Secure usage of digital certificates and related keys on a security token

US 20020026578A1
Filed: 07/31/2001
Published: 02/28/2002
Est. Priority Date: 08/22/2000
Status: Abandoned Application

First Claim

Patent Images

1. A security token comprising:

a Random Access Memory (RAM), an Electrical Erasable Programmable Read Only Memory (EEPROM), one or more Microprocessors, and a Read Only Memory, and characterized in that said EEPROM having at least an object containing a user certificate and an object containing a certificate of the certification authority (CA) of said user certificate (root certificate), wherein said root certificate is being write protected, and a verification component for checking authentication of said user certificate using information of said root certificate;

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a security token and method for secure usage of digital certificates and related keys on a security token, and more particularly, a secure import of certificates into a security token and their secure usage by applications. The root certificate of the certification authority(CA) is used during the initialization of the security token in a secure environment to transfer the certified root public key of the CA and its attributes into the data structure of the security token. The public root key is write protected. Furthermore, a verification component, preferably part of the operating system of the security token will accept, incase the certificate has to be replaced, only user certificates having a valid digital signature by the private root key of the CA.

83 Citations

View as Search Results

16 Claims

1. A security token comprising:
- a Random Access Memory (RAM), an Electrical Erasable Programmable Read Only Memory (EEPROM), one or more Microprocessors, and a Read Only Memory, and characterized in that said EEPROM having at least an object containing a user certificate and an object containing a certificate of the certification authority (CA) of said user certificate (root certificate), wherein said root certificate is being write protected, and a verification component for checking authentication of said user certificate using information of said root certificate;
- View Dependent Claims (2, 3, 4, 5, 6, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A security Token according to claim 1, wherein said user certificate comprises at least following information:
    - a name of issuer, an identfier (ID) of said issuer, a user identifier (ID), a HASH algorithm, a signature algorithm, a public key, and a digital signature.
  - 3. A security token according to claim 1, wherein said root certificate comprises at least following information:
    - a certification authority name, a certification authority identification (ID), a HASH algorithm, a signature algorithm, a public root key, and a digital signature.
  - 4. Security Token according to claim 1 comprising the following further objects in said EEPROM:
    - a public root key, a user'"'"'s public key, and a user'"'"'s private key.
  - 5. A security token according to claim 1, wherein said verification component is part of the operating system of said security token.
  - 6. A seurity token according to claim 1, wherein said security token is a smart card.
  - 9. A method for authenticating information generated by an application using a security token according to claim 1 comprising the steps of:
    - a) retrieving a public root key from said root certificate, b) generating a HASH over a user certificate using the HASH algorithm specified in said user certificate, c) retrieving and decrypting a digital signature contained in said user certificate by applying said public root key resulting in a HASH of said user certificate, and d) allowing use of said user certificate for signing said information with said digital signature when both HASHs are identical.
  - 10. A method according to claim 9, wherein said information is a document or electronic mail.
  - 11. A method according to claim 9, wherein said user certificate and said root certificate are sent to said application system and said steps a)-d) are accomplished on said application system.
  - 12. A method according to claim 9, further comprising the step of:
    - checking the validity of the root certificate before retrieving said public root key.
  - 13. A method for replacing a user certificate stored in a security token according to claim 1 comprising the steps of:
    - a) receiving a new user certificate from the certification authority and storing it into said EEPROM of said security token as a temporary object, b) generating a HASH over a new user certificate using a HASH algorithm specified in said new user certificate, c) retrieving a digital signature contained in said new user certificate and decrypting said digital signature by applying a public root key retrieved from a root certificate resulting in a HASH of said user certificate, and d) permanently storing said new user certificate when both HASHs are identical.
  - 14. Client-Server system having a client with a security token according to claims 1 to 6.
  - 15. Data processing system using a security token according to claims 1 to 6.
  - 16. Computer program product stored on a computer-readable media containing software for performing of the method according to claims 7 to 13.

7. A method for initializing a security token comprising the following steps:
- a) transferring a root certificate of a certification authority into said security token using a secure transmission environment, b) securing the root certificate against modifications, and c) storing a verification component into said security token allowing use or replacement of a user certificate only when said user certificate is authenticated by said root certificate.
- View Dependent Claims (8)
- - 8. A method according to claim 7, further comprising:
    - d) storing public root key additionally to said root certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Sulzmann, Robert, Hamann, Ernst-Michael

Application Number

US09/918,742
Publication Number

US 20020026578A1
Time in Patent Office

Days
Field of Search
US Class Current

713/159
CPC Class Codes

H04L 9/3263 involving certificates, e.g...

Secure usage of digital certificates and related keys on a security token

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

83 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Secure usage of digital certificates and related keys on a security token

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links