Method and system for using a compact disk as a smart key device
First Claim
1. A data processing system, comprising:
- a system unit;
a media reading device coupled to the system unit;
a device driver for controlling the media reading device;
an removable storage media, readable by the media reading device, wherein the removable storage media stores a first private key corresponding to a first asymmetric cryptographic key pair and a first public key corresponding to a second asymmetric cryptographic key pair; and
a hardware security unit coupled to the system unit, wherein the hardware security unit stores a second private key corresponding to the second asymmetric cryptographic key pair and a second public key corresponding to the first asymmetric cryptographic key pair, the hardware security unit comprising;
logic for authenticating the removable storage media and the hardware security unit based upon the first and second cryptographic key pairs; and
logic for enabling the system unit to invoke cryptographic functions on the hardware security unit while the removable storage media remains engaged with the media reading device after the removable storage media and the hardware security unit have been mutually authenticated.
3 Assignments
0 Petitions
Accused Products
Abstract
A data processing system accepts a removable storage media, which becomes electrically engaged with a system unit within the data processing system, after which the removable storage media and the hardware security unit mutually authenticate themselves. The removable storage media stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the hardware security unit, and the hardware security unit stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the removable storage media. In response to successfully performing the mutual authentication operation between the removable storage media and the hardware security unit, the system unit is enabled to invoke cryptographic functions on the hardware security unit while the removable storage media remains engaged with the system unit.
73 Citations
24 Claims
-
1. A data processing system, comprising:
-
a system unit;
a media reading device coupled to the system unit;
a device driver for controlling the media reading device;
an removable storage media, readable by the media reading device, wherein the removable storage media stores a first private key corresponding to a first asymmetric cryptographic key pair and a first public key corresponding to a second asymmetric cryptographic key pair; and
a hardware security unit coupled to the system unit, wherein the hardware security unit stores a second private key corresponding to the second asymmetric cryptographic key pair and a second public key corresponding to the first asymmetric cryptographic key pair, the hardware security unit comprising;
logic for authenticating the removable storage media and the hardware security unit based upon the first and second cryptographic key pairs; and
logic for enabling the system unit to invoke cryptographic functions on the hardware security unit while the removable storage media remains engaged with the media reading device after the removable storage media and the hardware security unit have been mutually authenticated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for performing cryptographic functions, the method comprising:
-
engaging a removable storage media with a media reading device coupled to a system unit, wherein the system unit includes a hardware security unit and a device driver for controlling the media reading device; and
wherein the removable storage media contains a first private key corresponding to a first asymmetric cryptographic key pair and a first public key corresponding to a second asymmetric cryptographic key pair, and wherein the hardware security unit contains a second private key corresponding to the second asymmetric cryptographic key pair and a second public key corresponding to the first asymmetric cryptographic key pair;
performing a mutual authentication operation between the removable storage media and the hardware security unit based upon the first and second asymmetric cryptographic key pairs; and
in response to successfully performing the mutual authentication operation, enabling the system unit to invoke cryptographic functions on the hardware security unit while the removable storage media remains engaged to the media reading device. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product on a computer readable medium for use in a data processing system for performing cryptographic functions, the computer program product comprising:
-
logic, stored on the computer readable medium, for reading a removable storage media with a media reading device coupled to a system unit, wherein the system unit includes a hardware security unit and a device driver for controlling the media reading device, wherein the removable storage media contains a first private key corresponding to a first asymmetric cryptographic key pair and a first public key corresponding to a second asymmetric cryptographic key pair, and wherein the hardware security unit contains a second private key corresponding to the second asymmetric cryptographic key pair and a second public key corresponding the first asymmetric cryptographic key pair;
logic, stored on the computer readable medium, for performing a mutual authentication operation between the media reading device and the hardware security unit while the removable storage media is engaged with the media reading device; and
logic, stored on the computer readable medium, for enabling cryptographic functions on the hardware security unit while the removable storage media remains engaged with the media reading device system unit in response to successfully performing the mutual authentication operation between the removable storage media and the hardware security unit. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification