Method and system for providing controlled access to information stored on a portable recording medium
First Claim
1. A system for recording information and controlling access to said information, said system comprising:
- a) a portable recording medium including memory for storing encrypted individual user information locally and a microprocessor, said microprocessor being responsive to input of an access code to enable access to said encrypted information;
b) a remote data processing center including a database of a plurality of authorized service providers with respect to said information; and
a plurality of access codes corresponding to each of said plurality of authorized service providers, said access codes including a key for decrypting said encrypted information;
c) said database being created under the direction of said individual user;
d) a terminal communicating between said portable recording medium and said processing center;
whereine) said processing center being responsive to a request initiated at said terminal by said service provider for access to said encrypted information, said data processing center accessing said database to determine if said identified service provider is authorized to access said encrypted information, and to output said access code to said identified service provider only if said identified service provider is authorized to access said encrypted information;
f) whereby accessing and decrypting said encrypted information at said portable medium only through use of said obtained access code.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for providing controlled access to information stored on a smartcard. The system includes a data processing center maintained by a trusted third party for storing a database of authorizations of various service providers to access information pertaining to individuals, and for responding to request by service providers for access from terminals which communicate with the data processing center and smartcards storing the individuals'"'"' information. The information is stored on the smartcard in encrypted form and the data processing center provides an access code, which includes a key for decrypting the information, only to service providers who are authorized to access the information. The service provider then sends the access code to the smartcard which verifies the access code and decrypts and outputs the requested information. The smartcard then computes a new key as a function of information unique to each access session and uses the new key to re-encrypt the information, and then erases the new key. The data processing center also computes the new key so that the data processing center can provide an access code including the new key for the next request for access.
-
Citations
22 Claims
-
1. A system for recording information and controlling access to said information, said system comprising:
-
a) a portable recording medium including memory for storing encrypted individual user information locally and a microprocessor, said microprocessor being responsive to input of an access code to enable access to said encrypted information; b) a remote data processing center including a database of a plurality of authorized service providers with respect to said information; and
a plurality of access codes corresponding to each of said plurality of authorized service providers, said access codes including a key for decrypting said encrypted information;c) said database being created under the direction of said individual user; d) a terminal communicating between said portable recording medium and said processing center;
whereine) said processing center being responsive to a request initiated at said terminal by said service provider for access to said encrypted information, said data processing center accessing said database to determine if said identified service provider is authorized to access said encrypted information, and to output said access code to said identified service provider only if said identified service provider is authorized to access said encrypted information; f) whereby accessing and decrypting said encrypted information at said portable medium only through use of said obtained access code. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for recording information and controlling access to said information, said system comprising:
-
a) a portable recording medium including memory for storing encrypted information and a microprocessor, said microprocessor being responsive to input of an access code to enable access to said encrypted information; b) a remote data processing center including a database of a plurality of authorized service providers with respect to said information; and
a plurality of authorization codes corresponding to each of said plurality of service providers, said access codes including a key for decrypting said encrypted information;c) said database being created under the direction of said individual user; d) a terminal communication between said portable recording medium and said processing center;
whereine) said processing center being responsive to said request initiated at said terminal by said service provider for access to said encrypted information, said request identifying a service provider seeking emergency access to said information, to output said access code without regard to authorization of said service provider seeking emergency access, said access code enabling access to at least a predetermined part of said encrypted information; and f) said processing center recording at least a time and an identity for service provider seeking emergency access.
-
-
8. A method for controlling access to recorded information, said method comprising the steps of:
-
a) establishing a remote data processing center; b) receiving at said data processing center data identifying service providers who can request access to encrypted information and second data identifying levels of authorization corresponding to said service providers who can access said encrypted information; c) said database being created under the direction of said individual user d) providing an individual user with a portable recording medium including memory for storing said encrypted information and a microprocessor, said microprocessor being responsive to input of an access code to enable access to said encrypted information; e) receiving a message from one of said service providers requesting access to said encrypted information, said encrypted information having been stored in said memory; f) accessing said database to determine if said one of said service provider is authorized to access said encrypted information; g) if said one of said service providers is authorized to access said encrypted information, providing said access code to said one of said service providers for accessing and decrypting said encrypted information contained in said portable medium. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for recording information and controlling access to said information, said system comprising:
-
a) a portable recording medium including memory for storing individual user information locally, said information being encrypted with a current session key, and a microprocessor, said microprocessor being responsive to input of an access code, said access code comprising said current session key, to enable access to said information; b) a remote data processing center including a database of a plurality of authorized service providers with respect to said information; and
a plurality of authorization codes corresponding to each of said plurality of service providers;c) said database being created under the direction of said individual user d) a terminal communication between said portable recording medium and said processing center;
whereine) said processing center being responsive to a request initiated at said terminal by said service provider for access to said information, said data processing center accessing said database to determine if said identified service provider is authorized to access said information, and to output said access code to said identified service provider only if said identified service provider is authorized to access said information, said service provider inputting said access code to said microprocessor to access said information. - View Dependent Claims (16, 17, 18)
-
-
19. A method for controlling access to recorded information, said method comprising the steps of:
-
a)establishing a remote data processing center; b) receiving at said data processing center, first data identifying service providers who can request access to said information and second data identifying levels of authorization corresponding to said service providers who can access said information; c) providing an individual user with a portable recording medium including memory for storing said information, said information being encrypted with a current session key, and a microprocessor, said microprocessor being responsive to input of an access code, said access code comprising said current session key to enable access to said information; d) said database being created under the direction of said individual user e) receiving a message from one of said service providers requesting access to said information, said information having been stored in said memory; f) accessing said database to determine if said one of said service providers is authorized to access said information; g) if said one of said service providers is authorized to access said information, providing said access code to said one of said service providers;
said service provider inputting said access code to said microprocessor to access said information. - View Dependent Claims (20, 21, 22)
-
Specification