METHOD AND APPARATUS FOR DATA TRANSFER THROUGH RADIO FREQUENCY MEMORY LABELS

专利摘要:
method, apparatus, and computer-readable storage medium an approach is presented for data transfer through radio frequency (RF) memory tags. the eu manager receives a request, on a device, to allow access for the interaction between the first rf memory tag and a second rf memory tag, first rf memory tag and a second rf memory tag , first RF memory tag associated with one or more trusted stores. in addition, the eu manager determines an accessibility state of the first rf memory tag, the one or more trusted stores, or a combination of these. then, the eu manager causes, at least in part, the granting of access based, at least in part, on the accessibility state. access is via a connection between the first RF memory tag and the second RF memory tag.
公开号:BR112012030080B1
申请号:R112012030080-6
申请日:2011-04-04
公开日:2021-04-27
发明作者:Sergey BOLDYREV；Mikko Sakari Haikonen；Jari-Jukka Harald Kaaja；Jarmo Tapani Arponen；Joni Jorma Marius Jantunen
申请人:Nokia Technologies Oy；
IPC主号:

专利说明:

BACKGROUND
Service providers and device manufacturers (eg, wireless, cellular, etc.) are continually challenged to deliver value and convenience to consumers, for example, by providing compelling network services. One area of interest has been the development of digital wallets and other similar means for storing information, transferring information, carrying out related transactions, and the like. At the same time, development has also progressed in the use of memory tags (for example, tags that employ short-range radio technology) to facilitate the transfer of wireless information. Thus, service providers and device manufacturers face significant challenges in enabling effective mechanisms to perform secure data transfer (for example, financial data, personal data, etc.) through memory tags. SOME EXAMPLES OF EXAMPLE
Therefore, there is a need for an effective approach to data transfer through memory tags, such as radio frequency (RF) memory tags and data storage (eg, content, credentials, settings, etc.) of a storage area of an active or passive endpoint.
According to one embodiment, a method comprises receiving a request, on a device, to allow access for the interaction between the first RF memory tag and a second RF memory tag, the first RF memory tag associated with one or more trusted stores. The method also comprises determining an accessibility state of the first RF memory tag, the one or more from trusted stores, or a combination of these. The method further comprises causing, at least in part, the granting of access based, at least in part, on the state of accessibility. Access is via a link between the first RF memory tag and the second RF memory tag.
According to another embodiment, an apparatus comprising at least one processor and at least one memory including the computer program code, at least one memory and the computer program code configured for, with at least one processor , cause, at least in part, the device to receive a request, on a device, to allow access for the interaction between a first RF memory tag and a second RF memory tag, the first memory tag per RF associated with one or more trusted stores. The device is also caused to determine an accessibility status of the first RF memory tag, the one or more from trusted stores, or a combination of these. The device is also caused to cause, at least in part, the granting of access based, at least in part, on the state of accessibility. Access is via a link between the first RF memory tag and the second RF memory tag.
According to another embodiment, a computer-readable storage medium, carrying one or more sequences of one or more instructions that, when executed by one or more processors, cause, at least in part, an appliance to receive an order, in a device, for granting access to the interaction between the first RF memory tag and a second RF memory tag, the first RF memory tag associated with one or more trusted stores. The device is also caused to determine an accessibility status of the first RF memory tag, the one or more from trusted stores, or a combination of these. The apparatus is also caused to make, at least in part, the granting of access based, at least in part, on the state of accessibility. Access is via a link between the first RF memory tag and the second RF memory tag.
According to another embodiment, an apparatus comprises means for receiving an order, on a device, to allow access for the interaction between the first RF memory tag and a second RF memory tag, first memory tag by RF associated with one or more trusted stores. The apparatus also comprises means for determining an accessibility status of the first RF memory tag, the one or more of reliable stores, or a combination of these. The apparatus further comprises means for making, at least in part, the granting of access based, at least in part, on the state of accessibility. Access is via a link between the first RF memory tag and the second RF memory tag.
Still other aspects, features and advantages of the present invention are readily apparent from the following detailed description, simply illustrating a number of particular embodiments and implementations, including the best contemplated way of carrying out the invention. The present invention is also capable of other and different embodiments, and its various details can be modified in several obvious ways, all without departing from the spirit and scope of the invention. Therefore, the drawings and description should be considered as illustrative in nature, and not as restrictive. BRIEF DESCRIPTION OF THE DRAWINGS
The embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures in the accompanying drawings: Figure 1 is a diagram of a system capable of transferring data via radio frequency (RF) memory tags, in accordance with with an embodiment; Figure 2 is a diagram of the components of the UE manager, according to one embodiment; Figure 3 is a diagram of the components of the user equipment, according to one embodiment. Figure 4 is a flowchart of a data transfer process by means of RF memory tags, according to one embodiment; Figure 5 is a flow chart of a storage device selection process based on access and / or data characteristics, according to an embodiment; Figure 6 is a time sequence diagram that illustrates the message sequences and use-case scenario processes for transferring data via RF memory tags, according to one embodiment; Figure 7 is an example diagram showing various components of UE 101, according to one embodiment; Figures 8A-8D are diagrams of user interfaces used in the processes of Figure 4, according to various embodiments; Figure 9 is a hardware diagram that can be used to implement an embodiment of the invention, Figure 10 is a diagram of a chip set that can be used to implement an embodiment of the invention, and Figure 11 is a diagram of a mobile terminal (for example, cell phone) that can be used to implement an embodiment of the present invention. DESCRIPTION OF SOME ACCOMPLISHMENTS
Examples of a method, apparatus, and a computer program for transferring data via radio frequency (RF) memory tags are disclosed. In the following description, for the sake of explanation, numerous specific details are set out to provide a complete understanding of the embodiments of the invention. It is evident, however, to a person skilled in the art that the embodiments of the invention can be practiced without these specific details, or with an equivalent arrangement. In other cases, well-known structures and devices are shown in the form of a block diagram, in order to avoid unnecessarily obscuring the embodiments of the invention.
As used herein, the term information space or intelligent space can be considered as a set of information aggregated from a variety of different and distributed sources. The multiple sources of information generate great flexibility in the information space and account for the fact that the same type of information can come from different sources and from different owners. For example, sensitive information (for example, financial account information, health records, etc.) can appear in the same information space from various sources (for example, records stored locally, a hospital database, database of a doctor, etc.) In one embodiment, information within the information space or smart space is represented using Semantic Web standards, such as Resource Description (RDF) framework, RDF (RDFS) schema, OWL (Web Ontology Language - ontological language of the web), FOAF (friend of a friendly ontology), rule sets in RuleML {Rule Markup Language - language of rule marking), etc. In addition, as used herein, RDF refers to a family of World Wide Web Consortium (W3C) specifications originally designed as a metadata data model. It has been used as a general method for conceptual description or modeling of information that is implemented in Internet resources, using a variety of syntax formats. Although several embodiments are described in relation to the information spaces and RDF, it is contemplated that the method described here can be used with other distributed information sets and / or syntax data formats. In addition, an Object IDentifier (OID) can be used (for example, ISO / IEC 8824-1: 2002 defined OID codes) for OID codes associated with healthcare or hospitals. For example, in a radiology environment, if a link between the specific radiology device and a patient needs to be established, the OID can be used as a reference for the specific radiology device. Figure 1 is a diagram of a system capable of transferring data via RF memory tags, according to one embodiment. As discussed earlier, the transfer of information through means such as a digital wallet is increasingly common. The digital wallet provides convenience in part because the digital wallet can carry information in a digital way, which can be processed easily. The information carried in the digital wallet may include information useful to the user of the digital wallet, such as reliable or guaranteed information. However, like other types of digital devices, the digital wallet can be susceptible to unwanted or other access attacks. In addition, the digital wallet can be lost or stolen, or it can become non-functional, thus causing loss of information contained in the digital wallet. Therefore, a digital wallet that provides security in its use and protects its content from other circumstances is desired, while using communication via an RF memory tag connected to or incorporated in the digital wallet to facilitate the exchange of information. In addition, the digital wallet can provide flexibility in that some parts of the information stored in the digital wallet (for example, information related to credit cards) can be carried in the digital wallet or left in a secure storage area. For example, a user may choose to carry credit card information in the user's digital wallet or may choose to leave the credit card on the user's personal computer, especially as the user may consider the user's home computer a safer place to store credit card information.
To solve this problem, a system 100 of Figure 1 introduces a mechanism for securely transferring information between RF memory tags based on the accessibility status of the RF memory tags. The accessibility status of RF memory tags can be considered to determine whether to allow interaction between RF memory tags, and the accessibility status is determined based on various factors and conditions, such as the lock / unlock status. EU 101, as well as authentication information, etc. The information may be related to financial transactions, financial information, medical information and transactions, personal information, privileged information, confidential information, classified information, or a combination of these. The access for the transfer of information between the RF memory tags is through a connection established between the RF memory tags, as the access request was received at the device. Access can be a write operation from one RF memory tag to another RF memory tag. In one embodiment, the content can be transferred from a second RF memory tag to a first RF memory tag, and then untrusted storage associated with the first RF memory tag. Then, the contents of the untrusted storage can be transferred to a trusted storage device, based on granting access. The UE 107's memory can include both untrusted storage and trusted storage. Untrusted storage is for data that does not need security or protection, whereas truststore is used to store data that needs security or protection, where different levels of security can be provided by different types of truststore .
In addition, data can be assigned to trusted or untrusted storage based on the security level of the data itself. For example, if the data is scanned against viruses, its level of security is high and thus can be designed for reliable storage. As another example, if the data is flagged as possible malware, then the data can be assigned to untrusted storage. In addition, in one embodiment, the mechanism checks whether the RF memory tag or storage device is in a locked state or whether the transaction involving the RF memory tags is prevented. If there is such a blocked state or transaction prevention, then the accessibility status can be set in such a way that the transfer of information can be limited or blocked. In one embodiment, the RF memory tag or related storage controls for authentication information to determine whether to allow recording of data transferred to the RF memory tag or related storage, and where the transferred data will be stored. Thus, the accessibility status can be based on authentication information. In addition, in one embodiment, there are several types of storage locations, and the granting of access can also be based on the storage location selected based on access characteristics. In addition, access can be recorded and stored in an available storage location, in order to maintain a history of access and transfer of information involving access.
More specifically, system 100 allows receiving a request at UE 101 to grant access to the interaction between the UE 117 memory tag of UE 101 and the final memory tag 113 of end device 109, and UE 101 determines a status of accessibility of the UE 117 memory tag or associated storage device within the UE 107 memory. The UE 117 memory tag and the final memory tag can be RF memory tags. The UE 101 can include a user interface that can be used to place the order on the UE 101, or to enter any other commands, or to display the process results or the interaction between the UE 117 memory tag and the final memory 113, or any other tasks. Once the accessibility status is determined, the UE 101 allows access based on accessibility, where access is via a link between the UE 117 memory tag and the final memory tag 113. The link can be established through communication network 105. The connection can be blocked or avoided if the UE 101 is in a blocked state. UE 101 can be placed in a locked state if UE 101 is reported as lost or stolen. For example, a user can inform the service provider that the UE 101 has been stolen or lost, and then the service provider can transmit a command to the UE 101 that locks the UE 101. There may be additional limitations that are considered in the granting access. Examples of additional limitations may include the access time limit (for example, how long the UE 101 can be connected to another device), the type of target device, type of target content, the type of connection, etc. .
In one embodiment, the content stored within the UE 101, as well as the content of the end device 109 can be synchronized with the service provider 119 to store the content on the server, such as a way of backing up the content or otherwise providing a backup. greater storage capacity. Thus, service provider 119 may include storage of user data 121 for storing data about user information, such as a user profile and other user-related information from UE 101. Service provider 119 may further include a content data store 123 to store any type of data, including data from the UE 101, as well as the end device 109, and also includes the authentication data store 125 to include authentication information, such as an ID user name and password, specific EU authentication information, any information related to end device authentication, etc. In one example, if the UE 101 or end device 109 is lost or stolen, the user can purchase a new UE 101 or end device 109 and sync with service provider 119 to obtain the backed up content service provider. For the new device to synchronize with service provider 119, the user may need to enter information specifying the content of the device, such as a device ID or a related account ID for the lost or stolen device.
The content to be transferred from the device 109 to the final UE 101 can include a wide variety of types of content. For example, the content may include related financial information, such as financial transactions and financial account information. In one example, UE 101 can include a digital wallet, and end device 109 can act as a payment station, so that the financial transaction can be carried out between UE 101 digital wallet and end device 109 as the UE 101 user uses the UE 101 to make payments by communicating with the end device 109. The digital wallet can include some components of the UE 101 and can be linked to other components of the UE 101 to perform the function of the digital wallet. In addition, the content can be any type of personal information, such as medical history, social security information, etc., and it can also be privileged information, which can include attorney-client privilege, doctor-patient privilege. The content may also include digital media such as images, video, audio, documents, etc. In one embodiment, access can be related to obtaining consent information, such as a patient's consent to medical treatment, the client's consent, etc. Access can be granted based on consent information (for example, consent to medical treatment, consent to transfer medical records, consent to perform transactions, etc.) Thus, the scope of access can be determined based on authorization information, where the scope of application includes at least an hour, the location, the duration, a part, a part function, an activity, a record, or a combination thereof. For example, if consent exists between UE 101 and end device 109, then interaction between UE 101 and end device 109 may be allowed to transfer data. In addition, different levels of access can be granted based on the consent information. For example, depending on the consent information, access to the trusted storage zone and / or the untrusted storage area on UE 101 may be granted.
In one embodiment, the UE 101 has a UE 107 memory for storing data, including user information, authentication information, software, user interface application, information, communication, history, digital media communication (images, videos and files audio, etc.), contact information, web browsing, information, etc. The memory may include a non-volatile memory (NVM), such as a flash memory, PCM memory of the type of storage / execution in the universal flash location (UFS / XIP), etc. In one embodiment, the transfer of information to the UE 101 from the data source, such as the end device 109 can be based on memory tags (e.g., RF memory tag) associated with the UE 101 and the device final 109, respectively. As an example of a data source, including the RF memory tag (for example, PCM NVM memory and a part by RF), the end device 109 can act as a passive end point that is turned off without power or an active end point with food. For the passive endpoint, the UE 101 can supply power and data to the passive endpoint, which is the end device 109, in this example, whereas the end device 109 can only provide data for the active endpoint of the UE 101.
In another embodiment, the RF memory tag uses short-range connectivity, such as ultra high frequency / near-field communication (UHF / NFC) and / or pulse-based ultra-broadband (I-UWB). UHF / NFC can be produced by a final unit, such as a reader or a recorder on the UE 101 and can be used to provide an energy field (thus controlling the end device 109 with this energy field), whereas I- UWB can be used for the transfer of data between the RF memory tags of the writing device or the reading device, where the short-range connection can be provided as an integrated structure with the RF memory tag or as a peripheral device connected to the RF memory tag. The RF memory tag can also be present as a part of the data source using the end device 109, such that data can be transferred from the data source to the UE 101 using a short-range connection, in that data can be transferred to an RF memory tag embedded in the UE 101 or other storage medium supporting a UFS / XIP memory architecture in the UE 101, for example. In addition, this approach can provide high capacity NVM memory with one part per RF providing a high data transmission rate.
As shown in Figure 1, system 100 is composed of user equipment (UEs) 101a-101 having connectivity with UE managers 103a-103n, respectively, through a communication network 105. UE 103 managers can act as a interface between one or more UEs 101 and one or more end devices 109. As an example, the communication network 105 of the system 100 includes one or more networks such as a data network (not shown), a wireless network (not shown), a telephone network (not shown), or any combination of these. It is contemplated that the data network can be any local area network (LAN), metropolitan area network (MAN), wide area network (WAN), a public data network (for example, the Internet), or any another suitable packet switching network, such as a commercially owned one, the proprietary packet switching network, for example, a proprietary cable or fiber optic network. In addition, the wireless network can be, for example, a cellular network and can employ several technologies, including advanced data rates for global evolution (EDGE), General Packet Radio Service (GPRS), global system for mobile communications ( GSM), Internet Protocol Multimedia Subsystem (IMS), Universal Mobile Telecommunications System (UMTS), etc., as well as any other suitable wireless medium, for example, worldwide interoperability for microwave access (WiMAX), Long Term Evolution (LTE) networks, code division multiple access (CDMA), code division multiple broadband access (WCDMA), Wireless Fidelity (Wi-Fi), satellite, ad hoc mobile network (MANET ), and the like. The communications network may also involve a link between an active endpoint device and a passive endpoint device, where the active endpoint provides a power field for the passive endpoint via a short-range or wireless radio (for example, UHF / CNF) and provides a data connection (for example, I-UWB) between the active endpoint device and the passive endpoint device. In one example, the active endpoint device may be the writing device on the end device 109 and the passive endpoint device may be the RF memory tag with short range wireless connectivity 101 on the UE. However, any device can be the active or passive endpoint of the endpoint.
UEs 101a-101n are any type of mobile terminal, fixed terminal or portable terminal, including a mobile device, station, unit, device, multimedia computer, multimedia tablet, Internet node, communicator, desktop computer, laptop, personal digital assistant (PDAs), or any combination of these. It is also contemplated that UEs 101a-101n can support any type of user interface (such as a "usable" circuit, etc.). In one embodiment, each UEs 101a-101n can include a respective memory 107 for storing data . Memory 107 may include a UE 117 memory tag. In addition, or alternatively, the UE 117 memory tag may be external to UE 101 (for example, connected via an external dongle device). As an example, the UE 117 memory tag is a near field communication tag (CNF), the radio frequency identification tag (RFID), contactless card, a wireless powered memory tag, or the like, which includes sufficient memory to store information related to the respective UE 101. The UE 1 17 memory tag, for example, is associated (for example, incorporated or linked to) one or more of the UEs 101 capable of supporting the processes of information management of the approach described here. In one embodiment, the UE 117 memory tag (for example, the RF memory tag or built-in RF memory tag) is a high-capacity NFC tag containing multiple gigabits of memory with quick access and times download. It is contemplated that the UE 117 memory tag may also be any similar wirelessly powered memory tag. In one example, UHF / NFC or any radio that provides a power field can feed the UE 117's memory tag.
For example, NFC, RFID, contactless card, and similar technologies are short-range wireless communication technologies (for example, Ultra High Frequency / Near Field Communication (UHF / NFC) and / or Impulse based Ultra Wideband (I -UWB)) that allow the exchange (for example, reading and writing) of data between devices and tags over short distances (for example, the range for NFC is approximately 4 inches). In general, these technologies comprise two main components, a tag (for example, attached to an UE 101, as an integrated structure, such as an RF memory tag card or as an accessory, as a separate entity that the UE 101 accesses wireless) and a reader / writer (which can be implemented within the UE 101). Communication between the reader / writer and the tags takes place wirelessly and may not require a line of sight between devices. The tag (for example, an RFID transponder) is, for example, a small microchip that is connected to an antenna. The labels can vary in sizes, shapes and formats and can be read using many types of materials. In addition, the tags can be passive tags or active tags. Passive labels are generally smaller, lighter and less expensive than active labels. Passive tags are activated only when with a reader / writer's response range. In other words, passive tags are usually memory tags that are triggered wirelessly by the reader / writer. The reader / writer emits a field of low energy radio waves that is used to feed the tag, in order to pass any information that is contained on the chip. Active tags differ in that they incorporate their own source of energy to transmit rather than reflect radio frequency signals. Thus, active tags allow for a wide range of features such as programmable read / write capabilities. The read / write capabilities of the UE 117 memory tag may, for example, allow the system 100 to write comments for storage on the UE 117 memory tag for retrieval by other users or to update the contents of the memory tag memory of the UE 117. EU 117 to include the latest content. For example, the UE 117 memory tag associated with an ad can be updated to contain the latest pricing information on availability. The final memory tag 113 may also include features similar to the UE's memory tag. As another example, a memory tag associated with the media, such as media content, media trailer, or applications, the latest data image, trial versions, settings, etc. can be updated to contain the updated information or content. In this example, if an external RF memory tag is used and can be connected to multiple devices, then the location variants as well as the device variants can be flashed at the time of purchase, for example.
A reader / writer device typically contains a transmitter, a receiver, the control unit and an antenna, as well as a memory, which can be a high capacity memory storage device. The memory may include a built-in tag. The reader / writer performs several main functions: energizing / turning on the tag, demodulation and decoding of the returned radio signal, data transfer, and providing clock information. In certain embodiments, a reader / writer includes an additional interface for converting the radio signal returned to a form that can be passed to another system, such as a computer or programmable logic controller.
Therefore, the advantage of this approach is that access to the interaction between RF memory tags is granted based on the state of accessibility, and thus provides a measure to selectively allow interaction between RF memory tags with based on accessibility status. Therefore, this feature allows secure transactions or secure information transfer between RF memory tags. Therefore, means for transferring data via RF memory tags are anticipated.
For example, the UE 101, the end device 109, and the service provider 119 communicate with each other and other components of the communication network 105, using well-known, new or yet to be developed protocols. In this context, a protocol includes a set of rules that define how the network nodes within the communication network 105 interact with each other based on information sent over the communication links. The protocols are effective in different layers of operation within each node, from the generation and reception of physical signals of various types, to the choice of a connection for the transfer of such signals, to the information format indicated by said signals, for identify that the software application running on a computer system sends or receives the information. The conceptually different layers of data exchange protocols over a network are described in the Open Systems Interconnection Reference Model (OSI).
Communications between network nodes are typically carried out by exchanging discrete data packets. Each packet typically comprises (1) header information associated with a given protocol, and (2) payload information that follows header information and contains information that can be processed independently of that particular protocol. In some protocols, the package includes (3) trailer information after the payload and which indicates the end of the payload information. The header contains information such as the source of the packet, its destination, the size of the payload, and other properties used by the protocol. Often, the payload data for the special protocol includes a header and payload for a different protocol associated with a different and higher layer of the OSI reference model. The header of a particular protocol usually indicates a type for the next protocol contained in its payload. The upper layer protocol is said to be encapsulated in the lower layer protocol. Headers included in a packet across multiple heterogeneous networks, such as the Internet, typically include a physical header (layer 1), a data link header (layer 2), a set of header networks (layer 3), and a header from transport (layer 4), and the headers of various applications (layer 5, layer 6 and layer 7), as defined by the OSI reference model. Figure 2 is a diagram of the components of the UE 103 manager, according to one embodiment. For example, the UE 103 manager includes one or more components to manage the UE 101 and the interaction between the UE 101 and other devices and / or service providers. It is contemplated that the functions of these components can be combined into one or more components or performed by other components of equivalent functionality. In this embodiment, the UE 103 manager includes a UI manager (user interface) 201, validator 203, communicator 205 and a data manager 207.
In one embodiment, the UE manager 103 receives a request to grant access for interaction between the RF memory tags. For example, the user interface for the UE 101 can be used to receive this request. The UI 201 manager can be used to retrieve the order through the UE 101 user interface and communicate the order and information included in the order with other components of the UE 101. The information included in the order may contain information about a target device for retrieve content, a type of content to be retrieved from the target device, authentication information to allow access from the UE 101 and / or the end device 109. The UI manager 201 can also obtain information from other components of the UE 101 and present them through UE 101. Validator 203 performs several types of validation, approval authentication, etc. to determine whether to allow a process. For example, validator 203 can verify that the UE 101 (or the UE 117 memory tag or other trusted storage, for example) is in a locked state. If the 203 validator determines that the UE 101 is in a blocked state, the 203 validator can prevent or limit access for some or all components of the UE 101. The blocked state can be specified for the components of the UE 101 in such a way that only some components of UE 101 can be in a locked state, while the other components are not in a locked state, and therefore are accessible. The 203 validator can also validate the authentication information (for example, a user ID and password) entered to access the UE 101. For example, the authentication information can be entered through the user interface, the authentication information can then be processed by the UI 201 manager and sent to the 203 validator for validation. The authentication information of the validator 203 can also be the authentication information for accessing the end device 109 or its components.
Communicator 205 manages various types of communication within UE 101 (for example, between components within UE 101) and with another device, such as end device 109 or service provider 119. Communicator 205 can be used to manage communication. communication between the UE 117 memory tag and the final memory tag 113. Communicator 205 may perform synchronization between the UE 101 and service provider 119, periodically and / or at the request of a user or when a condition is met , to copy or transfer data from the UE 101 to the service provider 119. If the UE 101 is lost or stolen, or the UE becomes non-functional, then the data synchronized from the UE 101 to the service provider 119 can be used as a backup of the data to a new user device. In addition, if the UE 101 is stolen or lost, the user can inform the service provider 119 about the lost or stolen status of the UE 101. Then, the service provider 119 sends a command to the UE 101 to place the UE 101 in the locked state. Communicator 205 can receive this command from service provider 119 and place the UE 101 or its components in a locked state if the UE 101 is lost or stolen, where placing the UE 101 or its components in the locked state prevents access UE 101 or its components.
The data manager 207 manages the data, at least according to its characteristics and other factors, such as the type of access granted for the interaction between the memory tags. The data manager 207 sorts the data based on these factors and selects suitable storage based on the sort. For example, data manager 207 assigns high-security data for reliable storage of high-level security, and low-data for reliable storage of low-level security. If the data does not need any security, data manager 207 assigns the data to untrusted storage. The data is then sent to the assigned (that is, selected) storage via communicator 205. Thus, data manager 207 can also manage multiple areas of trusted storage security, as well as untrusted storage areas within the UE 101 In another example, data manager 207 can manage multiple areas of trusted storage within multiple user devices (for example, UEs 101a - 101n). Multiple user devices can be a family of devices, where some user devices (for example, primary devices) have higher security management functionality over other devices (for example, secondary devices). The data managers of the respective user devices can communicate with each other to manage multiple areas of trusted storage within the multiple user devices. In addition, in this example, user device validators can communicate with each other to perform various types of validation, approval authentication, and etc., to validate access to multiple devices and / or multiple storage areas. Figure 3 is a diagram of the components of the UE 101, according to one embodiment. The UE 101 includes a user interface 301 to provide a presentation in which the user can use to interact with the UE 101. The UE 101 can also include the manager UE 103 to manage interactions such as data transfer between the UE 101 and end device 109, as well as service provider 119. The UE 103 manager also interacts with UE 101 to manage user input to UE 101. KP 303a-303n knowledge processors are components that process data with respect to an information space 109 with which the UE 101 has connectivity. A knowledge processor 303 can be located in various locations throughout the information space environment, including EU 101.
In one embodiment, the UE 117 memory tag may be an internal component of the UE 101 (e.g., a built-in tag) or an external storage device and / or the knowledge processor 309 connected to the UE 101. The tag server 305 manages access to the UE 117 memory tag and operations such as reading, writing and organizing information about the UE 1 17 memory tag. In addition, the UE 101 can include untrusted storage 307 and truststore 309. The untrusted storage 307 and the untrusted storage 309 can be separate storage units or a single storage unit that has separate components for the untrusted section and the trusted section. The untrusted storage 307 and the trusted storage 309 can be internal components of the UE 101 or external storage devices connected to the UE 101. Figure 4 is a flowchart of a data transfer process using RF memory tags, from according to one embodiment. In one embodiment, the UE 103 manager performs process 400 and is implemented on, for example, a chip set that includes a processor and memory, as shown in Figure 10. In step 401, the UE 103 manager receives a request for granting access to the interaction between the RF memory tags (for example, between the UE 117 memory tag and the final memory tag 113). The UE 117 memory tag can be associated with 309 truststore. The request can be made using a user interface on the UE 101. The user can then type a command or press a button on the user interface to make a request. order. The order can also be placed automatically. For example, the order can be placed automatically when certain conditions are met. For short-range wireless devices, conditions may include bringing the UE 101 close enough to the end device 109 such that the end device 109 is within the range of the short-range wireless device on the UE 101. The application may include various types of information that is used to determine whether access to the interaction between RF memory tags should be granted. For example, the order may include information related to the content or data that is requested through the order, a destination device for retrieving the requested content (for example, the end device 109), authentication information such as a user ID and a password, any other specific commands, such as read from the end device 109 or write to the end device 109, a transfer method, a type of transactions between devices, a method for transactions, etc. Some or all of this data can be provided using the user interface.
In step 043, the UE manager 103 determines the lock status of the UE 101 and the credentials for accessing the components of the UE 101 and / or the final device 109. If the UE 101 is locked (in the locked state), in Then, accessibility to the UE 101 or its components (for example, the UE's memory tag, truststore, etc.), can be blocked or limited. The UE 101 or its components can be placed in a locked state if the UE 101 or its components are lost or stolen. If the UE 101 or its components are stolen, the user / owner of the UE 101 or its components can report the lost or stolen status to a service provider 119. Then, the service provider will call the UE 101 and place the UE 101 in a locked state. This feature is advantageous in that it protects the information in UE 101 and its components from another person that the user does not wish to provide access to. In addition, in one embodiment, content on UE 101 may be synchronized with service provider 119 or another device, periodically or at the request of a user. Thus, content on UE 101 can be copied or transferred to service provider 119 or another device. When the UE 101 is lost or stolen, or becomes non-functional (for example broken), the user can purchase another device, connect the device to the service provider 119 to acquire the content that has been stored at the service provider through synchronization 119 with the previous device that is lost or stolen or not functional. This feature is advantageous in that the synchronization backs up another copy of the content. In addition, if access credentials to UE 101 are not successfully validated, then accessibility to UE 101 can also be prevented or limited. Credentials can be in the form of a user ID and password. In addition, credentials may be for UE 101 and / or there may be separate credential information for each of the components of UE 101. In addition, other credentials to access end device 109 may need to be entered to access end device 109 and its components.
In step 405, the accessibility status of the UE 117 memory tag, the trust store 309 or a combination thereof is determined. The accessibility status can be determined based on several factors, including the information entered in the order. The accessibility status can also be determined based on additional limitations. Limitations may include the access time limit (for example, the time that the UE 101 can be connected to another device), the type of target device, type of target content, type of connection (fast versus slow connection , for example), device features, etc. Then, in step 407, access to the interaction between the UE 117 memory tag and the final memory tag 113 is granted based on the accessibility state. In one embodiment, access can be recorded and stored in any of the storage locations (for example, RF storage memory tags, trusted, the network operator, etc.). Access can be such that the history of access and transmission of information between RF memory tags can be registered and kept.
Access can be related to various types of information transfer and transactions, including financial transactions, financial information transfer, medical information transfer or other personal information, the transfer of privileged information or a combination of these. In one example, the UE 101 may include a digital wallet (not shown), including or having connectivity to the components of the UE 101, including the interface 301, the memory of the UE 107, the tag server 305, the UE manager 103 and other components of EU 101. The digital wallet may include financial information as well as other types of information. When financial transactions occur through access, then the digital wallet within the scope of UE 101 may include the amount of digital money or points that the user has, while the final device 109 may be a device in a store. As the user attempts to purchase items from the store, UE 101 establishes the connection with the end device 109 in the store, as access is granted. If the user purchases the items, the amount of digital money or points within the digital wallet in the UE 101 is adjusted according to the purchase, by writing the contents of the final device 109 into the digital wallet in the UE 101.
The digital wallet may also contain consent information, where the consent given from the UE 101 to another device allows the exchange of information from the UE 101 and the other device and / or from another device to the UE 101. This feature can be used in a medical and patient environment, for example. As consent is given, the exchange of information, including consent information, as well as other medical information (for example, medical records, health actions and treatments, doctors who performed the treatments, hospital locations, health insurance information and other medical data) can be performed. In this example, if the consent information in the digital wallet shows that the patient has given consent to the doctor, then the doctor can read and write about the trusted storage 3 09 of the patient's UE 101. The scope of access can be based on the consent information, where the scope of application can include a time, place, duration, a part, a part function, an activity, a record, or a combination of these. As the user of the UE 101 gives consent, the user can provide the final memory tag 113 of the final memory tag 113 of the end device 109 of the physician with the medical information with the past medical history. Authorization can be given from the user to a specific doctor or to an organization (for example, hospital) having one or more doctors. If consent is given to an organization, then doctors within the organization can share all parts of the consent. In addition, as consent is given to the doctor's device, an appointment with the doctor can be arranged. The consent status is updated as consent is given for the final memory tag 113, and is stored in trust storage 309.
In addition, after the UE 101 user gives consent and the doctor updates the user's medical information (for example, after seeing the user), the updated medical information about the user stored in the end memory tag 113 of the end device 109 of the physician can be retrieved to the EU 117 memory tag. Personal information retrieved from the final physician's device 109 may include the prescription of the medication, which can be stored in a trusted storage 309 of the UE 101 and be presented to a pharmacist, in order to obtain corresponding prescription drugs. When the drug prescription is passed from the doctor's final device 109 to the patient's device (eg UE 101), the doctor's identity and / or license information and other information about the doctor can be transferred to UE 101 The prescription can be stored in the UE 101 in an encoded format such that a patient or other users using the UE 101 cannot access the prescription data and possibly moderate the prescription. In this example, the prescription data can still be deleted or transferred to a medical device or end device 109 by a pharmacist, and only authorized users (for example, doctors or pharmacists) or devices may be able to decode and access data from encrypted prescription. An advantage of this feature is that as a prescription is transferred from the device of the final doctor 109 to the UE 101 it is difficult to counterfeit, and thus avoids the fraudulent prescription of drugs. Another advantage of this feature is that the record of these accesses and transactions can be kept for future reference and review. In one example, if the medicine-containing package is equipped with a memory tag, the path or chain of the medicine package can be controlled and the source of the package can be checked. In addition, if there is a thermometer associated with the memory label on the packaging, then the temperature can be constantly stored on the memory label, and the temperature during delivery of the packaging can be kept in a record to verify that the package was delivered in an appropriate temperature condition.
In one embodiment, consent can be given from UE 101 to end device 109 using UE 101 to touch or hit end device 109. This touch or beat is detected by end device 109, and consent approved based on device and personal information exchanged between UE 101 and end device 109. In addition, consent may have conditions that invalidate consent, such as a time limit, in which consent becomes invalid after the expiration of the term. Consent can be renewed by communicating with a corresponding device again (for example, ringing or tapping). In addition, there may be different types of consent, requiring separate approvals for each type of authorization. For example, a doctor performing gastric bypass surgery would only obtain consent for medical information related to gastric bypass surgery.
In one embodiment, the request may involve a third memory tag (not shown), which may be an RF memory tag, and the granting of access may be related to the UE 117 memory tag and the final memory tag 113, the third memory tag, or a combination thereof. For example, a digital signal can be transferred from the final memory tag 113 to the UE 117 memory tag after the UE 101 pays for the digital signal, using the digital wallet at the UE 101 through access. Then, the digital signal can be transferred from the UE 101 to the third memory tag, either temporarily or permanently. When the digital token is transferred from the UE 101 to the third memory tag, the digital token on the UE 101 digital wallet can be deleted or disabled permanently or temporarily. In another example, a parental authorization for digital media may involve the primary device and the secondary device. Parental consent can be transferred from end device 109 or service provider 119 to the primary device, and parents can allow the transfer of parental consent to the secondary device in order to give parental consent to the child . This transfer may also include the transfer of money from one device to another, instead of parental consent.
UE 101 may disable or restrict the use of the digital wallet and / or reliable storage 309 for certain situations where security may be a concern. For example, if the memory tag 13 is an end of an end device 109 in a public space that is open to the public, the contents of the end memory tag 113 cannot be considered secure, at least due to the open nature of the device at the time. public. In one example, on a public memory tag that contains information from the bus station, the UE 101 can only allow the reading of the public memory tag by the UE 101, and disable writing. Alternatively, the UE 101 can disable the digital wallet, thus disabling all features that relate to the secure transfer of information, such as accessing the trusted storage 309.
This process, which is shown in Figure 4, is advantageous in that it provides security in the transfer of information between RF memory tags by granting access to the interaction between RF memory tags based on accessibility status. In particular, the accessibility state is determined based on the lock state, in which the device is placed in a locked state, whether it has been stolen or lost. In addition, the accessibility status is based on credentials, and thus providing additional security. Thus, the present process avoids the unwanted transfer of data between the RF memory tags. The UE manager is a means to achieve these advantages. Figure 5 is a flow chart of a storage device selection process based on access and / or data characteristics, according to an embodiment. In one embodiment, the UE 103 manager executes process 500 and is implemented on, for example, a chip set that includes a processor and memory, as shown in Figure 10. Process 500 can occur during or after process 4 00. In step 501, the UE manager 103 determines the access characteristics, data associated with the access, or a combination thereof, where access is the access for the interaction between the UE 117 memory tag and the memory tag of the end device 113. Access characteristics may include the type of access, as well as access purposes. The type of access can be read access, write access, synchronization, deletion, copy and so on. The purpose of access can include various operations to be carried out, such as making payments, sending a bus ticket, giving consent, exchanging items, etc. The characteristics of the data associated with access can also include information about these various operations. The characteristics of the data may also include the type of data, as well as the content of the data. In step 503, UE 103 selects a storage location manager based on the access characteristics, the data associated with the access, or a combination of these.
If process 500 happens during process 400, access can be granted next in step 503, where access can be based on the storage location. The storage location can be a reliable storage 309, selected from stocks of different security levels. For example, the 309 truststore can include a general truststore and certified storage. Reliable general storage is for the type of data that needs a low level of security. Thus, if the characteristics of the data associated with the access show the low level of security, then the general storage is reliably selected, as is the storage to transfer the data associated with the access. In general, reliable storage. Likewise, if the characteristics of the data associated with access show a high level of security, then certified storage is selected. The type of data for a high level of security may include data that does not require a high level of certification or security protection, such as credit card information, debit card information, transportation vouchers, confidential agreements, doctor-patient consent, etc. , and some information in certified storage may carry a certain expiration date. The low-level data type can include data that needs a little bit of security, but not as high as high-level data, and therefore can include emails, text messages, contacts, favorites and etc. In addition, the selected storage location may be the 307 untrusted storage. The 307 untrusted storage is for data that does not need security or protection and can be opened to the public. Advertisements or public announcements etc. can be forwarded to untrusted storage 307. Then, as shown in step 505, the content of the data is transferred to the selected storage.
In one embodiment, the data stored in the trust store 309 can be verified to determine the confidence level of the trust store 309. For example, both the general trust store and the certified store can be verified. There may be parameters that determine the level of confidence for each of the data. For example, if the data is scanned against viruses, this contributes to a higher level of trust, whereas data that has signs of malware or suspicious activity can contribute to a lower level of trust. Thus, if the storage contains a large amount of data with a high confidence level, the confidence level of the storage will be high. In addition, the UE 103 manager can purge reliable general storage if the storage level drops below the lower security threshold. For certified storage, if the security level of certified storage is not above a certain security threshold level for certified storage, certified storage cannot qualify for high security transactions, such as credit card transactions or another high-security transfer of information. This is to protect unsecured transactions that are vulnerable to any outside intervention or hacking. Generally, certified storage should have a higher level of trust than general trusted storage, in part, because the data stored in certified storage is pre-filtered for high certification or the level of security. In another example, if there are several general trusted stores with different security levels, the retrieved content can be assigned to the corresponding storage based on the estimated security level of the data.
In one embodiment, the data content can be transferred from the final memory tag 107 to the UE 117 memory tag, and then transferred to untrusted storage 307 associated with the UE 117 memory tag. then, data transferred to untrusted storage 307 can be transferred to trusted storage 309, if access for interaction between the final memory tag 107 and the UE 117 memory tag is granted. In one example, data to update the amount of money in the digital wallet within the UE 101 can be transferred from the final memory tag 107 to the UE 117 memory tag, and then transferred to untrusted storage 307 associated with the UE 117 memory tag. This data is then transferred to the trusted storage 309 associated with the digital wallet to update the amount of money in the digital wallet, if access to the interaction between the final memory tag 107 and the UE 117 memory tag is granted.
This process is advantageous in that it provides a way to select a storage device based on access or data characteristics in such a way that a suitable storage device is used for a corresponding data set. For example, this feature increases security measures in protecting high-security data by placing such data in one storage, while placing low-security data in another storage. The UE 103 manager is a means to achieve this advantage. Figure 6 is a time sequence diagram that illustrates the process sequences of use-case scenarios for transferring data via RF memory tags, according to one embodiment. A device-by-device process is represented by a vertical line. The communication transmitted from one process to another device is represented by the horizontal arrows, and the horizontal arrows are labeled with numbers that represent the steps.
The processes represented in Figure 6 are the UI (user interface) 601, the digital wallet 603, the tag server 605, the memory manager 607, the SW reader (software) of MAC (Media Access Control) 609 and the PHY (physical) reader 611, PHY label 613, SW label of MAC 615 and memory label 617, which can be an RF memory label. For example, components on the left, including UI 601, digital wallet 603, tag server 605, memory manager 607, MAC SW reader 609 and PHY 611 reader, can be included within the UE 101, or can be connected externally to the UE 101 (for example, connected via an external dongle device). In addition, for example, the components on the right side, including the PHY 613 tag, the MAC SW tag 615 and the memory tag 617, can be included within the end device 109. UI 601 can be an example of UI 3 01 shown in Figure 3, and tag server 605 can be an example of tag server 305. Memory tag 617 can be an example of memory tag effect 113. UI 601 can be used to receive a request (for example, from a user) to grant access that forms interaction between the memory tags (not shown) of the UE 101 and the memory tag 617 of the end device 109. As shown in step 621, a request for content is made on UI 601 and sent to wallet 603. For example, a user can type a command or press a button on UI 601 to submit the request. The content request can include information such as a content type, the name of the content, a target device, specific command, as read from the end device 109 or write to the end device 109, specified data to search for the transfer, as well as authentication information such as a user ID and password.
When wallet 603 receives the content request, then wallet 603 sends an access request to the tag server 605, as shown in step 623. The accessibility request may include information about the type or name of the content specified in the content request, and any related information that verifies that UE 101 is blocked, and therefore content within UE 101 cannot be accessed. As discussed earlier, in one example, the UE 101 can be locked automatically if there is an indication that the UE 101 has been lost or stolen. Then, the tag server 605 sends the accessibility response to wallet 603, with an indication of whether the UE 101 is blocked, as shown in step 625. If there is an indication that the UE 101 is not blocked, the UE 101 is not blocked for the type or name of the content specified in the content request, and a connection with the end device 109 is established. In addition, the 603 wallet also positions the content in a corresponding category for security. For example, security categories can include different levels of security (or levels of trust), such as device, untrusted storage 307, and trusted storage 309. Then, wallet 603 sends a validated content request to the tag server. 605, as shown in step 627. The request for validated content may include information such as trust level, location, ownership, authentication information, indication that the UE 101 is not blocked, information about the ability to read or write, and the name of the content. The validated content request can then be sent from the tag server 605 to the end device 109 to approve the validation. Once the validated order content is validated, the tag server 605 receives approval, and then the validated response content is sent to the wallet. In addition, with approval, wallet 603 sends a content retrieval command to tag server 605, as shown in step 631. In another embodiment, the order for validated content can be placed automatically on wallet 603, without a user submitting the content request via step 621. In this embodiment, the validated content request can be made automatically, depending on conditions, such as a user configuration or security settings for making the automatic content request. Thus, in this embodiment, steps 621, 623 and 625 can be omitted.
The tag server 605 then contacts the MAC SW reader 609 (step 633), which then converts the tag server software command 605 to an electrical signal. The tag server 605 can also inform memory manager 607 of the tag server software command 506. This electrical signal is sent to the PHY reader 611 (step 635), which is then transmitted to the PHY tag 613 in the final device 109, to request the recovery of the requested content (step 637). This signal is then sent to the MAC SW label 615 (step 63 9) and is converted to a software command, which is then sent to the memory label 617 on the end device 109 to retrieve the content. order (step 641). The requested content is then retrieved based on the information provided in the order, and the requested content is sent to the MAC 615 SW tag, as shown in step 643. The MAC 615 SW tag converts the required content to a electrical signal then sends it to the PHY 613 tag, as shown in step 645. This electrical signal containing the requested content is then retrieved by the PHY 611 reader from the PHY 613 tag, as shown in step 647. This retrieved electrical signal containing the requested content is then sent to the MAC 609 SW reader to convert the electrical signal to a software format of the requested content (step 649). The software format of the requested content is then sent to the tag server 605, as shown in step 651. Then, the tag server 605 sends a command to the memory manager 607 to write the requested content to the tag. of the UE 101 (step 653). In step 655, tag server 605 can provide wallet 603 with information about the requested content. Then, wallet 603 checks and checks the content being written, to determine the location of the memory where the content is being written, depending on various conditions. For example, content written on the UE 101 memory tag can be transferred to trusted storage 309 or untrusted storage area 307 within UE 101, depending on the determined location where the content is to be written. Conditions may include, where the write action originates from. If the write action originates from another endpoint, then the content may be unreliable by default prior to verification by wallet 603. In addition, if there is a sign that the user is aware of the required content and the your confidence level (for example, the user initiates the order to purchase the content), then wallet 603 can determine that the required content can be stored in a trusted storage area 309. These conditions may include the location of the feed memory label. For example, if the memory tag is fed from the same end point (inside the device), the required content can be considered more reliable than the case where the feed is from another end point (outside the device) . Tag server 605 can also send a notification about retrieving the requested content to wallet 603 (step 655) and wallet 603 can transmit this notification to UI 601 (step 659) such that UI 601 can present the result of recovery. Figure 7 is an example diagram 700 showing various components of UE 101 and their functionalities, according to one embodiment. The 701 user interface can include the 707 management interface to manage various components of the user interface. Examples of the user interface components are the Nokia 709 UI, Bank / Operator UIs 711 and trusted UI library 713. The Nokia 709 UI can include a user interface allowing the UE 101 user to interact with a server Nokia, which is an example of a service provider. Bank / Operator 711 UIs allow the user to interact with a bank server or a credit card server, in order to configure payments to be made for purchases. The trusted UI library 713 can include a set of trusted user interfaces that can be retrieved from the library to the user interface, so that the user can use the retrieved user interfaces for UE 101. An example of Trusted UI library, a version of Qt, developed by Nokia, which is used for the development of graphical user interface programs.
Digital wallet 703 can include trusted storage with certified storage 715 and general trusted storage 719. Certified storage 715 includes secure information, such as credit card, debit card, prepaid value and transportation voucher ( for example, a bus ticket). The general trust store 719 may include security information that does not require as high a level of security as certified storage. Thus, for example, the 719 truststore can include e-mails, data from short message services (SMS), contacts, bookmarks, etc. In addition, although not shown, the UE 101 can also have reliable storage 307 to store unsafe information. The digital wallet can also include a secure hardware abstraction layer 723 that can be used for communication between a hardware part of the UE 101 and the software part of the UE 101. The wallet 703 can communicate with the tag server 705 and other data read / write memory units. The 705 tag server communicates with a memory tag, such as the eTag 725, to allow communication between the UE 101 memory tag and another memory tag. The eTag 725 may have defined the memory allocations 727. The data transferred to the eTag 725 via the 705 tag server can be written to other storage locations, such as the ARM (Advanced RISC machine) memory, SIM memory {Subscriber Identity Module ) and USD (universal storage device) memory. In addition, BB5 (base band 5, by Nokia) can be implemented to lock or unlock the UE 101. The UE 101 can also include on-board credentials (ObC) 737 to verify the expected authentication information for the UE 101. The Figures 8A-8D are diagrams of user interfaces used in the processes of Figure 3, according to various embodiments. Figure 8A shows a UE 101 user interface with the available devices that the UE can connect 101. Title 801 shows "available devices", as the user interface is for selecting a device from a list of available devices 803. In this example, list 803 shows that there are three devices available: the consumer store device, the doctor T office device, and Chris's device. In this example, the consumer store device is selected, as highlighted 805. The "connect" button 807 can be selected to connect the highlighted device. The "More Info" button 809 can be selected to show additional information about the highlighted device. Option 811 can be selected to show other options that the user can choose in UE 101. The back button 813 can be selected to return to a previous user interface or a previous screen. Figure 8B shows an UE 101 830 user interface showing slots for inserting multiple entries. Title 831 shows "input information," in order to show that the user interface is for entering information. The type 833 slot is a slot for entering a content type or name of the content being transferred between the UE 101 and the end device 109. The user identification slot 835 is a slot for entering a user ID and password slot 837 is the slot for entering a password, where the user ID and password can be a part of authentication information. The proceed button 839 can be used to proceed with the information entered, and the clear button 841 can be used for the slots of the previous entry openings. Option 844 and the back button 845 have similar functionality, such as option 811 and the back button 813. Figure 8C shows a user interface 850 that shows the operations to be done in a consumer store, when connected with a device at the consumer store. When the authentication information entered in Figure 8B is validated, then the consumer store device can be authorized to have read / write access to the UE 107's memory. In this example, with read / write access to the memory From UE 107, a digital wallet on UE 101 can be used to pay the full cost 855 to purchase items 853. If payment button 857 is selected, content related to this transaction is transferred from end device 109 to UE 101 and it is written into the memory in the UE 101, to make the payments of the digital wallet in the UE 101. The payments of the digital wallet in the UE 101 can be made incrementally (for example, through payment in parts). Payments can be made in parts over a period of time. In addition, payments can be made in part by multiple digital wallets on a single device or multiple devices. In addition, payments can be made in parts in such a way that a portion of the payment for a small or a reduced version of the content can be made first, and then the reduced or limited version of the content can be upgraded to a full version of the content for an additional fee. Then, the amount of money remaining in the digital wallet can be updated according to the purchase. Although not shown, the user interface can offer different payment options, such as credit card, electronic check, bill request, etc. If the account request is selected as a payment option, then an address to send the account to is verified in the user interface. If the user does not want to make the purchase, the 859 cancel button can be selected. Option 861 and the back button 863 have similar functionality as the option 811 and the back button 813. Figure 8D shows a user interface 850 showing that transactions to be made in the T office, when connected to a device in the office from doctor T. The user of UE 101 may be a patient who visits Doctor T.'s office. Next, the patient may need to give the patient's consent to the doctor to allow the doctor to perform a procedure. Consent window 873 shows the type of consent, which is a consent for gastric bypass surgery, in this example. The details button 875 can be selected to show more details about consent and the procedure. The give consent button 877 can be selected to give your consent to the doctor or an organization where the doctor works. The cancel button 879 can be selected to cancel the transaction involving the patient's consent. Option 881 and the back button 883 have similar functionality, such as option 811 and the back button 813. Instead of or in addition to the consent button 877, authorization can be given in the form of a symbol, when the symbol it is given from the patient to the doctor when the patient's device makes physical contact with the doctor's device. The consent may have parameters that affect the doctor's scope of access to the UE 101 patient's device. For example, consent may have parameters for the business to the consumer, who can assign a treatment <doctor> who obtains the consent, for <time period x>, for <area y>. In this example, the parameters are <doctor> for the doctor's name, <time period x> for the time period for which the authorization is valid, and <area y> for the area for which the authorization is valid. The consent can also have parameters for business with the consumer, who can assign the consent to <doctor z> working in organization 0>, for time period P>, with <extension E> and assigned <function R> to <patient X >. In this example, the parameters include medical z> for the name of the doctor, organization O> for the name of the organization that doctor z belongs to, time period P> for the period of time the authorization is valid, extension E> for the extent that consent is valid, <function R> for the role of physician z within consent, and patient X> for the name of the patient, who gives consent. The arrangement of these parameters is not limited to the examples presented above, and can be arranged in different patterns.
The processes described here for transferring data via RF memory tags can be advantageously implemented using software, hardware, firmware, or a combination of software and / or firmware and / or hardware. For example, the processes described here, including the provision of user interface navigation information associated with the availability of services, can be advantageously implemented through processors, digital signal processing chip (DSP), a Circuit
Application Specific Integrated (ASIC), field programmable port arrangement (FPGAs), etc. Such exemplificative hardware to carry out the functions described is detailed below. Figure 9 illustrates a computer system 900 in which an embodiment of the present invention can be implemented. Although the computer system 900 is described with respect to a particular device or equipment, it is contemplated that other devices or equipment (for example, network elements, servers, etc.) within Figure 9 can deploy the illustrated hardware and components of the system 900. Computer system 900 is programmed (for example, via computer program code or instructions) to transfer data via RF memory tags, as described herein, and includes a communication mechanism, such as a bus 910 for information that passes between the other internal and external components of the computer system 900. The information (also called data) is represented as a physical expression of a measurable phenomenon, typically electrical voltages, including, but in other embodiments, phenomena such as magnetic, electromagnetic, chemical, pressure, biological, molecular, atomic, subatomic and quantum interactions. For example, north and south magnetic fields, or a non-zero electrical voltage, represent two states (0, 1) of a binary digit (bit). Other phenomena can represent digits of a larger base. The superposition of multiple simultaneous quantum states before the measurement represents a quantum bit (qubit). A sequence of one or more digits, constitutes the digital data that is used to represent a number or code of a character. In some embodiments, information called analog data is represented by a continuum of measurable values within a specific range. Computer system 900, or a portion thereof, constitutes a means for carrying out one or more steps of transferring data by means of RF memory tags.
A bus 910 includes one or more parallel information conductors so that information is quickly transferred between devices coupled to the 910 bus. One or more processors 902 for information processing are coupled to the 910 bus.
A processor (or multiple processors) 902 performs a series of information operations, as specified by a computer program code related to the transfer of data via RF memory tags. The computer program code is a set of instructions or instructions that provide instructions for operating the processor and / or the computer system to perform specific functions. The code, for example, can be written in a computer programming language that is compiled into a native processor instruction set. The code can also be written directly, using the set of native instructions (for example, machine language). The set of operations includes bringing information from the 910 bus and placing the information on the 910 bus. The set of operations also typically includes comparing two or more information units, changing the positions of the information units, and combining the two. or more units of information, such as by adding or multiplying or logical operations such as OR, exclusive OU (XOR), and E. Each operation in the set of operations that can be performed by the processor is represented to the processor by information called instructions, such as a one or more digit operation code. The sequence of operations to be performed by processor 902, as a sequence of operation codes, constitute instructions from the processor, also called instructions from the computer system or, simply, computer instructions. The processor can be implemented as mechanical, electrical, magnetic, optical, chemical or quantum components, among others, alone or in combination.
The computer system 900 also includes memory 904 coupled to the 910 bus. Memory 904, such as a random access memory (RAM) or other dynamic storage device, stores information including processor instructions for transferring data via RF memory tags. Dynamic memory allows information stored in it to be changed by the computer system 900. RAM allows a unit of information stored in a location called a memory address to be stored and retrieved independently of information at neighboring addresses. Memory 904 is also used by processor 902 to store temporary values while executing instructions from the processor. The computer system 900 also includes a read-only memory (ROM) 906 or other static storage device attached to the 910 bus to store static information, including instructions, that are not altered by the computer system 900. Part of the memory is made up of the volatile storage that loses the information stored in it when energy is lost. Also coupled to the 910 bus is a non-volatile (persistent) storage device 908, such as a magnetic disk, optical disk or flash memory card, to store information, including instructions, that persist, even when the computer system 900 is turned off or loses power.
Information, including instructions for transferring data via RF memory tags, is provided to the 910 bus for use by the processor of an external 912 input device, such as an alphanumeric keypad operated by a human user, or a sensor. A sensor detects the conditions of its neighborhood and transforms these detections in the physical expression compatible with the measurable phenomenon used to represent information in the 900 system computer. Other external devices connected to the 910 bus, used mainly to interact with humans, have a device 914 display, such as a cathode ray tube (CRT) or liquid crystal display (LCD) or plasma or printer to display text or images, and a 916 pointing device, such as a mouse or trackball or keyboard keys cursor direction, or motion sensors, to control the position of a small cursor image displayed on screen 914 and issuing commands associated with the graphic elements displayed on screen 914. In some embodiments, for example, in embodiments where the computer 900 performs all functions automatically, without human intervention, one or more of the external input devices 912, display device 914 and pointing device 916 are omitted.
In the illustrated embodiment, special purpose hardware, such as an application specific integrated circuit (ASIC) 920, is coupled to bus 910. The specific purpose hardware is configured to perform operations not performed by processor 902 fast enough for special purposes. Examples of application-specific CIs include graphics accelerator cards to generate images for display 914, encryption cards to encrypt and decrypt messages sent over a network, speech recognition, and interfaces to special external devices, such as robotic arms and security equipment. medical scans that repeatedly perform some complex sequence of operations that are most effectively implemented on hardware.
The computer system 900 also includes one or more instances of a 970 communications interface coupled to the 910 bus. The 970 communication interface provides one way or two-way communication to connect to a variety of external devices that operate with their own processors, such as printers, scanners and external disks. In general, the coupling is with a network link 978 that is connected to a local network 98 0 so that a variety of external devices with their own processors are connected. For example, the 970 communication interface can be a parallel port or a serial port or a universal serial bus (USB) on a personal computer. In some embodiments, the 970 communication interface is an integrated services digital network card (ISDN) or a digital subscriber line card (DSL) or a telephone modem that provides an information communication connection to a corresponding type of telephone line. In some embodiments, the communication interface 970 is a cable modem that converts the signals on the 910 bus to communication signals via a coaxial cable connection or into optical signals for a communication connection via a fiber optic cable. As another example, the 970 communications interface may be a local area network (LAN) card to provide a data communication connection to a compatible LAN network, such as Ethernet. Wireless connections can be implemented. For wireless connections, the 970 communication interface sends or receives or both sends and receives electrical, acoustic or electromagnetic signals, including infrared and optical signals, which carry information flows, such as digital data. For example, in portable wireless devices, such as mobile phones, such as cell phones, the 970 communication interface includes a radio band electromagnetic transmitter and receiver called a radio transceiver. In certain embodiments, communications interface 970 allows connection to communications network 105 for data transfer via RF memory tags.
The term "computer-readable medium", as used herein, refers to any medium that participates in providing information to the 902 processor, including instructions for execution. Such a medium can take many forms, including, but not limited to, a computer-readable storage medium (for example, non-volatile, media, volatile media), and transmission media. Non-transitory media, such as non-volatile media, include, for example, optical or magnetic disks, such as storage device 908. Volatile media include, for example, dynamic memory 904. Transmission media include, for example, coaxial cables, copper wires, fiber optic cables and carrier waves that travel through space, without wires or cables, such as acoustic waves and electromagnetic waves, including radio, optical and infrared waves. Signals include transient man-made changes in amplitude, frequency, polarization, phase, or other physical properties transmitted through the means of transmission. Common forms of computer-readable media include, for example, a floppy disk, a floppy disk, hard disk, magnetic tape, any other magnetic medium, a CD-ROM, CD-RW, DVD, any other optical communication medium, cards perforated, paper tape, sheets with optical labels, in any other physical medium with the patterns of holes or other optically recognizable signs, a RAM, a PROM, an EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave or any other medium from which a computer can read. The term computer-readable storage medium is used herein to refer to any computer-readable medium, except transmission media.
The logic encoded in one or more tangible media includes one or both instructions from the processor of a computer-readable storage medium and special purpose hardware, such as ASIC 920.
The 978 network link typically provides information communication using means of transmission over one or more networks with other devices that use or process the information. For example, network connection 978 may provide a connection over the local network 980 to a host computer 982 or to equipment 984 operated by an Internet service provider (ISP). ISP 984 equipment, in turn, provides data communication services over the public worldwide packet-switched network communication network now commonly referred to as the Internet 990.
A computer called a host server 992 connected to the Internet receives a process that provides a service in response to information received over the Internet. For example, host server 992 hosts a process that provides information to represent video data for presentation on screen 914. It is contemplated that the components of system 900 can be implemented in various configurations within other computer systems, for example, host 982 and server 992.
At least some embodiments of the invention relate to the use of the computer system 900 to implement some or all of the techniques described herein.
According to one embodiment of the invention, these techniques are performed by computer system 900 in response to processor 902 executing one or more sequences of one or more instructions contained in the memory of processor 904. Such instructions, also called computer instructions, software and program code, can be read in memory 904 from another computer-readable medium, such as storage device 908 or network link 978. Execution of the instruction sequences contained in memory 904 causes processor 902 to execute one or more of the steps of the method described here. In alternative embodiments, the hardware, such as ASIC 920, can be used in place of or in combination with software to implement the invention. Thus, embodiments of the present invention are not limited to any specific combination of hardware and software, unless otherwise expressly stated herein.
The signals transmitted through the network link 97 8 and other networks through the communication interface 970 transmit the information from the computer system 900. The computer system 900 can send and receive information, including the program code, through the networks 980, 990 among others, through the network link 978 and the communication interface 970. In an example using the Internet 990, a host server 992 transmits the program code to a certain application, requested by a message sent from the computer 900, through the Internet 990, ISP 984 equipment, local network 980 and communication interface 970. The received code can be executed by processor 902, once it is received, or it can be stored in memory 904 or in storage device 908 or other non- volatile for later execution or both. In this way, the computer system 900 can obtain the application program code, in the form of signals via a carrier wave.
Various forms of computer-readable media may be involved in executing one or more instruction or data sequences or both for a 902 processor for execution. For example, instructions and data can initially be carried on a magnetic disk of a remote computer such as host 982. The remote computer loads instructions and data into its dynamic memory and sends instructions and data over a phone line. using a modem. A local modem for the 900 computer system receives instructions and data on the phone line and uses an infrared transmitter to convert the instructions and data to a signal from an infrared carrier wave that serves as a 978 network link. infrared that serves as communications interface 970 receives the instructions and data carried in the infrared signal and places the information that represents the instructions and data on the 910 bus. The 910 bus loads the information into memory 904 from which the 902 processor retrieves and executes the instructions using some of the data sent with the instructions. Instructions and data received in memory 904 can optionally be stored in storage device 908 either before or after execution by processor 902. Figure 10 illustrates a chip set or chip 1000 on which an embodiment of the invention can be implemented. Chip set 1000 is programmed to transfer data via RF memory tags, as described herein, and includes, for example, the processor and memory components described in relation to Figure 9 embedded in one or more physical packages (for example, sawdust). As an example, a physical package includes an arrangement of one or more materials, components and / or wires from a structural assembly (for example, base plate), to provide one or more characteristics, such as physical strength, conservation of size and / or limitation of electrical interaction. It is contemplated that, in certain embodiments, the chip set 1000 can be implemented on a single chip. It is further contemplated that, in certain embodiments, the chip set or chip 1000 may be implemented as a single "system on a chip". It is further contemplated that, in certain embodiments, a separate ASIC would not be used, for example, and that all relevant functions, as disclosed herein, must be performed by a processor or processors. The chip set or chip 1000, or a respective portion, constitutes a means for carrying out one or more steps of providing user interface navigation information associated with the availability of services. The chip set or chip 1000, or a respective portion, constitutes a means for carrying out one or more steps for transferring data by means of RF memory tags.
In one embodiment, the chip set or chip 1000 includes a communication mechanism, such as a bus 1001 for passing information between the components of the chip set 1000. A processor 1003 has connectivity to bus 1001 for executing instructions and information stored in the process, for example, a memory 1005. The processor 1003 may include one or more processing cores in each core configured to run independently. A multi-core processor allows for multiprocessing within a single physical package. Examples of a multi-core processor include two, four, eight, or a larger number of processing cores.
Alternatively or in addition, processor 1003 may include one or more microprocessors together configured through bus 1001 to allow instruction execution, independent of pipelining and multithreading. The processor 1003 may also be accompanied by one or more specialized components to perform certain processing functions and tasks, such as one or more digital signal processors (DSP) 1007, or one or more application-specific integrated circuits (ASIC) 1009. The DSP 1007 is typically configured to process real-world signals (for example, sound) in real time regardless of processor 1003. Likewise, an ASIC 1009 can be configured to perform specialized functions that are not easily performed by a processor. more general purpose. Other specialized components to assist in the performance of the functions of the invention described herein may include one or more field programmable port (FPGA) arrays (not shown), one or more controllers (not shown), or one or more other computer chips for special purposes.
In one embodiment, the chip set or chip 1000 includes only one or more processors and some supporting software and / or firmware and / or in relation to and / or for one or more processors.
Processor 1003 and its components have connectivity to memory 1005 via bus 1001. Memory 1005 includes both dynamic memory (for example, RAM, magnetic disk, recordable optical disk, etc.) and static memory (for example, ROM, CD -ROM, etc.) for the storage of executable instructions that, when executed, perform the inventive steps described here to transfer data through RF memory tags. Memory 1005 also stores the data associated with or generated by performing the inventive steps. Figure 11 is a diagram of the exemplary components of a mobile terminal (for example, cell phone) for communications, which is capable of operating in the system of Figure 1, according to one embodiment. In some embodiments, the mobile terminal 1100, or a respective portion, constitutes a means for carrying out one or more steps of data transfer by means of RF memory tags. Generally, a radio receiver is generally defined in terms of the front end and rear end characteristics. The front end receiver covers all radio frequency (RF) circuits, while the rear end covers all baseband processing circuits. As used in this application, the term "circuit" refers to both: (1) hardware-only implementations (such as analog and / or digital only circuit implementations), and (2) circuit and software combinations ( and / or firmware) (such as, if applicable for the particular context, for a combination of processor (s), including the digital signal processor (s), software and memory (s) that work together to make a device, such as a mobile phone or server, to perform various functions). This definition of "circuit" applies to all uses of this term in this application, including any claim. As an additional example, as used in the present application and, if applicable to the particular context, the term "circuit" also encompasses an implementation of just one processor (or several processors) and its accompanying software (or its) / or firmware. The term "circuit" would also cover if applicable to the particular context, for example, a baseband integrated circuit or application processor integrated circuit on a cell phone or a similar integrated circuit on a cellular network device or other network devices.
Pertinent internal components of the phone include a 1103 main control unit (MCU), a 1105 digital signal processor (DSP), and a receiver / transmitter unit, including a microphone gain control unit and a unit speaker. gain control. A main display unit 1107 provides a display for the user in support of various applications and functions of mobile terminals that perform or support the steps of data transfer via RF memory tags. The display 11 includes a display circuit configured to display at least a portion of a user interface of the mobile terminal (e.g., cell phone). In addition, display 1107 and display circuit are configured to facilitate user control of at least some of the handset's functions. An audio function circuit 1109 includes a microphone amplifier 1111 that amplifies the speech output signal from microphone 1111. The output of the amplified signal from microphone 1111 is fed to an encoder / decoder (CODEC) 1113.
The radio section 1115 amplifies and converts energy and frequency in order to communicate with a base station, which is included in a mobile communication system, via the antenna 1117. The power amplifier (PA) 1 119 and the transmitter circuits / modulation / are operationally sensitive to MCU 1103, with an output from PA 1119 coupled to the duplexer 1121 or circulator or switch of the antenna, as is known in the art. The PA 1119 also attaches to a battery interface and 1120 power control unit.
In use, a user of mobile terminal 1101 speaks into microphone 1111 and his voice, along with any detected background noise, is converted to an analog voltage. The analog voltage is then converted into a digital signal using the 1123 analog-to-digital converter (ADC) 1123. The control unit 1103 routes the digital signal to the DSP 1105 for processing therein, such as voice coding, coding encryption and encryption. In one embodiment, the processed voice signals are encoded, by units not shown separately, using a cellular transmission protocol, such as global evolution (EDGE), General Packet Radio Service (GPRS), global system for mobile communications ( GSM), Internet Protocol Multimedia Subsystem (IMS), Universal Mobile Telecommunications System (UMTS), etc., as well as any other suitable wireless medium, for example, microwave access (WiMAX), Long Term Evolution networks ( LTE), multiple code division multiple access (CDMA), multiple code division broadband access (WCDMA), Wireless Fidelity (WiFi), satellite, etc.
The encoded signals are then routed to an 1125 equalizer to compensate for any frequency-dependent deficiencies that occur during transmission over the air, such as amplitude and phase distortion. After equalizing the bit stream, modulator 1127 combines the signal with an RF signal generated at the RF 1129 interface. Modulator 1127 generates a sine wave through frequency or phase modulation. In order to prepare the transmission signal, an upstream converter 1131 combines the sine wave from the output of the modulator 1127 with another sine wave generated by a synthesizer 1133 to achieve the desired transmission frequency. The signal is then sent through a PA 1119 to increase the signal to an appropriate power level. In practical systems, the PA 1119 acts as a variable gain amplifier, the gain of which is controlled by the DSP 1105 from information received from a network base station. The signal is then filtered inside the duplexer 1121 and optionally sent to an antenna 1135 to match impedances to provide maximum power transfer. Finally, the signal is transmitted through antenna 1117 to a local base station. An automatic gain control (AGC) can be provided to control the gain of the receiver's final stages. The signals can be routed from there to a remote phone that can be another cell phone, cell phone or a land line connected to a public switched telephone network (PSTN), or other telephone networks.
The voice signals transmitted to the mobile terminal 1 101 are received through the antenna 1117 and immediately amplified by a low noise amplifier (LNA) 1137. A down converter 1139 decreases the carrier frequency, while the demodulator 1141 removes the RF leaving just a digital bit stream. The signal then passes through equalizer 1125 and is processed by DSP 1105. A digital to analog converter (DAC) 143 converts the signal and the resulting output is transmitted to the user through speaker 1145, all under the control of a main control unit (MCU) 1 103, which can be implemented as a central processing unit (CPU) (not shown).
The MCU 1103 receives different signals, including input signals from the 1147 keyboard. The 1147 keyboard and / or the MCU 1103, in combination with components from other user inputs (for example, the 1111 microphone) comprise an interface circuit for user input management. The MCU 1103 runs user interface software to facilitate user control of at least some of the functions of the mobile terminal 1101 to transfer data via RF memory tags. The MCU 1103 also provides a display command and a change command for the display 1107 and for the voice output switching controller, respectively. In addition, the MCU 1103 exchanges information with the DSP 1105 and can access an optionally embedded SIM 1149 card and memory 1 151. In addition, the MCU 1103 performs several control functions required for the terminal. The DSP 1105 can, depending on the application, perform any of a variety of conventional digital voice signal processing functions. In addition, DSP 1105 determines the background noise level of the local environment, from the signals detected by microphone 1111 and sets the gain of microphone 1111 to a selected level to compensate for the mobile user 1101's natural tendency.
CODEC 1113 includes ADC 1123 and DAC 1143. Memory 1151 stores various data, including call tone data and is capable of storing other data, including music data received over, for example, the global Internet. The software module may reside in RAM, flash memory, registers, or any other form of write permission storage known in the art. The 1151 memory device can be, but is not limited to, a single memory, CD, DVD, ROM, RAM, EEPROM, optical storage, or any other non-volatile storage medium, capable of storing digital data.
An optionally embedded SIM card 1149 carries, for example, important information, such as the cell phone number, the operator that provides details of the service, subscription and security information. The SIM card 1149 serves mainly to identify the mobile terminal 1101 over a radio network. The 1149 card also contains memory to store a personal phone number record, text messages and specific settings for mobile terminal users.
Although the invention has been described in connection with a number of embodiments and implementations, invention 5 is not so limited, but encompasses a number of obvious modifications and equivalent arrangements, which fall within the scope of the appended claims. Although the characteristics of the invention are expressed in certain combinations between the claims, it is contemplated that these characteristics can be organized in any combination and order.

权利要求:
Claims (20)
[0001]
1. METHOD, characterized by comprising: receiving a request, in a device, to allow access for the interaction between a first RF memory tag and a second RF memory tag, the first RF memory tag being associated with two or more areas of trusted storage on the device that stores data that respectively require two or more different levels of security or protection; determine an accessibility state of the first RF memory tag, one or more of the two or more trusted stores, or a combination thereof, and cause, at least in part, the granting of access based, at least in part, on the accessibility state, where access is through a link between the first RF memory tag and the second RF memory tag, and where the first RF memory tag is associated with the device.
[0002]
2. METHOD according to claim 1, characterized in that it further comprises: determining whether the first RF memory tag, one or more of the two or more reliable stores, or a combination of these is in the blocked state, in which the state of Accessibility is based, at least in part, on determining the blocked state.
[0003]
METHOD according to claim 2, characterized in that the locked state is initiated if the first RF memory tag, one or more of the two or more reliable stores, the device, or a combination thereof is lost or stolen.
[0004]
4. METHOD according to claim 1, characterized in that it further comprises: determining the authentication credentials associated with the first RF memory tag, the second RF memory tag, the device, a user device, one or more of the two or more trusted stores or a combination of them, where accessibility status is based, at least in part, on authentication credentials.
[0005]
5. METHOD, according to claim 1, characterized in that it further comprises: determining one or more characteristics of the access, data associated with the access, or a combination of these; select one or more of the two or more trusted stores based, at least in part, on one or more characteristics, where granting access is still based on one or more of the two or more selected trusted stores.
[0006]
6. METHOD according to claim 1, characterized in that the access is a write operation from the second RF memory tag to the first RF memory tag, the method further comprising: causing, at least in part, a first transferring the contents of the second RF memory tag to the first RF memory tag in untrusted storage associated with the first RF memory tag, and causing, at least in part, a second transfer of the contents from the untrusted storage to at least least one of two or more trusted stores based, at least in part, on granting access.
[0007]
7. METHOD, according to claim 1, characterized by further comprising: determining one or more limitations associated with access, in which the granting of access is still based on one or more limitations.
[0008]
8. METHOD, according to claim 1, characterized in that the request is further associated with a third RF memory tag, and in which the granting of access refers to the first RF memory tag, the second RF memory tag , the third RF memory tag or a combination of these.
[0009]
9. METHOD according to claim 1, further comprising: causing, at least in part, synchronization, transfer or a combination thereof of the content associated with the first RF memory tag, one or more of the two or more reliable stores, the second RF memory tag or a combination of them for a server, another device or combination of them.
[0010]
10. METHOD, according to claim 1, characterized in that the first RF memory tag is still associated with a user interface component: causing, at least in part, the access of the component by the device, in which the order is received, granted, or a combination thereof through the component in the device.
[0011]
11. METHOD, according to claim 1, characterized in that it additionally comprises: causing, at least in part, the recording of the access, and associating the recording with the first RF memory tag, one or more of the two or more reliable stores, the second RF memory tag, or a combination of these.
[0012]
12. METHOD, according to claim 1, characterized in that access refers to obtaining consent information, and in which the granting of access is still based on consent information.
[0013]
13. METHOD, according to claim 12, characterized in that it further comprises: the determination of one or more areas of reliable storage based, at least in part, on the consent information, in which access also refers to one or more reliable storage areas.
[0014]
14. METHOD, according to claim 12, characterized in that it further comprises: determining a scope of access based, at least in part, on the consent information, where the scope includes at least a time, a place, a duration, a part, a function of the part, an activity, a record, or a combination of these.
[0015]
15. METHOD, according to claim 1, characterized in that the access refers to a financial transaction, financial information, medical information, personal information, privileged information, or a combination of these.
[0016]
16. APPARATUS, characterized by comprising: at least one processor, and at least one memory, at least one memory configured to, with at least one processor, make the device perform at least the following: receive a request , on a device, to allow access for the interaction between a first radio frequency (RF) memory tag and a second RF memory tag, the first RF memory tag associated with two or more trusted storage areas on the device which stores data that respectively requires two or more different levels of security or protection; determine an accessibility state of the first RF memory tag, one or more of the two or more trusted stores, or a combination thereof, and cause, at least in part, the granting of access based, at least in part, in the accessibility state, where access is via a link between the first RF memory tag and the second RF memory tag, and where the first RF memory tag is associated with the device.
[0017]
17. Apparatus according to claim 16, characterized in that the apparatus is further caused to: determine whether the first RF memory tag, one or more of the two or more reliable stores, or a combination of these is in the locked state, in that the accessibility status is based, at least in part, on the determination of the blocked status.
[0018]
18. Apparatus according to claim 16, characterized in that the device is further caused to determine the authentication credentials associated with the first RF memory tag, the second RF memory tag, the device, a user device, a or more of the two or more trusted stores or a combination of them, where the accessibility state is based, at least in part, on authentication credentials.
[0019]
19. APPLIANCE, according to claim 16, characterized in that the apparatus is further caused to: determine one or more characteristics of the access, data associated with the access, or a combination of these; selecting one or more of the two or more trusted stores based, at least in part, on one or more characteristics, where the granting of access is still based on one or more of the two or more selected trusted stores.
[0020]
20. Apparatus according to claim 16, characterized in that the apparatus is further caused to: cause, at least in part, synchronization, transfer, or a combination thereof of the content associated with the first RF memory tag, one or more of the two or more trusted stores, the second RF memory tag, or a combination of them to a server, another device, or a combination of them.

类似技术:

---

公开号 | 公开日 | 专利标题

---

BR112012030080B1|2021-04-27|METHOD AND APPARATUS FOR DATA TRANSFER THROUGH RADIO FREQUENCY MEMORY LABELS

---

US20190327221A1|2019-10-24|Environment-Aware Security Tokens

---

AU2016201188B2|2017-08-03|Systems, methods, and computer program products for securing and managing applications on secure elements

---

JP5055375B2|2012-10-24|Payment data protection

---

US9727751B2|2017-08-08|Method and apparatus for applying privacy policies to structured data

---

US8646059B1|2014-02-04|Wallet application for interacting with a secure element application without a trusted server for authentication

---

CN101809579B|2013-01-02|Method, system, trusted service manager, service provider and memory element for managing access rights for trusted applications

---

US8190885B2|2012-05-29|Non-volatile memory sub-system integrated with security for storing near field transactions

---

US8117445B2|2012-02-14|Near field communication, security and non-volatile memory integrated sub-system for embedded portable applications

---

US9460573B1|2016-10-04|Autonomous authentication of a reader by a radio frequency identity | device

---

US20150029003A1|2015-01-29|Mifare push

---

BRPI0911217B1|2020-12-29|methods for supporting multiple contactless applications, wireless smart device, and computer-readable media

---

Sethia et al.2014|NFC based secure mobile healthcare system

---

US20110254687A1|2011-10-20|Method and apparatus for activating a device

---

US8447974B2|2013-05-21|Method and apparatus for managing access rights to information spaces

---

US20110187511A1|2011-08-04|Method and apparatus for managing content, configuration and credential information among devices

---

Fischer et al.2012|Short paper: Smartphones: Not smart enough?

---

Al-Chalabi et al.2015|A wearable and ubiquitous NFC wallet

---

AU2006203516A1|2007-03-01|Unified reference ID mechanism in a multi-application machine readable credential

---

Moudgil et al.2017|Cloud-based secure smartcard healthcare monitoring and tracking system

---

Boukayoua et al.2011|MobCom Deliverable: D. 1.1 Report on state-of-the-art and requirements study I

---

US11200557B2|2021-12-14|Scalable wireless transaction system

---

Umar et al.2017|Ecosystems of Trusted Execution Environment on smartphones-a potentially bumpy road

---

Noll et al.2006|License transfer mechanisms through seamless SIM authentication

---

Roland2015|Card Emulation

同族专利:

---

公开号 | 公开日

---

EP2577557A4|2018-04-18|

---

US20110291834A1|2011-12-01|

---

EP2577557A1|2013-04-10|

---

US8547232B2|2013-10-01|

---

ZA201209623B|2014-05-28|

---

CN102918510B|2016-08-24|

---

WO2011148036A1|2011-12-01|

---

CN102918510A|2013-02-06|

引用文献:

---

公开号 | 申请日 | 公开日 | 申请人 | 专利标题

---

---

US5565858A|1994-09-14|1996-10-15|Northrop Grumman Corporation|Electronic inventory system for stacked containers|

---

US20050108096A1|1999-09-28|2005-05-19|Chameleon Network Inc.|Portable electronic authorization system and method|

---

JP3719659B2|2001-12-26|2005-11-24|株式会社日立製作所|Information receiving system and information receiving terminal|

---

US7712675B2|2003-01-15|2010-05-11|Hewlett-Packard Development Company, L.P.|Physical items for holding data securely, and methods and apparatus for publishing and reading them|

---

EA008280B1|2003-04-01|2007-04-27|Ми-Конг Пак|Contactless type communication tag, portable tag reader for verifying a genuine article, and method for providing information of whether an article is genuine or not|

---

WO2005008575A1|2003-07-22|2005-01-27|Nokia Corporation|Reader device for radio frequency identification transponder with transponder functionality|

---

GB2411261B|2004-02-20|2007-07-11|Hewlett Packard Development Co|Standalone memory device and system and method using such device|

---

US20050242176A1|2004-04-28|2005-11-03|Dexit Inc.|RFID-based system and method of conducting financial transactions|

---

GB2418760B|2004-10-01|2010-07-14|Hewlett Packard Development Co|Securing electronic annotations|

---

US7646300B2|2004-10-27|2010-01-12|Intelleflex Corporation|Master tags|

---

GB2419713B|2004-10-28|2010-06-02|Hewlett Packard Development Co|Data access systems and wireless interface devices suitable for use in such systems|

---

US7551081B2|2004-11-10|2009-06-23|Rockwell Automation Technologies, Inc.|Systems and methods that integrate radio frequency identification technology with agent-based control systems|

---

JP4617839B2|2004-11-16|2011-01-26|ソニー株式会社|Information providing apparatus and information providing method|

---

US7489240B2|2005-05-03|2009-02-10|Qualcomm, Inc.|System and method for 3-D position determination using RFID|

---

EP1958172B1|2005-12-09|2014-11-12|Tego Inc.|Multiple radio frequency network node rfid tag|

---

US7570164B2|2005-12-30|2009-08-04|Skyetek, Inc.|System and method for implementing virtual RFID tags|

---

KR100718096B1|2006-05-16|2007-05-16|삼성전자주식회사|Communication method between a host and a rfid reader, a host device , a rfid reader and rfid communication system|

---

US7663486B2|2006-06-16|2010-02-16|Motorola, Inc.|RFID tag user memory indication|

---

GB2446175B|2007-01-31|2011-06-29|Hewlett Packard Development Co|Method of updating data|

---

KR100867717B1|2007-02-12|2008-11-10|부산대학교 산학협력단|System and method for processing data of RFID Tag Memory|

---

DE102007016467B3|2007-03-27|2008-03-27|Atmel Germany Gmbh|Radio frequency identification system transponder, has storage area assigned to access-password that is reassigned to characteristic bit, where length and/or structure of access-password is adjustable by characteristic bit|

---

US9311766B2|2007-09-12|2016-04-12|Devicefidelity, Inc.|Wireless communicating radio frequency signals|

---

CN100559393C|2008-03-25|2009-11-11|华南理工大学|RFID label and reader thereof, reading system and safety certifying method|

---

US8638194B2|2008-07-25|2014-01-28|Axcess International, Inc.|Multiple radio frequency identification tag wireless wide area network protocol|

---

KR20080103951A|2008-11-17|2008-11-28|주식회사 비즈모델라인|Mobile phone|

---

US8289130B2|2009-02-19|2012-10-16|Apple Inc.|Systems and methods for identifying unauthorized users of an electronic device|US8331929B2|2009-11-24|2012-12-11|At&T Mobility Ii Llc|Mobility-based reselection scan scheduling|

---

PL2564627T3|2010-04-30|2017-10-31|Nokia Technologies Oy|Method and apparatus for providing mobile services outside of cellular coverage|

---

US8732697B2|2010-08-04|2014-05-20|Premkumar Jonnala|System, method and apparatus for managing applications on a device|

---

US9961182B2|2010-09-23|2018-05-01|Blackberry Limited|Communications system providing data transfer using selective wireless communications formats and related methods|

---

US8385917B2|2010-11-15|2013-02-26|At&T Mobility Ii Llc|Radio selection employing transit data determined from kinetic energy generation|

---

US9204398B2|2011-03-21|2015-12-01|Nokia Technologies Oy|Method and apparatus for battery with secure element|

---

CN103502991B|2011-05-06|2016-10-12|诺基亚技术有限公司|Equipment configuration and the determination of programming data|

---

US9922384B2|2012-05-02|2018-03-20|William Robert Cobb|Pharmaceutical will call system and method|

---

WO2014019190A1|2012-08-02|2014-02-06|深圳市天行骏实业有限公司|System for expanding amount of information carried by target object|

---

CN103116869A|2012-12-12|2013-05-22|江苏省人民医院|Identity authentication system and method of electronic medical record system|

---

WO2014099501A1|2012-12-20|2014-06-26|Volcano Corporation|Resource management in a multi-modality medical system|

---

EP2973275A1|2013-03-14|2016-01-20|Ologn Technologies AG|Methods, apparatuses and systems for providing user authentication|

---

US9710678B2|2013-04-02|2017-07-18|Dropbox, Inc.|Techniques for recovering missing devices|

---

CN103501192B|2013-09-24|2016-08-10|深圳Tcl新技术有限公司|The data transmission method of terminal room and device|

---

JP6394013B2|2014-03-14|2018-09-26|オムロン株式会社|Work process management system, individual controller used therefor, and access restriction method|

---

US20160092988A1|2014-09-30|2016-03-31|Raistone, Inc.|Systems and methods for transferring digital assests using a de-centralized exchange|

---

US9635494B2|2014-10-21|2017-04-25|At&T Mobility Ii Llc|User equipment near-field communications gating according to kinetic speed detection and cell visitation history|

---

CN104484905B|2014-12-23|2017-04-12|温州大学|Fingerprintattendance checking system|

---

CA2982429A1|2015-04-17|2016-10-20|Jsc "International Tobacco Marketing Services"|Method and apparatus for providing a user interface|

---

US9900762B2|2015-05-28|2018-02-20|At&T Mobility Ii Llc|User equipment detection of interference-sensitive devices|

---

JP6851191B2|2016-12-15|2021-03-31|キヤノン株式会社|Information processing system, information processing device, its control method and program|

---

US11145421B2|2017-04-05|2021-10-12|Sharecare AI, Inc.|System and method for remote medical information exchange|

---

TWI690805B|2018-07-12|2020-04-11|慧榮科技股份有限公司|Card activation device and methods for authenticating and activating a data storage device by using a card activation device|

---

CN110781532A|2018-07-12|2020-02-11|慧荣科技股份有限公司|Card opening device and method for verifying and starting data storage device by using card opening device|

---

US11177960B2|2020-04-21|2021-11-16|Sharecare AI, Inc.|Systems and methods to verify identity of an authenticated user using a digital health passport|

法律状态:
2017-09-12| B15I| Others concerning applications: loss of priority|

---

2017-11-14| B12F| Other appeals [chapter 12.6 patent gazette]|

---

2018-02-27| B25A| Requested transfer of rights approved|Owner name: NOKIA TECHNOLOGIES OY (FI) |

---

2018-03-27| B15K| Others concerning applications: alteration of classification|Ipc: G06K 7/08 (2006.01), G06F 12/14 (2006.01), G06F 21 |

---

2020-05-26| B06U| Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette]|

---

2020-12-08| B07A| Application suspended after technical examination (opinion) [chapter 7.1 patent gazette]|

---

2021-03-30| B09A| Decision: intention to grant [chapter 9.1 patent gazette]|

---

2021-04-27| B16A| Patent or certificate of addition of invention granted [chapter 16.1 patent gazette]|Free format text: PRAZO DE VALIDADE: 10 (DEZ) ANOS CONTADOS A PARTIR DE 27/04/2021, OBSERVADAS AS CONDICOES LEGAIS. |

优先权:

---

申请号 | 申请日 | 专利标题

---

US12/790,367|2010-05-28|

---

US12/790,367|US8547232B2|2010-05-28|2010-05-28|Method and apparatus for transferring data via radio frequencymemory tags|

---

PCT/FI2011/050285|WO2011148036A1|2010-05-28|2011-04-04|Method and apparatus for transferring data via radio frequencymemory tags|

---