WO2021076488A1 - Systems and methods for data access control of secure memory using a short-range transceiver - Google Patents

Systems and methods for data access control of secure memory using a short-range transceiver Download PDF

Info

Publication number
WO2021076488A1
WO2021076488A1 PCT/US2020/055363 US2020055363W WO2021076488A1 WO 2021076488 A1 WO2021076488 A1 WO 2021076488A1 US 2020055363 W US2020055363 W US 2020055363W WO 2021076488 A1 WO2021076488 A1 WO 2021076488A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
client device
key
data
data access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/US2020/055363
Other languages
English (en)
French (fr)
Inventor
Jeffrey Carlyle Wieker
Patrick Zearfoss
Clayton JOHNSON
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Capital One Services LLC
Original Assignee
Capital One Services LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Capital One Services LLC filed Critical Capital One Services LLC
Priority to CN202080088293.7A priority Critical patent/CN114846466A/zh
Priority to CA3154974A priority patent/CA3154974A1/en
Priority to KR1020227013367A priority patent/KR20220084299A/ko
Priority to AU2020368144A priority patent/AU2020368144A1/en
Priority to JP2022522939A priority patent/JP7842686B2/ja
Priority to EP20800497.8A priority patent/EP4046043A1/en
Publication of WO2021076488A1 publication Critical patent/WO2021076488A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • G06F21/35User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0623Securing storage systems in relation to content
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0629Configuration or reconfiguration of storage systems
    • G06F3/0637Permissions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/064Management of blocks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/067Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/40Security arrangements using identity modules
    • H04W12/47Security arrangements using identity modules using near field communication [NFC] or radio frequency identification [RFID] modules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device

Definitions

  • the present disclosure relates generally to user data control and, more specifically, to an exemplary system and method for active control of creating and accessing a secure memory block through the interaction of a short-range transceiver with a client device.
  • Embodiments of the present disclosure provide a data access control system, comprising: a server configured for data communication with a client device associated with a user; a contactless card associated with the user, the contactless card comprising a communications interface, a processor, and a memory, the memory storing an applet and a user token; a client application comprising instructions for execution on the client device, the client application configured to: in response a tap action between the contactless card and the client device: receive the user token from the contactless card; and transmit to the server the user token and a request for a data storage key; receive from the server the data storage key; create a secure memory block in a memory of the client device; and encrypt the secure memory block using the data storage key; and, a processor in data communication with the server, the processor configured to: receive from the client device the user token and the request for the data storage key; identify the user based on the user token; verify that the user is authorized to create the secure memory block in the client device; and transmit to the client device the
  • Embodiments of the present disclosure provide a non-transitory machine-readable medium having stored thereon an application comprising program code for execution on a client device, the client device associated with a user, the client device configured to communicate over a short-range communication field with a contactless card associated with the user, the contactless card comprising memory storing a user token, the application configured to, when executed, perform procedures comprising: in response a tap action between the contactless card and the client device: receiving the user token from the contactless card; and transmitting to a server the user token and a request for a data storage key; receiving from the server the data storage key; creating a secure memory block in a memory of the client device; storing personal user data in the secure memory block; and encrypting the secure memory block using the data storage key.
  • FIG. 1 A is a diagram of a data access control system according to one or more example embodiments.
  • FIG. IB is a diagram illustrating a sequence for providing data access control according to one or more example embodiments.
  • FIG. 1C is a diagram illustrating a sequence for providing data access control according to one or more example embodiments.
  • FIG. 2 illustrates components of a client device used in a data access control system according to one or more example embodiments.
  • FIG. 3 illustrates components of a short-range transceiver used in a data access control system according to one or more example embodiments.
  • FIG. 4 is diagram illustrating interaction between a client device and a short-range transceiver used in a data access control system according to one or more example embodiments.
  • FIGs. 6A-6D provide a flowchart illustrating one or more methods of data access control according to one or more example embodiments.
  • FIGs. 7A-7B provide a flowchart illustrating one or more methods of data access control according to one or more example embodiments.
  • Exemplary embodiments of the disclosed systems and methods provide for controlling data access through the interaction of a short-range transceiver, such as a contactless card, with a client device.
  • Data access control may be provided in the context of creating and accessing a secure memory block in a client device.
  • Requests to create or access a secure memory block in a client device may be handled via the interaction of a short-range transceiver, such as a contactless card, with a client device such that, once the secure memory block is created in memory of the client device, personal user data may be stored in the secure memory block, and access to the stored personal user data may only be provided to users authorized to review the data.
  • Benefits of the disclosed technology may include improved data security for personal user data, improved access to personal user data which may be stored in and retrieved from a more convenient location (i.e., a client device such as a mobile phone), and improved user experience.
  • FIG. 1 A shows a diagram illustrating a data access control system 100 according to one or more example embodiments.
  • system 100 may include client device 101, short-range transceiver 105, server 110, processor 120 and database 130.
  • Client device 101 may communicate with server 110 via network 115.
  • FIG. 1 illustrates certain components connected in certain ways, system 100 may include additional or multiple components connected in various ways.
  • System 100 may include one or more client devices, such as client device 101, which may each be a network-enabled computer.
  • client device 101 may each be a network-enabled computer.
  • a network-enabled computer may include, but is not limited to a computer device, or communications device including, e.g., a server, a network appliance, a personal computer, a workstation, a phone, a handheld PC, a personal digital assistant, a thin client, a fat client, an Internet browser, or other device.
  • Client device 101 also may be a mobile device; for example, a mobile device may include an iPhone, iPod, iPad from Apple® or any other mobile device running Apple’s iOS® operating system, any device running Microsoft’s Windows® Mobile operating system, any device running Google’s Android® operating system, and/or any other smartphone, tablet, or like wearable mobile device. Additional features that may be included in a client device, such as client device 101, are further described below with reference to FIG. 2.
  • System 100 may include one or more short-range transceivers, such as short-range transceiver 105.
  • Short-range transceiver 105 may be in wireless communication with a client device, such as client device 101, within a short-range communications field such as, for example, near field communication (NFC).
  • NFC near field communication
  • Short-range transceiver 105 may include, for example, a contactless card, a smart card, or may include a device with a varying form factor such as a fob, pendant or other device configured to communicate within a short-range communications field.
  • short-range transceiver 105 may be the same or similar as client device 101. Additional features that may be included in a short-range transceiver, such as such as short-range transceiver 105, are further described below with reference to FIG. 3.
  • System 100 may include one or more servers 110.
  • server 110 may include one or more processors (such as, e.g., a microprocessor) which are coupled to memory.
  • Server 110 may be configured as a central system, server or platform to control and call various data at different times to execute a plurality of workflow actions.
  • Server 110 may be a dedicated server computer, such as bladed servers, or may be personal computers, laptop computers, notebook computers, palm top computers, network computers, mobile devices, or any processor-controlled device capable of supporting the system 100.
  • Server 110 may be configured for data communication (such as, e.g., via a connection) with one or more processors, such as processor 120. In some example embodiments, server 110 may incorporate processor 120.
  • server 110 may be physically separate and/or remote from processor 120.
  • Processor 120 may be configured to serve as a back-end processor.
  • Processor 120 may be configured for data communication (such as, e.g., via a connection) with database 130 and/or server 110.
  • Processor 120 may include one or more processing devices such as a microprocessor, RISC processor, ASIC, etc., along with associated processing circuitry.
  • Processor 120 may include, or be connected to, memory storing executable instructions and/or data.
  • Processor 120 may communicate, send or receive messages, requests, notifications, data, etc. to/from other devices, such as client devices 101 and/or 103, via server 110.
  • Server 110 may be configured for data communication (such as, e.g., via a connection) with one or more databases, such as database 130.
  • Database 130 may be a relational or non relational database, or a combination of more than one database.
  • server 110 may incorporate database 130.
  • database 130 may be physically separate and/or remote from server 110, located in another server, on a cloud-based platform, or in any storage device that is in data communication with server 110.
  • Connections between server 110, processor 120 and database 130 may be made via any communications line, link or network, or combination thereof, wired and/or wireless, suitable for communicating between these components.
  • Such network may include network 115 and/or one or more networks of same or similar type as those described herein with reference to network 115.
  • connections between server 110, processor 120 and database 130 may include a corporate LAN.
  • Server 110 and/or database 130 may include user login credentials used to control access to user accounts.
  • the login credentials may include, without limitation, user names, passwords, access codes, security questions, swipe patterns, image recognition, identification scans (e.g., driver’s license scan and passport scan), device registrations, telephone numbers, email addresses, social media account access information, and biometric identification (e.g., voice recognition, fingerprint scans, retina scans, and facial scans).
  • network 115 may include, without limitation, telephone lines, fiber optics, IEEE Ethernet 902.3, a wide area network, a wireless personal area network, a LAN, or a global network such as the Internet.
  • network 115 may support an Internet network, a wireless communication network, a cellular network, or the like, or any combination thereof.
  • Network 115 may further include one network, or any number of the exemplary types of networks mentioned above, operating as a stand-alone network or in cooperation with each other.
  • Network 115 may utilize one or more protocols of one or more network elements to which they are communicatively coupled.
  • Network 115 may translate to or from other protocols to one or more protocols of network devices.
  • Short-range transceiver 105 may be associated with a user.
  • Short-range transceiver 105 may include, for example, a contactless card, and may include features further described below with reference to FIG. 3.
  • Short-range transceiver 105 may have memory storing an applet 106 and/or a token 107. Token 107 may be associated with the user.
  • the user may sign in or login to application 102 running on client device 101. Sign-in or login may be accomplished via, e.g., entering a username and password, or scanning a biometric image such as a fingerprint scan, retina scan, facial scan, etc.
  • application 102 may display an instruction on client device 101 prompting the user to initiate a tap action between short-range transceiver 105 and client device 101.
  • a tap action may include tapping short-range transceiver 105 against client device 101 (or vice-versa).
  • the tap action may include tapping the contactless card on a screen or other portion of client device 101.
  • a tap action is not limited to a physical tap by short-range transceiver 105 against client device 101, and may include other gestures, such as, e.g., a wave or other movement of short-range transceiver 105 in the vicinity of client device 101 (or vice-versa).
  • Communication between application 102 and short-range transceiver 105 may involve short- range transceiver 105 (such as, e.g., a contactless card) being sufficiently close to a card reader (not shown) of the client device 101 to enable NFC data transfer between application 102 and short-range transceiver 105, and may occur in conjunction with (or response to) a tap action between short-range transceiver 105 and client device 101 (such as, e.g., the tap action at label 152).
  • the communication may include exchange of data or commands to establish a communication session between application 102 and short-range transceiver 105.
  • the exchange of data may include transfer or exchange of one or more keys, which may be preexisting keys or generated as session keys.
  • the communication may occur upon entry of short-range transceiver 105 into a short-range communication field of client device 101 prior to a tap action between short-range transceiver 105 and client device 101.
  • application 102 may send the user token to server 110, along with a request for a data storage key. This may be carried out in response to a tap action between short-range transceiver 105 and client device 101 (such as, e.g., the tap action at label 152).
  • the data storage key may enable the user to encrypt a secure memory block created as described further herein.
  • short-range transceiver 105 there may be a tap action between short-range transceiver 105 and client device 101.
  • the tap action may be in response to a prompt displayed on client device 101.
  • application 102 may communicate (via client device 101) with short- range transceiver 105 (e.g., after short-range transceiver 105 is brought near client device 101).
  • short-range transceiver 105 may send user token 107 associated with the user to application 102.
  • Token 107 may include a user identifier.
  • user token 107 may include a key associated with the user.
  • the sending of user token 107 to application 102 may be in conjunction with (or response to) a tap action between short-range transceiver 105 and client device 101 (such as, e.g., the tap action at label 172).
  • the sending of user token 107 to application 102 may occur upon entry of short-range transceiver 105 into a short-range communication field of client device 101 prior to a tap action between short-range transceiver 105 and client device 101.
  • application 102 may send the user token to server 110, along with a request for a data access key. This may be carried out in response to a tap action between short-range transceiver 105 and client device 101 (such as, e.g., the tap action at label 172).
  • the data access key may enable the user to decrypt a secure memory block in client device 101 (the secure memory block previously created and encrypted according to the techniques described herein) and store, read, update or otherwise access personal user data stored in the secure memory block.
  • processor 120 may receive (e.g. via server 110) the user token and the data access key request. Processor 120 may use the user token to identify the user. In some example embodiments, identifying the user may be carried out by using a user identifier in the token to look up information in database 130. In some example embodiments, at label 180, if the user token includes a key associated with the user, processor 120 may use the user key to authenticate the user. Based on the identity of the user (and as such identity may be authenticated), processor 120 may verify whether the user is authorized to access a secure memory block in the memory 104 of client device 101 and to receive a data access key to be used for decrypting and accessing that memory block.
  • processor 120 may send the data access key to client device 101.
  • processor 120 may verify that the user is authorized to access the secure memory block in the memory 104 of client device 101 and receive the data access key.
  • the data access key may be stored in database 130, or may be generated based on the user key. Generating the data access key based on the user key may include using a counter or other data derived or otherwise maintained in synchronization between processor 120, client device 101 and/or short-range transceiver 105; for example, a data access key may be generated by encrypting such a counter value or other data value with the user key.
  • the user key may be stored in database 130 or included in user token 107.
  • application 102 may, without communicating with processor 120 or server 110, decrypt the secure memory block using a data access key received from short-range transceiver 105 or generated based on data received from short- range transceiver 105 (such as user token 107, which may include a user key, or other data which may include a second user key).
  • Generating the data access key based on data received from short-range transceiver 105 may include using a counter or other data derived or otherwise maintained in synchronization between client device 101 and short-range transceiver 105; for example, a data access key may be generated by encrypting such a counter value or other data value with the user key.
  • One or more of the steps involved in receiving or generating a data access key and decrypting the secure memory block may be responsive to a tap action between short-range transceiver 105 and client device 101.
  • user token 107 may be received from short-range transceiver 105. Receiving user token 107 may be in response to the tap action of block 612. User token 107 may include a user identifier. In some example embodiments, user token 107 may include a user key associated with the user.
  • user token 107 may be transmitted to server 110 along with a data storage key request, to obtain a data storage key for encrypting the secure memory block to be created in memory of client device 101. Transmission of user token 107 and the data storage key request to server 110 may be in response to the tap action of block 612.
  • the secure memory block may be created in memory of client device 101, as described above.
  • personal user data may be stored in the secure memory block.
  • personal user data may be stored in the secure memory block at a later time.
  • the data storage key may be used to encrypt the secure memory block, thereby securing the secure memory block from unauthorized access.
  • FIG. 6B is a flowchart illustrating a method of data access control 601 according to one or more example embodiments, with reference to components and features described above, including but not limited to the figures and associated description.
  • Data access control method 601 may be carried out by application 102 executing on client device 101 associated with the user.
  • Short-range transceiver 105 is associated with the user.
  • a tap action may be detected between short-range transceiver 105 and client device 101.
  • user token 107 may be received from short-range transceiver 105. Receiving user token 107 may be in response to the tap action of block 632.
  • User token 107 may include a user identifier. In some example embodiments, user token 107 may include a user key associated with the user.
  • the secure memory block may be created in memory of client device 101, as described above.
  • personal user data may be stored in the secure memory block.
  • personal user data may be stored in the secure memory block at a later time.
  • FIG. 6C is a flowchart illustrating a method of data access control 602 according to one or more example embodiments, with reference to components and features described above, including but not limited to the figures and associated description.
  • Data access control method 602 may utilize a secure memory block previously created in client device 101 according to one or more of the embodiments described above.
  • Data access control method 602 may be carried out by application 102 executing on client device 101 associated with the user.
  • Short- range transceiver 105 is associated with the user.
  • application 102 may cause client device 101 to display a user data access request screen (such as shown in, and described above with reference to, FIG. 5).
  • the user data access request screen may include an instruction to tap short-range transceiver 105 with/against client device 101 to initiate a data access key request.
  • short-range transceiver 520 (and, hence, short-range transceiver 105) may be a contactless card.
  • a tap action may be detected between short-range transceiver 105 and client device 101.
  • user token 107 may be received from short-range transceiver 105. Receiving user token 107 may be in response to the tap action of block 652.
  • User token 107 may include a user identifier. In some example embodiments, user token 107 may include a user key associated with the user.
  • user token 107 may be transmitted to server 110 along with a data access key request, to obtain a key for decrypting the secure memory block in memory of client device 101. Transmission of user token 107 and the data access key request to server 110 may be in response to the tap action of block 652.
  • a data access key may be received from server 110.
  • personal user data may be stored in, updated, and/or otherwise accessed from the secure memory block.
  • Application 102 may cause the display of the personal user data on client device 101.
  • the secure memory block may be re-encrypted, thereby securing the secure memory block from unauthorized access.
  • the data storage key, the data access key, or another key generated from one or more of the data storage key, the data access key, and the user key may be used to re-encrypt the secure memory block. Re-encryption of the secure memory block may occur automatically, for example after expiration of a predetermined time period, or may occur upon user command.
  • FIG. 6D is a flowchart illustrating a method of data access control 603 according to one or more example embodiments, with reference to components and features described above, including but not limited to the figures and associated description.
  • Data access control method 603 may utilize a secure memory block previously created in client device 101 according to one or more of the embodiments described above.
  • Data access control method 603 may be carried out by application 102 executing on client device 101 associated with the user.
  • Short-range transceiver 105 is associated with the user.
  • application 102 may cause client device 101 to display a user data access request screen (such as shown in, and described above with reference to, FIG. 5).
  • the user data access request screen may include an instruction to tap short-range transceiver 105 with/against client device 101 to initiate a data access key request.
  • short-range transceiver 520 (and, hence, short-range transceiver 105) may be a contactless card.
  • a tap action may be detected between short-range transceiver 105 and client device 101.
  • the user’s authorization to access a secure memory block in memory of client device 101 may be verified. Authorization may be based on the identity of the user determined, e.g., from user token 107.
  • a data access key may be received from short-range transceiver 105 or generated based on data received from short-range transceiver 105 (such as user token 107, which may include a user key, or other data which may include a second user key).
  • the user key may serve as the data access key.
  • the data access key may be used to decrypt the secure memory block, thereby allowing authorized access to the secure memory block.
  • personal user data may be stored in, updated, and/or otherwise accessed from the secure memory block.
  • Application 102 may cause the display of the personal user data on client device 101.
  • the secure memory block may be re-encrypted, thereby securing the secure memory block from unauthorized access.
  • the data storage key, the data access key, or another key generated from one or more of the data storage key, the data access key, and the user key may be used to re-encrypt the secure memory block. Re-encryption of the secure memory block may occur automatically, for example after expiration of a predetermined time period, or may occur upon user command.
  • FIG. 7A is a flowchart illustrating a method of data access control 700 according to one or more example embodiments, with reference to components and features described above, including but not limited to the figures and associated description.
  • Data access control method 700 may be carried out by processor 120 in communication with, via server 110, client device 101 associated with a user.
  • the user may be identified based on received user token 107.
  • token 107 includes the user key associated with the user
  • the user key may be used to authenticate the user.
  • the processor may verify that the user is authorized to create the secure memory block (and thus authorized to obtain the data storage key). Authorization may be based on the identity of the user, and may include retrieval of information from database 130.
  • a data storage key may be sent to client device 101 associated with the user. As described above, the data storage key may be stored in database 130, or may be generated based on the user key.
  • FIG. 7B is a flowchart illustrating a method of data access control 701 according to one or more example embodiments, with reference to components and features described above, including but not limited to the figures and associated description.
  • the features described in FIG. 7B may be in addition to the features referenced in FIG. 7A.
  • the description of blocks referenced in FIG. 7A will not be repeated here.
  • data access control method 701 may be carried out by processor 120 in communication with, via server 110, client device 101 associated with a user.
  • a data access key request may be received, along with user token 107, from client device 101 associated with a user, requesting a data access key to enable access to a secure memory block in memory of client device 101.
  • Token 107 may include a user identifier.
  • token 107 may include a user key associated with the user.
  • the user may be identified based on received user token 107.
  • token 107 includes the user key associated with the user
  • the user key may be used to authenticate the user.
  • the processor may verify that the user is authorized to access the secure memory block (and thus authorized to obtain the data access key). Authorization may be based on the identity of the user, and may include retrieval of information from database 130. [0127]
  • a data access key may be sent to client device 101 associated with the user. As described above, the data access key may be stored in database 130, or may be generated based on the user key.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)
PCT/US2020/055363 2019-10-18 2020-10-13 Systems and methods for data access control of secure memory using a short-range transceiver Ceased WO2021076488A1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
CN202080088293.7A CN114846466A (zh) 2019-10-18 2020-10-13 用于使用短程收发器进行的安全存储器的数据访问控制的系统和方法
CA3154974A CA3154974A1 (en) 2019-10-18 2020-10-13 Systems and methods for data access control of secure memory using a short-range transceiver
KR1020227013367A KR20220084299A (ko) 2019-10-18 2020-10-13 단거리 트랜시버를 사용한 보안 메모리의 데이터 액세스 제어 시스템 및 방법
AU2020368144A AU2020368144A1 (en) 2019-10-18 2020-10-13 Systems and methods for data access control of secure memory using a short-range transceiver
JP2022522939A JP7842686B2 (ja) 2019-10-18 2020-10-13 近距離送受信機を使用した、安全なメモリのデータアクセス制御のための、システム及び方法
EP20800497.8A EP4046043A1 (en) 2019-10-18 2020-10-13 Systems and methods for data access control of secure memory using a short-range transceiver

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US16/657,415 US10742414B1 (en) 2019-10-18 2019-10-18 Systems and methods for data access control of secure memory using a short-range transceiver
US16/657,415 2019-10-18

Publications (1)

Publication Number Publication Date
WO2021076488A1 true WO2021076488A1 (en) 2021-04-22

Family

ID=71994122

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2020/055363 Ceased WO2021076488A1 (en) 2019-10-18 2020-10-13 Systems and methods for data access control of secure memory using a short-range transceiver

Country Status (8)

Country Link
US (4) US10742414B1 (https=)
EP (1) EP4046043A1 (https=)
JP (1) JP7842686B2 (https=)
KR (1) KR20220084299A (https=)
CN (1) CN114846466A (https=)
AU (1) AU2020368144A1 (https=)
CA (1) CA3154974A1 (https=)
WO (1) WO2021076488A1 (https=)

Families Citing this family (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3284182B1 (en) 2015-04-14 2020-11-04 Capital One Services, LLC Automated bluetooth pairing
US10515361B2 (en) 2016-12-28 2019-12-24 Capital One Services, Llc Smart card secure online checkout
US11315114B2 (en) 2016-12-28 2022-04-26 Capital One Services, Llc Dynamic transaction card protected by multi-factor authentication
US10546444B2 (en) 2018-06-21 2020-01-28 Capital One Services, Llc Systems and methods for secure read-only authentication
US11216806B2 (en) 2018-09-19 2022-01-04 Capital One Services, Llc Systems and methods for providing card interactions
US10771254B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for email-based card activation
US10949520B2 (en) 2018-10-02 2021-03-16 Capital One Services, Llc Systems and methods for cross coupling risk analytics and one-time-passcodes
US10783519B2 (en) 2018-10-02 2020-09-22 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10841091B2 (en) 2018-10-02 2020-11-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10489781B1 (en) 2018-10-02 2019-11-26 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
CA3115084A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10554411B1 (en) 2018-10-02 2020-02-04 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10664830B1 (en) 2018-12-18 2020-05-26 Capital One Services, Llc Devices and methods for selective contactless communication
US20200226581A1 (en) 2019-01-11 2020-07-16 Capital One Services, Llc Systems and methods for touch screen interface interaction using a card overlay
US10984416B2 (en) 2019-03-20 2021-04-20 Capital One Services, Llc NFC mobile currency transfer
US10467445B1 (en) 2019-03-28 2019-11-05 Capital One Services, Llc Devices and methods for contactless card alignment with a foldable mobile device
US10871958B1 (en) 2019-07-03 2020-12-22 Capital One Services, Llc Techniques to perform applet programming
US10713649B1 (en) 2019-07-09 2020-07-14 Capital One Services, Llc System and method enabling mobile near-field communication to update display on a payment card
WO2021066823A1 (en) 2019-10-02 2021-04-08 Capital One Services, Llc Client device authentication using contactless legacy magnetic stripe data
US10885410B1 (en) 2019-12-23 2021-01-05 Capital One Services, Llc Generating barcodes utilizing cryptographic techniques
US10733283B1 (en) 2019-12-23 2020-08-04 Capital One Services, Llc Secure password generation and management using NFC and contactless smart cards
US10862540B1 (en) 2019-12-23 2020-12-08 Capital One Services, Llc Method for mapping NFC field strength and location on mobile devices
US11200563B2 (en) 2019-12-24 2021-12-14 Capital One Services, Llc Account registration using a contactless card
US11038688B1 (en) 2019-12-30 2021-06-15 Capital One Services, Llc Techniques to control applets for contactless cards
US11455620B2 (en) 2019-12-31 2022-09-27 Capital One Services, Llc Tapping a contactless card to a computing device to provision a virtual number
EP3852336B1 (en) * 2020-01-17 2023-08-02 GE Aviation Systems LLC System for connecting one or more applications of an electronic device to one or more avionics systems
WO2021182938A1 (ko) * 2020-03-10 2021-09-16 엘지전자 주식회사 무선 통신 시스템에서 근거리 무선 통신을 이용한 사용자 계정 관리 방법 및 이에 대한 장치
US11823175B2 (en) 2020-04-30 2023-11-21 Capital One Services, Llc Intelligent card unlock
JP2022007746A (ja) * 2020-06-26 2022-01-13 株式会社日立製作所 情報処理システム及び情報処理方法
US11216623B1 (en) 2020-08-05 2022-01-04 Capital One Services, Llc Systems and methods for controlling secured data transfer via URLs
US12277982B2 (en) * 2020-08-26 2025-04-15 Telefonaktiebolaget Lm Ericsson (Publ) Verifiable one-time programmable memory device
US11482312B2 (en) 2020-10-30 2022-10-25 Capital One Services, Llc Secure verification of medical status using a contactless card
US11373169B2 (en) 2020-11-03 2022-06-28 Capital One Services, Llc Web-based activation of contactless cards
US11637826B2 (en) 2021-02-24 2023-04-25 Capital One Services, Llc Establishing authentication persistence
US11961089B2 (en) 2021-04-20 2024-04-16 Capital One Services, Llc On-demand applications to extend web services
US11354555B1 (en) 2021-05-04 2022-06-07 Capital One Services, Llc Methods, mediums, and systems for applying a display to a transaction card
US12495042B2 (en) 2021-08-16 2025-12-09 Capital One Services, Llc Systems and methods for resetting an authentication counter
US12069173B2 (en) 2021-12-15 2024-08-20 Capital One Services, Llc Key recovery based on contactless card authentication
US12520136B2 (en) 2022-04-27 2026-01-06 Capital One Services, Llc Systems and methods for context-switching authentication over short range wireless communication
US12596780B2 (en) 2022-06-27 2026-04-07 Capital One Services, LLC. Techniques to perform dynamic call center authentication utilizing a contactless card
US12511654B2 (en) 2022-08-08 2025-12-30 Capital One Services, Llc Systems and methods for bypassing contactless payment transaction limit
US12505450B2 (en) 2022-08-17 2025-12-23 Capital One Services, Llc Systems and methods for dynamic data generation and cryptographic card authentication
US12489747B2 (en) 2022-11-18 2025-12-02 Capital One Services, LLC. Systems and techniques to perform verification operations with wireless communication
US12592828B2 (en) 2023-01-06 2026-03-31 Capital One Services, Llc System and method for parallel manufacture and verification of one-time-password authentication cards
US12519652B2 (en) 2023-02-24 2026-01-06 Capital One Services, Llc System and method for dynamic integration of user-provided data with one-time-password authentication cryptogram
US12592819B2 (en) 2023-02-28 2026-03-31 Capital One Services, Llc Membership account management using a contactless card
US12591875B2 (en) 2023-03-10 2026-03-31 Capital One Services, Llc Systems and methods of contactless card as one authentication factor for multiple factor authentication
US12511640B2 (en) 2023-03-13 2025-12-30 Capital One Services, Llc Systems and methods of managing password using contactless card
US12591876B2 (en) 2023-04-07 2026-03-31 Capital One Services, Llc Systems and methods for launching a mobile application or a browser extension responsive to satisfying predetermined conditions
US20240420100A1 (en) * 2023-06-13 2024-12-19 Capital One Services, Llc Systems and methods for transaction processing based on authenticated identity
US12505448B2 (en) 2023-08-09 2025-12-23 Capital One Services, Llc Systems and methods for fraud prevention in mobile application verification device enrollment process
US12511638B2 (en) 2023-09-07 2025-12-30 Capital One Services, Llc Assignment of near-field communications applets
US12580767B2 (en) 2023-10-31 2026-03-17 Capital One Services, LLC. Transmission of secure and authenticated data over a network
US12580752B2 (en) 2024-01-03 2026-03-17 Capital One Services, Llc Systems and methods for generating shared secret key for transaction cards

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8880027B1 (en) * 2011-12-29 2014-11-04 Emc Corporation Authenticating to a computing device with a near-field communications card
US20150312038A1 (en) * 2014-04-23 2015-10-29 Karthikeyan Palanisamy Token security on a communication device
US10438437B1 (en) * 2019-03-20 2019-10-08 Capital One Services, Llc Tap to copy data to clipboard via NFC

Family Cites Families (64)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5412723A (en) * 1994-03-01 1995-05-02 International Business Machines Corporation Mechanism for keeping a key secret from mobile eavesdroppers
US5862220A (en) * 1996-06-03 1999-01-19 Webtv Networks, Inc. Method and apparatus for using network address information to improve the performance of network transactions
JP3663058B2 (ja) * 1998-07-29 2005-06-22 シャープ株式会社 移動体通信用端末装置
JP2000276457A (ja) 1999-03-25 2000-10-06 Mitsubishi Electric Corp データ共有コンピュータシステム及びクライアント
JP2002033727A (ja) * 2000-05-11 2002-01-31 Matsushita Electric Ind Co Ltd ファイル管理装置
US20020122553A1 (en) * 2001-03-01 2002-09-05 International Business Machines Corporation Method and apparatus for lightweight rekeying of a master key in a single sign-on system
JP2003051819A (ja) * 2001-08-08 2003-02-21 Toshiba Corp マイクロプロセッサ
JP2003131929A (ja) 2001-08-10 2003-05-09 Hirohiko Nakano 情報端末および情報ネットワークシステム、ならびにそれらのためのプログラム
US8132236B2 (en) 2001-11-12 2012-03-06 Hewlett-Packard Development Company, L.P. System and method for providing secured access to mobile devices
US7526555B2 (en) * 2003-03-25 2009-04-28 Toshiba Corporation Smart card printing
JP2004336719A (ja) 2003-04-16 2004-11-25 Nec Corp 携帯端末及びその情報管理方法、並びにコンピュータ・プログラム
US20050223233A1 (en) * 2004-04-01 2005-10-06 Fujitsu Limited Authentication method and system
EP1807966B1 (en) 2004-10-20 2020-05-27 Salt Group Pty Ltd. Authentication method
JP2006246392A (ja) 2005-03-07 2006-09-14 Olympus Corp 通信制御システム
US8402552B2 (en) 2008-01-07 2013-03-19 Antenna Vaultus, Inc. System and method for securely accessing mobile data
US8424079B2 (en) 2008-01-25 2013-04-16 Research In Motion Limited Method, system and mobile device employing enhanced user authentication
WO2009127984A1 (en) * 2008-04-18 2009-10-22 International Business Machines Corporation Authentication of data communications
JP5149233B2 (ja) 2008-04-18 2013-02-20 シャープ株式会社 コンテンツ記録装置
US8149085B2 (en) 2008-05-02 2012-04-03 Research In Motion Limited Coordinated security systems and methods for an electronic device
CN101626417A (zh) 2008-07-08 2010-01-13 鸿富锦精密工业(深圳)有限公司 移动终端身份认证的方法
US8762708B2 (en) * 2008-10-11 2014-06-24 David L. Blankenbeckler Secure content distribution system
US9119076B1 (en) 2009-12-11 2015-08-25 Emc Corporation System and method for authentication using a mobile communication device
US10193873B2 (en) * 2010-09-30 2019-01-29 Comcast Cable Communications, Llc Key derivation for secure communications
TW201216657A (en) * 2010-10-07 2012-04-16 Hon Hai Prec Ind Co Ltd Method for Managing Cookie
CN103563278B (zh) * 2011-05-20 2017-02-08 西里克斯系统公司 保护加密的虚拟硬盘
US8769705B2 (en) * 2011-06-10 2014-07-01 Futurewei Technologies, Inc. Method for flexible data protection with dynamically authorized data receivers in a content network or in cloud storage and content delivery services
US9202042B2 (en) 2011-06-14 2015-12-01 Lantiq Beteiligungs-GmbH & Co.KG Automatic device pairing
US9092969B2 (en) 2011-12-29 2015-07-28 Verizon Patent And Licensing Inc. Method and system for invoking a security function of a device based on proximity to another device
US20130185772A1 (en) * 2012-01-12 2013-07-18 Aventura Hq, Inc. Dynamically updating a session based on location data from an authentication device
CN103379491A (zh) 2012-04-12 2013-10-30 中兴通讯股份有限公司 用于密码验证的用户终端、密码交易终端、系统和方法
JP5935883B2 (ja) * 2012-05-21 2016-06-15 ソニー株式会社 情報処理装置、情報処理システム、および情報処理方法、並びにプログラム
US10305937B2 (en) * 2012-08-02 2019-05-28 CellSec, Inc. Dividing a data processing device into separate security domains
US8931081B2 (en) 2012-08-21 2015-01-06 International Business Machines Corporation Device identification for externalizing password from device coupled with user control of external password service
US10102510B2 (en) * 2012-11-28 2018-10-16 Hoverkey Ltd. Method and system of conducting a cryptocurrency payment via a mobile device using a contactless token to store and protect a user's secret key
EP2962421B1 (en) 2013-02-26 2018-04-04 Visa International Service Association Systems, methods and devices for performing passcode authentication
US9811476B2 (en) 2013-02-28 2017-11-07 Panasonic Intellectual Property Management Co., Ltd. Encryption and recording apparatus, encryption and recording system, and encryption and recording method
US9171140B2 (en) 2013-03-14 2015-10-27 Blackberry Limited System and method for unified passcode processing
US20160127365A1 (en) 2013-04-02 2016-05-05 Verayo, Inc. Authentication token
US9271151B2 (en) 2013-06-28 2016-02-23 Nexkey, Inc. Fingerprinting a mobile device through near field communication
US9246677B2 (en) * 2013-07-01 2016-01-26 Infosys Limited Method and system for secure data communication between a user device and a server
US9983651B2 (en) 2013-07-15 2018-05-29 Google Technology Holdings LLC Low-power near-field communication authentication
US9262641B1 (en) 2013-08-29 2016-02-16 The Boeing Company System and methods of providing data to a mobile computing device
FR3011654B1 (fr) * 2013-10-08 2016-12-23 Commissariat Energie Atomique Procede et dispositif d'authentification et d'execution securisee de programmes
US10591969B2 (en) 2013-10-25 2020-03-17 Google Technology Holdings LLC Sensor-based near-field communication authentication
US9240982B2 (en) * 2013-12-27 2016-01-19 Canon Information And Imaging Solutions, Inc. Method for associating an image-forming device, a mobile device, and a user
US20150227733A1 (en) 2014-02-10 2015-08-13 Hyundai Motor Company Automatic login system and automatic login method
KR101609274B1 (ko) 2014-02-20 2016-04-05 류창화 스마트카드, 스마트인증서버 및 스마트카드 인증 방법
US20160065374A1 (en) 2014-09-02 2016-03-03 Apple Inc. Method of using one device to unlock another device
US9613226B2 (en) 2014-10-01 2017-04-04 VYRTY Corporation Secure access to individual information
CN107077325A (zh) * 2014-10-27 2017-08-18 宇龙计算机通信科技(深圳)有限公司 加密存储区域设置方法、加密存储区域设置装置和终端
US9729522B2 (en) 2014-12-08 2017-08-08 Sony Corporation System and method for device authentication
JP6566810B2 (ja) * 2015-09-18 2019-08-28 株式会社ユニバーサルエンターテインメント 商業用情報提供システムおよび商業用情報提供方法
US9946859B2 (en) 2015-11-04 2018-04-17 Motorola Solutions, Inc. Systems and methods for enabling a lock screen of an electronic device
US9858409B2 (en) 2015-11-23 2018-01-02 International Business Machines Corporation Enhancing security of a mobile device using pre-authentication sequences
KR101758233B1 (ko) * 2015-12-23 2017-07-14 한국과학기술정보연구원 비대칭 특성을 이용한 외부 저장장치의 데이터에 대한 암호화를 수행하는 장치 및 방법
US10496982B2 (en) * 2016-02-03 2019-12-03 Accenture Global Solutions Limited Secure contactless card emulation
US10230723B2 (en) 2016-04-29 2019-03-12 Motorola Solutions, Inc. Method and system for authenticating a session on a communication device
US10237733B2 (en) 2016-07-20 2019-03-19 Salesforce.Com, Inc Behavioral authentication
US10133681B2 (en) * 2016-07-22 2018-11-20 Seagate Technology Llc Using encryption keys to manage data retention
US10489307B2 (en) 2017-01-05 2019-11-26 Pure Storage, Inc. Periodically re-encrypting user data stored on a storage device
US10812475B2 (en) * 2017-04-18 2020-10-20 Servicenow, Inc. Authenticating access to an instance
US9848324B1 (en) 2017-06-13 2017-12-19 Intersections Inc. Mobile device password management and escrow with keyfob
KR102508859B1 (ko) * 2018-10-23 2023-03-10 삼성전자 주식회사 제 1 코일 및 상기 제 1 코일의 옆에 위치한 제 2 코일을 이용하여 근거리 무선 통신을 지원하는 전자 장치
US10510074B1 (en) * 2019-02-01 2019-12-17 Capital One Services, Llc One-tap payment using a contactless card

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8880027B1 (en) * 2011-12-29 2014-11-04 Emc Corporation Authenticating to a computing device with a near-field communications card
US20150312038A1 (en) * 2014-04-23 2015-10-29 Karthikeyan Palanisamy Token security on a communication device
US10438437B1 (en) * 2019-03-20 2019-10-08 Capital One Services, Llc Tap to copy data to clipboard via NFC

Also Published As

Publication number Publication date
AU2020368144A1 (en) 2022-05-05
US12457106B2 (en) 2025-10-28
CA3154974A1 (en) 2021-04-22
US10742414B1 (en) 2020-08-11
US11444770B2 (en) 2022-09-13
US20220376915A1 (en) 2022-11-24
JP2022551997A (ja) 2022-12-14
CN114846466A (zh) 2022-08-02
US20230388124A1 (en) 2023-11-30
US20210119797A1 (en) 2021-04-22
US11764962B2 (en) 2023-09-19
JP7842686B2 (ja) 2026-04-08
KR20220084299A (ko) 2022-06-21
EP4046043A1 (en) 2022-08-24

Similar Documents

Publication Publication Date Title
US12457106B2 (en) Systems and methods for data access control of secure memory using a short-range transceiver
US12393926B2 (en) Systems and methods for data access control using a short-range transceiver
US20250124164A1 (en) Systems and methods for data access control of personal user data using a short-range transceiver
EP4197157B1 (en) Systems and methods for verified messaging via short-range transceiver
HK40078254A (en) Systems and methods for data access control of secure memory using a short-range transceiver
HK40056157A (en) Systems and methods for data access control using a short-range transceiver

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20800497

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 3154974

Country of ref document: CA

ENP Entry into the national phase

Ref document number: 2022522939

Country of ref document: JP

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2020368144

Country of ref document: AU

Date of ref document: 20201013

Kind code of ref document: A

ENP Entry into the national phase

Ref document number: 2020800497

Country of ref document: EP

Effective date: 20220518