METHODS AND SYSTEMS FOR ASSIGNING ROLES ON A TOKEN

US 20080209225A1
Filed: 02/28/2007
Published: 08/28/2008
Est. Priority Date: 02/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method of assigning roles to a token, the method comprising:

assigning a first role for a first participant on a token;

providing exclusive access to a first section of the token for the first participant base on the first role;

assigning a second role for a second participant on the token; and

providing exclusive access to a second section of the token for the second participant based on the second role.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment relates generally to a method of assigning roles to a token. The method includes determining a first role for a first participant on a token and providing exclusive access to a first section of the token for the first participant base on the first role. The method also includes determining a second role for a second participant on the token and providing exclusive access to a second section of the token for the second participant based on the second role.

145 Citations

View as Search Results

21 Claims

1. A method of assigning roles to a token, the method comprising:
- assigning a first role for a first participant on a token;
  
  providing exclusive access to a first section of the token for the first participant base on the first role;
  
  assigning a second role for a second participant on the token; and
  
  providing exclusive access to a second section of the token for the second participant based on the second role.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the step of providing exclusive access to the first section of the token further comprises:
    - signing a first applet based on a first set of keys, wherein the first participant has access to a first cryptographic key to obtain access to the first applet.
  - 3. The method of claim 2, further comprising:
    - generating a second set of keys based on a cryptographic key held only by the first participant;
      
      associating the second set of keys with the first applet; and
      
      disassociating the first set of keys with the first applet.
  - 4. The method of claim 3, wherein the step of providing exclusive access to a second section of the token further comprises:
    - signing the first applet based on the second set of keys to obtain access to the first applet; and
      
      inserting a second applet on the second section.
  - 5. The method of claim 4, further comprising:
    - generating a third set of keys based on a cryptographic key held by the first participant and the second participant; and
      
      associating the third set of keys with the second applet.
  - 6. The method of claim 5, further comprising:
    - signing the second applet based on the third set of keys to obtain access to the second applet;
      
      generating a fourth set of keys based on a cryptographic key held only by the second participant;
      
      associating the fourth set of keys with the second applet; and
      
      disassociating the third set of keys with the second applet.

7. An apparatus configured to assign roles on a token, the apparatus comprising:
- a security server;
  
  a token reader configured to receive and read a token, each token comprising multiple applets;
  
  a client configured to interface with the token reader and the security server; and
  
  a role assigner module configured to be executed by the security server to manage the token, wherein the client invokes the role assigner module to assign exclusive access to an applet based on a role of a participant.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The apparatus of claim 7, wherein the token is configured with a first applet and a first set of keys, the first set of keys based on a shared cryptographic key between a manufacturer of a token and a first participant.
  - 9. The apparatus of claim 8, wherein the role assigner module is configured to perform a key changeover of the first set of keys to a second set of keys based on an cryptographic key held by the first participant and assocoatomg the first applet with the second set of keys.
  - 10. The apparatus of claim 9 wherein the role assigner module is configured to insert a second applet and associate the second applet with a third set of keys for a second participant, wherein the third set of keys is based on a cryptographic key shared between the first and second participants.
  - 11. The apparatus of claim 10, further comprising a second client configured to interface with a second token reader, wherein the second client invokes the role assigner module to assign the second participant exclusive access to the second applet in response to received the token from the first participant.
  - 12. The apparatus of claim 11, wherein the second client accesses the second applet based on the second cryptographic key held by the first and second participants and the role assigner module is invoked to perform a second key changeover from the second set of keys to a third set of keys based on a second cryptographic key held only by the second participant.
  - 13. The apparatus of claim 12, wherein the role assigner module encrypts the second applet with the third set of keys to the second applet to provide exclusive access to the second applet by the second client.

14. A system for assigning roles on a token, the system comprising:
- a security server;
  
  at least two token readers, each token reader configured to receive and read a token and comprising multiple applets;
  
  at least two clients, each client configured to interface with a respective and the security server; and
  
  a role assigner module configured to be executed by the security server to manage the token, wherein the client invokes the role assigner module to assign exclusive access to an applet based on a role of a participant.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The system of claim 14, wherein the token is configured with a first applet and a first set of keys, wherein the first set of keys is based on a cryptographic key held by a first participant and a third party.
  - 16. The system of claim 15, wherein the role assigner module is configured to sign the first applet based on the cryptographic key and perform a key changeover of the first set of keys to a second set of keys based on a second cryptographic key held only by the first participant.
  - 17. The system of claim 16, wherein the role assigner module is configured to associate the first applet based on the second set of keys.
  - 18. The system of claim 17 wherein the role assigner module is configured to associate a second applet with a third set of keys, wherein the third set of keys is based on a third cryptographic key shared by the first participant and a second participant.
  - 19. The system of claim 18, further comprising a second client configured to interface with a second token reader, wherein the second client invokes the role assigner module to assign the second participant exclusive access to the second applet in response to received the token from the first participant.
  - 20. The system of claim 19, wherein the second client accesses the second applet based on the second decryption key and the role assigner module is invoked to perform a second key changeover from the third set of keys to a fourth set of keys based on a fourth cryptographic key held only by the second participant.
  - 21. The system of claim 20, wherein the role assigner module associates the second applet with the fourth set of keys to provide exclusive access to the second applet by the second client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Parkinson, Steven W., Lord, Robert, Relyea, Robert

Granted Patent

US 8,639,940 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/185
CPC Class Codes

G06F 21/77 in smart cards

METHODS AND SYSTEMS FOR ASSIGNING ROLES ON A TOKEN

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

145 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR ASSIGNING ROLES ON A TOKEN

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

145 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links