System and method for data access control using short range transceivers
By interacting with client devices through contactless cards and utilizing short-range transceivers in conjunction with servers and databases, secure connections and data access control between accounts are achieved, solving the problem of insufficient security for user account information and improving data access security and user control capabilities.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CAPITAL ONE SERVICES LLC
- Filing Date
- 2021-02-26
- Publication Date
- 2026-07-10
AI Technical Summary
In existing technologies, the security and privacy protection of user account information are insufficient, especially when shared and accessed among multiple entities, which poses risks of information leakage and fraud, and users cannot effectively control changes in information usage policies.
By interacting with client devices through contactless cards, and utilizing short-range transceivers in conjunction with servers and databases, secure connections and data access control between accounts are achieved. Tokens and data control parameters are used to manage data exchange between accounts, ensuring information security and user control.
It improves account information security and fraud prevention features, enhances user experience, and strengthens control and management of data access.
Smart Images

Figure CN113590930B_ABST
Abstract
Description
Technical Field
[0001] This disclosure relates generally to user data control, and more specifically to exemplary systems and methods for proactively controlling user access to data through interaction with a client device via a short-range transceiver. Background Technology
[0002] A typical user may have multiple different accounts with one or more entities. When a user creates an account, they typically provide a certain amount of personally identifiable information about that user, as well as information for account access (such as username and password). Each entity may have, for example, different user data retention policies, different usage policies, and different user data sharing policies. Policies regarding the use of user information may be changed further without notifying the user. Furthermore, the ownership of user information may change multiple times through mergers or acquisitions of one entity by another, without notifying the user.
[0003] Account access typically relies on login credentials (such as username and password) to verify the cardholder's identity. However, if login credentials are compromised, others could gain access to the user's account. Furthermore, the more entities or individuals a user shares their personal information with, the greater the risk of unauthorized theft of user information from one of those entities. Additionally, users may wish to share certain personal information with entities or individuals only for limited purposes or time constraints.
[0004] Therefore, it would be beneficial to provide exemplary systems and methods that allow users to control the use of user information in order to overcome at least some of the deficiencies described herein. Summary of the Invention
[0005] The disclosed technical aspects include systems and methods for controlling data access via interaction with a client device through a short-range transceiver, such as a contactless card. Data access control can be provided in the context of account information, including handling requests to link a first account to a second account via interaction with a client device through a short-range transceiver (e.g., a contactless card), such that certain account identifier information or account login information does not need to be disclosed to the individual or entity requesting access to the account data of another person or entity.
[0006] Embodiments of this disclosure provide a data access control system, comprising: a database storing information for multiple accounts, for a first account associated with a first account holder, the information including a first account identifier and first account data, and for a second account associated with a second account holder, the information including a second account identifier; a server configured to communicate with multiple client devices via a network, the multiple client devices including a first client device associated with the first account holder and a second client device associated with the second account holder; a contactless card including a communication interface, a processor, and a memory, the memory storing an app and a token, wherein the contactless card is associated with the first account holder; and a client application including instructions for execution on at least one of the first client device or the second client device, the client application being configured to: when executed on the second client device: respond to a tap action between the contactless card and the second client device. Action): Receiving a token from a contactless card and transmitting the token and an account linking request to the server to link the first account with the second account; and receiving an account linking confirmation message from the server, the message including instructions for accessing the first account data; and when executed on the first client device: transmitting a linking approval message to the server in response to a linking approval request from the server to approve the account linking request; and a processor for data communication with the server and a database, the processor being configured to: receive a token and an account linking request from the second client device; identify the first account based on the token; transmit a linking approval request to the first client device to approve the account linking request; receive a linking approval message from the first client device to approve the account linking request; and transmit an account linking confirmation message to the second client device, the message including instructions for accessing the first account data.
[0007] Embodiments of this disclosure provide a method for controlling data access, comprising: establishing a database storing information for multiple accounts, for a first account associated with a first account holder, the information including a first account identifier, first account data, and data control parameters, and for a second account associated with a second account holder, the information including a second account identifier; receiving, via a network, an account linking request from a client device of the second account holder to link the first account to the second account, the account linking request being generated in response to a click action between a contactless card and the client device of the second account holder, the account linking request and a token stored on the contactless card, wherein the contactless card is associated with the first account holder; identifying the first account based on the token; transmitting via the network a link approval request to the client device of the first account holder for approving the account linking request; receiving via the network a link approval message from the client device of the first account holder, the link approval message being generated in response to an instruction from the first account holder to approve the account linking request; and transmitting via the network an account link confirmation message to the client device of the second account holder, the account link confirmation message confirming the approval of the account linking request and providing instructions for accessing the first account data.
[0008] Embodiments of this disclosure provide a method for controlling data access, comprising: establishing a database storing information for multiple accounts, for a first account associated with a first account holder, the information including a first account identifier, first account data, and data control parameters; and for a second account associated with a second account holder, the information including a second account identifier; providing a contactless card including a communication interface, a processor, and a memory, the memory storing an app and a token, wherein the communication interface is configured to support at least one of near-field communication, Bluetooth, or Wi-Fi, and wherein the contactless card is associated with the first account holder; and providing a client application including instructions for use on a first client device of the first account holder or the second account holder. The client application is executed on at least one of a second client devices, and is configured to: when executed on the second client device: in response to a click action between a contactless card and the second client device: receive a token from the contactless card and send the token and an account linking request to the server to link the first account with the second account; and receive an account linking confirmation message from the server, the message including instructions for accessing first account data, the data access being provided according to data control parameters; and when executed on the first client device: determine a click action between the contactless card and the first client device, the click action being in response to a link approval request for approving the account linking request, the click action indicating approval of the account linking request; and send a link approval message to the server approving the account linking request.
[0009] Other features of the disclosed design and the advantages therefrom are explained in more detail below with reference to specific example embodiments described below and shown in the accompanying drawings. Attached Figure Description
[0010] Figure 1A It is a diagram of a data access control system according to one or more example embodiments.
[0011] Figure 1B This is a diagram illustrating a sequence for providing data access control according to one or more example embodiments.
[0012] Figure 2 Components of a client device used in a data access control system according to one or more example embodiments are shown.
[0013] Figure 3 Components of a short-range transceiver used in a data access control system according to one or more example embodiments are shown.
[0014] Figure 4 This is a diagram illustrating the interaction between a client device and a short-range transceiver used in a data access control system according to one or more example embodiments.
[0015] Figure 5 This is a diagram illustrating the interaction between a client device and a short-range transceiver used in a data access control system according to one or more example embodiments.
[0016] Figure 6 This is a flowchart illustrating a method for data access control according to one or more example embodiments.
[0017] Figure 7 This is a flowchart illustrating a method for data access control according to one or more example embodiments.
[0018] Figure 8 This is a flowchart illustrating a method for data access control according to one or more example embodiments. Detailed Implementation
[0019] The following description of the embodiments provides non-limiting representative examples of reference numerals to specifically describe the features and teachings of different aspects of the invention. It should be appreciated from the description of the embodiments that the described embodiments can be implemented separately from or in combination with other embodiments. Those skilled in the art who have reviewed the description of the embodiments should be able to learn and understand the different descriptive aspects of the invention. The description of the embodiments is intended to facilitate an understanding of the invention to such extent that other implementations not specifically covered but within the knowledge of those skilled in the art upon reading the description of the embodiments will be understood to be consistent with the application of the invention.
[0020] Exemplary embodiments of the disclosed systems and methods provide methods for controlling data access through interaction with a client device via a short-range transceiver (e.g., a contactless card). Data access control can be provided within the context of controlling access to account information. Requests to link a first account to a second account can be processed through interaction with a client device via a short-range transceiver such as a contactless card, thus avoiding the need to expose certain account identifier information or account login information to the individual or entity requesting access to the account data of another person or entity. Benefits of the disclosed techniques may include improved account information data security, improved fraud prevention capabilities, and improved user experience.
[0021] Figure 1A A diagram illustrating a data access control system 100 according to one or more example embodiments is shown. As discussed further below, system 100 may include client device 101, client device 103, short-range transceiver 105, server 110, processor 120, and database 130. Client devices 101 and 103 may communicate with server 110 via network 115. Although Figure 1 illustrates some components connected in certain ways, system 100 may include additional components connected in various ways.
[0022] System 100 may include one or more client devices, such as client device 101 and / or client device 103, each of which may be a network-enabled computer. As referred to herein, a network-enabled computer may include, but is not limited to, computer equipment or communication equipment, including, for example, servers, web applications, personal computers, workstations, telephones, handheld PCs, personal digital assistants, thin clients, thick clients, internet browsers, or other devices. Each of client devices 101 and 103 may also be a mobile device; for example, a mobile device may include... iPhone, iPod, iPad, or any other device running Apple products Mobile devices running any Microsoft operating system Operating system devices, any device running Google Devices with an operating system, and / or any other smartphone, tablet, or similar wearable mobile device. See below for reference. Figure 2 Further description may include additional features in client devices such as client device 101 and / or client device 103.
[0023] System 100 may include one or more short-range transceivers, such as short-range transceiver 105. Short-range transceiver 105 can wirelessly communicate with client devices such as client device 101 and / or client device 103 in a short-range communication field such as Near Field Communication (NFC). Short-range transceiver 105 may include, for example, a contactless card, a smart card, or may include devices with varying form factors, such as watchbands, pendants, or other devices configured to communicate within a short-range communication field. In other embodiments, short-range transceiver 105 may be the same as or similar to client devices 101, 103. Reference is made below. Figure 3 Further description may include additional features in a short-range transceiver such as short-range transceiver 105.
[0024] System 100 may include one or more servers 110. In some example embodiments, server 110 may include one or more processors (e.g., microprocessors) coupled to memory. Server 110 may be configured as a central system, server, or platform to control and invoke various data at different times to perform multiple workflow actions. Server 110 may be a dedicated server computer, such as a blade server, or may be a personal computer, laptop computer, notebook computer, handheld computer, network computer, mobile device, or any device capable of supporting processor control of system 100.
[0025] Server 110 may be configured to communicate data with one or more processors (e.g., processor 120) via a connection. In some example embodiments, server 110 may be integrated with processor 120. In some example embodiments, server 110 may be physically separated from and / or located remotely from processor 120. Processor 120 may be configured to act as a back-end processor. Processor 120 may be configured to communicate data with database 130 and / or server 110 via a connection. Processor 120 may include one or more processing devices, such as microprocessors, RISC processors, ASICs, etc., and associated processing circuitry. Processor 120 may include or be connected to memory storing executable instructions and / or data. Processor 120 may communicate via server 110 to send messages, requests, notifications, data, etc., to, or receive messages, requests, notifications, data, etc., from other devices such as client devices 101 and / or 103.
[0026] Server 110 may be configured to communicate data with one or more databases, such as database 130 (e.g., via a connection). Database 130 may be a relational database or a non-relational database, or a combination of multiple databases. In some example embodiments, server 110 may merge database 130. In some example embodiments, database 130 may be physically separated from and / or located remotely from server 110, residing on another server, a cloud-based platform, or any storage device that communicates data with server 110.
[0027] The connection between server 110, processor 120, and database 130 can be made via any wired and / or wireless communication line, link, or network or a combination thereof suitable for communication between these components. Such a network may include network 115 and / or one or more networks of the same or similar type as the network described herein with reference to network 115. In some example embodiments, the connection between server 110, processor 120, and database 130 may include a corporate LAN.
[0028] Server 110 and / or database 130 may include user login credentials for controlling access to user accounts. Login credentials may include, but are not limited to, usernames, passwords, access codes, security questions, swipe patterns, image recognition, identity scanning (e.g., driver's license scans and passport scans), device registration, phone numbers, email addresses, social media account access information, and biometrics (e.g., voice recognition, fingerprint scans, retinal scans, and facial scans).
[0029] Database 130 may contain data relating to one or more accounts. Accounts may be maintained and / or associated with any one or more of various entities, such as (but not limited to) banks, merchants, online retailers, service providers, vendors, manufacturers, social media providers, providers or initiators of sports or entertainment events, or hotel chains. For example, Database 130 may include, but is not limited to, account identification information (e.g., account number, account owner identification number, account owner name, and contact information—any one or more of which may include account identifiers), account characteristics (e.g., account type, funds and transaction restrictions, and permissions for access and other activities), and may include account-related data, including financial information (e.g., balance information, payment history, and transaction history), social and / or personal information. Data stored in Database 130 may be stored in any suitable format and may be encrypted and stored securely to prevent unauthorized access. Any suitable algorithm / process may be used for data encryption and authorized decryption.
[0030] Server 110 can be configured to communicate with one or more client devices (e.g., client device 101 and / or client device 103) via one or more networks (e.g., network 115). Network 115 may include one or more of wireless networks, wired networks, or any combination of wireless and wired networks, and may be configured to connect client devices 101 and / or 103 to server 110. For example, network 115 may include one or more of the following: fiber optic network, passive optical network, cable network, Internet network, satellite network, wireless local area network (LAN), Global System for Mobile Communications (GSMO), personal communication service, personal area network, wireless application protocol, multimedia messaging service, enhanced messaging service, short message service, time division multiplexing-based system, code division multiple access-based system, D-AMPS, Wi-Fi, fixed wireless data, IEEE 802.11b, 802.15.1, 802.11n and 802.11g, Bluetooth, NFC, radio frequency identification (RFID), Wi-Fi, etc.
[0031] Additionally, network 115 may include, but is not limited to, telephone lines, fiber optic cables, IEEE Ethernet 902.3, wide area networks, wireless personal area networks, LANs, or global networks such as the Internet. Furthermore, network 115 may support Internet networks, wireless communication networks, cellular networks, and any combination thereof. Network 115 may further include a single network, or any number of the exemplary types of networks described above, operating as independent networks or cooperating with each other. Network 115 may utilize one or more protocols of one or more network elements to which it is communicatively coupled. Network 115 may be converted to one or more protocols of network devices, or converted from other protocols to one or more protocols of network devices. Although network 115 is described as a single network, it should be understood that, according to one or more example embodiments, network 115 may include multiple interconnected networks, such as the Internet, a service provider's network, a cable television network, a corporate network such as a credit card-linked network, a LAN, and / or a home network.
[0032] In some example embodiments, server 110 may access records, including those in database 130, to determine one or more methods for communicating with client device 101 and / or client device 103. This communication method may include an operable push notification with an application stored on client device 101 and / or client device 103. Other communication methods may include text messages or emails, or other messaging technologies suitable for a web-based client / server configuration. Messages or requests from client devices 101 and / or 103 may be delivered to server 110 via an application on the client device, or may be sent via text messages or emails, or other messaging technologies suitable for a web-based client / server configuration. Communication originating from client device 101 or client device 103 may be sent to server 110 using the same communication method as that originating from server 110, or via a different communication method.
[0033] Figure 1B A diagram is shown illustrating a sequence for providing data access control according to one or more example embodiments, which may include a request to link two accounts, each held by a separate account holder. Figure 1B Quoting such as Figure 1A Similar components to the example embodiment system 100 shown. Client device 101 may be associated with a first account holder. The first account holder may have an associated first account, which may include a first account identifier and first account data. Client device 101 may include an application 102, which may include instructions for execution by client device 101. Client device 101 may include the following references Figure 2Further features are described below. Application 102 can be configured to provide a user interface to the first account holder when using client device 101. Application 102 can be configured to communicate with other client devices, with short-range transceiver 105, and with server 110 via client device 101. As described herein with reference to client device 101, application 102 can be configured to receive requests and send messages. Account information, including account identifiers and account data, can be stored in database 130.
[0034] Client device 103 may be associated with a second account holder. The second account holder may have an associated second account, which may include a second account identifier. Client device 103 may include an application 104, which may include instructions for execution by client device 103. Client device 103 may include the following references. Figure 2 Further features are described below. Application 104 can be configured to provide a user interface to a second account holder when using client device 103. Application 104 can be configured to communicate with other client devices, with short-range transceiver 105, and with server 110 via client device 103. As described herein with reference to client device 103, application 104 can be configured to send requests and receive messages.
[0035] The short-range transceiver 105 can be associated with the first account holder. The short-range transceiver 105 may include, for example, a contactless card, and may include the following references. Figure 3 Further features described below. The short-range transceiver 105 may have memory for storing an applet 106 and / or a token 107 associated with the first account holder.
[0036] Tokens can be used to enhance security through token authorization. Server 110 can send verification requests to client devices 101 and / or 103, receive response information from client devices 101 and / or 103, and, if verified, send a verification token to client devices 101 and / or 103. The verification token can be based on a pre-defined token or can be a dynamic token based on an algorithm, which can be secret and known only to server 110 and client devices 101 and / or 103; the algorithm can include real-time parameters that participants can verify independently, such as temperature or time at a specific location. Tokens can be used to verify the identity of a first account holder or a second account holder. Verification requests and / or verification tokens can be based on token 107 stored on short-range transceiver 105.
[0037] In some example embodiments, application 104 may display instructions on client device 103 prompting a second account holder to initiate a click action between short-range transceiver 105 and client device 103. As used herein, a click action may include clicking short-range transceiver 105 toward client device 103 (or vice versa). For example, if short-range transceiver 105 is a contactless card and client device 103 is a mobile device, the click action may include clicking the contactless card on the screen or other portion of client device 103. However, the click action is not limited to a physical click of short-range transceiver 105 toward client device 103 and may include other gestures, such as swinging or other movements of short-range transceiver 105 near client device (103) (or vice versa).
[0038] At reference numeral 150, a click action may occur between the short-range transceiver 105 and the client device 103. The click action may be in response to a prompt displayed on the client device 103.
[0039] At reference numeral 152, application 104 can communicate with short-range transceiver 105 (e.g., after short-range transceiver 105 is brought near client device 103). Communication between application 104 and short-range transceiver 105 may involve short-range transceiver 105 (e.g., a contactless card) being sufficiently close to a card reader (not shown) of client device 103 to enable NFC data transfer between application 104 and short-range transceiver 105, and may be in conjunction with (or in response to) a click action (e.g., a click action at reference numeral 150) occurring between short-range transceiver 105 and client device 103. This communication may include the exchange of data or commands to establish a communication session between application 104 and short-range transceiver 105. Data exchange may include the transfer or exchange of one or more keys, which may be pre-existing keys or generated as session keys. In some example embodiments, communication can occur when the short-range transceiver 105 enters the short-range communication field of the client device 103, prior to a click action between the short-range transceiver 105 and the client device 103.
[0040] At reference numeral 154, short-range transceiver 105 can send a token 107 associated with a first account holder to application 104. Token 107 may include a first account identifier, which may be unique for a specific user account. In one example embodiment, token 107 may include an identifier unique to the first account holder but not unique for a specific account; in this case, if the first account holder has multiple accounts, the second account holder will need to select the account to associate. In some example embodiments, token 107 may include a key associated with the first account holder. In some example embodiments, sending token 107 to application 104 may be in conjunction with (or in response to) a click action between short-range transceiver 105 and client device 103 (e.g., a click action at reference numeral 150). In some example embodiments, sending token 107 to application 104 may occur before a click action between short-range transceiver 105 and client device 103, when short-range transceiver 105 enters the short-range communication field of client device 103.
[0041] At reference numeral 156, application 104 may send token 107 along with an account linking request to server 110, the account linking request being used to link a first account (associated with a first account holder) to a second account (associated with a second account holder). This operation may be performed in response to a click action between short-range transceiver 105 and client device 103 (e.g., a click action at reference numeral 150).
[0042] At reference 158, processor 120 may (e.g., via server 110) receive a token and an account linking request. Processor 120 may use the token to identify a first account associated with a first account holder. In some example embodiments, identification of the first account may be performed by looking up account information in database 130 using a first account identifier in the token. In some example embodiments, at reference 159, if the token includes a key associated with the first account holder, processor 120 may use the key in the token to authenticate the first account holder as the first account holder associated with short-range transceiver 105.
[0043] At reference numeral 160, processor 120 may send a link approval request to client device 101 (e.g., via server 110) to request a first account holder to approve a second account holder's account linking request to link the first account with the second account. The link approval request may include, for example, the name of the second account holder, and any information or instructions required by the first account holder to consider the request. The link approval request may include notification that the first account holder can approve or reject the request. The link approval request may be sent as a push notification to application 102 (via client device 101). In some example embodiments, application 102 may display instructions on client device 101 prompting the first account holder to initiate a click action between short-range transceiver 105 and client device 101.
[0044] At reference numeral 162, a click action may occur between the short-range transceiver 105 and the client device 101. The click action may be in response to a link approval request (and / or in response to a prompt displayed on the client device 101), and may indicate that the first account holder has approved the account link request.
[0045] At reference numeral 164, application 102 may send a link approval message to the server to indicate that the first account holder has approved the account link request. This operation may be performed in response to a click action between short-range transceiver 105 and client device 101 (e.g., a click action at reference numeral 162). In an example embodiment, instead, application 102 may send a rejection message (not shown) to the server indicating that the first account holder has rejected the account link request.
[0046] In reference numeral 166, processor 120 may send a link confirmation message to client device 103 (e.g., via server 110) to confirm approval of a request to link the first account with the second account. The link confirmation message may be sent as a push notification to application 104 (via client device 103). In some example embodiments, permission granted by the first account holder to link the first and second accounts may be used to update information in database 130 for the first account and / or the second account.
[0047] In an example embodiment, instead, the processor 120 may send a rejection notification (not shown) to the client device 103, indicating that the first account holder has rejected the account linking request.
[0048] At reference numeral 168, processor 120 may send (e.g., via server 110) an instruction to client device 103 to obtain access to first account data in the first account. The instruction to access the first account data may be included in a link confirmation message (at reference numeral 166) or may be sent as part of a separate communication, including a push notification to application 104.
[0049] Processor 120 can retrieve the requested first account data from database 130 and transmit the data to client device 103. Before transmission to client device 103, processor 120 can encrypt the requested first account data using any suitable encryption method, such as Triple DES, RSA public-key encryption, asymmetric encryption, Blowfish encryption, Twofish encryption, Advanced Encryption Standard (AES), quantum key distribution, Honey encryption, etc. In some embodiments, the requested first account data may have already been encrypted and stored in database 130 before being retrieved by processor 120.
[0050] Once the requested first account data is received, client device 103 can decrypt the information if it was encrypted prior to transmission by processor 120. Client device 103 can receive a decryption key separate from the first communication of the encrypted first account data. Encryption can allow access to the first account data to be controlled according to data control parameters. For example, the first account data can be encrypted such that client device 103 requests a new key from processor 120 each time it wishes to access the first account data, so that the data will require decryption for each access by client device 103; this process will allow processor 120 to track and ensure that the first account data is not accessed in a manner inconsistent with the data control parameters.
[0051] In an example embodiment, the second account holder can log in to the second account and gain access to the first account data through data sharing on the backend, based on any data control parameters.
[0052] Application 104, running on client device 103, can perform steps of sending and receiving messages and requests with server 110 / processor 120 using an application programming interface (API). Application 104 can be configured to receive, decrypt, and access requested first account data. Through interaction with application 104, processor 120 can monitor client device 103's access to the requested first account data (including based on data control parameters). For example, processor 120 can determine, through interaction with application 104, the number of times client device 103 has obtained access to the requested first account data, or one or more time periods during which such access occurs. In some embodiments, application 104 may be allowed to store the requested first account data based on time constraints or a limited number of uses.
[0053] In an example embodiment, processor 120 may be configured to determine whether a first account is eligible to link with a second account. Eligibility for account linking may be based on, for example, the type of account involved (e.g., a business account), or the identity of the account holder (e.g., a family member or member of the same business entity). Eligibility may also be based on whether the first account holder has previously approved or revoked account linking, or whether the requested access would violate data control parameters (discussed further below). Eligibility for account linking may be indicated, for example, in a flag stored in database 130 or in the memory of short-range transceiver 105.
[0054] In one or more example embodiments, access to first account data by a second account holder can be restricted based on data control parameters. In example embodiments, the data control parameters may be stored in database 130 along with the first account information. Application 102 may provide an interface for the first account holder to select data control parameters stored in database 130. The selected data control parameters may be stored in database 130 and may be used to restrict access to first account data by the second account holder. Application 102 may also send the selected data control parameters to short-range transceiver 105. In example embodiments, the data control parameters may be stored in the memory of short-range transceiver 105. The data control parameters stored in the memory of short-range transceiver 105 may be sent to application 104, and used by application 104 to restrict access to first account data by the second account holder. Applet 106 may be configured to receive data control parameters and store them in the memory of short-range transceiver 105. Applet 106 may be further configured to transmit the data control parameters to client device 103. In some example embodiments, the first account holder can select data control parameters when approving a request to link an account, and application 102 can send the selected data control parameters along with a link approval message to server 110. The selected data control parameters can be stored in database 130 and can be used to restrict a second account holder's access to the first account's data.
[0055] In one or more example embodiments, data control parameters can be used to restrict a second account holder's access to first account data in one or more ways. For example, data control parameters can allow access only for a specific or limited time period. As another example, data control parameters can allow a second account holder to make a one-time access. As another example, data control parameters can allow access for an unlimited time period unless the first account holder withdraws approval of a request to link the first account with the second account. As another example, data control parameters can allow access only to portions of the first account data corresponding to predefined categories. As another example, data control parameters can provide different access permissions based on the identity of the second account holder. As another example, data control parameters can allow access only when a short-range transceiver 105 is detected within the short-range communication field of client device 103. In some example embodiments, after obtaining account link approval, whenever a second account holder attempts to access first account data, processor 120 can check based on data control parameters and any withdrawal by the first account holder to determine whether to allow the access.
[0056] In an example embodiment, application 104 may be launched in response to a click action between short-range transceiver 105 and client device 103. In an example embodiment, application 102 may be launched in response to a click action between short-range transceiver 105 and client device 101.
[0057] Figure 2 Components of a client device 200 used in a data access control system according to one or more example embodiments are shown. In one or more example embodiments, the client device 200 may be as described above. Figure 1A and Figure 1B One or more of client devices 101 and / or 103 are described. Client device 200 may include one or more applications 201, one or more processors 202, a short-range communication interface 203, and a network interface 204. Application 201 may include software applications or executable program code that will execute on processor 202 and be configured to perform the functions described herein for any client device (e.g., client devices 101 and / or 103), and / or any functions described herein with reference to application 102. Application 201 may be configured to transmit and / or receive data with other devices, such as via client device 200, such as via short-range communication interface 203 and / or network interface 204. For example, application 201 may be configured to initiate one or more requests, such as initiating a near-field data exchange request to a short-range transceiver (e.g., a contactless card). Application 201 may also be configured to provide a user interface for a user of the client device via a display (not shown). Application 201 may be stored in memory in client device 200; memory may include read-only memory, write-once-read-many memory, and / or read / write memory (e.g., RAM, ROM, and EEPROM).
[0058] Processor 202 may include one or more processing devices, such as a microprocessor, RISC processor, ASIC, etc., and may include associated processing circuitry. Processor 202 may include or be connected to memory storing executable instructions and / or data, which is necessary or appropriate for controlling, operating, or interacting with other features of client device 200 including application 201. Processor 202 (including any associated processing circuitry) may contain other components, including processors, memory, error and parity / CRC checkers, data encoders, anti-collision algorithms, controllers, command decoders, security primitives, and tamper-proof hardware, which are necessary for performing the functions described herein.
[0059] The short-range communication interface 203 can support communication via short-range wireless communication fields such as NFC, RFID, or Bluetooth. The short-range communication interface 203 may include a reader, such as an NFC reader for a mobile device. The short-range communication interface 203 may be incorporated into the network interface 204, or it may be provided as a separate interface.
[0060] Network interface 204 may include wired or wireless data communication capabilities. These capabilities can support data communication with wired or wireless communication networks, including the Internet, cellular networks, wide area networks (WANs), local area networks (LANs), wireless personal area networks (WPANs), any other wired or wireless networks for transmitting and receiving data signals, or any combination thereof. Such networks may include, but are not limited to, telephone lines, fiber optic cables, IEEE Ethernet 902.3, WANs, LANs, WPANs, or global networks such as the Internet.
[0061] The client device 200 may also include a display (not shown). Such a display can be any type of device used to present visual information, such as a computer monitor, flat panel display, or mobile device screen, including liquid crystal displays, light-emitting diode displays, plasma panels, and cathode ray tube displays.
[0062] Client device 200 may also include one or more device inputs (not shown). Such inputs may include any device available and supported by client device 200 for inputting information to the client device, such as a touchscreen, keyboard, mouse, cursor control device, microphone, digital camera, video recorder, or camcorder. Device inputs can be used to input information and interact with client device 200, as well as to interact with the system described herein through extensions.
[0063] Figure 3 Components of a short-range transceiver 300 used in a data access control system according to one or more example embodiments are shown. In one or more example embodiments, the short-range transceiver 300 may be as described above. Figure 1A and Figure 1B One or more of the short-range transceivers 105 described. Short-range transceiver 300 may include, for example, a contactless card, or may include devices with varying form factors, such as watchbands, pendants, or other devices configured to communicate within a short-range communication field. Short-range transceiver 300 may include a processor 301, a memory 302, and a short-range communication interface 305.
[0064] Processor 301 may include one or more processing devices, such as a microprocessor, RISC processor, ASIC, etc., and may include associated processing circuitry. Processor 301 may include or be connected to memory storing executable instructions and / or data, which may be necessary or appropriate for controlling, operating, or other functions of short-range transceiver 300 (including applet 303). Processor 301 (including any associated processing circuitry) may contain other components, including a processor, memory, error and parity / CRC checkers, data encoders, anti-collision algorithms, controllers, command decoders, security primitives, and tamper-proof hardware, which are necessary to perform the functions described herein.
[0065] Memory 302 may be a read-only memory, a write-once-read-many memory, or a read / write memory, such as RAM, ROM, and EEPROM. Memory 302 may be configured to store one or more applets 303 and one or more tokens 304. Applet 303 may include one or more software applications configured to execute on processor 301, such as a Java card applet that can execute on a contactless card. However, it should be understood that applet 303 is not limited to a Java card applet, but may be any software application capable of operating on a contactless card or other device with limited memory. Applet 303 may be configured to respond to one or more requests, such as near-field data exchange requests from client devices, including requests from devices with readers (e.g., mobile device NFC readers). Applet 303 may be configured to read (or write) data including token 304 from (or to) memory 302, and provide data including token 304 in response to requests.
[0066] Token 304 may include a unique alphanumeric identifier assigned to a user of short-range transceiver 300, which distinguishes the user of short-range transceiver 300 from other users of other short-range transceivers (e.g., other contactless card users). In some example embodiments, token 304 may identify a customer and the account assigned to that customer, and may further identify the short-range transceiver (e.g., contactless card) associated with that customer's account. In some example embodiments, token 304 may include a key unique to the user or customer associated with the short-range transceiver.
[0067] The short-range communication interface 305 can support communication via short-range wireless communication fields such as NFC, RFID, or Bluetooth. The short-range transceiver 300 may also include one or more antennas (not shown) connected to the short-range communication interface 305 to provide connectivity with the short-range wireless communication field.
[0068] Figure 4This illustrates one or more example embodiments (including the above references) Figure 1A-1B The diagram illustrates the interaction 400 between a client device 401 and a short-range transceiver 420 used in a data access control system (described in the embodiment). The client device 401 may be one of the above-described embodiments. Figure 1A and Figure 1B The client device 103 is described. Client device 401 can be associated with a second account holder. User interface 402 can be referenced above. Figure 1B The application 104 described is generated. The short-range transceiver 420 can be referenced above. Figure 1A and Figure 1B The short-range transceiver 105 is described. After the short-range transceiver 420 enters the short-range communication field of the client device 401 (e.g., via a click action), the client device 401 can communicate with the short-range transceiver 420. The client device 401 can send data or commands to the short-range transceiver 420 via a transmit signal 431, and can receive data including a token 422 from the short-range transceiver 420 via a receive signal 432. Communication between the client device 401 and the short-range transceiver 420 can be as described above. Figure 1B (For example, client devices 101 or 103 and short-range transceiver 105) are described in the description.
[0069] User interface 402 may present a screen display for account linking request 410 on client device 401, which may include fields 411 and 412. If necessary, the second account holder may enter a username in field 411 and a password in field 412. The screen display may include instruction 414 prompting the second account holder to click short-range transceiver 420 (in the example shown, short-range transceiver 420 may be a contactless card) to initiate an account linking request to link the first account with the second account. Instruction 414 may be from server 110 ( Figure 1A and 1B The push notification (as shown). In response to the click action, the client device 401 can send an account link request to the server 110 (e.g., as shown). Figure 1A and Figure 1B (As shown).
[0070] Figure 5 This illustrates one or more example embodiments (including those referenced above). Figure 1A-1B The diagram illustrates the interaction 500 between a client device 501 and a short-range transceiver 520 used in a data access control system (described in the embodiment). The client device 501 may be one of the above-described embodiments. Figure 1A and Figure 1BThe client device 101 is described. Client device 501 can be associated with the first account holder. User interface 502 can be referenced above. Figure 1B The application 102 described is generated. The short-range transceiver 520 can be referenced above. Figure 1A and Figure 1B The short-range transceiver 105 is described. When the short-range transceiver 520 enters the short-range communication field of the client device 501 (e.g., via a click action), the client device 501 can communicate with the short-range transceiver 520. The client device 501 can send data or commands to the short-range transceiver 520 via a transmit signal 531, and can receive data including a token 522 from the short-range transceiver 520 via a receive signal 532. Communication between the client device 501 and the short-range transceiver 520 can be as described above. Figure 1B (For example, client devices 101 or 103 and short-range transceiver 105) are described in the description.
[0071] User interface 502 can present a screen display on client device 501 for account linking request 510, which may include fields 511 and 512. If necessary, the first account holder can enter a username in field 511 and a password in field 512. The screen display may include instruction 514, which notifies the first account holder that the second account holder (named 2_Acc_Hldr in the example) has requested to link the first account with the second account, and prompts the first account holder to click short-range transceiver 520 (in the illustrated example, short-range transceiver 520 may be a contactless card) to approve the account linking request. Instruction 514 may come from server 110. Figure 1A and Figure 1B The client device 501 may send an account link approval message to the server 110 in response to a click action. In some example embodiments, the user interface 502 may provide the first account holder with an option to select data control parameters when a request to approve the linked account is received. The client device 501 may send the selected data control parameters along with the link approval message to the server 110; or, as described above, the selected data control parameters may be stored and may be used to restrict access to the first account data by a second account holder.
[0072] Figure 6 This is a flowchart illustrating a data access control method 600 according to one or more example embodiments, referencing the components and features described above, including but not limited to the accompanying drawings and related descriptions. The data access control method 600 can be executed by an application 104 running on a client device 103 associated with a second account holder. A short-range transceiver 105 is associated with a first account holder.
[0073] At box 610, application 104 can cause client device 103 to display an account linking request screen (e.g., as shown in box 610). Figure 4 As shown and referenced above Figure 4 (As described above). The account linking request screen may include instructions for client device 103 to tap short-range transceiver 105 to initiate an account linking request. (See above reference...) Figure 4 The short-range transceiver 420 (and therefore the short-range transceiver 105) can be a contactless card.
[0074] At box 620, click actions can be detected between short-range transceiver 105 and client device 103.
[0075] At box 630, token 107 can be received from short-range transceiver 105. Receiving token 107 may be in response to a click action at box 620. Token 107 may include a first account identifier. In some example embodiments, token 107 may include a key associated with the first account holder.
[0076] At box 640, token 107 can be sent to server 110 along with an account linking request that links the first account to the second account. The transmission of token 107 and the account linking request to server 110 can be in response to a click action at box 620.
[0077] At box 650, an account link confirmation message and instructions for accessing the first account data can be received from server 110. As described above, the instructions can be part of the account link confirmation message or part of a separate message.
[0078] In block 660, the second account holder can access the first account data according to received instructions. As described above, in some example embodiments, access to the first account data may be provided solely based on data control parameters. In some example embodiments, the data control parameters are stored in database 130 along with the first account information, and data access is restricted by processor 120. In some example embodiments, the data control parameters are stored in the memory of short-range transceiver 105 and received from short-range transceiver 105 by application 104. In some example embodiments, the first account data may be encrypted before receiving instructions for accessing the first account data. The encrypted first account data can be decrypted using a key associated with the first account holder.
[0079] Figure 7This is a flowchart illustrating a data access control method 700 according to one or more example embodiments, referring to the components and features described above, including but not limited to the accompanying drawings and related descriptions. The data access control method 700 can be executed by an application 102 running on a client device 101 associated with a first account holder. A short-range transceiver 105 is associated with the first account holder.
[0080] In box 710, a link approval request can be received from server 110, which seeks approval to link the first account with the second account.
[0081] At box 720, application 102 can cause client device 101 to display an account linking request screen (such as, e.g., ...). Figure 5 As shown, and as referenced above Figure 5 (As described above). The account linking request screen may include instructions for client device 101 to tap short-range transceiver 105 to approve the account linking request. Figure 5 The short-range transceiver 520 (and therefore the short-range transceiver 105) can be a contactless card.
[0082] At box 730, a click action between the short-range transceiver 105 and the client device 101 can be detected, indicating approval of a link approval request. The click action may be in response to the link approval request. In the example embodiment, approval may be indicated by other methods (e.g., selecting a button).
[0083] At box 740, a token 107 can be received from short-range transceiver 105. Token 107 may include a first account identifier. In some example embodiments, token 107 may include a key associated with the first account holder.
[0084] In box 750, a link approval message can be sent to server 110, indicating that the request to link the first account with the second account is approved.
[0085] Figure 8 This is a flowchart illustrating a data access control method 800 according to one or more example embodiments, referring to the components and features described above, including but not limited to the accompanying drawings and related descriptions. The data access control method 800 can be executed by a processor 120 communicating via a server 110 with a client device 101 associated with a first account holder and / or a client device 103 associated with a second account holder.
[0086] At box 810, an account linking request, which requests linking the first account to the second account, and a token 107 can be received from the client device 103 associated with the second account holder. Token 107 may include a first account identifier. In some example embodiments, token 107 may include a key associated with the first account holder.
[0087] At box 820, the sender of the account linking request can be identified as the second account holder.
[0088] In box 830, the first account can be identified based on the received token 107. In some example embodiments, when token 107 includes a key associated with the first account holder, the key associated with the first account holder can be used to authenticate the first account holder.
[0089] In box 840, the processor can confirm that the first account is eligible to link with the second account. (See above for reference.) Figure 1B The eligibility for account linking, as discussed, can be based on, for example, the type of account involved (e.g., a business account) or the identity of the account holder (e.g., a family member or a member of the same business entity).
[0090] In box 850, a link approval request can be sent to client device 101 associated with the first account holder to seek approval to link the first account with the second account.
[0091] In box 860, a link approval message can be received from client device 101, which indicates approval of the request to link the first account with the second account.
[0092] At box 870, an account linking confirmation message may be sent together with instructions for accessing the first account data to the client device 103 associated with the second account holder. As described above, the instructions may be part of the account linking confirmation message or a separate message. In some example embodiments, access to the first account data may be restricted based on data control parameters. In some example embodiments, the processor 120 may encrypt the first account data before providing instructions for accessing the first account data to the client device 103. The first account data may be encrypted using a key associated with the first account holder.
[0093] The description of embodiments in this disclosure provides non-limiting representative examples with reference to the accompanying drawings and figures to specifically describe the features and teachings of different aspects of this disclosure. From the description of the embodiments, it should be appreciated that the described embodiments can be implemented separately or in combination with other embodiments. Those skilled in the art who have reviewed the description of the embodiments should be able to learn and understand the different descriptive aspects of this disclosure. The description of the embodiments is intended to facilitate an understanding of this disclosure to such extent that other implementations not specifically covered but within the knowledge of those skilled in the art upon reading the description of the embodiments will be understood to be consistent with the application of this disclosure.
[0094] Throughout the specification and claims, unless the context clearly indicates otherwise, the following terms have at least the meaning explicitly associated herein. The term “or” is intended to mean an inclusive “or”. Furthermore, the terms “a,” “an,” and “the” are intended to mean one or more, unless otherwise stated or clearly indicated from the context to be in the singular form.
[0095] Many specific details have been set forth in this description. However, it should be understood that implementations of the disclosed technology may be practiced without these specific details. In other instances, well-known methods, structures, and techniques have not been shown in detail to avoid obscuring the understanding of this description. References such as “some examples,” “other examples,” “an example,” “example,” “various examples,” “an embodiment,” “an embodiment,” “some embodiments,” “example embodiments,” “various embodiments,” “an implementation,” “implementation,” “exemplary implementation,” “various implementations,” “some implementations,” etc., indicate that one or more implementations of the disclosed technology described herein may include a particular feature, structure, or characteristic, but not every implementation must include that particular feature, structure, or characteristic. Furthermore, while the phrases “in one example,” “in one embodiment,” or “in one implementation” may be used repeatedly, they do not necessarily refer to the same example, embodiment, or implementation.
[0096] As used herein, unless otherwise specified, ordinal adjectives such as “first,” “second,” “third,” etc., are used to describe common objects only to indicate that different instances of the same object are being referenced, and not to imply that the objects described in this way must be presented in a given order in time, space, hierarchy, or any other way.
[0097] Although certain embodiments of the disclosed technology have been described in conjunction with various implementations currently considered to be the most practical and feasible, it should be understood that the disclosed technology is not limited to the disclosed embodiments. Rather, this disclosure is intended to cover various modifications and equivalent arrangements included within the scope of the appended claims. Although specific terms are used herein, they are used only in a general and descriptive sense and not for limiting purposes.
[0098] This written description uses examples to disclose certain embodiments of the disclosed technology, including best practices, and also enables those skilled in the art to practice certain embodiments of the disclosed technology, including making and using any device or system and performing anything included. The patentable scope of certain embodiments of the disclosed technology is defined in the claims and may include other examples that would occur to those skilled in the art. Such other examples are intended to be within the scope of the claims if they have structural elements identical to the literal language of the claims, or if they include equivalent structural elements that are not substantially different from the literal language of the claims.
Claims
1. A server, comprising: processor; and memory, The server communicates with a database that stores a first account identifier and first account data for a first account associated with a first account holder, and a second account identifier for a second account associated with a second account holder. The processor is configured as follows: Receive an account linking request and a token, the token including a key associated with the first account holder. The first account is identified based on the key. Send a link approval request to approve the account link request. Receive a link approval message that approves the account link request, and Send an account link confirmation message, which includes instructions for accessing the first account data.
2. The server according to claim 1, wherein, The processor is also configured to determine whether the first account is eligible to link to the second account.
3. The server according to claim 1, wherein, The processor is also configured to: Receive at least a portion of the first account data from the database. At least a portion of the first account data is encrypted to generate encrypted first account data, and After the account link confirmation message is transmitted, the encrypted first account data is transmitted.
4. The server according to claim 3, wherein, The processor is also configured to transmit a decryption key in a communication separate from the encrypted first account data.
5. The server according to claim 4, wherein, The decryption key is a key associated with the first account holder.
6. The server according to claim 4, wherein, For each transmission of encrypted first account data, a new decryption key is required.
7. The server according to claim 1, wherein: The first account data includes one or more data control parameters, and The processor is also configured to restrict access to the first account data based on the data control parameters.
8. The server according to claim 7, wherein, The one or more data control parameters include at least one selected from the group consisting of: allowing the second account holder to access the first account data only for a limited time period; allowing the second account holder to access the first account data only once; and allowing the second account holder to access only the portion of the first account data corresponding to a predefined category.
9. The server according to claim 7, wherein, The one or more data control parameters include allowing the second account holder to access the first account data without time restrictions, unless the first account holder withdraws approval of the request to link the first account with the second account.
10. The server according to claim 1, wherein, The processor is also configured to authenticate the first account holder as associated with an access token linked to the contactless card.
11. The server according to claim 1, wherein, The key is unique to the first account holder.
12. A method for controlling data access, comprising: A server communicating with a database receives an account linking request to link a first account to a second account. The account linking request is accompanied by a token including a key associated with the first account holder. The database stores a first account identifier and first account data for the first account associated with the first account holder, and a second account identifier for the second account associated with the second account holder. The first account is identified based on the key. The server sends a link approval request to approve the account link request. The server receives a link approval message generated in response to an instruction from the first account holder to approve the account link request; as well as The server sends an account link confirmation message, which confirms approval of the account link request and provides instructions for accessing the first account data.
13. The method according to claim 12, wherein: The first account data includes one or more data control parameters, and The one or more data control parameters include at least one selected from the group of: allowing the second account holder to access the first account data only for a limited period of time; allowing the second account holder to access the first account data only once; And allow the second account holder to access the first account data without time restrictions, unless the first account holder withdraws approval of the request to link the first account with the second account.
14. The method according to claim 12, wherein: The first account data includes one or more data control parameters, and The one or more data control parameters include allowing the second account holder to access only the portion of the first account data corresponding to a predefined category.
15. The method according to claim 13, wherein, The data control parameters include different data access permissions based on the identifier of the second account holder.
16. A system for data access control, comprising: A server that communicates with a database, the database storing a first account identifier and first account data for a first account associated with a first account holder, and a second account identifier for a second account associated with a second account holder; and A contactless card associated with the first account holder, including a communication interface, a processor, and memory, wherein the memory stores the app and the token. Upon entering the communication field, the contactless card is configured to transmit an account linking request and a token for linking the first account with the second account. The token includes a key associated with the holder of the first account, and... The server is configured as follows: Receive the token and the account link request; The first account is identified based on the key; Issue a link approval request to approve the account link request; Receive a link approval message that approves the account link request; and Send an account link confirmation message, the account link confirmation message including instructions for accessing the first account data.
17. The system of claim 16, comprising: A client application comprising instructions for execution on at least one selected from a first client device and a second client device, the client application being configured to: When executed on the first client device: In response to a click action between the contactless card and the first client device: Receive a token from the contactless card and send the token and an account linking request to the server to link the first account with the second account; as well as Receive an account link confirmation message from the server, the account link confirmation message including instructions for accessing the first account data; and When executed on the second client device: In response to a link approval request from the server for approving the account link request, a link approval message for approving the account link request is sent to the server.
18. The system according to claim 17, wherein: The contactless card's memory also stores one or more data control parameters for the first account, and The client application is also configured to, when executed by the first client device: Receive one or more data control parameters for the first account from the contactless card; and The first client device restricts access to the first account data based on one or more received data control parameters.
19. The system according to claim 18, wherein, The one or more data control parameters include different data access permissions based on the identifier of the second account holder.
20. The system according to claim 17, wherein, The server receives the link approval message after the click action between the contactless card and the first client device.