein said provider device further comprises;
      
      means for accessing a direct money line account (DMLA) residing at said sub-address, said DMLA usable as a debit account from which funds may be withdrawn using a debit card.
  - 20. The system of claim 19, wherein said decrypted message further includes a transaction instruction, and wherein said provider device further comprises:
    - means for processing said transaction instruction to either transfer funds into or out of said DMLA.
  - 21. The system of claim 19, wherein said decrypted message further includes a set of criteria for governing the manner in which funds in said DMLA may be manipulated using the debit card, and wherein said provider device further comprises:
    - means for imposing said set of criteria on said DMLA.
  - 22. The system of claim 21, wherein said set of criteria comprises a spending limit, and wherein said provider device further comprises:
    - means for precluding an amount greater than said spending limit from being withdrawn from said DMLA using the debit card.
  - 23. The system of claim 21, wherein said set of criteria comprises a restriction on what products may be purchased using funds from said DMLA, and wherein said provider device further comprises:
    - means for precluding selected items from being purchased using funds from said DMLA.
  - 24. The system of claim 21, wherein said provider device further comprises:
    - means for notifying a user when said set of criteria is met.
  - 25. The system of claim 15,wherein said provider device further comprises:
    - means for sending a transaction pending notice and a posting ETA to said user device;
      
      wherein said storage device in said user device further comprises;
      
      means for causing said processor to generate a transfer instruction; and
      
      means for causing said processor to send said transfer instruction to said provider device via said communications interface; and
      
      wherein said provider device further comprises;
      
      means for processing said transfer instruction to transfer resources from said account to another account residing at said posting ETA.
  - 26. The system of claim 15,wherein said provider device further comprises:
    - means for sending a transaction pending notice to said user device;
      
      wherein said storage device in said user device further comprises;
      
      means for causing said processor to generate a receive instruction; and
      
      means for causing said processor to send said receive instruction to said provider device via said communications interface; and
      
      wherein said provider device further comprises;
      
      means for processing said receive instruction to receive resources into said account.
  - 27. The system of claim 14, wherein said user file further contains a reference access code, wherein said decrypted message includes an encrypted application address (EAA) and an access code, and wherein said provider device further comprises:
    - means for decrypting said EAA using a secret provider key code to derive an encrypted transaction address (ETA);
      
      means for comparing said access code with said reference access code; and
      
      means for accessing an account residing at said ETA in response to a determination that said access code is consistent with said reference access code.
  - 28. The system of claim 27, wherein said decrypted message further includes a transaction instruction, and wherein said provider device further comprises:
    - means for processing said transaction instruction to manipulate resources within said account.
  - 29. The system of claim 27, wherein said user file further contains a reference sub-access code, wherein said decrypted message further includes a sub-address and a sub-access code, and wherein said provider device comprises:
    - means for comparing said sub-access code with said reference sub-access code; and
      
      means for accessing a sub-account residing at said sub-address in response to a determination that said sub-access code is consistent with said reference sub-access code.
  - 30. The system of claim 29, wherein said decrypted message further includes a transaction instruction, and wherein said provider device further comprises:
    - means for processing said transaction instruction to manipulate resources within said sub-account.
  - 31. The system of claim 27,wherein said provider device further comprises:
    - means for sending a transaction pending notice and a posting ETA to said user device;
      
      wherein said storage device in said user device further comprises;
      
      means for causing said processor to generate a transfer instruction; and
      
      means for causing said processor to send said transfer instruction to said provider device via said communications interface; and
      
      wherein said provider device further comprises;
      
      means for processing said transfer instruction to transfer resources from said account to another account residing at said posting ETA.
  - 32. The system of claim 27,wherein said provider device further comprises:
    - means for sending a transaction pending notice to said user device;
      
      wherein said storage device in said user device further comprises;
      
      means for causing said processor to generate a receive instruction; and
      
      means for causing said processor to send said receive instruction to said provider device via said communications interface; and
      
      wherein said provider device further comprises;
      
      means for processing said receive instruction to receive resources into said account.

33. An authorizational system, comprising:
- a user device having a user file name and a set of identification information stored therein, said user device generating a message and encrypting said identification information and said message using at least a portion of a key code to derive a set of encrypted identification information and an encrypted message, said user device sending said user file name, said encrypted identification information, and said encrypted message onto a communications link; and
  
  a provider device having a user file stored therein which contains recognition parameters corresponding to said user device including a set of reference information, said provider device receiving said user file name, said encrypted identification information, and said encrypted message via said communications link, said provider device accessing said user file using said user file name as an index and deriving at least a portion of said key code from said recognition parameters, said provider device decrypting said encrypted identification information using the portion of said key code derived from said recognition parameters to derive a set of decrypted identification information, said provider device comparing said decrypted identification information with said reference information and, in response to a determination that said decrypted identification information is consistent with said reference information, said provider device decrypting said encrypted message using the portion of said key code derived from said recognition parameters to derive a decrypted message, said provider device processing said decrypted message to derive a set of authorization codes, said provider device sending said authorization codes to said user device via said communications link to be stored within said user device.
- View Dependent Claims (34, 35)
- - 34. The system of claim 33, wherein said user device comprises:
    - a user processing device comprising a processor and a communications interface coupled to said processor for forming said communications link with said provider device; and
      
      a user storage device coupled to said processor, comprising;
      
      a first storage unit for storing said user file name;
      
      a second storage unit for storing said identification information;
      
      a third storage unit;
      
      means for causing said processor to determine whether said user processing device and said user storage device are authorized to interact with each other;
      
      means for causing said processor to terminate interaction between said user processing device and said user storage device in response to a determination that said user processing device and said user storage device are not authorized to interact with each other;
      
      means for causing said processor to generate said message;
      
      means for causing said processor to retrieve said user file name and said identification information from said first and second storage units;
      
      means for causing said processor to encrypt said identification information and said message using at least a portion of said key code to derive said encrypted identification information and said encrypted message;
      
      means for causing said processor to send said user file name, said encrypted identification information, and said encrypted message onto said first communications link via said communications interface;
      
      means for causing said processor to receive said authorization codes from said provider device via said communications interface; and
      
      means for causing said processor to store said authorization codes into said third storage unit.
  - 35. The system of claim 34, wherein said provider device comprises:
    - a second communications interface for forming said communications link with said user device, said second communications interface receiving said user file name, said encrypted identification information, and said encrypted message;
      
      a storage for storing said user file;
      
      means for accessing said user file in said storage using said user file name as an index;
      
      means for deriving at least a portion of said key code using said recognition parameters;
      
      means for decrypting said encrypted identification information using the portion of said key code derived from said recognition parameters to derive a set of decrypted identification information;
      
      means for comparing said decrypted identification information with said reference information stored in said user file;
      
      means for decrypting, in response to a determination that said decrypted identification information is consistent with said reference information, said encrypted message using the portion of said key code derived from said recognition parameters to derive said decrypted message;
      
      means for processing said decrypted message;
      
      means for generating said authorization codes; and
      
      means for sending said authorization codes to said user device via said second communications interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cyphercomm Incorporated
Original Assignee
ETA Technologies Corp.
Inventors
Johnson, William Cedric
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/388,273
Time in Patent Office

988 Days
Field of Search

380/4, 380/23, 380/25
US Class Current

705/71
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 2211/007   Encryption, En-/decode, En-...

G06Q 20/3829   involving key management

Personal access management system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

141 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Personal access management system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

141 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links