Delegated administration of permissions using a contactless card
First Claim
1. A system, comprising:
- a processor circuit; and
a memory storing an application and instructions which when executed by the processor circuit, cause the processor circuit to perform the steps of;
receiving a first request comprising a first account, a second account, and a computing resource, the computing resource comprising one or more of;
(i) the application, (ii) a data, and (iii) an operation;
receiving, from a first contactless card, permissions data of the first account and encrypted data;
transmitting the permissions data and the encrypted data to an authentication server;
receiving, from the authentication server, a result that the authentication server decrypted the encrypted data;
receiving, from the authentication server, a permissions vector of the second account, the permissions vector comprising a plurality of entries;
determining, based on the permissions vector of the second account, that the second account was granted access to the computing resource;
receiving a second request comprising the second account and the computing resource;
granting the second account access to the computing resource based on the permissions vector of the second account;
disabling a first feature of the computing resource based on a first entry of the plurality of entries of the permissions vector for the second account; and
providing a second feature of the computing resource based on a second entry of the plurality of entries of the permissions vector for the second account.
1 Assignment
0 Petitions
Accused Products
Abstract
Delegated administration of permissions using a contactless card. In one example, a permissions module may receive a request from a first account to grant a second account access to a computing resource. The permissions module may receive permissions data of the first account from a contactless card and encrypted data generated by the contactless card. The permissions module may transmit the permissions data and the encrypted data to an authentication server, which may verify the encrypted data based at least in part on the private key, and determine, based on the permissions data, that the first account has permissions to grant access to the computing resource. The permissions module may receive, from the authentication server, an indication of the verification of the encrypted data and a permissions vector associated with the second account, the permissions vector reflecting the grant of access to the computing resource to the second account.
549 Citations
20 Claims
-
1. A system, comprising:
-
a processor circuit; and a memory storing an application and instructions which when executed by the processor circuit, cause the processor circuit to perform the steps of; receiving a first request comprising a first account, a second account, and a computing resource, the computing resource comprising one or more of;
(i) the application, (ii) a data, and (iii) an operation;receiving, from a first contactless card, permissions data of the first account and encrypted data; transmitting the permissions data and the encrypted data to an authentication server; receiving, from the authentication server, a result that the authentication server decrypted the encrypted data; receiving, from the authentication server, a permissions vector of the second account, the permissions vector comprising a plurality of entries; determining, based on the permissions vector of the second account, that the second account was granted access to the computing resource; receiving a second request comprising the second account and the computing resource; granting the second account access to the computing resource based on the permissions vector of the second account; disabling a first feature of the computing resource based on a first entry of the plurality of entries of the permissions vector for the second account; and providing a second feature of the computing resource based on a second entry of the plurality of entries of the permissions vector for the second account. - View Dependent Claims (2, 3, 4, 5, 20)
-
-
6. A method, comprising:
-
receiving, by an application executing on a device, a first request comprising a first account, a second account, and a computing resource, the computing resource comprising one or more of;
(i) the application, (ii) a data, and (iii) an operation;receiving, by the application from a first contactless card, permissions data of the first account and encrypted data; transmitting, by the application, the permissions data and the encrypted data to an authentication server; receiving, by the application from the authentication server, a result that the authentication server decrypted the encrypted data; receiving, by the application from the authentication server, a permissions vector of the second account, the permissions vector comprising a plurality of entries; determining, by the application based on the permissions vector of the second account, that the second account was granted access to the computing resource; receiving, by the application, a second request comprising the second account and the computing resource; granting, by the application, the second account access to the computing resource based on the permissions by of the second account; disabling, by the application, a first feature of the computing resource based on a first entry of the plurality of entries of the permissions vector for the second account; and providing, by the application, a second feature of the computing resource based on a second entry of the plurality of entries of the permissions vector for the second account. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium storing computer-readable program code which when executed by a processor causes the processor to perform the steps of:
-
receiving a first request comprising a first account, a second account, and a computing resource, the computing resource comprising one or more of;
(i) an application, (ii) a data, and (iii) an operation;receiving, from a first contactless card, permissions data of the first account and encrypted data; transmitting the permissions data and the encrypted data to an authentication server; receiving, from the authentication server, a result that the authentication server decrypted the encrypted data; receiving, from the authentication server, a permissions vector of the second account, the permissions vector comprising a plurality of entries; determining, based on the permissions vector of the second account, that the second account was granted access to the computing resource; receiving a second request comprising the second account and the computing resource; granting the second account access to the computing resource based on the permissions vector of the second account; disabling a first feature of the computing resource based on a first entry of the plurality of entries of the permissions vector for the second account; and providing a second feature of the computing resource based on a second entry of the plurality of entries of the permissions vector for the second account. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification