Access control

US 20050010783A1
Filed: 06/24/2004
Published: 01/13/2005
Est. Priority Date: 10/24/1995
Status: Active Grant

First Claim

Patent Images

1. A method for at least one administration entity to control access to an electronic device, comprising:

the at least one administration entity generating credentials and a plurality of corresponding proofs for the electronic device, wherein no valid proofs are determinable given only the credentials and values for expired proofs;

the electronic device receiving the credentials;

if access is authorized at a particular time, the electronic device receiving a proof corresponding to the particular time; and

the electronic device confirming the proof using the credentials.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

At least one administration entity controls access to an electronic device by the at least one administration entity generating credentials and a plurality of corresponding proofs for the electronic device, wherein no valid proofs are determinable given only the credentials and values for expired proofs, the electronic device receiving the credentials, if access is authorized at a particular time, the electronic device receiving a proof corresponding to the particular time, and the electronic device confirming the proof using the credentials. The at least one administration entity may generate proofs after generating the credentials. A single administration entity may generate the credentials and generate the proofs. There may be a first administration entity that generates the credentials and other administration entities that generate proofs. The first administration entity may also generate proofs or may not. The credentials may be a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs. Each of the proofs may be a result of applying a one way function to a future one of the proofs. The digital certificate may include an identifier for the electronic device.

Citations

62 Claims

1. A method for at least one administration entity to control access to an electronic device, comprising:
- the at least one administration entity generating credentials and a plurality of corresponding proofs for the electronic device, wherein no valid proofs are determinable given only the credentials and values for expired proofs;
  
  the electronic device receiving the credentials;
  
  if access is authorized at a particular time, the electronic device receiving a proof corresponding to the particular time; and
  
  the electronic device confirming the proof using the credentials.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. A method, according to claim 1, wherein the at least one administration entity generates proofs after generating the credentials.
  - 3. A method, according to claim 1, wherein a single administration entity generates the credentials and generates the proofs.
  - 4. A method, according to claim 1, wherein there is a first administration entity that generates the credentials and other administration entities that generate proofs.
  - 5. A method, according to claim 4, wherein the first administration entity also generates proofs.
  - 6. A method, according to claim 4, wherein only the other administration entities generate proofs.
  - 7. A method, according to claim 1, wherein the credentials are a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.
  - 8. A method, according to claim 7, wherein each of the proofs is a result of applying a one way function to a future one of the proofs.
  - 9. A method, according to claim 7, wherein the digital certificate includes an identifier for the electronic device.
  - 10. A method, according to claim 1, wherein the credentials include a final value that is a result of applying a one way function to a first one of the proofs.
  - 11. A method, according to claim 10, wherein each of the proofs is a result of applying a one way function to a future one of the proofs.
  - 12. A method, according to claim 10, wherein the credentials include an identifier for the electronic device.
  - 13. A method, according to claim 1, wherein the electronic device is a computer.
  - 14. A method, according to claim 13, further comprising:
    - the computer booting up only if access is authorized.
  - 15. A method, according to claim 1, wherein the electronic device is a disk drive.
  - 16. A method, according to claim 1, further comprising:
    - providing proofs using at least one proof distribution entity separate from the at least one administrative entity.
  - 17. A method, according to claim 16, wherein there is a single proof distribution entity.
  - 18. A method, according to claim 16, wherein there are a plurality of proof distribution entities.
  - 19. A method, according to claim 1, further comprising:
    - providing proofs using a connection to the electronic device.
  - 20. A method, according to claim 19, wherein the connection is the Internet.
  - 21. A method, according to claim 1, wherein at least some of the proofs are stored locally on the electronic device.
  - 22. A method, according to claim 21, further comprising:
    - if the proof corresponding to the time is not available locally, the electronic device requesting the proofs via an external connection.
  - 23. A method, according to claim 1, wherein each of the proofs is associated with a particular time interval.
  - 24. A method, according to claim 23, wherein, after a particular time interval associated with a particular one of the proofs has passed, the electronic device receives a new proof.
  - 25. A method, according to claim 24, wherein the time interval is one day.

26. A method for an electronic device to control access thereto, comprising:
- receiving credentials and at least one of a plurality of corresponding proofs for the electronic device, wherein no valid proofs are determinable given only the credentials and values for expired proofs; and
  
  testing the at least one of a plurality of proofs using the credentials.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 27. A method, according to claim 26, wherein the credentials are a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.
  - 28. A method, according to claim 27, wherein each of the proofs is a result of applying a one way function to a future one of the proofs.
  - 29. A method, according to claim 27, wherein the digital certificate includes an identifier for the electronic device.
  - 30. A method, according to claim 26, wherein the credentials include a final value that is a result of applying a one way function to a first one of the proofs.
  - 31. A method, according to claim 30, wherein each of the proofs is a result of applying a one way function to a future one of the proofs.
  - 32. A method, according to claim 30, wherein the credentials include an identifier for the electronic device.
  - 33. A method, according to claim 26, wherein the electronic device is a computer.
  - 34. A method, according to claim 33, further comprising:
    - the computer booting up only if access is authorized.
  - 35. A method, according to claim 26, wherein the electronic device is a disk drive.
  - 36. A method, according to claim 26, further comprising:
    - obtaining proofs using a connection to the electronic device.
  - 37. A method, according to claim 36, wherein the connection is the Internet.
  - 38. A method, according to claim 26, wherein at least some of the proofs are stored locally on the electronic device.
  - 39. A method, according to claim 38, further comprising:
    - if the proof corresponding to the time is not available locally, the electronic device requesting the proofs via an external connection.
  - 40. A method, according to claim 26, wherein each of the proofs is associated with a particular time interval.
  - 41. A method, according to claim 40, wherein, after a particular time interval associated with a particular one of the proofs has passed, the electronic device receives a new proof.
  - 42. A method, according to claim 41, wherein the time interval is one day.

43. A method of controlling access to an electronic device, comprising:
- providing credentials to the electronic device; and
  
  if access is allowed at a particular time, providing a proof to the electronic device corresponding to the particular time, wherein the proof is not determinable given only the credentials and values for expired proofs.
- View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 44. A method, according to claim 43, wherein the credentials are a digital certificate that includes a final value that is a result of applying a one way function to a first one of the proofs.
  - 45. A method, according to claim 44, wherein each of the proofs is a result of applying a one way function to a future one of the proofs.
  - 46. A method, according to claim 44, wherein the digital certificate includes an identifier for the electronic device.
  - 47. A method, according to claim 43, wherein the credentials include a final value that is a result of applying a one way function to a first one of the proofs.
  - 48. A method, according to claim 47, wherein each of the proofs is a result of applying a one way function to a future one of the proofs.
  - 49. A method, according to claim 47, wherein the credentials include an identifier for the electronic device.
  - 50. A method, according to claim 43, wherein the electronic device is a computer.
  - 51. A method, according to claim 50, further comprising:
    - the computer booting up only if access is authorized.
  - 52. A method, according to claim 43, wherein the electronic device is a disk drive.
  - 53. A method, according to claim 43, further comprising:
    - providing proofs using at least one proof distribution entity separate from the at least one administrative entity.
  - 54. A method, according to claim 53, wherein there is a single proof distribution entity.
  - 55. A method, according to claim 53, wherein there are a plurality of proof distribution entities.
  - 56. A method, according to claim 43, further comprising:
    - providing proofs using a connection to the electronic device.
  - 57. A method, according to claim 56, wherein the connection is the Internet.
  - 58. A method, according to claim 43, wherein at least some of the proofs are stored locally on the electronic device.
  - 59. A method, according to claim 58, further comprising:
    - if the proof corresponding to the time is not available locally, the electronic device requesting the proofs via an external connection.
  - 60. A method, according to claim 43, wherein each of the proofs is associated with a particular time interval.
  - 61. A method, according to claim 60, wherein, after a particular time interval associated with a particular one of the proofs has passed, the electronic device receiving a new proof.
  - 62. A method, according to claim 61, wherein the time interval is one day.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Corestreet, Ltd. (Assa Abloy AB)
Inventors
Libin, Phil, Micali, Silvio

Granted Patent

US 7,660,994 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/33   using certificates

G06Q 10/00   Administration; Management

G06Q 90/00   Systems or methods speciall...

Access control

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

62 Claims

Specification

Solutions

Use Cases

Quick Links

Access control

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

62 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links