Secure network identification

US 20020062447A1
Filed: 08/15/2001
Published: 05/23/2002
Est. Priority Date: 08/31/2000
Status: Abandoned Application

First Claim

Patent Images

1. A processing unit connectable to a data communications network, the processing unit having a device reader for a portable storage device that includes storage operable to supply a network identity for the processing unit and an access controller, the access controller being operable to prevent unauthorised writing to the storage, the processing unit being operable, before reading the network identity from the portable storage device, to attempt a write to the storage of the portable storage device, and, on determining that the write has failed, to read the supplied network identity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A processing unit is connectable to a data communications network. The processing unit includes a device reader for a portable storage device. The portable storage device (e.g., a secure smart card) includes storage operable to supply a network identity for the processing unit and an access controller. The access controller is operable to prevent unauthorised writing to the storage. Before reading the network identity from the portable storage device, the processing device attempts a write to the storage of the portable storage device, and, only on determining that the write has failed, reads the supplied network identity. The processing unit is thereby able to check that the portable storage device is a valid secure data storage device and not a counterfeit portable storage device. If it is a genuine secure portable storage device, the write access will not be permitted, whereas if it is a non-secure portable storage device, there is a risk that it is a counterfeit. The access control logic of the portable storage device can be operable to implement key-to-key encryption. The processing unit can be operable to modify the content of the storage of the portable storage device by supplying a key to the access controller, and, in response to receipt of a return key from the access controller, to send an encrypted command to modify the content of the storage of the portable storage device.

34 Citations

View as Search Results

31 Claims

1. A processing unit connectable to a data communications network, the processing unit having a device reader for a portable storage device that includes storage operable to supply a network identity for the processing unit and an access controller, the access controller being operable to prevent unauthorised writing to the storage, the processing unit being operable, before reading the network identity from the portable storage device, to attempt a write to the storage of the portable storage device, and, on determining that the write has failed, to read the supplied network identity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The processing unit of claim 1, wherein the processing unit is operable, on being powered up, to determine whether a said portable storage device is present in the device reader and, in the event that a said portable storage device is present in the device reader, to attempt a write to the storage of the portable storage device, the processing unit being further operable, on determining that the write has failed, to copy the supplied network identity from the data carrier to the second memory location and to use the supplied network identity.
  - 3. The processing unit of claim 1, wherein the access control logic of the portable storage device implements key-to-key encryption, the processing unit being operable to modify the content of the storage of the portable storage device by supplying a key to the access controller, and, in response to receipt of a return key from the access controller, to send an encrypted command to modify the content of the storage of the portable storage device.
  - 4. The processing unit of claim 1, wherein the portable storage device is a smart card, the access controller is a microcontroller or a microprocessor, and the device reader is a smart card reader.
  - 5. The processing unit of claim 1, wherein the network identity comprises a MAC address.
  - 6. The processing unit of claim 1, comprising a service processor, the service processor being programmed to control reading of the portable storage device.
  - 7. The processing unit of claim 6, wherein the service processor is a microcontroller.
  - 8. The processing unit of claim 1, wherein the processing unit is a server computer
  - 9. The processing unit of claim 1, wherein the processing unit is a rack mountable computer server.

10. A control program for controlling the selection of a network identity for a processing unit connectable to a data communications network, the processing unit having a device reader for a portable storage device that includes storage operable to supply a network identity for the processing unit and an access controller, the access controller being operable to prevent unauthorised writing to the storage, the control program being operable, before reading the network identity from the portable storage device, to attempt a write to the storage of the portable storage device, and, only on determining that the write has failed, to read the supplied network identity.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The control program of claim 10, wherein the control program is operable, on the processing unit being powered up, to determine whether a said portable storage device is present in the device reader and, in the event that a said portable storage device is present in the device reader, to attempt a write to the storage of the portable storage device, the control program being further operable, on determining that the write has failed, to copy the supplied network identity from the data carrier to the second memory location and to use the supplied network identity.
  - 12. The control program of claim 10, wherein the access control logic of the portable storage device implements key-to-key encryption, the control program being operable to modify the content of the storage of the portable storage device by supplying a key to the access controller, and, in response to receipt of a return key from the access controller, to send an encrypted command to modify the content of the storage of the portable storage device.
  - 13. The control program of claim 10, wherein the portable storage device is a smart card, the access controller is a microcontroller and the device reader is a smart card reader.
  - 14. The control program of claim 10, wherein the network identity comprises a MAC address.
  - 15. The control program of claim 10 on a carrier medium.
  - 16. The control program of claim 10, wherein the processing unit comprises a service processor, the control program controlling operation of the service processor.
  - 17. The control program of claim 16, wherein the service processor is a microcontroller.
  - 18. A microcontroller comprising a control program as recited in claim 10.
  - 19. A server computer comprising a device reader for reading a portable storage, a processor, memory and a microcontroller as recited in claim 18, the microcontroller being operable as a service processor and connected to read the content of storage in a portable storage device mounted in the portable storage device.

20. A method of controlling the selection of a network identity for a processing unit connectable to a data communications network, the processing unit having a device reader for a portable storage device that includes storage operable to supply a network identity for the processing unit and an access controller, the access controller being operable to prevent unauthorised writing to the storage, the method comprising:
- attempting a write to the storage of the portable storage device; and
  
  only on determining that the write has failed, to read the supplied network identity from the portable storage device.
- View Dependent Claims (21, 22, 23, 24, 27, 28, 29, 30)
- - 21. The method of claim 20, comprising, on powering up of the processing unit, determining whether a said portable storage device is present in the device reader and in the event that a said portable storage device is present in the device reader, attempting a write to the storage of the portable storage device, and only on determining that the write has failed, copying the supplied network identity from the data carrier to the second memory location and using the supplied network identity.
  - 22. The method of claim 20, wherein the access control logic of the portable storage device implements key-to-key encryption, the method further comprising modifying the content of the storage of the portable storage device by supplying a key to the access controller, and, in response to receipt of a return key from the access controller, sending an encrypted command to modify the content of the storage of the portable storage device.
  - 23. The method of claim 20, wherein the portable storage device is a smart card, the access controller is a microcontroller and the device reader is a smart card reader.
  - 24. The method of claim 20, wherein the network identity comprises a MAC address.
  - 27. The portable storage device of claim 25, wherein the access controller implements key-to-key encryption, the access controller including key storage holding a stored key, the access controller being operable to compare a supplied key from the processing unit to the stored key and, in response to the supplied key verifying against the stored key, returning to the processing unit a return key derived from the stored key.
  - 28. The portable storage device of claim 27, wherein the access controller is subsequently operable to respond to an encrypted command from the processing unit to modify the content of the storage in the portable storage device.
  - 29. The portable storage device of claim 25, wherein the access controller is a microcontroller.
  - 30. The portable storage device of claim 25, wherein the portable storage device is a smart card.

25. A portable storage device that includes storage containing a network identity for a processing unit connectable to a data communications network, the portable storage device further including an access controller operable to prevent unauthorised writing to the storage, access controller being responsive to an unauthorised attempt to write to the storage to indicate that the write access has failed.
- View Dependent Claims (26)
- - 26. The portable storage device of claims 25, further operable to respond to a read access to supply the network identity.

31. The portable storage unit of 25, wherein the network identity comprises a MAC address.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Evans, Stephen C., Mayhead, Martin P., King, James E.

Application Number

US09/930,113
Publication Number

US 20020062447A1
Time in Patent Office

Days
Field of Search
US Class Current

713/200
CPC Class Codes

G06K 13/085   using an arrangement for lo...

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 61/5038   for local use, e.g. in LAN ...

H04L 69/40   for recovering from a failu...

Secure network identification

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

34 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Secure network identification

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links