Systems and methods for data access control of personal user data using a short-range transceiver
First Claim
1. A data access control system, comprising:
- a database storing information comprising a user identifier and a user key associated with a user, and a service provider identifier and a service provider key associated with a service provider;
a server configured for data communication with a client device associated with the service provider via a network;
a contactless card associated with the user, the contactless card comprising a communications interface, a processor, and a memory, the memory storing an applet, a user token, and personal user data associated with the user, wherein the personal user data is encrypted using the user key;
a client application comprising instructions for execution on the client device, the client application configured to;
in response to a tap action between the contactless card and the client device;
receive the user token from the contactless card, and transmit to the server a service provider token, the user token, and a request for a data access key, wherein the service provider token is associated with the service provider;
receive from the server the data access key;
receive from the contactless card the encrypted personal user data; and
using the data access key, decrypt the encrypted personal user data;
and,a processor in data communication with the server and the database, the processor configured to;
receive from the client device the service provider token, the user token, and the request for the data access key;
identify the service provider based on the service provider token;
identify the user based on the user token;
verify that the service provider is authorized to receive access to the personal user data;
retrieving, by the processor, the user key from the database;
generate the data access key from the user key; and
transmit to the client device the data access key.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for controlling data access through the interaction of a short-range transceiver, such as a contactless card, with a client device are presented. An exemplary system and method may include establishing a database storing identifiers and keys for users and service providers, receiving from a client device of the service provider, via a network, a service provider token and a request for a data access key, the request generated in response to a tap action between a contactless card associated with a user and the client device, verifying the service provider is authorized to receive access to personal user data encrypted and stored on the contactless card, generating a data access key based on a user key, and transmitting to the service provider client device, via the network, the data access key, such that the client device may decrypt the personal user data obtained from the contactless card.
1 Citation
19 Claims
-
1. A data access control system, comprising:
-
a database storing information comprising a user identifier and a user key associated with a user, and a service provider identifier and a service provider key associated with a service provider; a server configured for data communication with a client device associated with the service provider via a network; a contactless card associated with the user, the contactless card comprising a communications interface, a processor, and a memory, the memory storing an applet, a user token, and personal user data associated with the user, wherein the personal user data is encrypted using the user key; a client application comprising instructions for execution on the client device, the client application configured to; in response to a tap action between the contactless card and the client device;
receive the user token from the contactless card, and transmit to the server a service provider token, the user token, and a request for a data access key, wherein the service provider token is associated with the service provider;receive from the server the data access key; receive from the contactless card the encrypted personal user data; and using the data access key, decrypt the encrypted personal user data; and, a processor in data communication with the server and the database, the processor configured to; receive from the client device the service provider token, the user token, and the request for the data access key; identify the service provider based on the service provider token; identify the user based on the user token; verify that the service provider is authorized to receive access to the personal user data; retrieving, by the processor, the user key from the database; generate the data access key from the user key; and transmit to the client device the data access key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for controlling data access, comprising:
-
establishing a database storing information comprising a user identifier and a user key associated with a user, and a service provider identifier and a first service provider key associated with a service provider; receiving from a first client device associated with the service provider, via a network, a service provider token and a request for a data access key to access personal user data stored on a contactless card associated with the user, the personal user data encrypted using the user key, the request generated in response to a tap action between the contactless card and the first client device, the request accompanied by a user token stored on the contactless card; identifying the service provider based on the service provider token; identifying the user based on the user token; verifying that the service provider is authorized to receive access to personal user data stored on the contactless card; retrieving the user key from the database; generating the data access key based on the user key; and transmitting to the first client device the data access key. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A method for controlling data access, comprising:
-
establishing a database storing information comprising a user identifier and a user key associated with a user, and a service provider identifier and a service provider key associated with a service provider; providing a contactless card comprising a communications interface, a processor, and a memory, the memory storing an applet and a user token, wherein the communications interface is configured to support at least one of near field communication, Bluetooth, or Wi-Fi, and wherein the contactless card is associated with the user; providing a client application comprising instructions for execution on a client device associated with the service provider, the client application configured to; in response to a tap action between the contactless card and the client device;
receive the user token from the contactless card, and transmit via a network, to a server, a service provider token, the user token, and a request for a data access key, wherein the service provider token is associated with the service provider;receive from the server the data access key and a link to a data repository storing encrypted personal user data associated with the user, wherein the data access key is generated based on the user key; transmit to the data repository, via the link, a request for the encrypted personal user data; receive from the data repository the encrypted personal user data; and using the data access key, decrypt the encrypted personal user data; receiving from the client device, via the network, a service provider token and the request for the data access key to access the personal user data associated with the user, the request accompanied by the user token; identifying the service provider based on the service provider token; identifying the user based on the user token; verifying that the service provider is authorized to receive access to the personal user data associated with the user; generating the link to the data repository storing the encrypted personal user data; retrieving the user key from the database; generating the data access key based on the user key; and transmitting to the client device the data access key and the link to the data repository storing the encrypted personal user data. - View Dependent Claims (19)
-
Specification