Content Control Method Using Certificate Chains

US 20080010450A1
Filed: 11/06/2006
Published: 01/10/2008
Est. Priority Date: 07/07/2006
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a first entity by a second entity, comprising:

receiving at the second entity a chain of certificates for authenticating the first entity to the second entity, said chain of certificates including a plurality of continuous strings of certificates, the strings individually including at least one certificate;

said second entity verifying in a sequence the strings of certificates in said chain of certificates, wherein said strings of the certificates in the chain are received at the second entity in said sequence; and

detecting at the second entity whether the complete chain of certificates has been received.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Continuous strings of certificates in a certificate chain received by a memory device sequentially in the same order that the strings are verified. Each string except for the last may be overwritten by the next one in the sequence.

175 Citations

View as Search Results

36 Claims

1. A method for authenticating a first entity by a second entity, comprising:
- receiving at the second entity a chain of certificates for authenticating the first entity to the second entity, said chain of certificates including a plurality of continuous strings of certificates, the strings individually including at least one certificate;
  
  said second entity verifying in a sequence the strings of certificates in said chain of certificates, wherein said strings of the certificates in the chain are received at the second entity in said sequence; and
  
  detecting at the second entity whether the complete chain of certificates has been received.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the detecting detects whether at least one of the certificates received by the second entity is the last one in the chain of certificates.
  - 3. The method of claim 2, further comprising verifying the certificates received.
  - 4. The method of claim 2, wherein the last certificate in the chain contains an indication that it is the last one in the chain of certificates, and said detecting detects said indication.
  - 5. The method of claim 2, wherein the first entity comprises a memory device and the second entity comprises a host device, said memory device removably connected to said host device.
  - 6. The method of claim 5, further comprising the second entity sending a request for the next string of certificates in the sequence to the first entity after receipt of each of the strings of certificates except after receipt of the last certificate in the chain.
  - 7. The method of claim 6, further comprising the first entity sending one of the strings of certificates to the second entity in response to each request from the second entity.
  - 8. The method of claim 1, wherein the second entity comprises a memory device and the first entity comprises a host device, said memory device removably connected to said host device.
  - 9. The method of claim 1, wherein the second entity comprises a memory card.
  - 10. The method of claim 1, further comprising sending consecutively according to said sequence to the second entity said strings of certificates for authenticating the first entity to the second entity.
  - 11. The method of claim 1, wherein each of the strings of certificates includes one certificate, said second entity comprising a memory device, said method further comprising storing in the memory device the certificates received at the second entity, wherein each certificate except for the last certificate in the chain stored in the memory is overwritten by the next certificate that is received at the second entity.
  - 12. The method of claim 11, further comprising allocating not more memory space in the memory device than enough for storing one certificate.

13. A method for authenticating a first entity by a second entity, comprising:
- sending to the second entity a chain of certificates for authenticating the first entity to the second entity, said chain of certificates including a plurality of continuous strings of certificates, the strings individually including at least one certificate;
  
  said second entity verifying consecutively in a sequence the strings of certificates in said chain of certificates, wherein the strings of certificates in the chain are sent consecutively in said sequence.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The method of claim 13, said second entity verifying the certificates sent to the second entity in a verification process, and when at least one of the certificates sent to the second entity fails the verification process, said method further comprising terminating the verification process and sending to the first entity an indication of the termination.
  - 15. The method of claim 14, further comprising receiving at the first entity the indication and stopping the sending when said indication is received.
  - 16. The method of claim 13, wherein the last certificate in the chain sent to the second entity contains an indication that it is the last one in the chain of certificates.
  - 17. The method of claim 13, wherein the first entity comprises a memory device and the second entity comprises a host device, said memory device removably connected to said host device.
  - 18. The method of claim 17, further comprising the second entity sending a request for the next string of certificates in the sequence to the first entity after receipt of each of the strings of certificate except after receipt of the last string of certificates in the chain.
  - 19. The method of claim 18, further comprising the first entity sending one of the strings of certificate to the second entity in response to each request from the second entity.
  - 20. The method of claim 13, wherein the second entity comprises a memory device and the first entity comprises a host device, said memory device removably connected to said host device.
  - 21. The method of claim 13, wherein each string of certificates includes one certificate, said second entity verifying the certificates received in a verification process, and wherein said sending sends sequentially to the second entity the chain of certificates for authenticating the first entity to the second entity, until all the certificates in the chain have been sent unless at least one of the certificates sent to the second entity fails the verification process.
  - 22. The method of claim 13, wherein the second entity comprises a memory card.
  - 23. The method of claim 13, wherein each of the strings of certificates includes one certificate, and said second entity includes a memory, further comprising storing in the memory the certificates received at the second entity, wherein each certificate except for the last certificate in the chain stored in the memory is overwritten by the next certificate that is received at the second entity.
  - 24. The method of claim 23, further comprising allocating for storing said certificates not more memory space in the memory device than enough for storing one certificate.

25. A method for mutual authentication between a first and a second entity, comprising:
- (a) receiving at the second entity a first chain of certificates for authenticating the first entity to the second entity, said first chain of certificates including a plurality of continuous strings of certificates, the strings in said first chain individually including at least one certificate, said second entity verifying consecutively the strings of certificates in said first chain of certificates in a first sequence, wherein said strings of the certificates in the first chain are received at the second entity consecutively in said first sequence;
  
  (b) detecting at the second entity whether the complete first chain of certificates has been received from the first entity;
  
  (c) receiving at the first entity a second chain of certificates for authenticating the second entity to the first entity, said second chain of certificates including a plurality of continuous strings of certificates, each of the strings in said second chain including at least one certificate, said first entity verifying consecutively the strings of certificates in said second chain of certificates in a second sequence, wherein the strings of the certificates in second chain are received consecutively in the second sequence; and
  
  (d) detecting at the first entity whether the complete second chain of certificates has been received from the second entity.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. The method of claim 25, wherein the detecting in (b) or (d) detects whether at least one of the certificates received is the last one in the first or second chain of certificates.
  - 27. The method of claim 26, further comprising verifying the certificates received after (a) or (c) in a verification process, and terminating said process when at least one of the certificates sent to the first or second entity fails the verification process.
  - 28. The method of claim 26, wherein the last certificate in the first or second chain contains an indication that it is the last one in such chain of certificates.
  - 29. The method of claim 25, wherein the first entity comprises a memory device and the second entity comprises a host device, said memory device removably connected to said host device.
  - 30. The method of claim 29, further comprising one of the first and second entities sending a request to the other entity for the next string of certificate in the first or second sequence after receipt of each string of certificates in (a) or (c), except after receipt of the last string of certificate in the first or second chain.
  - 31. The method of claim 30, further comprising one of the first and second entities sending one of the strings of certificate to the other entity in response to each request from the other entity.
  - 32. The method of claim 25, wherein the second entity comprises a memory device and the first entity comprises a host device, said memory device removably connected to said host device.
  - 33. The method of claim 32, wherein the second entity comprises a memory card.
  - 34. The method of claim 33, further comprising sending sequentially to the second entity the first chain of certificates for authenticating the first entity to the second entity.
  - 35. The method of claim 25, further comprising storing in a memory at the first or second entity the strings of certificates received sequentially in (a) or (c), wherein each of the strings of certificates except for the last certificate in the first or second chain stored in the memory is overwritten by the next string in the first or second sequence of certificates that is received sequentially in (a) or (c).
  - 36. The method of claim 35, further comprising allocating not more memory space in the memory than enough for storing one of the strings of certificates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Inventors
Holtzman, Michael, Jogand-Coulomb, Fabrice, Barzilai, Ron, Sela, Rotem

Granted Patent

US 8,140,843 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/157
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 9/3228   One-time or temporary data,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

Content Control Method Using Certificate Chains

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

175 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Content Control Method Using Certificate Chains

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

175 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links