Privacy and security for smartcards in a method, system and program
First Claim
1. A system for providing a high level of security and privacy in a smart card, comprising:
- a smart card including;
storage means for storing a plurality of low level identities of card holders on said smart card and means for choosing among said low level identities to make available to specified classes of smart card readers;
a server connected to a network;
a database for maintaining identity information associated with said a smart card;
a smart card reader with an identifying code connected to said network;
decoding means in said smart card reader for reading a unique code from said smart card;
means for transmitting said unique code and said identifying code to said server;
means for comparing said unique code to said identity information in said database;
means for utilizing said unique code for requesting a specific identity level from said database on said authentication server; and
transmission means for sending information associated with said specific identity level only if said specific identity level is authorized for said requesting smart card reader.
1 Assignment
0 Petitions
Accused Products
Abstract
In a first embodiment, a central database accessible by registered members, including merchants, will contain all of an individual'"'"'s information while a smart card will store a unique id, known as an avatar, that may be utilized to access the information on the server. The central database is accessed through an authentication service to ensure smartcard validity. The unique identity information is retrieved by smartcard readers issued to registered members. In another embodiment, all the information concerning the individual is contained within the smart card itself. In a further embodiment, data on the smartcard and the central database is arranged in an access list with the more sensitive personal information being made available only to the smartcard readers having the highest level of access. At least two avatars, horizontal and vertical, are utilized with the horizontal avatar providing id that is changeable and the vertical avatar providing non-changeable id. Very low levels of identification are contained in memory on the smartcard.
69 Citations
8 Claims
-
1. A system for providing a high level of security and privacy in a smart card, comprising:
-
a smart card including;
storage means for storing a plurality of low level identities of card holders on said smart card and means for choosing among said low level identities to make available to specified classes of smart card readers;
a server connected to a network;
a database for maintaining identity information associated with said a smart card;
a smart card reader with an identifying code connected to said network;
decoding means in said smart card reader for reading a unique code from said smart card;
means for transmitting said unique code and said identifying code to said server;
means for comparing said unique code to said identity information in said database;
means for utilizing said unique code for requesting a specific identity level from said database on said authentication server; and
transmission means for sending information associated with said specific identity level only if said specific identity level is authorized for said requesting smart card reader. - View Dependent Claims (2, 3, 4, 5)
comparison means for comparing said specific identity level requested with a level previously authorized by said smart card holder.
-
-
3. The system of claim 1, further comprising:
means for authorizing a specific level of identity available to each said class of smart card readers.
-
4. The system of claim 1, further comprising:
means for providing at least two identity classes of said card holder.
-
5. The system of claim 1, wherein providing at least two identity classes of said card holder, further comprises:
-
means for installing a first identity class that contains changeable identity information; and
means for installing a second identity class that contains identity information that is not changeable.
-
-
6. A portable storage device comprising:
-
a plurality of identity types associated with a holder of the portable storage device; and
means for restricting access to each given one of said plurality of identity types to a separate specified class of smart card readers. - View Dependent Claims (7, 8)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsCanelones, Dawn Marie, Dutta, Rabindranath, Paolini, Michael A.
-
Primary Examiner(s)Smithers, Matthew
-
Assistant Examiner(s)NGUYEN, MINH DIEU T
-
Application NumberUS09/556,573Time in Patent Office1,625 DaysField of Search713/172, 713/182, 713/189, 713/193, 705/67, 705/66, 705/65US Class Current713/193CPC Class CodesG06Q 20/341 Active cards, i.e. cards in...G06Q 20/347 Passive cardsG06Q 20/367 involving electronic purses...G06Q 20/40145 Biometric identity checksG07C 9/22 in combination with an iden...G07F 7/10 together with a coded signa...G07F 7/1008 Active credit-cards provide...G07F 7/1075 PIN is checked remotely
