Method and system for reducing a size of a security-related data object stored on a token

US 20080189543A1
Filed: 02/02/2007
Published: 08/07/2008
Est. Priority Date: 02/02/2007
Status: Active Grant

First Claim

Patent Images

1. A method for reducing a size of a security-related object stored in a token in a storage structure indexed according to data elements associated with the security-related object including a public key and a private key identifier identifying a private key assigned to an owner of the token, the method comprising:

receiving a request to access an encrypted data object, the request containing an identity reference to a certificate associated with the security-related object and the private key identifier, the private key identifier necessary to decrypt the encrypted data object; and

accessing the private key identifier in the storage structure using only the identity reference as an index.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide a method and system, including a client and security token, for reducing a size of a security-related object stored in the token. The object is stored in a storage structure that is indexed according to an identity reference to a certificate associated with the object and a private key identifier identifying a private key assigned to an owner of the token. A request to access an encrypted data object results in accessing the private key identifier in the storage structure using only the identity reference as an index.

Citations

21 Claims

1. A method for reducing a size of a security-related object stored in a token in a storage structure indexed according to data elements associated with the security-related object including a public key and a private key identifier identifying a private key assigned to an owner of the token, the method comprising:
- receiving a request to access an encrypted data object, the request containing an identity reference to a certificate associated with the security-related object and the private key identifier, the private key identifier necessary to decrypt the encrypted data object; and
  
  accessing the private key identifier in the storage structure using only the identity reference as an index.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the data object includes an email message.
  - 3. The method of claim 1, wherein the identity reference includes an issuer name and serial number associated with the certificate.
  - 4. The method of claim 1, wherein the identity reference includes a key identifier associated with the certificate.
  - 5. The method of claim 1, wherein the retrieving the corresponding private key identifier includes constructing an application program interface (API) command to retrieve the corresponding private key identifier using only the identity reference.
  - 6. The method of claim 1, wherein the token includes one of a smartcard and a universal serial bus (USB) token.
  - 7. An apparatus configured to perform the method of claim 1.
  - 8. A computer readable medium comprising computer executable instructions for causing a processor to perform the method of claim 1.

9. A method of indexing a storage structure on a token to reduce a size of a security-related object including a private key identifier identifying a private key assigned to an owner of the token, the token storing the security-related object in the storage structure, the method comprising:
- storing only an identity portion of a certificate associated with the security-related object and the private key identifier in the storage structure; and
  
  indexing the storage structure such that the private key identifier is indexed in association with the identity portion,wherein additional portions of the certificate are not stored in the storage structure.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, further comprising:
    - retrieving the private key identifier by searching the storage structure using only the identity portion in response to a request to decrypt a data object; and
      
      decrypting the data object using the retrieved private key identifier.
  - 11. The method of claim 9, wherein the data object includes an email message.
  - 12. The method of claim 9, wherein the identity portion includes one of an issuer name and serial number, and a key identifier associated with the certificate.

13. A security token in a computer system, the security token for storing security-related objects thereon, the security token comprising:
- an interface capable of connecting the token and the computer system;
  
  a memory configured with an indexable storage structure for storing the security objects; and
  
  a processor coupled to the interface and the memory, the processor configured to;
  
  receive a private key identifier and an identity portion of a certificate issued in connection with a security operation associated with an owner of the security token, the identity portion including less than all of the information associated with the certificate, andstore the identity portion of the certificate in the indexable storage structure in association with the private key identifier, such that the storage structure can be accessed using the identity portion as an index to the private key identifier.
- View Dependent Claims (14)
- - 14. The security token of claim 13, wherein the identity portion includes only an issuer and a serial number associated with the certificate.

15. A security token in a computer system, the security token for storing security-related objects thereon, the security token comprising:
- an interface capable of connecting the token and the computer system;
  
  a memory configured with an indexable storage structure for storing the security objects, the security objects including a private key identifier stored in association with an identity portion of a certificate issued to an owner of the security token, the identity portion including less than all of the information associated with the certificate; and
  
  a processor coupled to the interface and the memory, the processor configured to;
  
  receive a request for the private key identifier in connection with a decrypting operation, andretrieve the private key identifier by indexing into the storage structure using only the identity portion of the certificate.
- View Dependent Claims (16)
- - 16. The security token of claim 15, wherein the identity portion includes one of an issuer and a serial number, and a key identifier associated with the certificate.

17. A client in a multi-user computer system accessed using a token, the client for providing access to an encrypted message, the token having a memory including an indexable storage structure for storing security objects including an identity portion and a private key identifier associated with a certificate issued to an owner of the token, the storage structure indexed such that the private key identifier is accessible using only the identity portion, the client comprising:
- a system interface for connecting to the multi-user computer system;
  
  a token interface; and
  
  a processor coupled to the token interface and the system interface, the processor configured to;
  
  receive a request to decrypt the encrypted message using the private key identifier, the request including the identity portion;
  
  retrieve the private key identifier by indexing the storage structure using the identity portion.
- View Dependent Claims (18)
- - 18. The client of claim 17, wherein the identity portion includes only an issuer and a serial number associated with the certificate.

19. A client in a multi-user computer system accessed using a token, the token having a memory including an indexable storage structure for storing security objects, the client comprising:
- a system interface for connecting to the multi-user computer system;
  
  a token interface; and
  
  a processor coupled to the token interface and the system interface, the processor configured to;
  
  receive a certificate including an identity portion and a private key identifier, the certificate issued to an owner of the token; and
  
  transferring the identity portion and the private key identifier to the token such that the identity portion and the private key identifier are stored in the storage structure,wherein, the storage structure indexed such that the private key identifier is accessible using only the identity portion
- View Dependent Claims (20, 21)
- - 20. The client of claim 19, wherein the processor is further configured to:
    - receive a request to decrypt an encrypted message using the private key identifier, the request including the identity portion;
      
      retrieve the private key identifier by indexing the storage structure using the identity portion.
  - 21. The client of claim 19, wherein the identity portion includes only an issuer and a serial number associated with the certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Parkinson, Steven William

Granted Patent

US 8,813,243 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

H04L 63/0823   using certificates cryptogr...

H04L 63/0853   using an additional device,...

Method and system for reducing a size of a security-related data object stored on a token

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for reducing a size of a security-related data object stored on a token

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links