Method and apparatus for authenticating an open system application to a portable IC device

US 20060036851A1
Filed: 10/19/2005
Published: 02/16/2006
Est. Priority Date: 10/26/1998
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

a processor; and

a nonvolatile memory, coupled to the processor, that stores both data and a program that, when a request to access the data is received from a requesting application executing on a computer coupled to the apparatus, causes the processor to allow access to the data only if the requesting application can prove that the requesting application is an application on a list of trusted applications maintained by the apparatus.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure communication channel between an open system and a portable IC device is established. An application running on the open system desiring access to the information on the portable IC device authenticates itself to the portable IC device, proving that it is trustworthy. Once such trustworthiness is proven, the portable IC device authenticates itself to the application. Once such two-way authentication has been completed, trusted communication between the open system and the portable IC device can proceed, and private information that is maintained on the portable IC device can be unlocked and made available to the application.

183 Citations

View as Search Results

15 Claims

1. An apparatus comprising:
- a processor; and
  
  a nonvolatile memory, coupled to the processor, that stores both data and a program that, when a request to access the data is received from a requesting application executing on a computer coupled to the apparatus, causes the processor to allow access to the data only if the requesting application can prove that the requesting application is an application on a list of trusted applications maintained by the apparatus.
- View Dependent Claims (2, 3, 4, 5)
- - 2. An apparatus as recited in claim 1, wherein the apparatus comprises a smart card.
  - 3. An apparatus as recited in claim 1, wherein the program further causes the processor to:
    - send, to the requesting application, a challenge;
      
      receive a response to the challenge from the requesting application;
      
      verify the response; and
      
      determine whether the requesting application is an application on the list of trusted applications only after the response is verified.
  - 4. An apparatus as recited in claim 1, wherein the program further causes the processor to allow the requesting application to prove that the requesting application is an application on the list of trusted applications by:
    - sending a definition of a set of trusted applications to the requesting application; and
      
      receiving an indication from the requesting application that the requesting application is an application on the list of trusted applications.
  - 5. An apparatus as recited in claim 4, wherein the definition of the set of trusted applications is a list of rules that implicitly define the list of trusted applications.

6. A method implemented in a device, the method comprising:
- receiving, from a requesting application executing on a computer coupled to the device, a request;
  
  allowing the requesting application to access data stored on the device only if the requesting application can prove that the requesting application is an application on a list of trusted applications maintained on the device.
- View Dependent Claims (7, 8, 9, 10)
- - 7. A method as recited in claim 6, wherein the device comprises a smart card.
  - 8. A method as recited in claim 6, further comprising:
    - sending, to the requesting application, a challenge;
      
      receiving a response to the challenge from the requesting application;
      
      verifying the response; and
      
      determining whether the requesting application is an application on the list of trusted applications only after the response is verified.
  - 9. A method as recited in claim 6, further comprising allowing the requesting application to prove that the requesting application is an application on the list of trusted applications by:
    - sending a definition of a set of trusted applications to the requesting application; and
      
      receiving an indication from the requesting application that the requesting application is an application on the list of trusted applications.
  - 10. A method as recited in claim 9, wherein the definition of the set of trusted applications is a list of rules that implicitly define the list of trusted applications.

11. One or more computer readable media having stored thereon instructions that, when executed by one or more processors of a device, cause the device to:
- receive, from a requesting application executing on a computer coupled to the device, a request;
  
  allow the requesting application to access data stored on the device only if the requesting application can prove that the requesting application is an application on a list of trusted applications maintained on the device.
- View Dependent Claims (12, 13, 14, 15)
- - 12. One or more computer readable media as recited in claim 11, wherein the device comprises a smart card.
  - 13. One or more computer readable media as recited in claim 11, wherein the instructions further cause the one or more processors to:
    - send, to the requesting application, a challenge;
      
      receive a response to the challenge from the requesting application;
      
      verify the response; and
      
      determine whether the requesting application is an application on the list of trusted applications only after the response is verified.
  - 14. One or more computer readable media as recited in claim 11, wherein the instructions further cause the one or more processors to allow the requesting application to prove that the requesting application is an application on the list of trusted applications by:
    - sending a definition of a set of trusted applications to the requesting application; and
      
      receiving an indication from the requesting application that the requesting application is an application on the list of trusted applications.
  - 15. One or more computer readable media as recited in claim 14, wherein the definition of the set of trusted applications is a list of rules that implicitly define the list of trusted applications.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
DeTreville, John

Granted Patent

US 7,139,915 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/159
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/445   by mutual authentication, e...

G06F 21/57   Certifying or maintaining t...

G06F 21/575   Secure boot

G06F 2221/2113   Multi-level security, e.g. ...

G06F 9/4406   Loading of operating system

G06F 9/468   Specific access rights for ...

Method and apparatus for authenticating an open system application to a portable IC device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

183 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for authenticating an open system application to a portable IC device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

183 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others