US20040139021A1 - Method and system for facilitating data access and management on a secure token - Google Patents
Method and system for facilitating data access and management on a secure token Download PDFInfo
- Publication number
- US20040139021A1 US20040139021A1 US10/656,858 US65685803A US2004139021A1 US 20040139021 A1 US20040139021 A1 US 20040139021A1 US 65685803 A US65685803 A US 65685803A US 2004139021 A1 US2004139021 A1 US 2004139021A1
- Authority
- US
- United States
- Prior art keywords
- cell
- access
- attributes associated
- directory
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/341—Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/34—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
- G06Q20/357—Cards having a plurality of specified features
- G06Q20/3576—Multiple memory zones on card
- G06Q20/35765—Access rights to memory zones
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
Definitions
- the present invention generally relates to data access and management and, more specifically, to a method and system for facilitating data access and management on a secure token, such as, a chip card or smart card.
- the smart card includes a storage architecture that allows data stored thereon to be shared by multiple parties. Access to data stored on the smart card is controlled by various access methods depending on the actions to be taken with respect to the data to be accessed.
- the storage architecture provides a file structure that can have separate instances of the file structure.
- a separate instance is referred to as an environment.
- an environment includes the common commands applet providing access to a directory, one or more cell groups under the directory (with each cell group being a sub-directory), and one or more cells under each cell group. Attributes and access conditions can be set at different levels including, for example, at the directory level, the cell group (or sub-directory) level and the cell level. This allows varying access levels for different parties thereby permitting data to be shared in various manners.
- the storage architecture is implemented on a GlobalPlatform smart card.
- GlobalPlatform is an international smart card consortium of companies in the smart card industry which creates and advances standards and/or specification for smart card infrastructure.
- the storage architecture can also be implemented on a static or native smart card, i.e., a smart card having its own proprietary operating system.
- FIG. 1 is a simplified schematic diagram illustrating one exemplary embodiment of the present invention
- FIG. 2 is a simplified schematic diagram illustrating an exemplary file structure according to one exemplary embodiment of the present invention
- FIG. 3 is a table illustrating an exemplary embodiment of the XCID according to one exemplary embodiment of the present invention.
- FIG. 4 is an exemplary embodiment of a table of contents according to the present invention.
- the present invention in the form of one or more exemplary embodiments will now be described.
- a secure token such as, a chip card or smart card.
- an open storage architecture is provided for applications on a secure token, such as, a chip card or smart card. This architecture can be used to access and store both static and dynamic data elements on smart cards for use by value-added applications.
- FIG. 1 is a simplified schematic diagram illustrating an exemplary embodiment of the present invention.
- a system 100 includes a client 102 and a smart card 104 .
- the client 102 includes one or more applications 106 .
- the client 102 communicates with the smart card 104 using application protocol data units (APDUs).
- APDUs application protocol data units
- the smart card 104 is prepared by an issuer 116 in a personalization process.
- the client 102 also communicates with one or more backend systems operated by a value add service provider 114 in cooperation with the corresponding applications 106 .
- the smart card 104 includes a set of environments—a set of common commands applet 108 , and a storage architecture named “Smart Storage” 112 .
- the set of common commands 108 is used to facilitate interactions between the applications 106 and their corresponding application storage 110 within Smart Storage 112 on the smart card 104 .
- a person of ordinary skill in the art should appreciate how to implement the set of common commands 108 .
- the set of common commands is installed onto the smart card 104 having a specific application storage 110 linked to a corresponding client application 106 .
- the Smart Storage 112 allows a file structure to be created once thereby providing specific files for each corresponding client application 106 . Depending on how the file structure is created, the file structure may allow data to be shared by other client applications 106 .
- the present invention allows an issuer of the smart card 104 to prepare space on the smart card 104 for a future implementation of applications or services.
- This space can be pre-allocated at personalization time (i.e., when the smart card 104 and environment is personalized); alternatively, the issuer can designate use of the space and to whom the space will be allocated after the smart card 104 has been personalized and issued.
- the issuer does not need to have actual knowledge of the size or content of the data that will be stored in individual files on the smart card 104 .
- the issuer can decide later how to allocate and authorize use of the space on the smart card 104 .
- the issuer also defines the access and authorization methods necessary to enable access to the storage space.
- the storage architecture 112 allows an organization of the storage space into groups—application storage 110 , which can then be allocated to various business partners, e.g., program operators. Access to specific portions of these groups can then be defined by the program operators in more detail.
- the storage architecture 112 is an organization of data that can be retrieved and updated using a common commands applet.
- FIG. 2 illustrates an exemplary file structure of the storage architecture 112 .
- the file structure 200 includes a master file 202 and one or more directories 204 identified by corresponding application identifiers (AIDs).
- Each directory 204 can be viewed as a storage instance of the storage architecture 112 .
- For each directory 204 there is a number of associated files containing information that is used to facilitate communications between the common command applet and corresponding application.
- associated files include an application identification file, a status file, a key file, a security environment file, a certificate file, a passcode file and a reset passcode file, etc.
- One or more of these files are used to ensure that the common command applet is able to communicate with the corresponding directory 204 and files thereunder.
- the application identification file contains a unique number to identify each storage instance contained on the smart card 104 , plus related application information on that specific smart card, including, for example, a version number.
- the issuer is responsible for creating both this unique number and additional data during personalization.
- the status file contains specific status information (e.g., status of the smart card, customer segment or expiration date, etc.).
- the key files contain cryptographic keys that are used for signatures and key/passcode encryption purposes.
- the security environment file contains the access conditions for a specific cell group.
- the certificate file contains RSA certificates.
- the passcode file is used to store a cardholder passcode.
- the reset passcode file is used to store special reset-codes, which is used in an off-line environment to reset the cardholder's passcode.
- each directory 204 further includes one or more cell groups 206 .
- Each cell group 206 can be viewed as a sub-directory.
- Each sub-directory 206 can represent storage space for a corresponding application.
- These cell groups 206 are created at the time the smart card 104 is personalized or issued. The number of cell groups 206 that can be created depends on, amongst other things, the issuer of the smart card 104 . For example, an issuer may want to reserve a specific amount of space for future utilization for a certain application. In some situations, the owner of specific cell groups is not known at the time of the smart card personalization. In such cases, ownership of cell groups can be transferred after the smart card 14 has been issued.
- additional cell groups 206 can be created after the smart card 104 has been issued, for example, to a cardholder.
- creation of additional cell groups 206 is controlled by the issuer of the smart card 104 .
- a maximum number of bytes and a maximum number of cells beneath that cell group are defined—thus giving the issuer the ability to control how much space is allocated for each application storage 110 .
- a cell group is contained in a dedicated file (DF).
- DF dedicated file
- a directory 204 may not include any cell groups 206 . Instead, cells can be created directly under an AID that has no cell groups. Description relating to cells will be further provided below.
- each cell group 206 there may be associated security attributes, such as keys, that are used to access that cell group 206 .
- security attributes are initially set by the issuer of the smart card 104 and then subsequently provided to the program operator.
- the value add service provider can then use these security attributes to access the cell group 206 .
- the security environment associated with a cell group 206 can be modified, thereby preventing a previously approved value add service provider from accessing that cell group 206 and/or allowing a new value add service provider to access the same.
- Each cell group 206 is made up of one or more cells 208 .
- Cells 208 are the actual storage entities within the storage architecture 112 .
- each cell 208 includes cell attributes, access conditions and data.
- each part of the space that is separated from the other parts by a specific defined access-method, by a specific access-condition or simply by a logical separation, is called a cell 208 .
- the management of each cell 208 is dependent on the corresponding access conditions for that cell in a specific implementation.
- a cell is contained in an elementary file (EF).
- EF elementary file
- data contained in a cell is program-specific data.
- Cell data can be managed by a back-end host system such as a loyalty host system, customer relationship management (CRM), customer database or a consumer-driven client application.
- CRM customer relationship management
- a number of cells are maintained within the storage architecture 112 or application storage 110 . If neither the owner nor the content of specific cells is known at the time of the smart card personalization, the personalization process only defines the common commands applet and, if the issuer chooses, a number of pre-defined cell groups with default access conditions. Cells within a pre-defined cell group can then be created after the smart card 104 has been issued. In other words, the number of cells and the size of each cell do not have to be specified before personalization of the smart card 104 . Preferably, however, a preliminary sizing assessment should be made to ensure maximum utilization of the available card storage capacity.
- a cell is what makes a corresponding file identifiable to the external world, such as, the client 102 . Via the use of a cell, data from a corresponding file on the smart card 104 can be accessed and manipulated by a client 102 without requiring the client 102 to know the underlying details and logistics concerning the actual address of the data on the smart card 104 .
- cells can be organized within a sub-directory called a cell group.
- the keys used for controlling access to cells under a cell group are defined at the cell group level.
- security attributes are assigned to files on two levels, namely, a cell group file and a cell file.
- the security attributes for cell group files and cell files can be assigned during smart card personalization.
- the cell group file contains security attributes which define the conditions for creating and deleting a file within that cell group.
- Authority to create files can be limited to the value add service provider having access to the keys for a specific cell group.
- the conditions for creating and deleting the files directly under a directory 204 AID can be limited to a single entity, for example, the issuer.
- the cell file is assigned security attributes which define when a client 102 can create, read, update or delete data from the cell or whether data is to be encrypted during transport to or from the cell.
- the common commands applet maintains a table of contents of all cells within the corresponding storage instance.
- This table of contents is linked to the specific AID associated with the corresponding storage instance implemented logically on a cell group level.
- a table of contents is maintained for all active cells (i.e., cells containing data) grouped into specific cell groups.
- the table of contents is used by the client 102 to address a specific cell in the corresponding storage instance or application storage 110 .
- There can be multiple storage instances on the smart card 104 but each storage instance has its separate table of contents administered by the corresponding common commands applet.
- the common commands applet has no knowledge of the actual contents of a cell.
- the common commands applet only administers access to a cell. It is up to the client application 106 to interpret the contents of a cell.
- the client application 106 is equipped with information on the requisite keys and software that apply to a specific cell and the respective access conditions for specific cells. In some situation, clients 102 may be able to get on-line access to an issuer or value add service provider back-end system in order to retrieve the information necessary to access specific cells.
- each cell may be associated with an access method or access conditions.
- no access method may be defined for a specific cell, meaning that the cell can be freely accessed.
- one of a number of access methods can be associated with a cell.
- Such access methods can be categorized based on different domains including, for example, cardholder domain, card issuer domain and value add service provider domain.
- cardholder domain a cardholder wishing to access a cell is prompted to provide a passcode in either clear or encrypted text.
- a digital signature is provided in order to gain access to the cell.
- each cell includes attributes that are unique to that cell and its contents. These attributes are applied by the owner of the contents contained in the cell and may vary during the different stages of smart card life cycle and usage. These stages include, for example, initialization where the issuer is responsible for protecting the cells from unauthorized access prior to card personalization; personalization where the issuer may transfer responsibility and authority for the cell and its contents based upon a pre-established agreement with the entity performing personalization; activation where unique attributes may be added to the cell by the value add service provider or the cardholder; usage where data may be modified during cardholder usage to reflect specific program data usage; and deactivation where data may be deactivated or deleted to reflect that the content has been used or expired or that the data is no longer of interest to the cardholder.
- AIDs on the smart card 104 are assigned by an issuer of that smart card 104 .
- a credit card service association such as Visa
- the issuer determines which value add service provider(s) are eligible to access and manage data under that specific AID.
- Each value add service provider is identified by an unique identifier or value add service provider ID.
- the cell ID (CID) is an identifier assigned by the value add service provider.
- the CID is unique within a given value add service provider ID. If multiple value add service providers are using the same storage architecture 112 , each such value add service provider is identified by its own corresponding value add service provider ID.
- the unique CID can therefore be a combined element, as further described below.
- This unique CID for multiple program operators is referred to as extended CID or XCID.
- FIG. 3 is a table illustrating an exemplary embodiment of the XCID.
- Each cell contains data related to a specific program, scheme, implementation or application and is uniquely identified within the storage architecture 112 .
- a unique global identifier is defined.
- each value add service provider applies to ISO (International Standards Organization) for a unique registered application provider identifier (RID) before they are able to implement the present invention.
- RID application provider identifier
- Each value add service provider can then use its unique RID to create its own CIDs.
- value add service providers are responsible for ensuring the uniqueness of all CIDs assigned under their AIDs.
- a cell locator is used to locate a cell.
- the cell locator is the logical address of the specific file containing the cell within the smart card 104 . It is stored in the table of contents maintained by the common commands applet and is used to locate a specific cell based upon a request from the client application.
- the cell locator is the cell file ID under the cell group in which the cell resides.
- the common commands applet contains a corresponding table of contents with information on the location of specific cells.
- the table of contents translates the external ID for a specific cell (i.e., the XCID) to the internal actual physical file on the smart card 104 that contains the data for that cell.
- the table of contents is a composite element combining the XCIDs and the cell file IDs for a specific cell group.
- a unique table of contents is created for each application storage 110 created under the storage architecture 112 .
- FIG. 4 illustrates an exemplary table of contents.
- security attributes can be assigned to a directory 204 , a cell group 206 and a cell 208 .
- the security attributes provided under the storage architecture 112 are based on the security attributes as defined in ISO 7816-9 and the security environment as defined in ISO 7816-8.
- ISO 7816-9 the security attributes as defined in ISO 7816-9
- ISO 7816-8 the security environment as defined in ISO 7816-8.
- permissions are defined for cells and cell groups or AIDs. With respect to permissions for cells, such permissions are defined on a cell level as Access Mode bytes for EF's.
- the permissions allow or restrict the following functions or operations to take place: (1) create cell (creates a cell within the storage architecture 112 , inserts the CID into the table of content and creates the Cell-attributes); (2) read cell data (returns data in a cell to the client application); (3) update cell data (updates the data in a cell); and (4) delete cell (blanks out the data in a cell, blanks the cell attributes and deletes the CID in the table of contents).
- permissions for cell groups or AIDs are defined on a cell group level or AID level as Access Mode bytes for DF's.
- the permissions allow or restrict the following functions or operations to take place: (1) create file (creates the DF file containing the cell group or the EF file containing the cell and the security attributes of the cell group or cell); and (2) delete file (deletes the DF file containing the cell group or the EF file containing the cell).
- create file creates the DF file containing the cell group or the EF file containing the cell and the security attributes of the cell group or cell
- delete file denotetes the DF file containing the cell group or the EF file containing the cell.
- Access to data contained in a cell is based on a matrix including possible methods and supported functions.
- there are six permission or access methods including, for example, (1) signature inbound (SM command)—either a message authentication code (MAC) created using a triple DES symmetric cryptographic algorithm (TDEA) session-key, or an RSA-based digital signature; (2) signature outbound (SM response)—either a MAC created using a TDEA session-key, or an RSA-based digital signature; (3) encrypted passcode (user authentication, knowledge-based)—either an ISO 9796-1 format 1 encrypted Passcode using a TDEA session key, or a PKCS #1 RSA-OAEP formatted passcode wrapped in a RSA public key; (4) clear passcode (user authentication, knowledge-based)—a passcode presented in clear text; (5) key exchange-encrypted (encipherment/decipherment)—key is encrypted before being returned or decrypted before being received; and biometrics (user authentication, biometric-based
- one or more of the six access methods can be set.
- the access method(s) for one function can be set independently from another function.
- the three methods, signature inbound (SM Command (CCT, DST)), encrypted passcode (user authentication, knowledge-based (AT)), and clear passcode (user authentication, knowledge-based (AT)), are access conditions to be met before the common commands applet will perform the specific function.
- the access conditions can be met as part of the transaction (signature inbound) or can be satisfied in a previous command to the common commands applet. (encrypted passcode or clear passcode).
- SCT signature outbound
- CCT signature outbound
- DST causes the common commands applet to perform a signature generation on both the data in the command to which it responds and on the data in the cell.
- the method cell-data exchange encrypted (Encipherment (CT) for read and Decipherment (CT) for update), causes a key to be decrypted before the data is updated (for the update functions) or encrypted before the key is returned via the read function.
- Encipherment Encipherment
- CT Decipherment
- the implementation of the permissions and their associated access methods is based on the security environment (SE) as defined in the ISO 7816-8 standard. Since the storage architecture 112 allows creation of files containing SE's and files containing keys under a cell group after personalization, there are some additional implementation-specific rules for these files.
- SE security environment
- the SE file for the AID is used instead; if a specific SE number is not present in a SE file for a specific cell group, the same SE number in the SE file for the AID is used, if available; if a key file for a specific cell group is not present, the key file for the AID is used instead, even if the key is referenced via a SE file for the cell group; if a specific key index is not present in a key file for a specific cell group, the same key index in the key file for the AID is used, if available; and the SE file for the AID is not updated.
- the storage architecture 112 supports a number of authentication methods including, for example, TDEA-signatures or MAC, RSA-signatures or digital signatures, encrypted passcode and clear passcode.
- TDEA-signatures or MAC a number of authentication methods including, for example, TDEA-signatures or MAC, RSA-signatures or digital signatures, encrypted passcode and clear passcode.
- MAC a number of authentication methods including, for example, TDEA-signatures or MAC, RSA-signatures or digital signatures, encrypted passcode and clear passcode.
- creation of cells is controlled by the issuer of the smart card 104 .
- the issuer can delegate authorization for creating cells under a specific cell group to a value add service provider after the a smart card has been personalized, thus transferring ownership of such cell group to the value add service provider.
- the owner of the cells is the entity holding the key allowing creation and deletion of cells in a specific cell group or AID.
- the owner is the issuer of the smart card who personalizes the initial keys into the key files, but the issuer can delegate ownership to a specific value add service provider in a number of ways.
- ownership can be transferred by establishing a secure messaging transaction between the issuer and the smart card by using an on-line connection between the value add service provider and the issuer; alternatively, in an off-line environment, by distributing the keys for a specific cell group to the value add service provider before the smart card is introduced into the value add service provider's system.
- any entity can create cells on the smart card 104 .
- one entity such as an issuer
- a number of different methods can be used to obtain permission to create cells including, for example, use of a RSA-signature (which requires an issuer public key on the smart card) or a TDEA-signature (which requires a derived secret key on the smart card).
- An update of the key file can reflect that a specific value add service provider or merchant now has ownership of a cell. This can occur as a normal update record command with a special set of security attributes allowing encryption of the key during transport.
- a number of encryption methods including, for example, RSA-encryption and TDEA encryption, can be used to encrypt the keys to be updated in the key files.
- the storage architecture or Smart Storage 112 is very flexible as to which keys are used to access files and how they are used. Keys are stored in key files with an attached key index referenced internally from the various files to be protected. This means for instance that the same file can be protected by different keys that relate to different commands (e.g. one key for read, another key for update) or that multiple files can be protected by the same key for all commands.
- two sets of keys are used.
- One set is used for transferring ownership of card-space from the issuer or its delegate to the value add service provider or its delegate.
- the set of keys used in the transfer of ownership is installed when the smart card is personalized.
- Another set is used by the value add service provider to access specific cells.
- this set of keys can be installed after a smart card is issued. These keys control access to cells and authentication of specific cell data. They are typically installed at the time of transferring ownership for a given cell from the issuer to the value add service provider. Once transferred, these keys are the responsibility of the value add service provider.
- Cell attributes are set during creation of a cell, either during card personalization or via a Create Cell command.
- the cell attributes can also be changed using an Update Cell-status command.
- the Create Cell and Update Cell-status commands are part of the set of common commands described above. These attributes include, for example, cell status, cell activation date, cell expiry date and cell log file ID, as will be further described.
- Cell status is a status-byte for the cell providing information on whether the content of the cell is available or not.
- the possible status-codes are: (1) Active (cell content is available with no restriction); (2) Opt-out (even though the cell exists, the cardholder has chosen not to make use of the content); and (3) Used (even though the cell exists, the cardholder has already made use of the content of the cell or, even if the cell expiry date has not been reached, the content of the cell is consider expired).
- the cell activation date is used to identify the date from which the content of the cell can be read or updated. A cell is not considered available unless the Cell activation date has been reached and should not be read or updated before that date. If the cell activation date for a specific cell is not present, the cell is considered available by default.
- the cell expiry date is used to specify when the content of the cell can no longer be used. A cell is not considered available if the cell expiry date has been reached and should not be read or updated after that date. If cell expiry date for a specific cell is not present, the cell is considered available by default.
- the cell log file ID is used to identity the file in which logging of update, create and delete commands of a cell is stored.
- cell group status can be set during creation of a status file for a cell group either during personalization or by updating the status file for the cell group.
- the cell group status can assume one of a number of status codes including, for example, (1) Active (cell content is available with no restriction); (2) Opt-out (cardholder has chosen not to make use of the cells under the specific cell-group); (3) Inactive (cell group is present but not yet active); and (4) Blocked (cell group is not to be used). Typically, it is up to the client to define what action will be taken on receipt of the status codes.
- AID attributes including, for example, AID status and AID expiry date.
- the AID status is set during the creation of a status file for an AID either during personalization or by updating the status file for the AID.
- the AID expiry date is used to identify when a specific instance of the applet or the application is considered expired and can no longer be used.
- the present invention provides a set of functions and a repository for data that allow multiple parties with existing business relationships to access and share chip card data according to agreed security controls.
- the sharing of information may be between an airline and a grocery store.
- the chip card incorporating the present invention can contain the consumer grocery store program number and the airline frequent flier number used by existing back end host systems.
- the grocery store is given access to both the airline frequent flier number and the grocery store program number stored in the chip card.
- the airline program is denied access to the grocery store program number on the chip card.
- the present invention allows sharing of information between multiple parties including, for example, an issuer, a merchant and a third-party sponsor such as a credit card service association.
- the issuer, the merchant and the third-party sponsor may be involved in a joint loyalty program.
- Each of these parties may store its information on a smart card issued to a cardholder.
- the information stored by these parties on the smart card can be shared in a number of ways.
- the issuer may allow both the merchant and the third party sponsor to access one portion of its information stored on the smart card; in another instance, the issuer may allow only the third party sponsor to access another portion of its information while denying access to the merchant.
- access to the information can be controlled based on different access methods depending on actions to be taken with respect to the information to be accessed. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art will know of other ways and/or methods to deploy the present invention in various applications.
- the storage architecture or Smart Storage is implemented on a GlobalPlatform smart card.
- the storage architecture can also be implemented on a static or native smart card, i.e., a smart card having its own proprietary operating system.
Abstract
A system for facilitating data access and management on a smart card is provided. According to one exemplary aspect of the system, a storage architecture is provided in the smart card which allows data stored thereon to be shared by multiple parties. Access to data stored on the smart card is controlled by various access methods depending on the actions to be taken with respect to the data to be accessed.
Description
- The present application claims the benefit of priority under 35 U.S.C. § 119 from U.S. Provisional Patent Application Serial No. 60/416937, entitled “METHOD AND SYSTEM FOR FACILITATING DATA ACCESS AND MANAGEMENT ON A SMARTCARD”, filed on Oct. 7, 2002, the disclosure of which is hereby incorporated by reference in its entirety for all purposes.
- The present invention generally relates to data access and management and, more specifically, to a method and system for facilitating data access and management on a secure token, such as, a chip card or smart card.
- Current technologies now allow multiple applications to be implemented on a single chip card. This ability to have multiple applications on a chip card has been identified as one of the key components for enhancing the business case of a chip card program. These multiple applications include, for example, value-add programs and the associated data required to operate them successfully. From a business perspective, it is preferable that value be obtained for all parties involved in the chip card program, including the issuer, acquirer, application owner, value add service provider and the cardholder.
- Critical to the success of value-add applications on the chip card is the ability to maximize and efficiently use available space on the chip card to allow multiple applications or programs to operate, and to deploy an acceptance infrastructure that allows consumers to take full advantage of the functionality provided by the chip card.
- While it is now possible to implement multiple applications on a chip card, these multiple applications (and their associated data) are often kept independent of one another within the chip card. For example, data belonging to one application is not shared by another application within the chip card, which in some cases result in redundancy. Due to the limited size of the chip card, such redundancy adversely affects the optimal use of resources on the chip card.
- Hence, it would be desirable to provide a method and system that is capable of facilitating data access and management on a chip card in a more efficient manner.
- A method and system for facilitating data access and management on a smart card is provided. According to one exemplary embodiment, the smart card includes a storage architecture that allows data stored thereon to be shared by multiple parties. Access to data stored on the smart card is controlled by various access methods depending on the actions to be taken with respect to the data to be accessed.
- According to one exemplary embodiment, the storage architecture provides a file structure that can have separate instances of the file structure. A separate instance is referred to as an environment. In one instance, an environment includes the common commands applet providing access to a directory, one or more cell groups under the directory (with each cell group being a sub-directory), and one or more cells under each cell group. Attributes and access conditions can be set at different levels including, for example, at the directory level, the cell group (or sub-directory) level and the cell level. This allows varying access levels for different parties thereby permitting data to be shared in various manners.
- According to one exemplary embodiment, the storage architecture is implemented on a GlobalPlatform smart card. GlobalPlatform is an international smart card consortium of companies in the smart card industry which creates and advances standards and/or specification for smart card infrastructure. Alternatively, the storage architecture can also be implemented on a static or native smart card, i.e., a smart card having its own proprietary operating system.
- Reference to the remaining portions of the specification, including the drawings and claims, will realize other features and advantages of the present invention. Further features and advantages of the present invention, as well as the structure and operation of various embodiments of the present invention, are described in detail below with respect to accompanying drawings, like reference numbers indicate identical or functionally similar elements.
- FIG. 1 is a simplified schematic diagram illustrating one exemplary embodiment of the present invention;
- FIG. 2 is a simplified schematic diagram illustrating an exemplary file structure according to one exemplary embodiment of the present invention;
- FIG. 3 is a table illustrating an exemplary embodiment of the XCID according to one exemplary embodiment of the present invention; and
- FIG. 4 is an exemplary embodiment of a table of contents according to the present invention.
- The present invention in the form of one or more exemplary embodiments will now be described. Generally, the present invention is used to access and update data on a secure token, such as, a chip card or smart card. According to an exemplary embodiment, an open storage architecture is provided for applications on a secure token, such as, a chip card or smart card. This architecture can be used to access and store both static and dynamic data elements on smart cards for use by value-added applications.
- FIG. 1 is a simplified schematic diagram illustrating an exemplary embodiment of the present invention. In one exemplary embodiment, a
system 100 includes aclient 102 and asmart card 104. Theclient 102 includes one ormore applications 106. Theclient 102 communicates with thesmart card 104 using application protocol data units (APDUs). Thesmart card 104 is prepared by anissuer 116 in a personalization process. Theclient 102 also communicates with one or more backend systems operated by a value addservice provider 114 in cooperation with thecorresponding applications 106. - The
smart card 104 includes a set of environments—a set ofcommon commands applet 108, and a storage architecture named “Smart Storage” 112. The set ofcommon commands 108 is used to facilitate interactions between theapplications 106 and theircorresponding application storage 110 within SmartStorage 112 on thesmart card 104. A person of ordinary skill in the art should appreciate how to implement the set ofcommon commands 108. In an exemplary embodiment, the set of common commands is installed onto thesmart card 104 having aspecific application storage 110 linked to acorresponding client application 106. As will be further described below, the Smart Storage 112 allows a file structure to be created once thereby providing specific files for eachcorresponding client application 106. Depending on how the file structure is created, the file structure may allow data to be shared byother client applications 106. - As will be further described below, the present invention allows an issuer of the
smart card 104 to prepare space on thesmart card 104 for a future implementation of applications or services. This space can be pre-allocated at personalization time (i.e., when thesmart card 104 and environment is personalized); alternatively, the issuer can designate use of the space and to whom the space will be allocated after thesmart card 104 has been personalized and issued. At the time of personalization of thesmart card 104, the issuer does not need to have actual knowledge of the size or content of the data that will be stored in individual files on thesmart card 104. - Once the
smart card 104 is personalized, the issuer can decide later how to allocate and authorize use of the space on thesmart card 104. In addition to defining the size of storage space, the issuer also defines the access and authorization methods necessary to enable access to the storage space. Thestorage architecture 112 allows an organization of the storage space into groups—application storage 110, which can then be allocated to various business partners, e.g., program operators. Access to specific portions of these groups can then be defined by the program operators in more detail. - In an exemplary embodiment, the
storage architecture 112 is an organization of data that can be retrieved and updated using a common commands applet. FIG. 2 illustrates an exemplary file structure of thestorage architecture 112. Thefile structure 200 includes amaster file 202 and one ormore directories 204 identified by corresponding application identifiers (AIDs). Eachdirectory 204 can be viewed as a storage instance of thestorage architecture 112. For eachdirectory 204, there is a number of associated files containing information that is used to facilitate communications between the common command applet and corresponding application. For example, such associated files include an application identification file, a status file, a key file, a security environment file, a certificate file, a passcode file and a reset passcode file, etc. One or more of these files are used to ensure that the common command applet is able to communicate with thecorresponding directory 204 and files thereunder. - The application identification file contains a unique number to identify each storage instance contained on the
smart card 104, plus related application information on that specific smart card, including, for example, a version number. Preferably, the issuer is responsible for creating both this unique number and additional data during personalization. - The status file contains specific status information (e.g., status of the smart card, customer segment or expiration date, etc.).
- The key files contain cryptographic keys that are used for signatures and key/passcode encryption purposes.
- The security environment file contains the access conditions for a specific cell group.
- The certificate file contains RSA certificates.
- The passcode file is used to store a cardholder passcode.
- The reset passcode file is used to store special reset-codes, which is used in an off-line environment to reset the cardholder's passcode.
- In one exemplary embodiment, each
directory 204 further includes one ormore cell groups 206. Eachcell group 206 can be viewed as a sub-directory. Eachsub-directory 206 can represent storage space for a corresponding application. Thesecell groups 206 are created at the time thesmart card 104 is personalized or issued. The number ofcell groups 206 that can be created depends on, amongst other things, the issuer of thesmart card 104. For example, an issuer may want to reserve a specific amount of space for future utilization for a certain application. In some situations, the owner of specific cell groups is not known at the time of the smart card personalization. In such cases, ownership of cell groups can be transferred after the smart card 14 has been issued. Optionally, subject to space availability on thesmart card 104,additional cell groups 206 can be created after thesmart card 104 has been issued, for example, to a cardholder. Typically, creation ofadditional cell groups 206 is controlled by the issuer of thesmart card 104. For each cell group, a maximum number of bytes and a maximum number of cells beneath that cell group are defined—thus giving the issuer the ability to control how much space is allocated for eachapplication storage 110. In the context of the ISO 7816-4 standard, a cell group is contained in a dedicated file (DF). In an alternative exemplary embodiment, adirectory 204 may not include anycell groups 206. Instead, cells can be created directly under an AID that has no cell groups. Description relating to cells will be further provided below. - For each
cell group 206, there may be associated security attributes, such as keys, that are used to access thatcell group 206. These security attributes are initially set by the issuer of thesmart card 104 and then subsequently provided to the program operator. The value add service provider can then use these security attributes to access thecell group 206. Optionally, the security environment associated with acell group 206 can be modified, thereby preventing a previously approved value add service provider from accessing thatcell group 206 and/or allowing a new value add service provider to access the same. - Each
cell group 206 is made up of one ormore cells 208.Cells 208 are the actual storage entities within thestorage architecture 112. In an exemplary embodiment, eachcell 208 includes cell attributes, access conditions and data. Alternatively, within thestorage architecture 112 orapplication storage 110, each part of the space that is separated from the other parts by a specific defined access-method, by a specific access-condition or simply by a logical separation, is called acell 208. The management of eachcell 208 is dependent on the corresponding access conditions for that cell in a specific implementation. In an exemplary embodiment of a file system using the ISO 7816-4 standard, a cell is contained in an elementary file (EF). Typically, data contained in a cell is program-specific data. Cell data can be managed by a back-end host system such as a loyalty host system, customer relationship management (CRM), customer database or a consumer-driven client application. - A number of cells are maintained within the
storage architecture 112 orapplication storage 110. If neither the owner nor the content of specific cells is known at the time of the smart card personalization, the personalization process only defines the common commands applet and, if the issuer chooses, a number of pre-defined cell groups with default access conditions. Cells within a pre-defined cell group can then be created after thesmart card 104 has been issued. In other words, the number of cells and the size of each cell do not have to be specified before personalization of thesmart card 104. Preferably, however, a preliminary sizing assessment should be made to ensure maximum utilization of the available card storage capacity. - Furthermore, it should be noted that a cell is what makes a corresponding file identifiable to the external world, such as, the
client 102. Via the use of a cell, data from a corresponding file on thesmart card 104 can be accessed and manipulated by aclient 102 without requiring theclient 102 to know the underlying details and logistics concerning the actual address of the data on thesmart card 104. - As mentioned above, cells can be organized within a sub-directory called a cell group. The keys used for controlling access to cells under a cell group are defined at the cell group level.
- Within the
Smart Storage 112, security attributes are assigned to files on two levels, namely, a cell group file and a cell file. The security attributes for cell group files and cell files can be assigned during smart card personalization. - The cell group file contains security attributes which define the conditions for creating and deleting a file within that cell group. Authority to create files can be limited to the value add service provider having access to the keys for a specific cell group. Likewise, the conditions for creating and deleting the files directly under a
directory 204 AID can be limited to a single entity, for example, the issuer. - The cell file is assigned security attributes which define when a
client 102 can create, read, update or delete data from the cell or whether data is to be encrypted during transport to or from the cell. - In order to be able to recognize each cell, the common commands applet maintains a table of contents of all cells within the corresponding storage instance. This table of contents is linked to the specific AID associated with the corresponding storage instance implemented logically on a cell group level. Hence, for a specific AID or storage instance, a table of contents is maintained for all active cells (i.e., cells containing data) grouped into specific cell groups. The table of contents is used by the
client 102 to address a specific cell in the corresponding storage instance orapplication storage 110. There can be multiple storage instances on thesmart card 104, but each storage instance has its separate table of contents administered by the corresponding common commands applet. - The common commands applet has no knowledge of the actual contents of a cell. The common commands applet only administers access to a cell. It is up to the
client application 106 to interpret the contents of a cell. Furthermore, theclient application 106 is equipped with information on the requisite keys and software that apply to a specific cell and the respective access conditions for specific cells. In some situation,clients 102 may be able to get on-line access to an issuer or value add service provider back-end system in order to retrieve the information necessary to access specific cells. - As mentioned above, each cell may be associated with an access method or access conditions. Optionally, no access method may be defined for a specific cell, meaning that the cell can be freely accessed. In one exemplary embodiment, one of a number of access methods can be associated with a cell. Such access methods can be categorized based on different domains including, for example, cardholder domain, card issuer domain and value add service provider domain. In the cardholder domain, a cardholder wishing to access a cell is prompted to provide a passcode in either clear or encrypted text. In the card issuer domain and the value add service provider domain, a digital signature is provided in order to gain access to the cell.
- Also, as mentioned above, each cell includes attributes that are unique to that cell and its contents. These attributes are applied by the owner of the contents contained in the cell and may vary during the different stages of smart card life cycle and usage. These stages include, for example, initialization where the issuer is responsible for protecting the cells from unauthorized access prior to card personalization; personalization where the issuer may transfer responsibility and authority for the cell and its contents based upon a pre-established agreement with the entity performing personalization; activation where unique attributes may be added to the cell by the value add service provider or the cardholder; usage where data may be modified during cardholder usage to reflect specific program data usage; and deactivation where data may be deactivated or deleted to reflect that the content has been used or expired or that the data is no longer of interest to the cardholder.
- AIDs on the
smart card 104 are assigned by an issuer of thatsmart card 104. In one implementation, a credit card service association, such as Visa, provides unique AIDs to issuers for interoperability reasons. Furthermore, under each AID, the issuer determines which value add service provider(s) are eligible to access and manage data under that specific AID. Each value add service provider is identified by an unique identifier or value add service provider ID. The cell ID (CID) is an identifier assigned by the value add service provider. The CID is unique within a given value add service provider ID. If multiple value add service providers are using thesame storage architecture 112, each such value add service provider is identified by its own corresponding value add service provider ID. The unique CID can therefore be a combined element, as further described below. This unique CID for multiple program operators is referred to as extended CID or XCID. FIG. 3 is a table illustrating an exemplary embodiment of the XCID. - Each cell contains data related to a specific program, scheme, implementation or application and is uniquely identified within the
storage architecture 112. In order to uniquely identify a cell, a unique global identifier is defined. In one exemplary implementation, in order to create unique CIDs, each value add service provider applies to ISO (International Standards Organization) for a unique registered application provider identifier (RID) before they are able to implement the present invention. Each value add service provider can then use its unique RID to create its own CIDs. Typically, value add service providers are responsible for ensuring the uniqueness of all CIDs assigned under their AIDs. - It should be understood that within a specific CID, a further detailed breakdown of the cell content into specific programs is possible. In an exemplary implementation, it is up to the value add service provider to implement a detailed layout of programs including, for example, a further detailed “table of contents” of the cell.
- A cell locator is used to locate a cell. The cell locator is the logical address of the specific file containing the cell within the
smart card 104. It is stored in the table of contents maintained by the common commands applet and is used to locate a specific cell based upon a request from the client application. In one exemplary implementation, the cell locator is the cell file ID under the cell group in which the cell resides. - As mentioned above, the common commands applet contains a corresponding table of contents with information on the location of specific cells. The table of contents translates the external ID for a specific cell (i.e., the XCID) to the internal actual physical file on the
smart card 104 that contains the data for that cell. Hence, the table of contents is a composite element combining the XCIDs and the cell file IDs for a specific cell group. A unique table of contents is created for eachapplication storage 110 created under thestorage architecture 112. FIG. 4 illustrates an exemplary table of contents. - As mentioned above, security attributes can be assigned to a
directory 204, acell group 206 and acell 208. In one exemplary implementation, the security attributes provided under thestorage architecture 112 are based on the security attributes as defined in ISO 7816-9 and the security environment as defined in ISO 7816-8. A person of ordinary skill in the art will appreciate how to use the ISO standards to provide the security attributes according to the present invention. For purposes of definition, some of the names in parentheses below are taken from the ISO standards. - Permissions (Access Modes)
- In an exemplary implementation, permissions (Access Modes) are defined for cells and cell groups or AIDs. With respect to permissions for cells, such permissions are defined on a cell level as Access Mode bytes for EF's. The permissions allow or restrict the following functions or operations to take place: (1) create cell (creates a cell within the
storage architecture 112, inserts the CID into the table of content and creates the Cell-attributes); (2) read cell data (returns data in a cell to the client application); (3) update cell data (updates the data in a cell); and (4) delete cell (blanks out the data in a cell, blanks the cell attributes and deletes the CID in the table of contents). - With respect to permissions for cell groups or AIDs, such permissions are defined on a cell group level or AID level as Access Mode bytes for DF's. The permissions allow or restrict the following functions or operations to take place: (1) create file (creates the DF file containing the cell group or the EF file containing the cell and the security attributes of the cell group or cell); and (2) delete file (deletes the DF file containing the cell group or the EF file containing the cell). These permissions allow creation or deletion of a file under a specific cell group or AID. This means that the permission to create and delete a DF file is made on the AID level, while the permission to create and delete an EF file is made for a specific cell group.
- Access Methods
- Access to data contained in a cell is based on a matrix including possible methods and supported functions. In an exemplary implementation, there are six permission or access methods including, for example, (1) signature inbound (SM command)—either a message authentication code (MAC) created using a triple DES symmetric cryptographic algorithm (TDEA) session-key, or an RSA-based digital signature; (2) signature outbound (SM response)—either a MAC created using a TDEA session-key, or an RSA-based digital signature; (3) encrypted passcode (user authentication, knowledge-based)—either an ISO 9796-1 format 1 encrypted Passcode using a TDEA session key, or a PKCS #1 RSA-OAEP formatted passcode wrapped in a RSA public key; (4) clear passcode (user authentication, knowledge-based)—a passcode presented in clear text; (5) key exchange-encrypted (encipherment/decipherment)—key is encrypted before being returned or decrypted before being received; and biometrics (user authentication, biometric-based).
- Interactions Between Permissions and Methods
- For each of the six functions mentioned above in connection with permissions for cells and cell groups or AIDs, one or more of the six access methods can be set. The access method(s) for one function can be set independently from another function.
- The three methods, signature inbound (SM Command (CCT, DST)), encrypted passcode (user authentication, knowledge-based (AT)), and clear passcode (user authentication, knowledge-based (AT)), are access conditions to be met before the common commands applet will perform the specific function. The access conditions can be met as part of the transaction (signature inbound) or can be satisfied in a previous command to the common commands applet. (encrypted passcode or clear passcode).
- The method, signature outbound (SM Response (CCT, DST), causes the common commands applet to perform a signature generation on both the data in the command to which it responds and on the data in the cell.
- The method, cell-data exchange encrypted (Encipherment (CT) for read and Decipherment (CT) for update), causes a key to be decrypted before the data is updated (for the update functions) or encrypted before the key is returned via the read function.
- The two methods, encrypted passcode and clear passcode, are mutually exclusive.
- Rules for Security Environment
- In on exemplary embodiment, the implementation of the permissions and their associated access methods is based on the security environment (SE) as defined in the ISO 7816-8 standard. Since the
storage architecture 112 allows creation of files containing SE's and files containing keys under a cell group after personalization, there are some additional implementation-specific rules for these files. For example, if a SE file for a specific cell group is not present, the SE file for the AID is used instead; if a specific SE number is not present in a SE file for a specific cell group, the same SE number in the SE file for the AID is used, if available; if a key file for a specific cell group is not present, the key file for the AID is used instead, even if the key is referenced via a SE file for the cell group; if a specific key index is not present in a key file for a specific cell group, the same key index in the key file for the AID is used, if available; and the SE file for the AID is not updated. - For the purpose of authentication after personalization, the
storage architecture 112 supports a number of authentication methods including, for example, TDEA-signatures or MAC, RSA-signatures or digital signatures, encrypted passcode and clear passcode. A person of ordinary skill in the art will appreciate how to incorporate various authentication methods for use in connection with the present invention. - In one exemplary implementation, creation of cells is controlled by the issuer of the
smart card 104. The issuer can delegate authorization for creating cells under a specific cell group to a value add service provider after the a smart card has been personalized, thus transferring ownership of such cell group to the value add service provider. - Ownership
- The owner of the cells is the entity holding the key allowing creation and deletion of cells in a specific cell group or AID. Initially, the owner is the issuer of the smart card who personalizes the initial keys into the key files, but the issuer can delegate ownership to a specific value add service provider in a number of ways. For example, in an on-line environment, ownership can be transferred by establishing a secure messaging transaction between the issuer and the smart card by using an on-line connection between the value add service provider and the issuer; alternatively, in an off-line environment, by distributing the keys for a specific cell group to the value add service provider before the smart card is introduced into the value add service provider's system.
- Methods for Creating Cells
- It is possible to define an open access control for creating cells, i.e., any entity can create cells on the
smart card 104. In an exemplary embodiment, one entity, such as an issuer, controls the use of space on thesmart card 104. In that situation, a number of different methods can be used to obtain permission to create cells including, for example, use of a RSA-signature (which requires an issuer public key on the smart card) or a TDEA-signature (which requires a derived secret key on the smart card). - Update of Key File
- An update of the key file can reflect that a specific value add service provider or merchant now has ownership of a cell. This can occur as a normal update record command with a special set of security attributes allowing encryption of the key during transport. A number of encryption methods including, for example, RSA-encryption and TDEA encryption, can be used to encrypt the keys to be updated in the key files.
- The storage architecture or
Smart Storage 112 is very flexible as to which keys are used to access files and how they are used. Keys are stored in key files with an attached key index referenced internally from the various files to be protected. This means for instance that the same file can be protected by different keys that relate to different commands (e.g. one key for read, another key for update) or that multiple files can be protected by the same key for all commands. - In an exemplary embodiment, two sets of keys are used. One set is used for transferring ownership of card-space from the issuer or its delegate to the value add service provider or its delegate. In an exemplary implementation, the set of keys used in the transfer of ownership is installed when the smart card is personalized.
- Another set is used by the value add service provider to access specific cells. Generally, this set of keys can be installed after a smart card is issued. These keys control access to cells and authentication of specific cell data. They are typically installed at the time of transferring ownership for a given cell from the issuer to the value add service provider. Once transferred, these keys are the responsibility of the value add service provider.
- For each of the storage architecture or Smart Storage elements: cell, cell group and AID, a number of attributes are attached. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art will appreciate other attributes that can be used in connection with the present invention.
- Cell attributes
- Cell attributes are set during creation of a cell, either during card personalization or via a Create Cell command. The cell attributes can also be changed using an Update Cell-status command. In one exemplary embodiment, the Create Cell and Update Cell-status commands are part of the set of common commands described above. These attributes include, for example, cell status, cell activation date, cell expiry date and cell log file ID, as will be further described.
- Cell status is a status-byte for the cell providing information on whether the content of the cell is available or not. In one exemplary embodiment, the possible status-codes are: (1) Active (cell content is available with no restriction); (2) Opt-out (even though the cell exists, the cardholder has chosen not to make use of the content); and (3) Used (even though the cell exists, the cardholder has already made use of the content of the cell or, even if the cell expiry date has not been reached, the content of the cell is consider expired).
- The cell activation date is used to identify the date from which the content of the cell can be read or updated. A cell is not considered available unless the Cell activation date has been reached and should not be read or updated before that date. If the cell activation date for a specific cell is not present, the cell is considered available by default.
- The cell expiry date is used to specify when the content of the cell can no longer be used. A cell is not considered available if the cell expiry date has been reached and should not be read or updated after that date. If cell expiry date for a specific cell is not present, the cell is considered available by default.
- The cell log file ID is used to identity the file in which logging of update, create and delete commands of a cell is stored.
- Cell group attributes
- In one exemplary embodiment, there is a number of cell group attributes including, for example, cell group status. Cell group status can be set during creation of a status file for a cell group either during personalization or by updating the status file for the cell group. The cell group status can assume one of a number of status codes including, for example, (1) Active (cell content is available with no restriction); (2) Opt-out (cardholder has chosen not to make use of the cells under the specific cell-group); (3) Inactive (cell group is present but not yet active); and (4) Blocked (cell group is not to be used). Typically, it is up to the client to define what action will be taken on receipt of the status codes.
- AID attributes
- In one exemplary embodiment, there is a number of AID attributes including, for example, AID status and AID expiry date. The AID status is set during the creation of a status file for an AID either during personalization or by updating the status file for the AID. The AID expiry date is used to identify when a specific instance of the applet or the application is considered expired and can no longer be used.
- As described above, the present invention provides a set of functions and a repository for data that allow multiple parties with existing business relationships to access and share chip card data according to agreed security controls.
- In an illustrative application, the sharing of information may be between an airline and a grocery store. The chip card incorporating the present invention can contain the consumer grocery store program number and the airline frequent flier number used by existing back end host systems. In order to facilitate the identification of the consumer and validate participation in a joint promotional program, the grocery store is given access to both the airline frequent flier number and the grocery store program number stored in the chip card. However, if the consumer is not participating in the joint promotional program, then the airline program is denied access to the grocery store program number on the chip card.
- In another illustrative application, the present invention allows sharing of information between multiple parties including, for example, an issuer, a merchant and a third-party sponsor such as a credit card service association. The issuer, the merchant and the third-party sponsor may be involved in a joint loyalty program. Each of these parties may store its information on a smart card issued to a cardholder. The information stored by these parties on the smart card can be shared in a number of ways. In one instance, the issuer may allow both the merchant and the third party sponsor to access one portion of its information stored on the smart card; in another instance, the issuer may allow only the third party sponsor to access another portion of its information while denying access to the merchant. Furthermore, access to the information can be controlled based on different access methods depending on actions to be taken with respect to the information to be accessed. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art will know of other ways and/or methods to deploy the present invention in various applications.
- According to one exemplary embodiment, the storage architecture or Smart Storage is implemented on a GlobalPlatform smart card. Alternatively, the storage architecture can also be implemented on a static or native smart card, i.e., a smart card having its own proprietary operating system.
- It should be understood that the present invention can be implemented using control logic, in the form of software or hardware or a combination of both. Based on the disclosure and teachings provided herein, a person of ordinary skill in the art will appreciate other ways and/or methods to implement the present invention.
- It is understood that the examples and embodiments described herein are for illustrative purposes only and that various modifications or changes in light thereof will be suggested to persons skilled in the art and are to be included within the spirit and purview of this application and scope of the appended claims. All publications, patents, and patent applications cited herein are hereby incorporated by reference for all purposes in their entirety.
Claims (57)
1. A system for facilitating data management on a secure token, comprising:
a client having a plurality of applications residing thereon; and
a secure token having a storage architecture, wherein the storage architecture includes:
a directory and one or more attributes associated with the directory, wherein the one or more attributes associated with the directory are used to control access to the directory by the plurality of applications,
one or more cell groups under the directory, each cell group having one or more associated attributes, wherein the one or more attributes associated with a cell group are used to control access to that cell group by the plurality of applications, and
one or more cells under each cell group, each cell having one or more associated attributes, wherein the one or more attributes associated with a cell are used to control access to that cell by the plurality of applications.
2. The system of claim 1 wherein the one or more attributes associated with the directory permit access to the directory by one application and deny access to the directory to another application.
3. The system of claim 1 wherein the one or more attributes associated with the cell group permit access to that cell group by one application and deny access to that cell group to another application.
4. The system of claim 1 wherein the one or more attributes associated with the cell permit access to that cell by one application and deny access to that cell to another application.
5. The system of claim 1 wherein one or more additional cell groups are added to the directory subsequent to issuance of the secure token to a token holder.
6. The system of claim 1 wherein ownership of one of the one or more cell groups is determined subsequent to issuance of the secure token to a token holder.
7. The system of claim 1 wherein ownership of one of the one or more cell groups is modified subsequent to issuance of the secure token to a token holder.
8. The system of claim 1 wherein one or more additional cells are added to a cell group subsequent to issuance of the secure token to a token holder.
9. The system of claim 1 wherein the one or more attributes associated with the directory are modified in terms of permitting or denying access to the directory by the plurality of applications.
10. The system of claim 1 wherein the one or more attributes associated with a cell group are modified in terms of permitting or denying access to that cell group by the plurality of applications.
11. The system of claim 1 wherein the one or more attributes associated with a cell are modified in terms of permitting or denying access to that cell by the plurality of applications.
12. The system of claim 1 wherein the one or more attributes associated with a cell further control operations on contents of that cell by the plurality of applications.
13. The system of claim 12 wherein the one or more attributes associated with the cell permit a first set of operations on the contents of that cell by a first application;
wherein the one or more attributes associated with the cell permit a second set of operations on the contents of that cell by a second application; and
wherein the first set of operations is different from the second set of operations.
14. The system of claim 1 wherein the one or more attributes associated with the directory permit a first application to access the directory after a first access condition is satisfied;
wherein the one or more attributes associated with the directory permit a second application to access the directory after a second access condition is satisfied; and
wherein the first access condition is different from the second access condition.
15. The system of claim 1 wherein the one or more attributes associated with the cell group permit a first application to access that cell group after a first access condition is satisfied;
wherein the one or more attributes associated with the cell group permit a second application to access that cell group after a second access condition is satisfied; and
wherein the first access condition is different from the second access condition.
16. The system of claim 1 wherein the one or more attributes associated with the cell permit a first application to access that cell after a first access condition is satisfied;
wherein the one or more attributes associated with the cell permit a second application to access that cell after a second access condition is satisfied; and
wherein the first access condition is different from the second access condition.
17. The system of claim 1 wherein the secure token is a smart card.
18. The system of claim 17 wherein the smart card is an open platform smart card.
19. The system of claim 17 wherein the smart card is a static or native smart card.
20. A secure token comprising:
a directory and one or more attributes associated with the directory, wherein the one or more attributes associated with the directory are used to control access to the directory by a plurality of applications,
one or more cell groups under the directory, each cell group having one or more associated attributes, wherein the one or more attributes associated with a cell group are used to control access to that cell group by the plurality of applications, and
one or more cells under each cell group, each cell having one or more associated attributes, wherein the one or more attributes associated with a cell are used to control access to that cell by the plurality of applications.
21. The secure token of claim 20 wherein the one or more attributes associated with the directory permit access to the directory by one application and deny access to the directory to another application.
22. The secure token of claim 20 wherein the one or more attributes associated with the cell group permit access to that cell group by one application and deny access to that cell group to another application.
23. The secure token of claim 20 wherein the one or more attributes associated with the cell permit access to that cell by one application and deny access to that cell to another application.
24. The secure token of claim 20 wherein one or more additional cell groups are added to the directory subsequent to issuance of the secure token to a token holder.
25. The secure token of claim 20 wherein ownership of one of the one or more cell groups is determined subsequent to issuance of the secure token to a token holder.
26. The secure token of claim 20 wherein ownership of one of the one or more cell groups is modified subsequent to issuance of the secure token to a token holder.
27. The secure token of claim 20 wherein one or more additional cells are added to a cell group subsequent to issuance of the secure token to a token holder.
28. The secure token of claim 20 wherein the one or more attributes associated with the directory are modified in terms of permitting or denying access to the directory by the plurality of applications.
29. The secure token of claim 20 wherein the one or more attributes associated with a cell group are modified in terms of permitting or denying access to that cell group by the plurality of applications.
30. The secure token of claim 20 wherein the one or more attributes associated with a cell are modified in terms of permitting or denying access to that cell by the plurality of applications.
31. The secure token of claim 20 wherein the one or more attributes associated with a cell further control operations on contents of that cell by the plurality of applications.
32. The secure token of claim 31 wherein the one or more attributes associated with the cell permit a first set of operations on the contents of that cell by a first application;
wherein the one or more attributes associated with the cell permit a second set of operations on the contents of that cell by a second application; and
wherein the first set of operations is different from the second set of operations.
33. The secure token of claim 20 wherein the one or more attributes associated with the directory permit a first application to access the directory after a first access condition is satisfied;
wherein the one or more attributes associated with the directory permit a second application to access the directory after a second access condition is satisfied; and
wherein the first access condition is different from the second access condition.
34. The secure token of claim 20 wherein the one or more attributes associated with the cell group permit a first application to access that cell group after a first access condition is satisfied;
wherein the one or more attributes associated with the cell group permit a second application to access that cell group after a second access condition is satisfied; and
wherein the first access condition is different from the second access condition.
35. The secure token of claim 20 wherein the one or more attributes associated with the cell permit a first application to access that cell after a first access condition is satisfied;
wherein the one or more attributes associated with the cell permit a second application to access that cell after a second access condition is satisfied; and
wherein the first access condition is different from the second access condition.
36. The secure token of claim 20 wherein the secure token is a smart card.
37. The secure token of claim 36 wherein the smart card is an open platform smart card.
38. The secure token of claim 36 wherein the smart card is a static or native smart card.
39. A method for facilitating data management on a secure token, comprising:
providing a directory and one or more attributes associated with the directory, wherein the one or more attributes associated with the directory are used to control access to the directory by a plurality of applications,
providing one or more cell groups under the directory, each cell group having one or more associated attributes, wherein the one or more attributes associated with a cell group are used to control access to that cell group by the plurality of applications, and
providing one or more cells under each cell group, each cell having one or more associated attributes, wherein the one or more attributes associated with a cell are used to control access to that cell by the plurality of applications.
40. The method of claim 39 wherein the one or more attributes associated with the directory permit access to the directory by one application and deny access to the directory to another application.
41. The method of claim 39 wherein the one or more attributes associated with the cell group permit access to that cell group by one application and deny access to that cell group to another application.
42. The method of claim 39 wherein the one or more attributes associated with the cell permit access to that cell by one application and deny access to that cell to another application.
43. The method of claim 39 further comprising:
adding one or more additional cell groups to the directory subsequent to issuance of the secure token to a token holder.
44. The method of claim 39 further comprising:
determining ownership of one of the one or more cell groups subsequent to issuance of the secure token to a token holder.
45. The method of claim 39 further comprising:
modifying ownership of one of the one or more cell groups subsequent to issuance of the secure token to a token holder.
46. The method of claim 39 further comprising:
adding one or more additional cells to a cell group subsequent to issuance of the secure token to a token holder.
47. The method of claim 39 further comprising:
modifying the one or more attributes associated with the directory in terms of permitting or denying access to the directory by the plurality of applications.
48. The method of claim 39 further comprising:
modifying the one or more attributes associated with a cell group in terms of permitting or denying access to that cell group by the plurality of applications.
49. The method of claim 39 further comprising:
modifying the one or more attributes associated with a cell in terms of permitting or denying access to that cell by the plurality of applications.
50. The method of claim 39 wherein the one or more attributes associated with a cell further control operations on contents of that cell by the plurality of applications.
51. The method of claim 50 wherein the one or more attributes associated with the cell permit a first set of operations on the contents of that cell by a first application;
wherein the one or more attributes associated with the cell permit a second set of operations on the contents of that cell by a second application; and
wherein the first set of operations is different from the second set of operations.
52. The method of claim 39 wherein the one or more attributes associated with the directory permit a first application to access the directory after a first access condition is satisfied;
wherein the one or more attributes associated with the directory permit a second application to access the directory after a second access condition is satisfied; and
wherein the first access condition is different from the second access condition.
53. The method of claim 39 wherein the one or more attributes associated with the cell group permit a first application to access that cell group after a first access condition is satisfied;
wherein the one or more attributes associated with the cell group permit a second application to access that cell group after a second access condition is satisfied; and
wherein the first access condition is different from the second access condition.
54. The method of claim 39 wherein the one or more attributes associated with the cell permit a first application to access that cell after a first access condition is satisfied;
wherein the one or more attributes associated with the cell permit a second application to access that cell after a second access condition is satisfied; and
wherein the first access condition is different from the second access condition.
55. The method of claim 39 wherein the secure token is a smart card.
56. The method of claim 55 wherein the smart card is an open platform smart card.
57. The method of claim 55 wherein the smart card is a static or native smart card.
Priority Applications (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/656,858 US20040139021A1 (en) | 2002-10-07 | 2003-09-05 | Method and system for facilitating data access and management on a secure token |
PCT/US2003/031780 WO2004034202A2 (en) | 2002-10-07 | 2003-10-07 | Method and system for facilitating data access and management on a secure token |
AU2003282749A AU2003282749A1 (en) | 2002-10-07 | 2003-10-07 | Method and system for facilitating data access and management on a secure token |
EP03774633A EP1556790A4 (en) | 2002-10-07 | 2003-10-07 | Method and system for facilitating data access and management on a secure token |
CA002505134A CA2505134A1 (en) | 2002-10-07 | 2003-10-07 | Method and system for facilitating data access and management on a secure token |
US12/727,741 US8548923B2 (en) | 2002-10-07 | 2010-03-19 | Method and system for facilitating data access and management on a secure token |
US13/975,679 US9430666B2 (en) | 2002-10-07 | 2013-08-26 | Method and system for facilitating data access and management on a secure token |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US41693702P | 2002-10-07 | 2002-10-07 | |
US10/656,858 US20040139021A1 (en) | 2002-10-07 | 2003-09-05 | Method and system for facilitating data access and management on a secure token |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/727,741 Continuation US8548923B2 (en) | 2002-10-07 | 2010-03-19 | Method and system for facilitating data access and management on a secure token |
Publications (1)
Publication Number | Publication Date |
---|---|
US20040139021A1 true US20040139021A1 (en) | 2004-07-15 |
Family
ID=32096174
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/656,858 Abandoned US20040139021A1 (en) | 2002-10-07 | 2003-09-05 | Method and system for facilitating data access and management on a secure token |
US12/727,741 Active 2024-10-04 US8548923B2 (en) | 2002-10-07 | 2010-03-19 | Method and system for facilitating data access and management on a secure token |
US13/975,679 Active 2025-03-02 US9430666B2 (en) | 2002-10-07 | 2013-08-26 | Method and system for facilitating data access and management on a secure token |
Family Applications After (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/727,741 Active 2024-10-04 US8548923B2 (en) | 2002-10-07 | 2010-03-19 | Method and system for facilitating data access and management on a secure token |
US13/975,679 Active 2025-03-02 US9430666B2 (en) | 2002-10-07 | 2013-08-26 | Method and system for facilitating data access and management on a secure token |
Country Status (5)
Country | Link |
---|---|
US (3) | US20040139021A1 (en) |
EP (1) | EP1556790A4 (en) |
AU (1) | AU2003282749A1 (en) |
CA (1) | CA2505134A1 (en) |
WO (1) | WO2004034202A2 (en) |
Cited By (126)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050036611A1 (en) * | 2003-03-31 | 2005-02-17 | Visa U.S.A., Inc. | Method and system for secure authentication |
US20060047727A1 (en) * | 2004-08-30 | 2006-03-02 | Karp Alan H | Method of accessing a file for editing with an application having limited access permissions |
US20060047954A1 (en) * | 2004-08-30 | 2006-03-02 | Axalto Inc. | Data access security implementation using the public key mechanism |
WO2006066604A1 (en) * | 2004-12-22 | 2006-06-29 | Telecom Italia S.P.A. | Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor |
WO2006069312A2 (en) * | 2004-12-21 | 2006-06-29 | Sandisk Corporation | System for creating control structure for versatile content control |
WO2006069311A2 (en) * | 2004-12-21 | 2006-06-29 | Sandisk Corporation | Control structure for versatile content control and method using structure |
US20060176068A1 (en) * | 2005-02-07 | 2006-08-10 | Micky Holtzman | Methods used in a secure memory card with life cycle phases |
US20060177064A1 (en) * | 2005-02-07 | 2006-08-10 | Micky Holtzman | Secure memory card with life cycle phases |
US20060242067A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | System for creating control structure for versatile content control |
US20060242150A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Method using control structure for versatile content control |
US20060242064A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Method for creating control structure for versatile content control |
US20060242065A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Method for versatile content control with partitioning |
US20060242066A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Versatile content control with partitioning |
US20060242068A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Method forversatile content control |
US20060242151A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Control structure for versatile content control |
WO2006069194A3 (en) * | 2004-12-21 | 2006-11-23 | Sandisk Corp | Memory system with versatile content control |
US20060290501A1 (en) * | 2005-06-24 | 2006-12-28 | Visa U.S.A., Inc. | Apparatus and method to electromagnetically shield portable consumer devices |
WO2006033727A3 (en) * | 2004-08-17 | 2007-01-25 | Mastercard International Inc | Compliance assessment and security testing of smart cards |
US20070043667A1 (en) * | 2005-09-08 | 2007-02-22 | Bahman Qawami | Method for secure storage and delivery of media content |
US20070061597A1 (en) * | 2005-09-14 | 2007-03-15 | Micky Holtzman | Secure yet flexible system architecture for secure devices with flash mass storage memory |
US20070188183A1 (en) * | 2005-02-07 | 2007-08-16 | Micky Holtzman | Secure memory card with life cycle phases |
US20080010458A1 (en) * | 2006-07-07 | 2008-01-10 | Michael Holtzman | Control System Using Identity Objects |
US20080010685A1 (en) * | 2006-07-07 | 2008-01-10 | Michael Holtzman | Content Control Method Using Versatile Control Structure |
US20080010455A1 (en) * | 2006-07-07 | 2008-01-10 | Michael Holtzman | Control Method Using Identity Objects |
US20080010450A1 (en) * | 2006-07-07 | 2008-01-10 | Michael Holtzman | Content Control Method Using Certificate Chains |
US20080022413A1 (en) * | 2006-07-07 | 2008-01-24 | Michael Holtzman | Method for Controlling Information Supplied from Memory Device |
US20080022395A1 (en) * | 2006-07-07 | 2008-01-24 | Michael Holtzman | System for Controlling Information Supplied From Memory Device |
US20080052524A1 (en) * | 2006-08-24 | 2008-02-28 | Yoram Cedar | Reader for one time password generating device |
US20080072058A1 (en) * | 2006-08-24 | 2008-03-20 | Yoram Cedar | Methods in a reader for one time password generating device |
US20080120236A1 (en) * | 2006-11-16 | 2008-05-22 | Patrick Faith | Dynamic magnetic stripe |
US20080120214A1 (en) * | 2006-11-16 | 2008-05-22 | Kim Steele | Adaptive authentication options |
US20080116264A1 (en) * | 2006-09-28 | 2008-05-22 | Ayman Hammad | Mobile transit fare payment |
US20080120218A1 (en) * | 2006-11-17 | 2008-05-22 | William Reid | Method and system for using payment history for conducting commercial transactions |
US20080128513A1 (en) * | 2006-12-04 | 2008-06-05 | Ayman Hammad | Bank issued contactless payment card used in transit fare collection |
US20080162947A1 (en) * | 2006-12-28 | 2008-07-03 | Michael Holtzman | Methods of upgrading a memory card that has security mechanisms that prevent copying of secure content and applications |
US20080163247A1 (en) * | 2005-02-17 | 2008-07-03 | Koninklijke Philips Electronics, N.V. | Device and a Method of Operating a Device |
US20080203170A1 (en) * | 2007-02-28 | 2008-08-28 | Visa U.S.A. Inc. | Fraud prevention for transit fare collection |
US20080203152A1 (en) * | 2007-02-28 | 2008-08-28 | Visa U.S.A. Inc. | Authentication of a data card using a transit verification value |
US20080298569A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | Prepaid negative balance fee processing and fee diversion |
US20080298573A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | System, apparatus and methods for comparing fraud parameters for application during prepaid card enrollment and transactions |
US20080301048A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | Portability of financial tokens |
US20080300895A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | Method and system for handling returned payment card account statements |
US20080301011A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | Method and system for handling returned prepaid payment cards |
US20080301019A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | Prepaid card fraud and risk management |
US20080301037A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | Systems and methods for automatic migration of a consumer between financial accounts |
US20080303632A1 (en) * | 2007-06-11 | 2008-12-11 | Ayman Hammad | Shielding of portable consumer device |
US20090091426A1 (en) * | 2001-07-10 | 2009-04-09 | American Express Travel Related Services Company, Inc. | Method and system for tracking user performance |
US20090134218A1 (en) * | 2007-11-28 | 2009-05-28 | Ryan Yuzon | Multifunction removable cover for portable payment device |
US20090164789A1 (en) * | 2007-12-21 | 2009-06-25 | Spansion Llc | Authenticated memory and controller slave |
WO2009147548A2 (en) * | 2008-05-27 | 2009-12-10 | Nxp B.V. | Method for storing nfc applications in a secure memory device |
US7650314B1 (en) | 2001-05-25 | 2010-01-19 | American Express Travel Related Services Company, Inc. | System and method for securing a recurrent billing transaction |
US7668750B2 (en) | 2001-07-10 | 2010-02-23 | David S Bonalle | Securing RF transactions using a transactions counter |
US20100077214A1 (en) * | 2004-12-21 | 2010-03-25 | Fabrice Jogand-Coulomb | Host Device and Method for Protecting Data Stored in a Storage Device |
US7690577B2 (en) | 2001-07-10 | 2010-04-06 | Blayn W Beenau | Registering a biometric for radio frequency transactions |
US7705732B2 (en) | 2001-07-10 | 2010-04-27 | Fred Bishop | Authenticating an RF transaction using a transaction counter |
US7725427B2 (en) | 2001-05-25 | 2010-05-25 | Fred Bishop | Recurrent billing maintenance with radio frequency payment devices |
US20100138652A1 (en) * | 2006-07-07 | 2010-06-03 | Rotem Sela | Content control method using certificate revocation lists |
US7743409B2 (en) | 2005-07-08 | 2010-06-22 | Sandisk Corporation | Methods used in a mass storage device with automated credentials loading |
US20100161928A1 (en) * | 2008-12-18 | 2010-06-24 | Rotem Sela | Managing access to an address range in a storage device |
US7746215B1 (en) | 2001-07-10 | 2010-06-29 | Fred Bishop | RF transactions using a wireless reader grid |
US7762457B2 (en) | 2001-07-10 | 2010-07-27 | American Express Travel Related Services Company, Inc. | System and method for dynamic fob synchronization and personalization |
US7768379B2 (en) | 2001-07-10 | 2010-08-03 | American Express Travel Related Services Company, Inc. | Method and system for a travel-related multi-function fob |
US7793845B2 (en) | 2004-07-01 | 2010-09-14 | American Express Travel Related Services Company, Inc. | Smartcard transaction system and method |
US7805378B2 (en) | 2001-07-10 | 2010-09-28 | American Express Travel Related Servicex Company, Inc. | System and method for encoding information in magnetic stripe format for use in radio frequency identification transactions |
US7814332B2 (en) | 2001-07-10 | 2010-10-12 | Blayn W Beenau | Voiceprint biometrics on a payment device |
US7827106B2 (en) | 2001-07-10 | 2010-11-02 | American Express Travel Related Services Company, Inc. | System and method for manufacturing a punch-out RFID transaction device |
US7835960B2 (en) | 2000-03-07 | 2010-11-16 | American Express Travel Related Services Company, Inc. | System for facilitating a transaction |
US7837116B2 (en) | 1999-09-07 | 2010-11-23 | American Express Travel Related Services Company, Inc. | Transaction card |
US20100325039A1 (en) * | 2009-04-28 | 2010-12-23 | Mastercard International Incorporated | Apparatus, method, and computer program product for encoding enhanced issuer information in a card |
US7925535B2 (en) | 2001-07-10 | 2011-04-12 | American Express Travel Related Services Company, Inc. | System and method for securing RF transactions using a radio frequency identification device including a random number generator |
US7988038B2 (en) | 2001-07-10 | 2011-08-02 | Xatra Fund Mx, Llc | System for biometric security using a fob |
US7996324B2 (en) | 2001-07-10 | 2011-08-09 | American Express Travel Related Services Company, Inc. | Systems and methods for managing multiple accounts on a RF transaction device using secondary identification indicia |
US8001054B1 (en) | 2001-07-10 | 2011-08-16 | American Express Travel Related Services Company, Inc. | System and method for generating an unpredictable number using a seeded algorithm |
US20110252458A1 (en) * | 2010-04-13 | 2011-10-13 | Sony Corporation | Information processing device, information processing method, and program |
USRE43157E1 (en) | 2002-09-12 | 2012-02-07 | Xatra Fund Mx, Llc | System and method for reassociating an account number to another transaction account |
US8170527B2 (en) | 2007-09-26 | 2012-05-01 | Visa U.S.A. Inc. | Real-time balance on a mobile phone |
USRE43460E1 (en) | 2000-01-21 | 2012-06-12 | Xatra Fund Mx, Llc | Public/private dual card system and method |
US20120179587A1 (en) * | 2011-01-07 | 2012-07-12 | Gregg Alan Hill | Premium access to open application programming interface systems and methods |
US8245031B2 (en) | 2006-07-07 | 2012-08-14 | Sandisk Technologies Inc. | Content control method using certificate revocation lists |
US8279042B2 (en) | 2001-07-10 | 2012-10-02 | Xatra Fund Mx, Llc | Iris scan biometrics on a payment device |
US8289136B2 (en) | 2001-07-10 | 2012-10-16 | Xatra Fund Mx, Llc | Hand geometry biometrics on a payment device |
US8294552B2 (en) | 2001-07-10 | 2012-10-23 | Xatra Fund Mx, Llc | Facial scan biometrics on a payment device |
US8321345B2 (en) | 2010-06-02 | 2012-11-27 | Visa International Service Association | Trusted internal interface |
US8376227B2 (en) | 2006-09-28 | 2013-02-19 | Ayman Hammad | Smart sign mobile transit fare payment |
US8386349B2 (en) | 2007-02-28 | 2013-02-26 | Visa U.S.A. Inc. | Verification of a portable consumer device in an offline environment |
US8429041B2 (en) | 2003-05-09 | 2013-04-23 | American Express Travel Related Services Company, Inc. | Systems and methods for managing account information lifecycles |
US8538863B1 (en) | 2001-07-10 | 2013-09-17 | American Express Travel Related Services Company, Inc. | System and method for facilitating a transaction using a revolving use account associated with a primary account |
US8543423B2 (en) | 2002-07-16 | 2013-09-24 | American Express Travel Related Services Company, Inc. | Method and apparatus for enrolling with multiple transaction environments |
US8615426B2 (en) | 2006-12-26 | 2013-12-24 | Visa U.S.A. Inc. | Coupon offers from multiple entities |
US8635131B1 (en) | 2001-07-10 | 2014-01-21 | American Express Travel Related Services Company, Inc. | System and method for managing a transaction protocol |
US8645971B2 (en) | 2006-12-26 | 2014-02-04 | Visa U.S.A. Inc. | Real-time balance updates |
US8671385B2 (en) | 2011-01-07 | 2014-03-11 | Mastercard International Incorporated | Methods and systems for throttling calls to a service application through an open API |
US8677308B2 (en) | 2011-01-07 | 2014-03-18 | Mastercard International Incorporated | Method and system for generating an API request message |
US8707276B2 (en) | 2011-01-07 | 2014-04-22 | Mastercard International Incorporated | Method and system for managing programmed applications in an open API environment |
US8738485B2 (en) | 2007-12-28 | 2014-05-27 | Visa U.S.A. Inc. | Contactless prepaid product for transit fare collection |
US20140188713A1 (en) * | 2011-10-04 | 2014-07-03 | Inside Secure | Method and system for executing a nfc transaction supporting multiple applications and multiples instances of a same application |
US8843435B1 (en) * | 2009-03-12 | 2014-09-23 | Pegasystems Inc. | Techniques for dynamic data processing |
US8872619B2 (en) | 2001-07-10 | 2014-10-28 | Xatra Fund Mx, Llc | Securing a transaction between a transponder and a reader |
US8923827B2 (en) | 2007-01-09 | 2014-12-30 | Visa U.S.A. Inc. | Mobile payment management |
US8966284B2 (en) | 2005-09-14 | 2015-02-24 | Sandisk Technologies Inc. | Hardware driver integrity check of memory card controller firmware |
US8960535B2 (en) | 2001-07-10 | 2015-02-24 | Iii Holdings 1, Llc | Method and system for resource management and evaluation |
US8977567B2 (en) | 2008-09-22 | 2015-03-10 | Visa International Service Association | Recordation of electronic payment transaction information |
US9024719B1 (en) | 2001-07-10 | 2015-05-05 | Xatra Fund Mx, Llc | RF transaction system and method for storing user personal data |
US9032204B2 (en) | 2011-01-07 | 2015-05-12 | Mastercard International Incorporated | Methods and systems for providing a signed digital certificate in real time |
US9031880B2 (en) | 2001-07-10 | 2015-05-12 | Iii Holdings 1, Llc | Systems and methods for non-traditional payment using biometric data |
US9083534B2 (en) | 2011-01-07 | 2015-07-14 | Mastercard International Incorporated | Method and system for propagating a client identity |
USRE45615E1 (en) | 2001-07-10 | 2015-07-14 | Xatra Fund Mx, Llc | RF transaction device |
US9270743B2 (en) | 2011-02-18 | 2016-02-23 | Pegasystems Inc. | Systems and methods for distributed rules processing |
US9454752B2 (en) | 2001-07-10 | 2016-09-27 | Chartoleaux Kg Limited Liability Company | Reload protocol at a transaction processing entity |
US9542687B2 (en) | 2008-06-26 | 2017-01-10 | Visa International Service Association | Systems and methods for visual representation of offers |
US9658735B2 (en) | 2006-03-30 | 2017-05-23 | Pegasystems Inc. | Methods and apparatus for user interface optimization |
US9672508B2 (en) | 2008-09-22 | 2017-06-06 | Visa International Service Association | Over the air update of payment transaction data stored in secure memory |
US9678719B1 (en) | 2009-03-30 | 2017-06-13 | Pegasystems Inc. | System and software for creation and modification of software |
US9715709B2 (en) | 2008-05-09 | 2017-07-25 | Visa International Services Association | Communication device including multi-part alias identifier |
US9824355B2 (en) | 2008-09-22 | 2017-11-21 | Visa International Service Association | Method of performing transactions with contactless payment devices using pre-tap and two-tap operations |
US9881294B2 (en) | 2001-07-10 | 2018-01-30 | Chartoleaux Kg Limited Liability Company | RF payment via a mobile device |
US9940627B2 (en) | 2006-12-26 | 2018-04-10 | Visa U.S.A. Inc. | Mobile coupon method and system |
US10469396B2 (en) | 2014-10-10 | 2019-11-05 | Pegasystems, Inc. | Event processing with enhanced throughput |
US10528933B2 (en) | 2009-12-14 | 2020-01-07 | Visa Europe Limited | Payment device |
US10572236B2 (en) | 2011-12-30 | 2020-02-25 | Pegasystems, Inc. | System and method for updating or modifying an application without manual coding |
US10698647B2 (en) | 2016-07-11 | 2020-06-30 | Pegasystems Inc. | Selective sharing for collaborative application usage |
US10698599B2 (en) | 2016-06-03 | 2020-06-30 | Pegasystems, Inc. | Connecting graphical shapes using gestures |
US10839388B2 (en) | 2001-07-10 | 2020-11-17 | Liberty Peak Ventures, Llc | Funding a radio frequency device transaction |
US11048488B2 (en) | 2018-08-14 | 2021-06-29 | Pegasystems, Inc. | Software code optimizer and method |
US11363015B2 (en) * | 2018-05-10 | 2022-06-14 | Visa International Service Association | Provisioning transferable access tokens |
US11567945B1 (en) | 2020-08-27 | 2023-01-31 | Pegasystems Inc. | Customized digital content generation systems and methods |
Families Citing this family (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4717381B2 (en) | 2004-06-11 | 2011-07-06 | 株式会社エヌ・ティ・ティ・ドコモ | Mobile device and access control method |
JP4915141B2 (en) | 2006-05-29 | 2012-04-11 | 富士通株式会社 | Mobile terminal device |
WO2008008244A2 (en) * | 2006-07-07 | 2008-01-17 | Sandisk Corporation | Content control system and method using versatile control structure |
US20080189554A1 (en) * | 2007-02-05 | 2008-08-07 | Asad Ali | Method and system for securing communication between a host computer and a secure portable device |
EP2048594A1 (en) * | 2007-10-09 | 2009-04-15 | Vodafone Holding GmbH | Method for communication, communication device and secure processor |
EP2048591B1 (en) * | 2007-10-09 | 2018-01-24 | Vodafone Holding GmbH | Method for communication, communication device and secure processor |
EP2583211B1 (en) | 2010-06-15 | 2020-04-15 | Oracle International Corporation | Virtual computing infrastructure |
US10715457B2 (en) | 2010-06-15 | 2020-07-14 | Oracle International Corporation | Coordination of processes in cloud computing environments |
US8807440B1 (en) | 2010-12-17 | 2014-08-19 | Google Inc. | Routing secure element payment requests to an alternate application |
US8335921B2 (en) | 2010-12-17 | 2012-12-18 | Google, Inc. | Writing application data to a secure element |
US8352749B2 (en) | 2010-12-17 | 2013-01-08 | Google Inc. | Local trusted services manager for a contactless smart card |
TWI420724B (en) * | 2011-01-26 | 2013-12-21 | Elitegroup Computer Sys Co Ltd | Battery activation |
US8255687B1 (en) | 2011-09-15 | 2012-08-28 | Google Inc. | Enabling users to select between secure service providers using a key escrow service |
US8171525B1 (en) | 2011-09-15 | 2012-05-01 | Google Inc. | Enabling users to select between secure service providers using a central trusted service manager |
US8313036B1 (en) * | 2011-09-16 | 2012-11-20 | Google Inc. | Secure application directory |
JP6460798B2 (en) | 2012-02-10 | 2019-01-30 | オラクル・インターナショナル・コーポレイション | Cloud computing service framework |
US8385553B1 (en) | 2012-02-28 | 2013-02-26 | Google Inc. | Portable secure element |
US8429409B1 (en) | 2012-04-06 | 2013-04-23 | Google Inc. | Secure reset of personal and service provider information on mobile devices |
US9619545B2 (en) | 2013-06-28 | 2017-04-11 | Oracle International Corporation | Naïve, client-side sharding with online addition of shards |
CN103685466A (en) * | 2013-11-13 | 2014-03-26 | 安徽云盾信息技术有限公司 | Implementation method for encryption file sharing among multiple devices based on two pairs of asymmetric secret keys |
DE102015210719A1 (en) * | 2015-06-11 | 2016-12-15 | Bundesdruckerei Gmbh | Method for updating personalization data |
US9838203B1 (en) * | 2016-09-28 | 2017-12-05 | International Business Machines Corporation | Integrity protected trusted public key token with performance enhancements |
US20210312431A1 (en) * | 2020-04-06 | 2021-10-07 | Mastercard Asia/Pacific Pte. Ltd. | Method and system for use of an emv card in a multi-signature wallet for cryptocurrency transactions |
Citations (95)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3798605A (en) * | 1971-06-30 | 1974-03-19 | Ibm | Centralized verification system |
US4405829A (en) * | 1977-12-14 | 1983-09-20 | Massachusetts Institute Of Technology | Cryptographic communications system and method |
US4924378A (en) * | 1988-06-13 | 1990-05-08 | Prime Computer, Inc. | License mangagement system and license storage key |
US4985615A (en) * | 1988-08-26 | 1991-01-15 | Kabushiki Kaisha Toshiba | Portable electronic apparatus having key data for limiting memory access |
US5024961A (en) * | 1990-07-09 | 1991-06-18 | Micron Technology, Inc. | Blanket punchthrough and field-isolation implant for sub-micron N-channel CMOS devices |
US5048085A (en) * | 1989-10-06 | 1991-09-10 | International Business Machines Corporation | Transaction system security method and apparatus |
US5049728A (en) * | 1990-04-04 | 1991-09-17 | Rovin George H | IC card system with removable IC modules |
US5065429A (en) * | 1989-04-03 | 1991-11-12 | Lang Gerald S | Method and apparatus for protecting material on storage media |
US5148481A (en) * | 1989-10-06 | 1992-09-15 | International Business Machines Corporation | Transaction system security method and apparatus |
US5161256A (en) * | 1988-08-26 | 1992-11-03 | Kabushiki Kaisha Toshiba | Method and system for allocating file area in memory area of ic card |
US5191611A (en) * | 1989-04-03 | 1993-03-02 | Lang Gerald S | Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients |
US5235642A (en) * | 1992-07-21 | 1993-08-10 | Digital Equipment Corporation | Access control subsystem and method for distributed computer system using locally cached authentication credentials |
US5239648A (en) * | 1990-09-21 | 1993-08-24 | Kabushiki Kaisha Toshiba | Computer network capable of accessing file remotely between computer systems |
US5241599A (en) * | 1991-10-02 | 1993-08-31 | At&T Bell Laboratories | Cryptographic protocol for secure communications |
US5272754A (en) * | 1991-03-28 | 1993-12-21 | Secure Computing Corporation | Secure computer interface |
US5416842A (en) * | 1994-06-10 | 1995-05-16 | Sun Microsystems, Inc. | Method and apparatus for key-management scheme for use with internet protocols at site firewalls |
US5418854A (en) * | 1992-04-28 | 1995-05-23 | Digital Equipment Corporation | Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system |
US5440635A (en) * | 1993-08-23 | 1995-08-08 | At&T Corp. | Cryptographic protocol for remote authentication |
US5448045A (en) * | 1992-02-26 | 1995-09-05 | Clark; Paul C. | System for protecting computers via intelligent tokens or smart cards |
US5455953A (en) * | 1993-11-03 | 1995-10-03 | Wang Laboratories, Inc. | Authorization system for obtaining in single step both identification and access rights of client to server directly from encrypted authorization ticket |
US5491752A (en) * | 1993-03-18 | 1996-02-13 | Digital Equipment Corporation, Patent Law Group | System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens |
US5495533A (en) * | 1994-04-29 | 1996-02-27 | International Business Machines Corporation | Personal key archive |
US5502766A (en) * | 1992-04-17 | 1996-03-26 | Secure Computing Corporation | Data enclave and trusted path system |
US5504701A (en) * | 1993-09-30 | 1996-04-02 | Toppan Printing Co., Ltd. | Memory card |
US5526233A (en) * | 1991-12-19 | 1996-06-11 | Casio Computer Co., Ltd. | Adapter for integrated circuit device, and data transmission system using the same |
US5544246A (en) * | 1993-09-17 | 1996-08-06 | At&T Corp. | Smartcard adapted for a plurality of service providers and for remote installation of same |
US5563395A (en) * | 1994-02-25 | 1996-10-08 | Fujitsu Limited | Card type storage medium and card type storage medium issuing apparatus |
US5563400A (en) * | 1993-10-06 | 1996-10-08 | Gemplus Card International | Multi-applications portable card for personal computer |
US5578808A (en) * | 1993-12-22 | 1996-11-26 | Datamark Services, Inc. | Data card that can be used for transactions involving separate card issuers |
US5602918A (en) * | 1995-12-22 | 1997-02-11 | Virtual Open Network Environment Corp. | Application level security system and method |
US5606615A (en) * | 1995-05-16 | 1997-02-25 | Lapointe; Brian K. | Computer security system |
US5613012A (en) * | 1994-11-28 | 1997-03-18 | Smarttouch, Llc. | Tokenless identification system for authorization of electronic transactions and electronic transmissions |
US5649118A (en) * | 1993-08-27 | 1997-07-15 | Lucent Technologies Inc. | Smart card with multiple charge accounts and product item tables designating the account to debit |
US5657388A (en) * | 1993-05-25 | 1997-08-12 | Security Dynamics Technologies, Inc. | Method and apparatus for utilizing a token for resource access |
US5682027A (en) * | 1992-10-26 | 1997-10-28 | Intellect Australia Pty Ltd. | System and method for performing transactions and a portable intelligent device therefore |
US5684742A (en) * | 1995-09-20 | 1997-11-04 | International Business Machines Corporation | Device and method for the simplified generation of tools for the initialization and personalization of and communication with a chip card |
US5742845A (en) * | 1995-06-22 | 1998-04-21 | Datascape, Inc. | System for extending present open network communication protocols to communicate with non-standard I/O devices directly coupled to an open network |
US5757920A (en) * | 1994-07-18 | 1998-05-26 | Microsoft Corporation | Logon certification |
US5802519A (en) * | 1994-02-08 | 1998-09-01 | Belle Gate Investment B.V. | Coherent data structure with multiple interaction contexts for a smart card |
US5805719A (en) * | 1994-11-28 | 1998-09-08 | Smarttouch | Tokenless identification of individuals |
US5815657A (en) * | 1996-04-26 | 1998-09-29 | Verifone, Inc. | System, method and article of manufacture for network electronic authorization utilizing an authorization instrument |
US5841866A (en) * | 1994-09-30 | 1998-11-24 | Microchip Technology Incorporated | Secure token integrated circuit and method of performing a secure authentication function or transaction |
US5887063A (en) * | 1995-07-28 | 1999-03-23 | Hewlett-Packard Company | Communication system for portable appliances |
US5892902A (en) * | 1996-09-05 | 1999-04-06 | Clark; Paul C. | Intelligent token protected system with network authentication |
US5897616A (en) * | 1997-06-11 | 1999-04-27 | International Business Machines Corporation | Apparatus and methods for speaker verification/identification/classification employing non-acoustic and/or acoustic models and databases |
US5901284A (en) * | 1996-06-19 | 1999-05-04 | Bellsouth Corporation | Method and system for communication access restriction |
US5917168A (en) * | 1993-06-02 | 1999-06-29 | Hewlett-Packard Company | System and method for revaluation of stored tokens in IC cards |
US5931917A (en) * | 1996-09-26 | 1999-08-03 | Verifone, Inc. | System, method and article of manufacture for a gateway system architecture with system administration information accessible from a browser |
US5944794A (en) * | 1994-09-30 | 1999-08-31 | Kabushiki Kaisha Toshiba | User identification data management scheme for networking computer systems using wide area network |
US5974504A (en) * | 1989-05-15 | 1999-10-26 | Dallas Semiconductor Corporation | Metal token having units of value stored therein using a single wire communication method |
US5987132A (en) * | 1996-06-17 | 1999-11-16 | Verifone, Inc. | System, method and article of manufacture for conditionally accepting a payment method utilizing an extensible, flexible architecture |
US5991519A (en) * | 1997-10-03 | 1999-11-23 | Atmel Corporation | Secure memory having multiple security levels |
US5991411A (en) * | 1996-10-08 | 1999-11-23 | International Business Machines Corporation | Method and means for limiting adverse use of counterfeit credit cards, access badges, electronic accounts or the like |
US5996076A (en) * | 1997-02-19 | 1999-11-30 | Verifone, Inc. | System, method and article of manufacture for secure digital certification of electronic commerce |
US6011976A (en) * | 1993-06-15 | 2000-01-04 | Celltrace Communications Limited | Telecommunications system with value added service directory and an integrated circuit module therefor |
US6016476A (en) * | 1997-08-11 | 2000-01-18 | International Business Machines Corporation | Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security |
US6023762A (en) * | 1997-07-09 | 2000-02-08 | Northern Telecom Limited | Multi-view personalized communications agent |
US6055314A (en) * | 1996-03-22 | 2000-04-25 | Microsoft Corporation | System and method for secure purchase and delivery of video content programs |
US6061796A (en) * | 1997-08-26 | 2000-05-09 | V-One Corporation | Multi-access virtual private network |
US6073242A (en) * | 1998-03-19 | 2000-06-06 | Agorics, Inc. | Electronic authority server |
US6073238A (en) * | 1996-03-29 | 2000-06-06 | Koninklijke Ptt Nederland N.V. | Method of securely loading commands in a smart card |
US6075860A (en) * | 1997-02-19 | 2000-06-13 | 3Com Corporation | Apparatus and method for authentication and encryption of a remote terminal over a wireless link |
US6101477A (en) * | 1998-01-23 | 2000-08-08 | American Express Travel Related Services Company, Inc. | Methods and apparatus for a travel-related multi-function smartcard |
US6119228A (en) * | 1997-08-22 | 2000-09-12 | Compaq Computer Corporation | Method for securely communicating remote control commands in a computer network |
US6128602A (en) * | 1997-10-27 | 2000-10-03 | Bank Of America Corporation | Open-architecture system for real-time consolidation of information from multiple financial systems |
US6147744A (en) * | 1998-12-28 | 2000-11-14 | Eastman Kodak Company | Method for archiving film unit information |
US6173400B1 (en) * | 1998-07-31 | 2001-01-09 | Sun Microsystems, Inc. | Methods and systems for establishing a shared secret using an authentication token |
US6185681B1 (en) * | 1998-05-07 | 2001-02-06 | Stephen Zizzi | Method of transparent encryption and decryption for an electronic document management system |
US6189096B1 (en) * | 1998-05-06 | 2001-02-13 | Kyberpass Corporation | User authentification using a virtual private key |
US6193163B1 (en) * | 1998-08-31 | 2001-02-27 | The Standard Register Company | Smart card with replaceable chip |
US6199762B1 (en) * | 1998-05-06 | 2001-03-13 | American Express Travel Related Services Co., Inc. | Methods and apparatus for dynamic smartcard synchronization and personalization |
US6208264B1 (en) * | 1997-05-23 | 2001-03-27 | Automated Identification Service, Inc. | Personal verification in a commercial transaction system |
US6216014B1 (en) * | 1996-05-17 | 2001-04-10 | Gemplus | Communication system for managing safely and independently a plurality of applications by each user card and corresponding user card and management method |
US6219669B1 (en) * | 1997-11-13 | 2001-04-17 | Hyperspace Communications, Inc. | File transfer system using dynamically assigned ports |
US6219439B1 (en) * | 1998-07-09 | 2001-04-17 | Paul M. Burger | Biometric authentication system |
US6220510B1 (en) * | 1997-05-15 | 2001-04-24 | Mondex International Limited | Multi-application IC card with delegation feature |
US6222933B1 (en) * | 1997-12-22 | 2001-04-24 | DEUTSCHES ZENTRUM FüR LUFT-UND RAUMFAHRT E.V. | Method of processing spotlight SAR raw data |
US6226752B1 (en) * | 1999-05-11 | 2001-05-01 | Sun Microsystems, Inc. | Method and apparatus for authenticating users |
US6253027B1 (en) * | 1996-06-17 | 2001-06-26 | Hewlett-Packard Company | System, method and article of manufacture for exchanging software and configuration data over a multichannel, extensible, flexible architecture |
US6279112B1 (en) * | 1996-10-29 | 2001-08-21 | Open Market, Inc. | Controlled transfer of information in computer networks |
US6282656B1 (en) * | 1996-12-04 | 2001-08-28 | Ynjiun Paul Wang | Electronic transaction systems and methods therefor |
US6296191B1 (en) * | 1998-09-02 | 2001-10-02 | International Business Machines Corp. | Storing data objects in a smart card memory |
US6304658B1 (en) * | 1998-01-02 | 2001-10-16 | Cryptography Research, Inc. | Leak-resistant cryptographic method and apparatus |
US6308317B1 (en) * | 1996-10-25 | 2001-10-23 | Schlumberger Technologies, Inc. | Using a high level programming language with a microcontroller |
US6367011B1 (en) * | 1997-10-14 | 2002-04-02 | Visa International Service Association | Personalization of smart cards |
US20020040936A1 (en) * | 1998-10-27 | 2002-04-11 | David C. Wentker | Delegated management of smart card applications |
US20020050528A1 (en) * | 1997-02-21 | 2002-05-02 | Mondex International Limited | Secure multi-application IC card system having selective loading and deleting capability |
US6385729B1 (en) * | 1998-05-26 | 2002-05-07 | Sun Microsystems, Inc. | Secure token device access to services provided by an internet service provider (ISP) |
US6557032B1 (en) * | 1997-06-07 | 2003-04-29 | International Business Machines Corporation | Data processing system using active tokens and method for controlling such a system |
US6629591B1 (en) * | 2001-01-12 | 2003-10-07 | Igt | Smart token |
US6754181B1 (en) * | 1996-11-18 | 2004-06-22 | Mci Communications Corporation | System and method for a directory service supporting a hybrid communication system architecture |
US6779718B1 (en) * | 1999-10-29 | 2004-08-24 | Schlumberger Systemes | Method for authenticating the result of an instruction in a token |
US20040172370A1 (en) * | 2001-03-13 | 2004-09-02 | Christophe Bidan | Verfication of access compliance of subjects with objects in a data processing system with a security policy |
US6880084B1 (en) * | 2000-09-27 | 2005-04-12 | International Business Machines Corporation | Methods, systems and computer program products for smart card product management |
US6970891B1 (en) * | 2000-11-27 | 2005-11-29 | Microsoft Corporation | Smart card with volatile memory file subsystem |
Family Cites Families (42)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5073933A (en) | 1989-12-01 | 1991-12-17 | Sun Microsystems, Inc. | X window security system |
US5263165A (en) | 1990-02-15 | 1993-11-16 | International Business Machines Corporation | System for providing user access control within a distributed data processing system having multiple resource managers |
US5263158A (en) | 1990-02-15 | 1993-11-16 | International Business Machines Corporation | Method and system for variable authority level user access control in a distributed data processing system having multiple resource manager |
DE69024638T2 (en) | 1990-05-21 | 1996-05-15 | Hewlett Packard Gmbh | Activation circuit |
US5204961A (en) | 1990-06-25 | 1993-04-20 | Digital Equipment Corporation | Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols |
US5274824A (en) | 1991-03-01 | 1993-12-28 | Bull Hn Information Systems Inc. | Keyring metaphor for user's security keys on a distributed multiprocess data system |
EP0566811A1 (en) | 1992-04-23 | 1993-10-27 | International Business Machines Corporation | Authentication method and system with a smartcard |
GB2281645A (en) | 1993-09-03 | 1995-03-08 | Ibm | Control of access to a networked system |
US5590199A (en) | 1993-10-12 | 1996-12-31 | The Mitre Corporation | Electronic information network user authentication and authorization system |
EP0767646B1 (en) | 1994-06-30 | 1999-09-08 | The Procter & Gamble Company | Fluid pervious web exhibiting a surface energy gradient |
EP0775341B1 (en) | 1994-08-09 | 1999-06-30 | Shiva Corporation | Apparatus and method for limiting access to a local computer network |
FR2752978B1 (en) | 1996-08-29 | 1999-01-08 | Tchakgarian Gerard | CLOSING METHOD, IN PARTICULAR OF OPPOSITION, OF A PLURALITY OF SERVICES, AND OPPOSITION SERVER, TERMINAL OF ACCEPTANCE AND PORTABLE DEVICES THEREOF |
FR2771205B1 (en) | 1997-11-20 | 2000-01-21 | Gemplus Card Int | METHOD, CHIP CARD AND TERMINALS FOR PERFORMING TRANSACTIONS THROUGH A TELECOMMUNICATION NETWORK |
US5969318A (en) * | 1997-11-24 | 1999-10-19 | Mackenthun; Holger | Gateway apparatus for designing and issuing multiple application cards |
FR2774190B1 (en) | 1998-01-29 | 2001-10-19 | Gemplus Card Int | SYSTEM AND METHOD FOR SECURITY MANAGEMENT OF COMPUTER APPLICATIONS |
FR2776788B1 (en) | 1998-03-24 | 2000-06-09 | Gemplus Card Int | METHOD FOR SWITCHING APPLICATIONS ON A MULTI-APPLICATION CHIP CARD |
EP0949593A2 (en) | 1998-03-30 | 1999-10-13 | Citicorp Development Center | System, method and apparatus for value exchange utilizing value-storing apparatus |
EP0949595A3 (en) | 1998-03-30 | 2001-09-26 | Citicorp Development Center, Inc. | Method and system for managing applications for a multi-function smartcard |
AUPP274098A0 (en) | 1998-04-01 | 1998-04-30 | Chip Application Technologies Limited | Data carrying device and systems for use therewith |
US6549912B1 (en) * | 1998-09-23 | 2003-04-15 | Visa International Service Association | Loyalty file structure for smart card |
FR2786901B1 (en) | 1998-12-08 | 2001-04-27 | Schlumberger Systems & Service | DEVICE AND METHOD FOR INITIALIZING AN APPLICATION PROGRAM OF AN INTEGRATED CIRCUIT CARD |
JP2002538529A (en) | 1999-02-22 | 2002-11-12 | カーズ エトセトラ プロプライエタリー リミティッド | Card, device, product and product management system |
US8498898B1 (en) | 1999-03-19 | 2013-07-30 | Citicorp Development Center, Inc. | System and method for point of use reward determination |
US6402028B1 (en) * | 1999-04-06 | 2002-06-11 | Visa International Service Association | Integrated production of smart cards |
FR2793048A1 (en) | 1999-04-29 | 2000-11-03 | Schlumberger Systems & Service | METHOD OF MANAGING CONTROLS IN SEVERAL APPLICATION FILES AND CHIP CARD FOR IMPLEMENTING THE METHOD |
US7127605B1 (en) * | 1999-05-10 | 2006-10-24 | Axalto, Inc. | Secure sharing of application methods on a microcontroller |
FI114434B (en) | 1999-05-11 | 2004-10-15 | Nokia Corp | communication equipment |
WO2000068902A1 (en) | 1999-05-11 | 2000-11-16 | Microsoft Corporation | Method and apparatus for sharing data files among runtime environment applets in an integrated circuit card |
US6594640B1 (en) * | 1999-06-23 | 2003-07-15 | Richard Postrel | System for electronic barter, trading and redeeming points accumulated in frequent use reward programs |
FR2797074B1 (en) | 1999-07-28 | 2001-10-12 | Gemplus Card Int | CHIP CARD ARCHITECTURE INCLUDING PERIPHERALS |
AUPQ268999A0 (en) | 1999-09-07 | 1999-09-30 | Keycorp Limited | Application management for multi application devices |
US6671818B1 (en) * | 1999-11-22 | 2003-12-30 | Accenture Llp | Problem isolation through translating and filtering events into a standard object format in a network based supply chain |
FR2802319B1 (en) | 1999-12-10 | 2004-10-01 | Gemplus Card Int | CAPACITY ACCESS CONTROL FOR ESPECIALLY COOPERATING APPLICATIONS IN A CHIP CARD |
US6852031B1 (en) * | 2000-11-22 | 2005-02-08 | Igt | EZ pay smart card and tickets system |
US20020040438A1 (en) * | 2000-05-05 | 2002-04-04 | Fisher David Landis | Method to securely load and manage multiple applications on a conventional file system smart card |
US7191466B1 (en) | 2000-07-25 | 2007-03-13 | Laurence Hamid | Flexible system and method of user authentication for password based system |
FR2812419B1 (en) | 2000-07-31 | 2003-01-17 | Cit Alcatel | METHOD FOR SECURING ACCESS TO A MICROPROCESSOR USER CARD |
AU2001284882A1 (en) | 2000-08-14 | 2002-02-25 | Peter H. Gien | System and method for facilitating signing by buyers in electronic commerce |
US20020029254A1 (en) | 2000-09-06 | 2002-03-07 | Davis Terry L. | Method and system for managing personal information |
FR2820847B1 (en) * | 2001-02-12 | 2003-05-30 | Gemplus Card Int | CONTROLLING ACCESS OF SUBJECTS TO OBJECTS IN PARTICULAR IN A MICROCONTROLLER CARD |
CA2446295C (en) * | 2001-05-04 | 2008-11-04 | Cubic Corporation | Smart card access control system |
US6745944B2 (en) * | 2001-06-20 | 2004-06-08 | Capital One Financial Corporation | System and method for identifying applications loaded in a smart card |
-
2003
- 2003-09-05 US US10/656,858 patent/US20040139021A1/en not_active Abandoned
- 2003-10-07 CA CA002505134A patent/CA2505134A1/en not_active Abandoned
- 2003-10-07 AU AU2003282749A patent/AU2003282749A1/en not_active Abandoned
- 2003-10-07 EP EP03774633A patent/EP1556790A4/en not_active Ceased
- 2003-10-07 WO PCT/US2003/031780 patent/WO2004034202A2/en not_active Application Discontinuation
-
2010
- 2010-03-19 US US12/727,741 patent/US8548923B2/en active Active
-
2013
- 2013-08-26 US US13/975,679 patent/US9430666B2/en active Active
Patent Citations (99)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3798605A (en) * | 1971-06-30 | 1974-03-19 | Ibm | Centralized verification system |
US4405829A (en) * | 1977-12-14 | 1983-09-20 | Massachusetts Institute Of Technology | Cryptographic communications system and method |
US4924378A (en) * | 1988-06-13 | 1990-05-08 | Prime Computer, Inc. | License mangagement system and license storage key |
US4985615A (en) * | 1988-08-26 | 1991-01-15 | Kabushiki Kaisha Toshiba | Portable electronic apparatus having key data for limiting memory access |
US5161256A (en) * | 1988-08-26 | 1992-11-03 | Kabushiki Kaisha Toshiba | Method and system for allocating file area in memory area of ic card |
US5065429A (en) * | 1989-04-03 | 1991-11-12 | Lang Gerald S | Method and apparatus for protecting material on storage media |
US5191611A (en) * | 1989-04-03 | 1993-03-02 | Lang Gerald S | Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients |
US5974504A (en) * | 1989-05-15 | 1999-10-26 | Dallas Semiconductor Corporation | Metal token having units of value stored therein using a single wire communication method |
US5048085A (en) * | 1989-10-06 | 1991-09-10 | International Business Machines Corporation | Transaction system security method and apparatus |
US5148481A (en) * | 1989-10-06 | 1992-09-15 | International Business Machines Corporation | Transaction system security method and apparatus |
US5049728A (en) * | 1990-04-04 | 1991-09-17 | Rovin George H | IC card system with removable IC modules |
US5024961A (en) * | 1990-07-09 | 1991-06-18 | Micron Technology, Inc. | Blanket punchthrough and field-isolation implant for sub-micron N-channel CMOS devices |
US5239648A (en) * | 1990-09-21 | 1993-08-24 | Kabushiki Kaisha Toshiba | Computer network capable of accessing file remotely between computer systems |
US5272754A (en) * | 1991-03-28 | 1993-12-21 | Secure Computing Corporation | Secure computer interface |
US5241599A (en) * | 1991-10-02 | 1993-08-31 | At&T Bell Laboratories | Cryptographic protocol for secure communications |
US5526233A (en) * | 1991-12-19 | 1996-06-11 | Casio Computer Co., Ltd. | Adapter for integrated circuit device, and data transmission system using the same |
US5448045A (en) * | 1992-02-26 | 1995-09-05 | Clark; Paul C. | System for protecting computers via intelligent tokens or smart cards |
US5502766A (en) * | 1992-04-17 | 1996-03-26 | Secure Computing Corporation | Data enclave and trusted path system |
US5418854A (en) * | 1992-04-28 | 1995-05-23 | Digital Equipment Corporation | Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system |
US5235642A (en) * | 1992-07-21 | 1993-08-10 | Digital Equipment Corporation | Access control subsystem and method for distributed computer system using locally cached authentication credentials |
US5682027A (en) * | 1992-10-26 | 1997-10-28 | Intellect Australia Pty Ltd. | System and method for performing transactions and a portable intelligent device therefore |
US5491752A (en) * | 1993-03-18 | 1996-02-13 | Digital Equipment Corporation, Patent Law Group | System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens |
US5657388A (en) * | 1993-05-25 | 1997-08-12 | Security Dynamics Technologies, Inc. | Method and apparatus for utilizing a token for resource access |
US5917168A (en) * | 1993-06-02 | 1999-06-29 | Hewlett-Packard Company | System and method for revaluation of stored tokens in IC cards |
US6011976A (en) * | 1993-06-15 | 2000-01-04 | Celltrace Communications Limited | Telecommunications system with value added service directory and an integrated circuit module therefor |
US5440635A (en) * | 1993-08-23 | 1995-08-08 | At&T Corp. | Cryptographic protocol for remote authentication |
US5649118A (en) * | 1993-08-27 | 1997-07-15 | Lucent Technologies Inc. | Smart card with multiple charge accounts and product item tables designating the account to debit |
US5544246A (en) * | 1993-09-17 | 1996-08-06 | At&T Corp. | Smartcard adapted for a plurality of service providers and for remote installation of same |
US5504701A (en) * | 1993-09-30 | 1996-04-02 | Toppan Printing Co., Ltd. | Memory card |
US5563400A (en) * | 1993-10-06 | 1996-10-08 | Gemplus Card International | Multi-applications portable card for personal computer |
US5455953A (en) * | 1993-11-03 | 1995-10-03 | Wang Laboratories, Inc. | Authorization system for obtaining in single step both identification and access rights of client to server directly from encrypted authorization ticket |
US5578808A (en) * | 1993-12-22 | 1996-11-26 | Datamark Services, Inc. | Data card that can be used for transactions involving separate card issuers |
US5802519A (en) * | 1994-02-08 | 1998-09-01 | Belle Gate Investment B.V. | Coherent data structure with multiple interaction contexts for a smart card |
US5563395A (en) * | 1994-02-25 | 1996-10-08 | Fujitsu Limited | Card type storage medium and card type storage medium issuing apparatus |
US5495533A (en) * | 1994-04-29 | 1996-02-27 | International Business Machines Corporation | Personal key archive |
US5416842A (en) * | 1994-06-10 | 1995-05-16 | Sun Microsystems, Inc. | Method and apparatus for key-management scheme for use with internet protocols at site firewalls |
US5757920A (en) * | 1994-07-18 | 1998-05-26 | Microsoft Corporation | Logon certification |
US5944794A (en) * | 1994-09-30 | 1999-08-31 | Kabushiki Kaisha Toshiba | User identification data management scheme for networking computer systems using wide area network |
US5841866A (en) * | 1994-09-30 | 1998-11-24 | Microchip Technology Incorporated | Secure token integrated circuit and method of performing a secure authentication function or transaction |
US5805719A (en) * | 1994-11-28 | 1998-09-08 | Smarttouch | Tokenless identification of individuals |
US5613012A (en) * | 1994-11-28 | 1997-03-18 | Smarttouch, Llc. | Tokenless identification system for authorization of electronic transactions and electronic transmissions |
US5838812A (en) * | 1994-11-28 | 1998-11-17 | Smarttouch, Llc | Tokenless biometric transaction authorization system |
US5606615A (en) * | 1995-05-16 | 1997-02-25 | Lapointe; Brian K. | Computer security system |
US5905908A (en) * | 1995-06-22 | 1999-05-18 | Datascape, Inc. | Open network system for I/O operations with non-standard I/O devices utilizing extended protocol including device identifier and identifier for operation to be performed with device |
US5898838A (en) * | 1995-06-22 | 1999-04-27 | Datascape, Inc. | Editor for developing statements to support i/o operation on open network using segregator for segregating protocol statements from application statements upon verification of correspondence |
US5742845A (en) * | 1995-06-22 | 1998-04-21 | Datascape, Inc. | System for extending present open network communication protocols to communicate with non-standard I/O devices directly coupled to an open network |
US5887063A (en) * | 1995-07-28 | 1999-03-23 | Hewlett-Packard Company | Communication system for portable appliances |
US5684742A (en) * | 1995-09-20 | 1997-11-04 | International Business Machines Corporation | Device and method for the simplified generation of tools for the initialization and personalization of and communication with a chip card |
US5602918A (en) * | 1995-12-22 | 1997-02-11 | Virtual Open Network Environment Corp. | Application level security system and method |
US6055314A (en) * | 1996-03-22 | 2000-04-25 | Microsoft Corporation | System and method for secure purchase and delivery of video content programs |
US6073238A (en) * | 1996-03-29 | 2000-06-06 | Koninklijke Ptt Nederland N.V. | Method of securely loading commands in a smart card |
US5815657A (en) * | 1996-04-26 | 1998-09-29 | Verifone, Inc. | System, method and article of manufacture for network electronic authorization utilizing an authorization instrument |
US6216014B1 (en) * | 1996-05-17 | 2001-04-10 | Gemplus | Communication system for managing safely and independently a plurality of applications by each user card and corresponding user card and management method |
US5987132A (en) * | 1996-06-17 | 1999-11-16 | Verifone, Inc. | System, method and article of manufacture for conditionally accepting a payment method utilizing an extensible, flexible architecture |
US6253027B1 (en) * | 1996-06-17 | 2001-06-26 | Hewlett-Packard Company | System, method and article of manufacture for exchanging software and configuration data over a multichannel, extensible, flexible architecture |
US5901284A (en) * | 1996-06-19 | 1999-05-04 | Bellsouth Corporation | Method and system for communication access restriction |
US5892902A (en) * | 1996-09-05 | 1999-04-06 | Clark; Paul C. | Intelligent token protected system with network authentication |
US5931917A (en) * | 1996-09-26 | 1999-08-03 | Verifone, Inc. | System, method and article of manufacture for a gateway system architecture with system administration information accessible from a browser |
US5991411A (en) * | 1996-10-08 | 1999-11-23 | International Business Machines Corporation | Method and means for limiting adverse use of counterfeit credit cards, access badges, electronic accounts or the like |
US6308317B1 (en) * | 1996-10-25 | 2001-10-23 | Schlumberger Technologies, Inc. | Using a high level programming language with a microcontroller |
US6279112B1 (en) * | 1996-10-29 | 2001-08-21 | Open Market, Inc. | Controlled transfer of information in computer networks |
US6754181B1 (en) * | 1996-11-18 | 2004-06-22 | Mci Communications Corporation | System and method for a directory service supporting a hybrid communication system architecture |
US6282656B1 (en) * | 1996-12-04 | 2001-08-28 | Ynjiun Paul Wang | Electronic transaction systems and methods therefor |
US5996076A (en) * | 1997-02-19 | 1999-11-30 | Verifone, Inc. | System, method and article of manufacture for secure digital certification of electronic commerce |
US6075860A (en) * | 1997-02-19 | 2000-06-13 | 3Com Corporation | Apparatus and method for authentication and encryption of a remote terminal over a wireless link |
US20020050528A1 (en) * | 1997-02-21 | 2002-05-02 | Mondex International Limited | Secure multi-application IC card system having selective loading and deleting capability |
US6220510B1 (en) * | 1997-05-15 | 2001-04-24 | Mondex International Limited | Multi-application IC card with delegation feature |
US6208264B1 (en) * | 1997-05-23 | 2001-03-27 | Automated Identification Service, Inc. | Personal verification in a commercial transaction system |
US6557032B1 (en) * | 1997-06-07 | 2003-04-29 | International Business Machines Corporation | Data processing system using active tokens and method for controlling such a system |
US5897616A (en) * | 1997-06-11 | 1999-04-27 | International Business Machines Corporation | Apparatus and methods for speaker verification/identification/classification employing non-acoustic and/or acoustic models and databases |
US6023762A (en) * | 1997-07-09 | 2000-02-08 | Northern Telecom Limited | Multi-view personalized communications agent |
US6016476A (en) * | 1997-08-11 | 2000-01-18 | International Business Machines Corporation | Portable information and transaction processing system and method utilizing biometric authorization and digital certificate security |
US6119228A (en) * | 1997-08-22 | 2000-09-12 | Compaq Computer Corporation | Method for securely communicating remote control commands in a computer network |
US6061796A (en) * | 1997-08-26 | 2000-05-09 | V-One Corporation | Multi-access virtual private network |
US5991519A (en) * | 1997-10-03 | 1999-11-23 | Atmel Corporation | Secure memory having multiple security levels |
US6367011B1 (en) * | 1997-10-14 | 2002-04-02 | Visa International Service Association | Personalization of smart cards |
US6128602A (en) * | 1997-10-27 | 2000-10-03 | Bank Of America Corporation | Open-architecture system for real-time consolidation of information from multiple financial systems |
US6219669B1 (en) * | 1997-11-13 | 2001-04-17 | Hyperspace Communications, Inc. | File transfer system using dynamically assigned ports |
US6222933B1 (en) * | 1997-12-22 | 2001-04-24 | DEUTSCHES ZENTRUM FüR LUFT-UND RAUMFAHRT E.V. | Method of processing spotlight SAR raw data |
US6304658B1 (en) * | 1998-01-02 | 2001-10-16 | Cryptography Research, Inc. | Leak-resistant cryptographic method and apparatus |
US6101477A (en) * | 1998-01-23 | 2000-08-08 | American Express Travel Related Services Company, Inc. | Methods and apparatus for a travel-related multi-function smartcard |
US6073242A (en) * | 1998-03-19 | 2000-06-06 | Agorics, Inc. | Electronic authority server |
US6199762B1 (en) * | 1998-05-06 | 2001-03-13 | American Express Travel Related Services Co., Inc. | Methods and apparatus for dynamic smartcard synchronization and personalization |
US6189096B1 (en) * | 1998-05-06 | 2001-02-13 | Kyberpass Corporation | User authentification using a virtual private key |
US6185681B1 (en) * | 1998-05-07 | 2001-02-06 | Stephen Zizzi | Method of transparent encryption and decryption for an electronic document management system |
US6385729B1 (en) * | 1998-05-26 | 2002-05-07 | Sun Microsystems, Inc. | Secure token device access to services provided by an internet service provider (ISP) |
US6219439B1 (en) * | 1998-07-09 | 2001-04-17 | Paul M. Burger | Biometric authentication system |
US6173400B1 (en) * | 1998-07-31 | 2001-01-09 | Sun Microsystems, Inc. | Methods and systems for establishing a shared secret using an authentication token |
US6193163B1 (en) * | 1998-08-31 | 2001-02-27 | The Standard Register Company | Smart card with replaceable chip |
US6296191B1 (en) * | 1998-09-02 | 2001-10-02 | International Business Machines Corp. | Storing data objects in a smart card memory |
US20020040936A1 (en) * | 1998-10-27 | 2002-04-11 | David C. Wentker | Delegated management of smart card applications |
US6481632B2 (en) * | 1998-10-27 | 2002-11-19 | Visa International Service Association | Delegated management of smart card applications |
US6147744A (en) * | 1998-12-28 | 2000-11-14 | Eastman Kodak Company | Method for archiving film unit information |
US6226752B1 (en) * | 1999-05-11 | 2001-05-01 | Sun Microsystems, Inc. | Method and apparatus for authenticating users |
US6779718B1 (en) * | 1999-10-29 | 2004-08-24 | Schlumberger Systemes | Method for authenticating the result of an instruction in a token |
US6880084B1 (en) * | 2000-09-27 | 2005-04-12 | International Business Machines Corporation | Methods, systems and computer program products for smart card product management |
US6970891B1 (en) * | 2000-11-27 | 2005-11-29 | Microsoft Corporation | Smart card with volatile memory file subsystem |
US6629591B1 (en) * | 2001-01-12 | 2003-10-07 | Igt | Smart token |
US20040172370A1 (en) * | 2001-03-13 | 2004-09-02 | Christophe Bidan | Verfication of access compliance of subjects with objects in a data processing system with a security policy |
Cited By (240)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7837116B2 (en) | 1999-09-07 | 2010-11-23 | American Express Travel Related Services Company, Inc. | Transaction card |
US8191788B2 (en) | 1999-09-07 | 2012-06-05 | American Express Travel Related Services Company, Inc. | Transaction card |
USRE43460E1 (en) | 2000-01-21 | 2012-06-12 | Xatra Fund Mx, Llc | Public/private dual card system and method |
US8818907B2 (en) | 2000-03-07 | 2014-08-26 | Xatra Fund Mx, Llc | Limiting access to account information during a radio frequency transaction |
US7835960B2 (en) | 2000-03-07 | 2010-11-16 | American Express Travel Related Services Company, Inc. | System for facilitating a transaction |
US7725427B2 (en) | 2001-05-25 | 2010-05-25 | Fred Bishop | Recurrent billing maintenance with radio frequency payment devices |
US7650314B1 (en) | 2001-05-25 | 2010-01-19 | American Express Travel Related Services Company, Inc. | System and method for securing a recurrent billing transaction |
US8001054B1 (en) | 2001-07-10 | 2011-08-16 | American Express Travel Related Services Company, Inc. | System and method for generating an unpredictable number using a seeded algorithm |
US7694876B2 (en) | 2001-07-10 | 2010-04-13 | American Express Travel Related Services Company, Inc. | Method and system for tracking user performance |
US7827106B2 (en) | 2001-07-10 | 2010-11-02 | American Express Travel Related Services Company, Inc. | System and method for manufacturing a punch-out RFID transaction device |
US7814332B2 (en) | 2001-07-10 | 2010-10-12 | Blayn W Beenau | Voiceprint biometrics on a payment device |
US7805378B2 (en) | 2001-07-10 | 2010-09-28 | American Express Travel Related Servicex Company, Inc. | System and method for encoding information in magnetic stripe format for use in radio frequency identification transactions |
US7768379B2 (en) | 2001-07-10 | 2010-08-03 | American Express Travel Related Services Company, Inc. | Method and system for a travel-related multi-function fob |
US7762457B2 (en) | 2001-07-10 | 2010-07-27 | American Express Travel Related Services Company, Inc. | System and method for dynamic fob synchronization and personalization |
US7746215B1 (en) | 2001-07-10 | 2010-06-29 | Fred Bishop | RF transactions using a wireless reader grid |
US10839388B2 (en) | 2001-07-10 | 2020-11-17 | Liberty Peak Ventures, Llc | Funding a radio frequency device transaction |
US7886157B2 (en) | 2001-07-10 | 2011-02-08 | Xatra Fund Mx, Llc | Hand geometry recognition biometrics on a fob |
US8294552B2 (en) | 2001-07-10 | 2012-10-23 | Xatra Fund Mx, Llc | Facial scan biometrics on a payment device |
US7925535B2 (en) | 2001-07-10 | 2011-04-12 | American Express Travel Related Services Company, Inc. | System and method for securing RF transactions using a radio frequency identification device including a random number generator |
US7988038B2 (en) | 2001-07-10 | 2011-08-02 | Xatra Fund Mx, Llc | System for biometric security using a fob |
USRE45615E1 (en) | 2001-07-10 | 2015-07-14 | Xatra Fund Mx, Llc | RF transaction device |
US9454752B2 (en) | 2001-07-10 | 2016-09-27 | Chartoleaux Kg Limited Liability Company | Reload protocol at a transaction processing entity |
US9031880B2 (en) | 2001-07-10 | 2015-05-12 | Iii Holdings 1, Llc | Systems and methods for non-traditional payment using biometric data |
US7996324B2 (en) | 2001-07-10 | 2011-08-09 | American Express Travel Related Services Company, Inc. | Systems and methods for managing multiple accounts on a RF transaction device using secondary identification indicia |
US9024719B1 (en) | 2001-07-10 | 2015-05-05 | Xatra Fund Mx, Llc | RF transaction system and method for storing user personal data |
US8960535B2 (en) | 2001-07-10 | 2015-02-24 | Iii Holdings 1, Llc | Method and system for resource management and evaluation |
US8872619B2 (en) | 2001-07-10 | 2014-10-28 | Xatra Fund Mx, Llc | Securing a transaction between a transponder and a reader |
US7705732B2 (en) | 2001-07-10 | 2010-04-27 | Fred Bishop | Authenticating an RF transaction using a transaction counter |
US7690577B2 (en) | 2001-07-10 | 2010-04-06 | Blayn W Beenau | Registering a biometric for radio frequency transactions |
US9881294B2 (en) | 2001-07-10 | 2018-01-30 | Chartoleaux Kg Limited Liability Company | RF payment via a mobile device |
US7668750B2 (en) | 2001-07-10 | 2010-02-23 | David S Bonalle | Securing RF transactions using a transactions counter |
US9886692B2 (en) | 2001-07-10 | 2018-02-06 | Chartoleaux Kg Limited Liability Company | Securing a transaction between a transponder and a reader |
US8635131B1 (en) | 2001-07-10 | 2014-01-21 | American Express Travel Related Services Company, Inc. | System and method for managing a transaction protocol |
US8074889B2 (en) | 2001-07-10 | 2011-12-13 | Xatra Fund Mx, Llc | System for biometric security using a fob |
US8548927B2 (en) | 2001-07-10 | 2013-10-01 | Xatra Fund Mx, Llc | Biometric registration for facilitating an RF transaction |
US20090091426A1 (en) * | 2001-07-10 | 2009-04-09 | American Express Travel Related Services Company, Inc. | Method and system for tracking user performance |
US8538863B1 (en) | 2001-07-10 | 2013-09-17 | American Express Travel Related Services Company, Inc. | System and method for facilitating a transaction using a revolving use account associated with a primary account |
US8266056B2 (en) | 2001-07-10 | 2012-09-11 | American Express Travel Related Services Company, Inc. | System and method for manufacturing a punch-out RFID transaction device |
US8279042B2 (en) | 2001-07-10 | 2012-10-02 | Xatra Fund Mx, Llc | Iris scan biometrics on a payment device |
US8284025B2 (en) | 2001-07-10 | 2012-10-09 | Xatra Fund Mx, Llc | Method and system for auditory recognition biometrics on a FOB |
US8289136B2 (en) | 2001-07-10 | 2012-10-16 | Xatra Fund Mx, Llc | Hand geometry biometrics on a payment device |
US7889052B2 (en) | 2001-07-10 | 2011-02-15 | Xatra Fund Mx, Llc | Authorizing payment subsequent to RF transactions |
US9336634B2 (en) | 2001-07-10 | 2016-05-10 | Chartoleaux Kg Limited Liability Company | Hand geometry biometrics on a payment device |
US8543423B2 (en) | 2002-07-16 | 2013-09-24 | American Express Travel Related Services Company, Inc. | Method and apparatus for enrolling with multiple transaction environments |
USRE43157E1 (en) | 2002-09-12 | 2012-02-07 | Xatra Fund Mx, Llc | System and method for reassociating an account number to another transaction account |
US20050036611A1 (en) * | 2003-03-31 | 2005-02-17 | Visa U.S.A., Inc. | Method and system for secure authentication |
US20100217999A1 (en) * | 2003-03-31 | 2010-08-26 | Seaton Jr Robert W | Method and system for secure authentication |
US7702916B2 (en) | 2003-03-31 | 2010-04-20 | Visa U.S.A. Inc. | Method and system for secure authentication |
US8359474B2 (en) | 2003-03-31 | 2013-01-22 | Visa U.S.A. Inc. | Method and system for secure authentication |
US8429041B2 (en) | 2003-05-09 | 2013-04-23 | American Express Travel Related Services Company, Inc. | Systems and methods for managing account information lifecycles |
US7793845B2 (en) | 2004-07-01 | 2010-09-14 | American Express Travel Related Services Company, Inc. | Smartcard transaction system and method |
US8016191B2 (en) | 2004-07-01 | 2011-09-13 | American Express Travel Related Services Company, Inc. | Smartcard transaction system and method |
WO2006033727A3 (en) * | 2004-08-17 | 2007-01-25 | Mastercard International Inc | Compliance assessment and security testing of smart cards |
US20060047727A1 (en) * | 2004-08-30 | 2006-03-02 | Karp Alan H | Method of accessing a file for editing with an application having limited access permissions |
US20060047954A1 (en) * | 2004-08-30 | 2006-03-02 | Axalto Inc. | Data access security implementation using the public key mechanism |
CN102981980A (en) * | 2004-12-21 | 2013-03-20 | 桑迪士克股份有限公司 | Method for control access in storage device |
US20060242067A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | System for creating control structure for versatile content control |
US8601283B2 (en) | 2004-12-21 | 2013-12-03 | Sandisk Technologies Inc. | Method for versatile content control with partitioning |
US8051052B2 (en) * | 2004-12-21 | 2011-11-01 | Sandisk Technologies Inc. | Method for creating control structure for versatile content control |
US20060242150A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Method using control structure for versatile content control |
WO2006069312A2 (en) * | 2004-12-21 | 2006-06-29 | Sandisk Corporation | System for creating control structure for versatile content control |
US20100077214A1 (en) * | 2004-12-21 | 2010-03-25 | Fabrice Jogand-Coulomb | Host Device and Method for Protecting Data Stored in a Storage Device |
WO2006069311A2 (en) * | 2004-12-21 | 2006-06-29 | Sandisk Corporation | Control structure for versatile content control and method using structure |
US20060242064A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Method for creating control structure for versatile content control |
KR101213118B1 (en) | 2004-12-21 | 2012-12-24 | 디스크레틱스 테크놀로지스 엘티디. | Memory System with versatile content control |
US20060242151A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Control structure for versatile content control |
US20060242068A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Method forversatile content control |
US8504849B2 (en) | 2004-12-21 | 2013-08-06 | Sandisk Technologies Inc. | Method for versatile content control |
US20060242065A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Method for versatile content control with partitioning |
WO2006069312A3 (en) * | 2004-12-21 | 2006-11-09 | Sandisk Corp | System for creating control structure for versatile content control |
JP4857284B2 (en) * | 2004-12-21 | 2012-01-18 | サンディスク コーポレーション | Control structure generation system for multi-purpose content control |
EP2189922A3 (en) * | 2004-12-21 | 2010-06-02 | Sandisk Corporation | Memory system with versatile content control |
JP2008524758A (en) * | 2004-12-21 | 2008-07-10 | サンディスク コーポレーション | Control structure generation system for multi-purpose content control |
US20060242066A1 (en) * | 2004-12-21 | 2006-10-26 | Fabrice Jogand-Coulomb | Versatile content control with partitioning |
WO2006069194A3 (en) * | 2004-12-21 | 2006-11-23 | Sandisk Corp | Memory system with versatile content control |
WO2006069311A3 (en) * | 2004-12-21 | 2006-11-16 | Sandisk Corp | Control structure for versatile content control and method using structure |
WO2006066604A1 (en) * | 2004-12-22 | 2006-06-29 | Telecom Italia S.P.A. | Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor |
US8789195B2 (en) | 2004-12-22 | 2014-07-22 | Telecom Italia S.P.A. | Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor |
US20070188183A1 (en) * | 2005-02-07 | 2007-08-16 | Micky Holtzman | Secure memory card with life cycle phases |
US8321686B2 (en) | 2005-02-07 | 2012-11-27 | Sandisk Technologies Inc. | Secure memory card with life cycle phases |
US8423788B2 (en) | 2005-02-07 | 2013-04-16 | Sandisk Technologies Inc. | Secure memory card with life cycle phases |
US20060177064A1 (en) * | 2005-02-07 | 2006-08-10 | Micky Holtzman | Secure memory card with life cycle phases |
US20060176068A1 (en) * | 2005-02-07 | 2006-08-10 | Micky Holtzman | Methods used in a secure memory card with life cycle phases |
US8108691B2 (en) | 2005-02-07 | 2012-01-31 | Sandisk Technologies Inc. | Methods used in a secure memory card with life cycle phases |
US20080163247A1 (en) * | 2005-02-17 | 2008-07-03 | Koninklijke Philips Electronics, N.V. | Device and a Method of Operating a Device |
US8719840B2 (en) * | 2005-02-17 | 2014-05-06 | Koninklijke Philips N.V. | Device for secure interprocess communication |
US8427317B2 (en) | 2005-06-24 | 2013-04-23 | Visa U.S.A. | Apparatus and method to electromagnetically shield portable consumer devices |
US20090146814A1 (en) * | 2005-06-24 | 2009-06-11 | Ayman Hammad | Apparatus and method to electromagnetically shield portable consumer devices |
US20060290501A1 (en) * | 2005-06-24 | 2006-12-28 | Visa U.S.A., Inc. | Apparatus and method to electromagnetically shield portable consumer devices |
US9704087B2 (en) | 2005-06-24 | 2017-07-11 | Visa Usa Inc. | Apparatus and method to electromagnetically shield portable consumer devices |
US20090088229A1 (en) * | 2005-06-24 | 2009-04-02 | Ayman Hammad | Apparatus and method to electromagnetically shield portable consumer devices |
US7482925B2 (en) | 2005-06-24 | 2009-01-27 | Visa U.S.A. | Apparatus and method to electromagnetically shield portable consumer devices |
US7748031B2 (en) | 2005-07-08 | 2010-06-29 | Sandisk Corporation | Mass storage device with automated credentials loading |
US8220039B2 (en) | 2005-07-08 | 2012-07-10 | Sandisk Technologies Inc. | Mass storage device with automated credentials loading |
US7743409B2 (en) | 2005-07-08 | 2010-06-22 | Sandisk Corporation | Methods used in a mass storage device with automated credentials loading |
US20070043667A1 (en) * | 2005-09-08 | 2007-02-22 | Bahman Qawami | Method for secure storage and delivery of media content |
US20100138673A1 (en) * | 2005-09-08 | 2010-06-03 | Fabrice Jogand-Coulomb | Method for Secure Storage and Delivery of Media Content |
US20100131774A1 (en) * | 2005-09-08 | 2010-05-27 | Fabrice Jogand-Coulomb | Method for Secure Storage and Delivery of Media Content |
US20070056042A1 (en) * | 2005-09-08 | 2007-03-08 | Bahman Qawami | Mobile memory system for secure storage and delivery of media content |
US8966284B2 (en) | 2005-09-14 | 2015-02-24 | Sandisk Technologies Inc. | Hardware driver integrity check of memory card controller firmware |
US20070061597A1 (en) * | 2005-09-14 | 2007-03-15 | Micky Holtzman | Secure yet flexible system architecture for secure devices with flash mass storage memory |
US7934049B2 (en) | 2005-09-14 | 2011-04-26 | Sandisk Corporation | Methods used in a secure yet flexible system architecture for secure devices with flash mass storage memory |
US9658735B2 (en) | 2006-03-30 | 2017-05-23 | Pegasystems Inc. | Methods and apparatus for user interface optimization |
US10838569B2 (en) | 2006-03-30 | 2020-11-17 | Pegasystems Inc. | Method and apparatus for user interface non-conformance detection and correction |
US20080022395A1 (en) * | 2006-07-07 | 2008-01-24 | Michael Holtzman | System for Controlling Information Supplied From Memory Device |
US8639939B2 (en) | 2006-07-07 | 2014-01-28 | Sandisk Technologies Inc. | Control method using identity objects |
US20080010685A1 (en) * | 2006-07-07 | 2008-01-10 | Michael Holtzman | Content Control Method Using Versatile Control Structure |
US8140843B2 (en) | 2006-07-07 | 2012-03-20 | Sandisk Technologies Inc. | Content control method using certificate chains |
US8245031B2 (en) | 2006-07-07 | 2012-08-14 | Sandisk Technologies Inc. | Content control method using certificate revocation lists |
US8613103B2 (en) * | 2006-07-07 | 2013-12-17 | Sandisk Technologies Inc. | Content control method using versatile control structure |
US20080010455A1 (en) * | 2006-07-07 | 2008-01-10 | Michael Holtzman | Control Method Using Identity Objects |
US20080022413A1 (en) * | 2006-07-07 | 2008-01-24 | Michael Holtzman | Method for Controlling Information Supplied from Memory Device |
US20080010450A1 (en) * | 2006-07-07 | 2008-01-10 | Michael Holtzman | Content Control Method Using Certificate Chains |
US20100138652A1 (en) * | 2006-07-07 | 2010-06-03 | Rotem Sela | Content control method using certificate revocation lists |
US20080010458A1 (en) * | 2006-07-07 | 2008-01-10 | Michael Holtzman | Control System Using Identity Objects |
US8266711B2 (en) * | 2006-07-07 | 2012-09-11 | Sandisk Technologies Inc. | Method for controlling information supplied from memory device |
US20080052524A1 (en) * | 2006-08-24 | 2008-02-28 | Yoram Cedar | Reader for one time password generating device |
US20080072058A1 (en) * | 2006-08-24 | 2008-03-20 | Yoram Cedar | Methods in a reader for one time password generating device |
US9495672B2 (en) | 2006-09-28 | 2016-11-15 | Visa U.S.A. Inc. | Mobile device containing contactless payment card used in transit fare collection |
US8376227B2 (en) | 2006-09-28 | 2013-02-19 | Ayman Hammad | Smart sign mobile transit fare payment |
US8827156B2 (en) | 2006-09-28 | 2014-09-09 | Visa U.S.A. Inc. | Mobile payment device |
US8523069B2 (en) | 2006-09-28 | 2013-09-03 | Visa U.S.A. Inc. | Mobile transit fare payment |
US20080116264A1 (en) * | 2006-09-28 | 2008-05-22 | Ayman Hammad | Mobile transit fare payment |
US9373115B2 (en) | 2006-09-28 | 2016-06-21 | Visa U.S.A. Inc. | Contactless prepaid product for transit fare collection |
US9213977B2 (en) | 2006-09-28 | 2015-12-15 | Visa U.S.A. Inc. | Authentication of a data card using a transit verification value |
US10692071B2 (en) | 2006-09-28 | 2020-06-23 | Visa U.S.A. Inc. | Mobile device containing contactless payment device |
US10346837B2 (en) | 2006-11-16 | 2019-07-09 | Visa U.S.A. Inc. | Adaptive authentication options |
US20080120214A1 (en) * | 2006-11-16 | 2008-05-22 | Kim Steele | Adaptive authentication options |
US8504451B2 (en) | 2006-11-16 | 2013-08-06 | Visa U.S.A. Inc. | Method and system using candidate dynamic data elements |
US9940621B2 (en) | 2006-11-16 | 2018-04-10 | Visa U.S.A. Inc. | Method and system using candidate dynamic data elements |
US20080120236A1 (en) * | 2006-11-16 | 2008-05-22 | Patrick Faith | Dynamic magnetic stripe |
US10748147B2 (en) | 2006-11-16 | 2020-08-18 | Visa U.S.A. Inc. | Adaptive authentication options |
US10108957B2 (en) | 2006-11-17 | 2018-10-23 | Visa International Service Association | Method and system for using payment history for conducting commercial transactions |
US8175961B2 (en) | 2006-11-17 | 2012-05-08 | Visa International Service Association | Method and system for using payment history for conducting commercial transactions |
US20080120218A1 (en) * | 2006-11-17 | 2008-05-22 | William Reid | Method and system for using payment history for conducting commercial transactions |
US20090239512A1 (en) * | 2006-12-04 | 2009-09-24 | Ayman Hammad | Mobile phone containing contactless payment card used in transit fare collection |
US8733663B2 (en) | 2006-12-04 | 2014-05-27 | Visa U.S.A. Inc. | Mobile phone containing contactless payment card used in transit fare collection |
US20080128513A1 (en) * | 2006-12-04 | 2008-06-05 | Ayman Hammad | Bank issued contactless payment card used in transit fare collection |
US8688554B2 (en) | 2006-12-04 | 2014-04-01 | Visa U.S.A. Inc. | Bank issued contactless payment card used in transit fare collection |
US7527208B2 (en) | 2006-12-04 | 2009-05-05 | Visa U.S.A. Inc. | Bank issued contactless payment card used in transit fare collection |
US8645971B2 (en) | 2006-12-26 | 2014-02-04 | Visa U.S.A. Inc. | Real-time balance updates |
US9940627B2 (en) | 2006-12-26 | 2018-04-10 | Visa U.S.A. Inc. | Mobile coupon method and system |
US8615426B2 (en) | 2006-12-26 | 2013-12-24 | Visa U.S.A. Inc. | Coupon offers from multiple entities |
US8903734B2 (en) | 2006-12-26 | 2014-12-02 | Visa U.S.A. Inc. | Coupon offers from multiple entities |
US8423794B2 (en) | 2006-12-28 | 2013-04-16 | Sandisk Technologies Inc. | Method and apparatus for upgrading a memory card that has security mechanisms for preventing copying of secure content and applications |
US20080162947A1 (en) * | 2006-12-28 | 2008-07-03 | Michael Holtzman | Methods of upgrading a memory card that has security mechanisms that prevent copying of secure content and applications |
US10057085B2 (en) | 2007-01-09 | 2018-08-21 | Visa U.S.A. Inc. | Contactless transaction |
US11195166B2 (en) | 2007-01-09 | 2021-12-07 | Visa U.S.A. Inc. | Mobile payment management |
US8923827B2 (en) | 2007-01-09 | 2014-12-30 | Visa U.S.A. Inc. | Mobile payment management |
US10387868B2 (en) | 2007-01-09 | 2019-08-20 | Visa U.S.A. Inc. | Mobile payment management |
US8346639B2 (en) | 2007-02-28 | 2013-01-01 | Visa U.S.A. Inc. | Authentication of a data card using a transit verification value |
US20080203170A1 (en) * | 2007-02-28 | 2008-08-28 | Visa U.S.A. Inc. | Fraud prevention for transit fare collection |
US20080203152A1 (en) * | 2007-02-28 | 2008-08-28 | Visa U.S.A. Inc. | Authentication of a data card using a transit verification value |
US8712892B2 (en) | 2007-02-28 | 2014-04-29 | Visa U.S.A. Inc. | Verification of a portable consumer device in an offline environment |
US8386349B2 (en) | 2007-02-28 | 2013-02-26 | Visa U.S.A. Inc. | Verification of a portable consumer device in an offline environment |
US8700513B2 (en) | 2007-02-28 | 2014-04-15 | Visa U.S.A. Inc. | Authentication of a data card using a transit verification value |
US8290832B2 (en) | 2007-06-04 | 2012-10-16 | Visa U.S.A. Inc. | Method and system for handling returned prepaid payment cards |
US7809637B2 (en) | 2007-06-04 | 2010-10-05 | Visa U.S.A. Inc. | Portability of financial tokens |
US7860790B2 (en) | 2007-06-04 | 2010-12-28 | Visa U.S.A. Inc. | Systems and methods for automatic migration of a consumer between financial accounts |
US20100332382A1 (en) * | 2007-06-04 | 2010-12-30 | Monk Justin T | Portability of financial tokens |
US20080301048A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | Portability of financial tokens |
US20080298569A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | Prepaid negative balance fee processing and fee diversion |
US20080300895A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | Method and system for handling returned payment card account statements |
US20110125634A1 (en) * | 2007-06-04 | 2011-05-26 | Monk Justin T | Systems and methods for automatic migration of a consumer between financial accounts |
US20080301011A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | Method and system for handling returned prepaid payment cards |
US8165938B2 (en) | 2007-06-04 | 2012-04-24 | Visa U.S.A. Inc. | Prepaid card fraud and risk management |
US20100070424A1 (en) * | 2007-06-04 | 2010-03-18 | Monk Justin T | System, apparatus and methods for comparing fraud parameters for application during prepaid card enrollment and transactions |
US8788382B2 (en) | 2007-06-04 | 2014-07-22 | Visa U.S.A. Inc. | Systems and methods for automatic migration of a consumer between financial accounts |
US20080301019A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | Prepaid card fraud and risk management |
US20080301037A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | Systems and methods for automatic migration of a consumer between financial accounts |
US8589285B2 (en) | 2007-06-04 | 2013-11-19 | Visa U.S.A. Inc. | System, apparatus and methods for comparing fraud parameters for application during prepaid card enrollment and transactions |
US20080298573A1 (en) * | 2007-06-04 | 2008-12-04 | Monk Justin T | System, apparatus and methods for comparing fraud parameters for application during prepaid card enrollment and transactions |
US7627522B2 (en) | 2007-06-04 | 2009-12-01 | Visa U.S.A. Inc. | System, apparatus and methods for comparing fraud parameters for application during prepaid card enrollment and transactions |
US8146806B2 (en) | 2007-06-04 | 2012-04-03 | Visa U.S.A. Inc. | Prepaid negative balance fee processing and fee diversion |
US20080303632A1 (en) * | 2007-06-11 | 2008-12-11 | Ayman Hammad | Shielding of portable consumer device |
US8604995B2 (en) | 2007-06-11 | 2013-12-10 | Visa U.S.A. Inc. | Shielding of portable consumer device |
US8452257B2 (en) | 2007-09-26 | 2013-05-28 | Visa U.S.A., Inc | Real-time balance on a mobile phone |
US8170527B2 (en) | 2007-09-26 | 2012-05-01 | Visa U.S.A. Inc. | Real-time balance on a mobile phone |
US8950680B2 (en) | 2007-11-28 | 2015-02-10 | Visa U.S.A. Inc. | Multifunction removable cover for portable payment device |
US20090134218A1 (en) * | 2007-11-28 | 2009-05-28 | Ryan Yuzon | Multifunction removable cover for portable payment device |
US8038068B2 (en) | 2007-11-28 | 2011-10-18 | Visa U.S.A. Inc. | Multifunction removable cover for portable payment device |
US20090164789A1 (en) * | 2007-12-21 | 2009-06-25 | Spansion Llc | Authenticated memory and controller slave |
US9767303B2 (en) | 2007-12-21 | 2017-09-19 | Monterey Research, Llc | Authenticated memory and controller slave |
US8694776B2 (en) * | 2007-12-21 | 2014-04-08 | Spansion Llc | Authenticated memory and controller slave |
US8738485B2 (en) | 2007-12-28 | 2014-05-27 | Visa U.S.A. Inc. | Contactless prepaid product for transit fare collection |
US9715709B2 (en) | 2008-05-09 | 2017-07-25 | Visa International Services Association | Communication device including multi-part alias identifier |
US10304127B2 (en) | 2008-05-09 | 2019-05-28 | Visa International Service Association | Communication device including multi-part alias identifier |
WO2009147548A2 (en) * | 2008-05-27 | 2009-12-10 | Nxp B.V. | Method for storing nfc applications in a secure memory device |
WO2009147548A3 (en) * | 2008-05-27 | 2010-01-28 | Nxp B.V. | Method for storing nfc applications in a secure memory device |
US9542687B2 (en) | 2008-06-26 | 2017-01-10 | Visa International Service Association | Systems and methods for visual representation of offers |
US10430818B2 (en) | 2008-06-26 | 2019-10-01 | Visa International Service Association | Systems and methods for visual representation of offers |
US10943248B2 (en) | 2008-06-26 | 2021-03-09 | Visa International Service Association | Systems and methods for providing offers |
US10769614B2 (en) | 2008-09-22 | 2020-09-08 | Visa International Service Association | Over the air update of payment transaction data stored in secure memory |
US11232427B2 (en) | 2008-09-22 | 2022-01-25 | Visa International Service Association | Method of performing transactions with contactless payment devices using pre-tap and two-tap operations |
US8977567B2 (en) | 2008-09-22 | 2015-03-10 | Visa International Service Association | Recordation of electronic payment transaction information |
US9672508B2 (en) | 2008-09-22 | 2017-06-06 | Visa International Service Association | Over the air update of payment transaction data stored in secure memory |
US10332094B2 (en) | 2008-09-22 | 2019-06-25 | Visa International Service Association | Recordation of electronic payment transaction information |
US11315099B2 (en) | 2008-09-22 | 2022-04-26 | Visa International Service Association | Over the air update of payment transaction data stored in secure memory |
US11501274B2 (en) | 2008-09-22 | 2022-11-15 | Visa International Service Association | Over the air update of payment transaction data stored in secure memory |
US10706402B2 (en) | 2008-09-22 | 2020-07-07 | Visa International Service Association | Over the air update of payment transaction data stored in secure memory |
US9824355B2 (en) | 2008-09-22 | 2017-11-21 | Visa International Service Association | Method of performing transactions with contactless payment devices using pre-tap and two-tap operations |
US11030608B2 (en) | 2008-09-22 | 2021-06-08 | Visa International Service Association | Recordation of electronic payment transaction information |
US10037523B2 (en) | 2008-09-22 | 2018-07-31 | Visa International Service Association | Over the air update of payment transaction data stored in secure memory |
US9104618B2 (en) | 2008-12-18 | 2015-08-11 | Sandisk Technologies Inc. | Managing access to an address range in a storage device |
US20100161928A1 (en) * | 2008-12-18 | 2010-06-24 | Rotem Sela | Managing access to an address range in a storage device |
US8843435B1 (en) * | 2009-03-12 | 2014-09-23 | Pegasystems Inc. | Techniques for dynamic data processing |
US10467200B1 (en) | 2009-03-12 | 2019-11-05 | Pegasystems, Inc. | Techniques for dynamic data processing |
US9678719B1 (en) | 2009-03-30 | 2017-06-13 | Pegasystems Inc. | System and software for creation and modification of software |
US20100325039A1 (en) * | 2009-04-28 | 2010-12-23 | Mastercard International Incorporated | Apparatus, method, and computer program product for encoding enhanced issuer information in a card |
US8401964B2 (en) * | 2009-04-28 | 2013-03-19 | Mastercard International Incorporated | Apparatus, method, and computer program product for encoding enhanced issuer information in a card |
US11810091B2 (en) | 2009-12-14 | 2023-11-07 | Visa Europe Limited | Payment device |
US11151537B2 (en) | 2009-12-14 | 2021-10-19 | Visa Europe Limited | Payment device |
US10528933B2 (en) | 2009-12-14 | 2020-01-07 | Visa Europe Limited | Payment device |
US8782749B2 (en) * | 2010-04-13 | 2014-07-15 | Sony Corporation | Information processing device, information processing method, and program |
US20110252458A1 (en) * | 2010-04-13 | 2011-10-13 | Sony Corporation | Information processing device, information processing method, and program |
EP2378456A3 (en) * | 2010-04-13 | 2012-07-25 | Sony Corporation | Information processing device, information processing method, and program |
US9092769B2 (en) * | 2010-06-02 | 2015-07-28 | Visa International Service Association | Trusted internal interface |
US8321345B2 (en) | 2010-06-02 | 2012-11-27 | Visa International Service Association | Trusted internal interface |
US20130046588A1 (en) * | 2010-06-02 | 2013-02-21 | Oleg Makhotin | Trusted internal interface |
US9846873B2 (en) | 2010-06-02 | 2017-12-19 | Visa International Service Association | Trusted internal interface |
US10685343B2 (en) | 2010-06-02 | 2020-06-16 | Visa International Service Association | Trusted internal interface |
US8677308B2 (en) | 2011-01-07 | 2014-03-18 | Mastercard International Incorporated | Method and system for generating an API request message |
US8458808B2 (en) * | 2011-01-07 | 2013-06-04 | Mastercard International Incorporated | Premium access to open application programming interface systems and methods |
US9083534B2 (en) | 2011-01-07 | 2015-07-14 | Mastercard International Incorporated | Method and system for propagating a client identity |
US8671385B2 (en) | 2011-01-07 | 2014-03-11 | Mastercard International Incorporated | Methods and systems for throttling calls to a service application through an open API |
US20120179587A1 (en) * | 2011-01-07 | 2012-07-12 | Gregg Alan Hill | Premium access to open application programming interface systems and methods |
US8707276B2 (en) | 2011-01-07 | 2014-04-22 | Mastercard International Incorporated | Method and system for managing programmed applications in an open API environment |
US9032204B2 (en) | 2011-01-07 | 2015-05-12 | Mastercard International Incorporated | Methods and systems for providing a signed digital certificate in real time |
US8832858B2 (en) | 2011-01-07 | 2014-09-09 | Mastercard International Incorporated | Access to application programming interface systems and methods |
US9270743B2 (en) | 2011-02-18 | 2016-02-23 | Pegasystems Inc. | Systems and methods for distributed rules processing |
US9600816B2 (en) * | 2011-10-04 | 2017-03-21 | Inside Secure | Method and system for executing a NFC transaction supporting multiple applications and multiples instances of a same application |
US20140188713A1 (en) * | 2011-10-04 | 2014-07-03 | Inside Secure | Method and system for executing a nfc transaction supporting multiple applications and multiples instances of a same application |
US10572236B2 (en) | 2011-12-30 | 2020-02-25 | Pegasystems, Inc. | System and method for updating or modifying an application without manual coding |
US11057313B2 (en) | 2014-10-10 | 2021-07-06 | Pegasystems Inc. | Event processing with enhanced throughput |
US10469396B2 (en) | 2014-10-10 | 2019-11-05 | Pegasystems, Inc. | Event processing with enhanced throughput |
US10698599B2 (en) | 2016-06-03 | 2020-06-30 | Pegasystems, Inc. | Connecting graphical shapes using gestures |
US10698647B2 (en) | 2016-07-11 | 2020-06-30 | Pegasystems Inc. | Selective sharing for collaborative application usage |
US11363015B2 (en) * | 2018-05-10 | 2022-06-14 | Visa International Service Association | Provisioning transferable access tokens |
US11048488B2 (en) | 2018-08-14 | 2021-06-29 | Pegasystems, Inc. | Software code optimizer and method |
US11567945B1 (en) | 2020-08-27 | 2023-01-31 | Pegasystems Inc. | Customized digital content generation systems and methods |
Also Published As
Publication number | Publication date |
---|---|
EP1556790A2 (en) | 2005-07-27 |
CA2505134A1 (en) | 2004-04-22 |
US8548923B2 (en) | 2013-10-01 |
US9430666B2 (en) | 2016-08-30 |
AU2003282749A8 (en) | 2004-05-04 |
WO2004034202A3 (en) | 2005-01-06 |
US20100250956A1 (en) | 2010-09-30 |
WO2004034202A2 (en) | 2004-04-22 |
US20140059706A1 (en) | 2014-02-27 |
AU2003282749A1 (en) | 2004-05-04 |
EP1556790A4 (en) | 2010-03-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9430666B2 (en) | Method and system for facilitating data access and management on a secure token | |
EP0752635B1 (en) | System and method to transparently integrate private key operations from a smart card with host-based encryption services | |
US6612486B2 (en) | Smart card managing system | |
US8806199B2 (en) | Writing application data to a secure element | |
US7707225B2 (en) | Information processing apparatus, information processing method, and program | |
US6249869B1 (en) | Integrated circuit card, secure application module, system comprising a secure application module and a terminal and a method for controlling service actions to be carried out by the secure application module on the integrated circuit card | |
JP4348190B2 (en) | Smart card system | |
US8352749B2 (en) | Local trusted services manager for a contactless smart card | |
US6233683B1 (en) | System and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card | |
US20020117542A1 (en) | System and method for personalization of smart cards | |
CN103975554A (en) | Systems, methods, and computer program products for managing secure elements | |
US20020080190A1 (en) | Back-up and usage of secure copies of smart card data objects | |
WO1998052158A2 (en) | Integrated circuit card with application history list | |
EP0985203A1 (en) | Key transformation unit for an ic card | |
KR100437513B1 (en) | Smart card for containing plural Issuer Security Domain and Method for installing plural Issuer Security Domain in a smart card | |
JP4052158B2 (en) | IC card system and IC card issuing method | |
MX2008016149A (en) | System and methods for processing private transactions with an access instrument. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: VISA INTERNATIONAL SERVICE ASSOCIATION, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:REED, SONIA;AABYE, CHRISTIAN;REEL/FRAME:014937/0276 Effective date: 20040120 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- AFTER EXAMINER'S ANSWER OR BOARD OF APPEALS DECISION |