Method and system for facilitating data access and management on a secure token

US 8,548,923 B2
Filed: 03/19/2010
Issued: 10/01/2013
Est. Priority Date: 10/07/2002
Status: Active Grant

First Claim

Patent Images

1. A system for facilitating data management on a secure token, comprising:

a client having a plurality of applications residing thereon;

a secure token having a storage architecture, wherein the storage architecture includes;

a directory and one or more attributes associated with the directory, wherein each attribute of the one or more attributes associated with the directory determines a level of access to the directory for one application of the plurality of applications,an application identifier associating the directory with a second application selected from the plurality of applications;

one or more cell groups under the directory, each cell group having one or more associated attributes, wherein each attribute of the one or more attributes associated with the cell group determines a level of access to that cell group for one application of the plurality of applications, andone or more cells under each cell group, each cell having one or more associated attributes, wherein each attribute of the one or more attributes associated with the cell determines a level of access to that cell for one application of the plurality of applications,wherein the one or more associated attributes for a first cell group of the one or more cell groups permits access to the first cell group and the one or more associated attributes for the first cell group by the first application and a second application of the plurality of applications, and the one or more attributes associated with the directory deny access to the first cell group to a third application of the plurality of applications; and

wherein the one or more attributes associated with a first cell of the first cell group further control operations on contents of the cell by the plurality of applications such that the one or more attributes associated with the first cell permit a first set of operations on the contents of that cell and the one or more attributes associated with the first cell by the first application and permit a second set of operations on the contents of that cell and the one or more attributes associated with the first cell by the second application, wherein the first set of operations is different from the second set of operations;

an issuer computer, wherein the issuer computer comprises a set of environments, a set of initial states for the one or more associated attributes for the cell group and the one or more attributes associated with the cell that set a status of the storage architecture on the secure token; and

a Value Added Serve Provider computer, wherein the value add service provider comprises control data parameters that are provided to both the issuer and the client to set the one or more associated attributes for the cell group and the one or more attributes associated with the cell.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for facilitating data access and management on a smart card is provided. According to one exemplary aspect of the system, a storage architecture is provided in the smart card which allows data stored thereon to be shared by multiple parties. Access to data stored on the smart card is controlled by various access methods depending on the actions to be taken with respect to the data to be accessed.

105 Citations

17 Claims

1. A system for facilitating data management on a secure token, comprising:
- a client having a plurality of applications residing thereon;
  
  a secure token having a storage architecture, wherein the storage architecture includes;
  
  a directory and one or more attributes associated with the directory, wherein each attribute of the one or more attributes associated with the directory determines a level of access to the directory for one application of the plurality of applications,an application identifier associating the directory with a second application selected from the plurality of applications;
  
  one or more cell groups under the directory, each cell group having one or more associated attributes, wherein each attribute of the one or more attributes associated with the cell group determines a level of access to that cell group for one application of the plurality of applications, andone or more cells under each cell group, each cell having one or more associated attributes, wherein each attribute of the one or more attributes associated with the cell determines a level of access to that cell for one application of the plurality of applications,wherein the one or more associated attributes for a first cell group of the one or more cell groups permits access to the first cell group and the one or more associated attributes for the first cell group by the first application and a second application of the plurality of applications, and the one or more attributes associated with the directory deny access to the first cell group to a third application of the plurality of applications; and
  
  wherein the one or more attributes associated with a first cell of the first cell group further control operations on contents of the cell by the plurality of applications such that the one or more attributes associated with the first cell permit a first set of operations on the contents of that cell and the one or more attributes associated with the first cell by the first application and permit a second set of operations on the contents of that cell and the one or more attributes associated with the first cell by the second application, wherein the first set of operations is different from the second set of operations;
  
  an issuer computer, wherein the issuer computer comprises a set of environments, a set of initial states for the one or more associated attributes for the cell group and the one or more attributes associated with the cell that set a status of the storage architecture on the secure token; and
  
  a Value Added Serve Provider computer, wherein the value add service provider comprises control data parameters that are provided to both the issuer and the client to set the one or more associated attributes for the cell group and the one or more attributes associated with the cell.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1 wherein the first set of operations includes read only access and the second set of operations includes read access and write access for the directory.
  - 3. The system of claim 1 wherein the first set of operations is a subset of the second set of operations.
  - 4. The system of claim 3 wherein the first set of operations includes read only access and the second set of operations includes read access and write access for the cell group.
  - 5. The system of claim 1 wherein the first set of operations includes read only access and the second set of operations includes read access and write access for the cell.
  - 6. The system of claim 1 wherein ownership of one of the one or more cell groups is modified subsequent to issuance of the secure token to a token holder.
  - 7. The system of claim 1 wherein the access level for the directory, the one or more cell groups, and the one or more cells is determined per individual application.
  - 8. The system of claim 1 wherein each cell of the one or more cells comprise an activation date, wherein each cell cannot be used prior to the activation date.
  - 9. The system of claim 1 wherein each cell of the one or more cells comprise an expiry date, wherein each cell cannot be used after the expiry date.
  - 10. The system of claim 1 wherein each cell of the one or more cells comprise a status byte, the status byte indicating if content of the cell is available.
  - 11. The system of claim 1 further comprising a second client, wherein the second client comprises a set of updated states for the one or more associated attributes for the cell group and the one or more attributes associated with the cell that that update the status of the storage architecture on the secure token.

12. A secure token comprising:
- a directory and one or more attributes associated with the directory, wherein each attribute of the one or more attributes associated with the directory determines a level of access to the directory for one application of the plurality of applications,an application identifier associating the directory with a corresponding application selected from the plurality of applications;
  
  one or more cell groups under the directory, each cell group having one or more associated attributes, wherein each attribute of the one or more attributes associated with the cell group determines a level of access to that cell group for one application of the plurality of applications, andone or more cells under each cell group, each cell having one or more associated attributes, wherein each attribute of the one or more attributes associated with the cell determines a level of access to that cell for one application of the plurality of applications;
  
  wherein the one or more associated attributes for a first cell group of the one or more cell groups permits access to the first cell group and the one or more associated attributes for the first cell group by the first application and a second application of the plurality of applications, and the one or more attributes associated with the directory deny access to the first cell group to a third application of the plurality of applications;
  
  wherein the one or more attributes associated with a first cell of the first cell group further control operations on contents of the cell and the one or more attributes associated with the first cell by the plurality of applications such that the one or more attributes associated with the first cell permit a first set of operations on the contents of that cell and the one or more attributes associated with the first cell by the first application and permit a second set of operations on the contents of that cell and the one or more attributes associated with the first cell by the second application, wherein the first set of operations is different from the second set of operations;
  
  an issuer computer, wherein the issuer computer comprises a set of environments, a set of initial states for the one or more associated attributes for the cell group and the one or more attributes associated with the cell that set a status of the storage architecture on the secure token; and
  
  a Value Added Serve Provider computer, wherein the value add service provider comprises control data parameters that are provided to both the issuer and the client to set the one or more associated attributes for the cell group and the one or more attributes associated with the cell.
- View Dependent Claims (13, 14)
- - 13. The secure token of claim 12 wherein the first set of operations is a subset of the second set of operations.
  - 14. The system of claim 12 wherein the first set of operations includes read only access and the second set of operations includes read access and write access for the cell.

15. A method for facilitating data management on a secure token, comprising:
- providing a directory and one or more attributes associated with the directory, wherein each attribute of the one or more attributes associated with the directory determines a level of access to the directory for one application of the plurality of applications,providing one or more cell groups under the directory, each cell group having one or more associated attributes, wherein each attribute of the one or more attributes associated with the cell group determines a level of access to that cell group for one application of the plurality of applications, andone or more cells under each cell group, each cell having one or more associated attributes, wherein each attribute of the one or more attributes associated with the cell determines a level of access to that cell for one application of the plurality of applications;
  
  wherein an application identifier associates the directory with a corresponding application selected from the plurality of applications;
  
  wherein the one or more associated attributes for a first cell group of the one or more cell groups permits access to the first cell group and the one or more associated attributes for the first cell group by the first application and a second application of the plurality of applications, and the one or more attributes associated with the directory deny access to the first cell group to a third application of the plurality of applications;
  
  wherein the one or more attributes associated with a first cell of the first cell group further control operations on contents of the cell and the one or more attributes associated with the first cell by the plurality of applications such that the one or more attributes associated with the first cell permit a first set of operations on the contents of that cell and the one or more attributes associated with the first cell by the first application and permit a second set of operations on the contents of that cell and the one or more attributes associated with the first cell by the second application, wherein the first set of operations is different from the second set of operations;
  
  providing an issuer computer, wherein the issuer computer comprises a set of environments, a set of initial states for the one or more associated attributes for the cell group and the one or more attributes associated with the cell that set a status of the storage architecture on the secure token; and
  
  providing a Value Added Serve Provider computer, wherein the value add service provider comprises control data parameters that are provided to both the issuer and the client to set the one or more associated attributes for the cell group and the one or more attributes associated with the cell.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15 wherein the first set of operations is a subset of the second set of operations.
  - 17. The method of claim 15 wherein the first set of operations includes read only access and the second set of operations includes read access and write access for the cell.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Christian Aabye, Sonia Reed
Original Assignee
Christian Aabye, Sonia Reed
Inventors
Reed, Sonia, Aabye, Christian
Primary Examiner(s)
DWIVEDI, MAHESH H

Application Number

US12/727,741
Publication Number

US 20100250956A1
Time in Patent Office

1,292 Days
Field of Search

705/65, 705/66, 705/67
US Class Current

705/65
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 21/77   in smart cards

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/35765   Access rights to memory zones

G07F 7/1008   Active credit-cards provide...

H04L 63/0853   using an additional device,...

Method and system for facilitating data access and management on a secure token

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

105 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Method and system for facilitating data access and management on a secure token

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

105 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others