Method and apparatus for uniquely and authoritatively identifying tangible objects
First Claim
1. An apparatus having a digital protection mechanism, comprising:
- a tangible object;
a digital protection system physically attached to said tangible object, said digital protection system comprising;
(a) an external interface for receiving data requests;
(b) a processor coupled to said external interface, said processor capable of transforming data according to a first public/private key encryption algorithm; and
(c) an internal data storage, said internal data storage storing an identity private key, said identity private key being inaccessible outside said external interface; and
a data descriptor associated with said digital protection system, said data descriptor including an identity public key, attribute data and a digital signature;
wherein said processor performs a first transformation of data responsive to a request received through said external interface, said processor performing said first transformation of said data according to said first public/private key encryption algorithm using said identity private key, wherein a second transformation of data according to said first public private key encryption algorithm using said identity public key is a complementary transformation of said first transformation.
0 Assignments
0 Petitions
Accused Products
Abstract
A smart chip protection system contains a unique public/private identity key pair and uses a separate public/private signature key pair. The identity private key is stored in permanent, secure storage such that it can not be read outside the chip. An issuing entity generates a descriptor containing the identity public key, attribute data, and a digital signature. The digital signature is generated by enciphering a derivation of the identity public key and the attribute data with the signature private key known only to the issuer. The authenticity of the descriptor data is verified by decrypting the signature with the signature public key using a known algorithm, and comparing the result to the derivation of the descriptor data. The identity of the object can be verified requesting the smart chip ro perform an encryption/decryption operation using its identity private key, and performing the complement using the public key.
35 Citations
23 Claims
-
1. An apparatus having a digital protection mechanism, comprising:
-
a tangible object;
a digital protection system physically attached to said tangible object, said digital protection system comprising;
(a) an external interface for receiving data requests;
(b) a processor coupled to said external interface, said processor capable of transforming data according to a first public/private key encryption algorithm; and
(c) an internal data storage, said internal data storage storing an identity private key, said identity private key being inaccessible outside said external interface; and
a data descriptor associated with said digital protection system, said data descriptor including an identity public key, attribute data and a digital signature;
wherein said processor performs a first transformation of data responsive to a request received through said external interface, said processor performing said first transformation of said data according to said first public/private key encryption algorithm using said identity private key, wherein a second transformation of data according to said first public private key encryption algorithm using said identity public key is a complementary transformation of said first transformation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A machine having multiple parts, comprising:
-
a first replaceable part a digital controller controlling operation of at least one function of said machine, said digital controller being external to said first replaceable part;
a digital protection system physically attached to said first replaceable part, said digital protection system comprising;
(a) an external interface for receiving data requests, (b) a processor coupled to said external interface, said processor capable of performing a first data transformation according to a first public/private key encryption algorithm, and (c) an internal data storage, said internal data storage storing an identity private key, said identity private key being inaccessible outside said external interface; and
a data descriptor associated with said digital protection system, said data descriptor including an identity public key, attribute data and a digital signature;
wherein said controller verifies information concerning said first replaceable part by;
(a) obtaining said data descriptor associated with said digital protection system, (b) performing a second data transformation of test data according to said first public/private key encryption algorithm using said identity public key, said second data transformation being complementary to said first data transformation, (c) accessing said digital protection system attached to said first replaceable part to perform said first data transformation of said test data using said identity private key, (d) comparing data undergoing said first and second data transformations to test data before transformation; and
(e) verifying that said data descriptor has not been altered using said digital signature. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A replaceable part for a machine having multiple parts, comprising:
-
a part performing a function for said machine, and a digital protection system physically attached to said part, said digital protection system comprising;
(a) an external interface for communicating with a digital controller of said machine, said digital controller being located externally to said replaceable part;
(b) a processor coupled to said external interface, said processor capable of performing a data transformation according to a first public/private key encryption algorithm, and (c) an internal data storage, said internal data storage storing an identity private key, said identity private key being inaccessible outside said external interface, and a data descriptor, said data descriptor including an identity public key, attribute data and a digital signature;
wherein, responsive to a request received through said external interface, said processor of said digital protection system performs said data transformation according to said first public/private key encryption algorithm using said identity private key. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A method of operating a machine having multiple parts, including a first replaceable part having a digital protection system and a digital controller external to said first replaceable part for controlling operation of said machine, said digital protection system being a tangible device physically attached to said first replaceable part which receives input data, processes data, and produces output data independently of said machine, said method comprising the steps of:
-
(a) obtaining a data descriptor associated with said first replaceable part, said data descriptor including an identity public key, attribute data, and a digital signature;
(b) performing a complementary pair of data transformations of source test data to produce resultant test data, including a first data transformation performed by said digital controller according to a first public/private key encryption algorithm using said identity public key, and a second data transformation performed by said digital protection system, said second data transformation being complementary to said first data transformation;
(c) comparing said source test data to said resultant test data;
(d) verifying that said data descriptor has not been altered using said digital signature; and
(e) using the results of steps (c) and (d) in the operation of said machine. - View Dependent Claims (22, 23)
-
Specification