Method, system and computer program product for integrity-protected storage in a personal communication device

US 20030076957A1
Filed: 10/18/2001
Published: 04/24/2003
Est. Priority Date: 10/18/2001
Status: Abandoned Application

First Claim

Patent Images

1. A system for integrity-protected storage in a personal communication device, comprising:

a first storage device;

a second storage device and a processor disposed in communication with said first and said second storage device configured to;

authenticate said second storage device;

create a secure object to be stored in said second storage device using at least one secret key from said first storage device; and

granting access to data stored in said second storage device using said secret key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method, system and computer program product for achieving integrity-protected storage in a personal communication device by implementing DRM in a personal communication device. In particular, the method, system and computer program product utilizes cryptography and an external, read-write storage device that stores important state information that need not be secret, but should be unmodifable or replayable without detection. Using the present invention, the integrity of data storage in a personal communication can be assured even if data is stored in an insecure storage device.

Citations

40 Claims

1. A system for integrity-protected storage in a personal communication device, comprising:
- a first storage device;
  
  a second storage device and a processor disposed in communication with said first and said second storage device configured to;
  
  authenticate said second storage device;
  
  create a secure object to be stored in said second storage device using at least one secret key from said first storage device; and
  
  granting access to data stored in said second storage device using said secret key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein said first storage device is a read-only memory device.
  - 3. The system of claim 1, wherein said second storage device is an external, read-write memory device.
  - 4. The system of claim 1, wherein said first and said second storage devices are tamper-resistant memory devices.
  - 5. The system of claim 3, wherein said second storage device is a removable electronic card that is received by said personal communication device.
  - 6. The system of claim 1, wherein said first storage device further comprise an integrity key and confidentiality key.
  - 7. The system of claim 1, wherein the communication between said processor and said first and second storage devices comprises the execution of a plurality of protocols using an operating system of the personal communication device.
  - 8. The system of claim 7, wherein said plurality of protocols are comprised of a create protocol, a read protocol and an update protocol.
  - 9. The system of claim 7, wherein said plurality of protocols further comprises a delete protocol.
  - 10. The system of claim 1, further comprising an insecure storage device for storing data encrypted with said secret key.
  - 11. The system of claim 10, wherein said insecure storage device is an external, read-write storage device.
  - 12. The system of claim 1, wherein said personal communication device comprises a cellular telephone, a satellite telephone, a personal digital assistant or a bluetooth device.

13. A system for integrity-protected storage of data in a personal communication device, comprising:
- a tamper-resistant storage device that stores at least one secret key;
  
  an external tamper-resistant storage device that stores an encryption key pair and a compliance certificate; and
  
  a processor for executing a plurality of protocols for communication between said tamper-resistant storage device and said external tamper-resistant storage device;
  
  wherein upon initiation of a communication protocol said tamper-resistant storage device requests the compliance certificate from said external tamper-resistant storage device and said tamper-resistant storage device sends the integrity-protected key along with a unique identifier to said external tamper-resistant storage device, which is used by said external tamper-resistant storage device to authenticate a subsequent request to read and update data stored in said external tamper-resistant storage device.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The system of claim 13, wherein said tamper-resistant storage device is read-only storage.
  - 15. The system of claim 13, wherein said external tamper-resistant storage device is a read-write storage device.
  - 16. The system of claim 13, wherein said external tamper-resistant storage device is a removable electronic card received by said personal communication device.
  - 17. The system of claim 13, wherein said tamper-resistant storage device further comprises an integrity key and a confidentiality key.
  - 18. The system of claim 13, where a plurality of protocols executed by said processor comprises a create protocol, a read protocol and a write protocol
  - 19. The system of claim 13, further comprising an insecure storage device storing data encrypted with said secret key.
  - 20. The system of claim 18, wherein said plurality of protocols further comprises a delete protocol.
  - 21. The system of claim 19, where in said insecure storage is an external, read-write storage device.
  - 22. The system of claim 13, wherein said personal communication device comprises a cellular telephone, a satellite telephone, a personal digital assistant or a bluetooth device.

23. The method for storing data in a personal communication device, comprising:
- authenticating a second storage device;
  
  creating a secure object following the authentication of said second storage device using a secret key of a first storage device;
  
  storing said secure object in said second storage device; and
  
  granting access to data stored in said second storage device using said secret key.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
- - 24. The method of claim 23, wherein said first storage device is a read-only memory device.
  - 25. The method of claim 23, wherein said second storage device is a read-write memory device.
  - 26. The method of claim 23, wherein the authenticating of said second storage device further comprises:
    - receiving a compliance certificate and a public key from the second storage device; and
      
      verifying the authenticity of the compliance certificate.
  - 27. The method of claim 23, wherein the receiving of the compliance certificate and the public key is in response to a request from said first storage device.
  - 28. The method of claim 23, wherein said creation of the secured object further comprises:
    - sending an integrity key and an identifier for the object to the second storage device; and
      
      receiving a success indication from said second storage device.
  - 29. The method of claim 23, wherein the personal communication device is a cellular telephone, a satellite telephone, a personal digital assistant or a bluetooth device.
  - 30. The method of claim 28, wherein the integrity key functions to decode encrypted data accessible through the second memory device.

31. A method of storing data in a personal communication device, comprising:
- requesting of a compliance certificate from a second storage device;
  
  verifying the authenticity of the compliant card sent by said second storage device;
  
  sending an integrity key and an object identifier from a first storage device to said second storage device upon authentication of said compliant card;
  
  storing said integrity key and object identifier in said second storage device;
  
  authenticating a read request from said first storage device using the stored integrity key in said second storage device;
  
  authenticating an update request from the first storage device using said stored integrity key in said second storage device; and
  
  granting access to data stored in said second memory device.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. The method of claim 31, wherein said first storage device is a read-only storage device.
  - 33. The apparatus of claim 31, wherein said second storage device is a read-write storage device.
  - 34. The method of claim 31, further comprises storing a confidentiality key in said first storage device.
  - 35. The apparatus of claim 34, further comprising storing encrypted data in an insecure storage using said confidentiality key.
  - 36. The method of claim 31, wherein the personal communication device is a cellular telephone, a satellite telephone, a personal digital assistant or a bluetooth device.
  - 37. The method of claim 31, wherein the integrity key functions to decode encrypted data accessible through the second memory device.

38. A computer program product for storing data in a personal communication device, comprising:
- a computer readable medium;
  
  program code in said computer readable medium for authenticating a second storage device;
  
  program code in said computer readable medium for creating a secure object using a secret key from a first storage device following the authenticating of said second storage device;
  
  program code in said computer-readable medium for storing the secure object in said second storage device program code in said computer readable medium for granting access to the data in said second storage device using said secret key.
- View Dependent Claims (39, 40)
- - 39. The computer program product of claim 38, wherein the program code for authenticating of said second storage device further comprises:
    - program code for receiving a compliance certificate and a public key from the second storage device; and
      
      program code for verifying the authenticity of the compliance certificate.
  - 40. The computer program product of claim 38, wherein the program code for object creation further comprises:
    - program code for sending an integrity key and an identifier for the object to said second storage device; and
      
      program code for receiving a success indication from said second storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Asokan, Nadarajah, Paatero, Lauri, Ekberg, Jan-Erik

Application Number

US09/978,701
Publication Number

US 20030076957A1
Time in Patent Office

Days
Field of Search
US Class Current

380/270
CPC Class Codes

G06Q 20/04   Payment circuits

G06Q 20/045   using payment protocols inv...

G06Q 20/1235   with control of digital rig...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/346   Cards serving only as infor...

G06Q 20/35765   Access rights to memory zones

G06Q 20/3823   combining multiple encrypti...

G07F 7/082   Features insuring the integ...

G07F 7/1008   Active credit-cards provide...

G07F 7/1083   Counting of PIN attempts

H04M 2250/14   including a card reading de...

Method, system and computer program product for integrity-protected storage in a personal communication device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Method, system and computer program product for integrity-protected storage in a personal communication device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links