Method and system for reducing a size of a security-related data object stored on a token
First Claim
1. A method for reducing a size of a security-related object stored in a token in a storage structure indexed according to data elements associated with the security-related object including a public key and a private key identifier identifying a private key assigned to an owner of the token, the method comprising:
- receiving a request to access an encrypted data object, the request containing an identity reference to a certificate associated with the security-related object and the private key identifier, the private key identifier necessary to decrypt the encrypted data object; and
accessing the private key identifier in the storage structure using only the identity reference as an index.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide a method and system, including a client and security token, for reducing a size of a security-related object stored in the token. The object is stored in a storage structure that is indexed according to an identity reference to a certificate associated with the object and a private key identifier identifying a private key assigned to an owner of the token. A request to access an encrypted data object results in accessing the private key identifier in the storage structure using only the identity reference as an index.
-
Citations
21 Claims
-
1. A method for reducing a size of a security-related object stored in a token in a storage structure indexed according to data elements associated with the security-related object including a public key and a private key identifier identifying a private key assigned to an owner of the token, the method comprising:
-
receiving a request to access an encrypted data object, the request containing an identity reference to a certificate associated with the security-related object and the private key identifier, the private key identifier necessary to decrypt the encrypted data object; and accessing the private key identifier in the storage structure using only the identity reference as an index. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of indexing a storage structure on a token to reduce a size of a security-related object including a private key identifier identifying a private key assigned to an owner of the token, the token storing the security-related object in the storage structure, the method comprising:
-
storing only an identity portion of a certificate associated with the security-related object and the private key identifier in the storage structure; and indexing the storage structure such that the private key identifier is indexed in association with the identity portion, wherein additional portions of the certificate are not stored in the storage structure. - View Dependent Claims (10, 11, 12)
-
-
13. A security token in a computer system, the security token for storing security-related objects thereon, the security token comprising:
-
an interface capable of connecting the token and the computer system; a memory configured with an indexable storage structure for storing the security objects; and a processor coupled to the interface and the memory, the processor configured to; receive a private key identifier and an identity portion of a certificate issued in connection with a security operation associated with an owner of the security token, the identity portion including less than all of the information associated with the certificate, and store the identity portion of the certificate in the indexable storage structure in association with the private key identifier, such that the storage structure can be accessed using the identity portion as an index to the private key identifier. - View Dependent Claims (14)
-
-
15. A security token in a computer system, the security token for storing security-related objects thereon, the security token comprising:
-
an interface capable of connecting the token and the computer system; a memory configured with an indexable storage structure for storing the security objects, the security objects including a private key identifier stored in association with an identity portion of a certificate issued to an owner of the security token, the identity portion including less than all of the information associated with the certificate; and a processor coupled to the interface and the memory, the processor configured to; receive a request for the private key identifier in connection with a decrypting operation, and retrieve the private key identifier by indexing into the storage structure using only the identity portion of the certificate. - View Dependent Claims (16)
-
-
17. A client in a multi-user computer system accessed using a token, the client for providing access to an encrypted message, the token having a memory including an indexable storage structure for storing security objects including an identity portion and a private key identifier associated with a certificate issued to an owner of the token, the storage structure indexed such that the private key identifier is accessible using only the identity portion, the client comprising:
-
a system interface for connecting to the multi-user computer system; a token interface; and a processor coupled to the token interface and the system interface, the processor configured to; receive a request to decrypt the encrypted message using the private key identifier, the request including the identity portion; retrieve the private key identifier by indexing the storage structure using the identity portion. - View Dependent Claims (18)
-
-
19. A client in a multi-user computer system accessed using a token, the token having a memory including an indexable storage structure for storing security objects, the client comprising:
-
a system interface for connecting to the multi-user computer system; a token interface; and a processor coupled to the token interface and the system interface, the processor configured to; receive a certificate including an identity portion and a private key identifier, the certificate issued to an owner of the token; and transferring the identity portion and the private key identifier to the token such that the identity portion and the private key identifier are stored in the storage structure, wherein, the storage structure indexed such that the private key identifier is accessible using only the identity portion - View Dependent Claims (20, 21)
-
Specification