Portable network encryption keys

US 20020044663A1
Filed: 08/15/2001
Published: 04/18/2002
Est. Priority Date: 08/31/2000
Status: Active Grant

First Claim

Patent Images

1. A portable storage device containing network identification information for a processing unit that is connectable to a data communications network and includes a device reader for reading the portable storage device, the portable storage device comprising storage and an access controller, the storage holding a network identity for the processing unit and at least one encryption key, and the access controller being operable to control access to the storage by implementing key-key encryption.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A portable storage device, for example a secure smart card, contains network identification information for a processing unit that is connectable to a data communications network, which processing unit includes a device reader for reading the portable storage device. The portable storage device includes storage and an access controller. The storage holds a network identity for the processing unit and at least one encryption key. The access controller is operable to control access to the storage by implementing key-key encryption. An embodiment of the invention thus provides a medium not only for storing a network identity for processing unit, but also for other secure information such as an encryption key associated therewith. The processing unit is operable to access a secure portion of the storage of the portable storage device by supplying a request key to the access controller of the portable storage device, and, in response to receipt of an access key from the access controller, to send an encrypted command to access the content of the storage of the portable storage device. In response to the return of an access key, the processing unit can be operable to use the access key to encrypt a command for access to a secure storage in the portable storage device.

72 Citations

View as Search Results

36 Claims

1. A portable storage device containing network identification information for a processing unit that is connectable to a data communications network and includes a device reader for reading the portable storage device, the portable storage device comprising storage and an access controller, the storage holding a network identity for the processing unit and at least one encryption key, and the access controller being operable to control access to the storage by implementing key-key encryption.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 20)
- - 2. The portable storage device of claim 1, comprising at least one secure storage portion accessible only under the control of the access controller.
  - 3. The portable storage device of claim 2, wherein said at least one encryption key is held in said secure storage portion.
  - 4. The portable storage device of claim 2, wherein at least one network security encryption key is held in said secure storage portion.
  - 5. The portable storage device of claim 2, wherein a file is configured in said secure storage portion.
  - 6. The portable storage device of claim 2, wherein one or more files containing information are configured in respective secure storage portions.
  - 7. The portable storage device of claim 2, wherein the access controller is operable to perform key-key verification of a request encrypted by a request key supplied from the processing unit and, in response to the request key verifying correctly, to return to the processing unit an access key derived from said at least one encryption key to permit access to the secure storage portion.
  - 8. The portable storage device of claim 7, wherein the access controller is subsequently operable to respond to a command from the processing unit that is encrypted using the access key to access the secure storage portion.
  - 9. The portable storage device of claim 2, wherein the storage in the portable storage device comprises random access memory, the secure storage comprising a part of the random access memory.
  - 10. The portable storage device of claim 1, wherein the access controller is a programmed microcontroller.
  - 11. The portable storage device of claim 1, wherein the portable storage device is a smart card.
  - 12. The processing unit of claim 1, wherein the network identity comprises a MAC address.
  - 14. The processing unit of claim 13, wherein, in response to the return of an access key, the processing unit is operable to use the access key to encrypt a command for access to a secure storage in the portable storage device.
  - 15. The processing unit of claim 13, wherein the portable storage device is a smart card, the access controller is a microcontroller and the device reader is a smart card reader.
  - 16. The processing unit of claim 13, wherein the network identity comprises a MAC address.
  - 17. The processing unit of claim 13, comprising a service processor, the service processor being programmed to control reading of the portable storage device.
  - 18. The processing unit of claim 17, wherein the service processor is a microcontroller.
  - 19. The processing unit of claim 13, wherein the processing unit is a computer server.
  - 20. The processing unit of claim 13, wherein the processing unit is a rack mountable computer server.

13. A processing unit connectable to a data communications network, the processing unit having a device reader for a portable storage device that includes storage and an access controller, the storage holding a network identity for the processing unit and at least one encryption key, and the access controller controlling access to the storage by implementing key-key encryption, the processing unit being operable to access a secure portion of the storage of the portable storage device by supplying a key-encrypted request to the access controller, and, in response to receipt of an access key from the access controller, being operable to send an encrypted command to access the content of the storage of the portable storage device.

21. A control program for a processing unit connectable to a data communications network, the processing unit having a device reader for a portable storage device that includes storage and an access controller, the storage holding a network identity for the processing unit and at least one encryption key, and the access controller controlling access to the storage by implementing key-key encryption, the control program being operable to access a secure portion of the storage of the portable storage device by supplying a key-encrypted request to the access controller, and, in response to receipt of an access key from the access controller, being operable to send an encrypted command to access the content of the storage of the portable storage device.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The control program of claim 21, wherein, in response to the return of an access key, the control program is operable to use the access key to encrypt a command for access to secure storage in the portable storage device.
  - 23. The control program of claim 21, wherein the portable storage device is a smart card, the access controller is a microcontroller and the device reader is a smart card reader.
  - 24. The control program of claim 21, wherein the network identity comprises a MAC address.
  - 25. The control program of claim 21, comprising a service processor, the service processor being programmed to control reading of the portable storage device.
  - 26. The control program of claim 21 on a carrier medium.
  - 27. The control program of claim 21, wherein the processing unit comprises a service processor, the control program controlling operation of the service processor.
  - 28. The control program of claim 27, wherein the service processor is a microcontroller.
  - 29. A microcontroller comprising a control program as recited in claim 21.
  - 30. A server computer comprising a device reader for reading a portable storage, a processor, memory and a microcontroller as recited in claim 29, the microcontroller being operable as a service processor and connected to read the content of storage in a portable storage device mounted in the portable storage device.

31. A method securing encryption keys for use in a processing unit connectable to a data communications network, the method comprising:
- providing a portable storage device for a processing unit that is connectable to the data communications network and includes a device reader for reading the portable storage device, which portable storage device comprises storage and an access controller;
  
  providing in the storage a network identity for the processing unit and at least one encryption key; and
  
  implementing key-key encryption in the access controller for controlling access to the storage.
- View Dependent Claims (32, 33, 34, 35, 36)
- - 32. The method of claim 31, comprising defining at least part of the storage in the portable storage device as secure storage accessible only under the control of the access controller.
  - 33. The method of claim 32, comprising storing said at least one encryption key in said secure storage.
  - 34. The method of claim 32, comprising storing at least one network security encryption key in said secure storage.
  - 35. The method of claim 31, comprising:
    - the processing unit supplying a key-encrypted request to the access controller;
      
      the access controller providing key-key verification of the request key supplied from the processing unit; and
      
      in response to the key-encrypted request verifying correctly;
      
      returning to the processing unit an access key to permit access to the secure storage;
      
      the processing unit encrypting a command using the access key to access the secure storage; and
      
      the access controller responding to the first command to access the first storage.
  - 36. The method of claim 31, wherein the network identity comprises a MAC address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Evans, Stephen C., Mayhead, Martin P., King, James E.

Granted Patent

US 7,360,240 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/284
CPC Class Codes

G06K 13/085   using an arrangement for lo...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 61/5038   for local use, e.g. in LAN ...

H04L 69/40   for recovering from a failu...

Portable network encryption keys

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Portable network encryption keys

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links