CONTENT CONTROL METHOD USING CERTIFICATE REVOCATION LISTS

US 20100138652A1
Filed: 12/17/2009
Published: 06/03/2010
Est. Priority Date: 07/07/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for determining if a certificate is revoked, the method comprising:

performing in a non-volatile storage device while it is operatively coupled to a host;

(a) receiving a certificate from the host for attempting to authenticate it to the non-volatile storage device, and(b) determining if the certificate is revoked by searching for a reference to the certificate in a certificate revocation list cached in the non-volatile storage device, wherein the certificate revocation list is cached and current prior to the non-volatile storage device receiving the certificate for attempting to authenticate the host to the non-volatile storage device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Host devices present both the host certificate and the pertinent certificate revocation lists to the memory device for authentication so that the memory device need not obtain the list on its own. Processing of the certificate revocation list and searching for the certificate identification may be performed concurrently by the memory device. The certificate revocation lists for authenticating host devices to memory devices may be stored in an unsecured area of the memory device for convenience of users.

Citations

16 Claims

1. A method for determining if a certificate is revoked, the method comprising:
- performing in a non-volatile storage device while it is operatively coupled to a host;
  
  (a) receiving a certificate from the host for attempting to authenticate it to the non-volatile storage device, and(b) determining if the certificate is revoked by searching for a reference to the certificate in a certificate revocation list cached in the non-volatile storage device, wherein the certificate revocation list is cached and current prior to the non-volatile storage device receiving the certificate for attempting to authenticate the host to the non-volatile storage device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising:
    - rejecting the attempt to authenticate the host if the searching produces a reference to the certificate in the certificate revocation list.
  - 3. The method of claim 1 further comprising:
    - receiving a certificate revocation list from the host; and
      
      if the certificate revocation list received from the host is newer than the current certificate revocation list in the non-volatile storage device and is verified by determining that the received certificate revocation list is issued by an issuer of the certificate, performing the following instead of performing (b);
      
      replacing the current certificate revocation list with the newer certificate revocation list; and
      
      using the newer certificate revocation list to determine if the certificate from the host is revoked.
  - 4. The method of claim 1, wherein the certificate revocation list is stored in the non-volatile storage device during manufacturing of the non-volatile storage device.
  - 5. The method of claim 1, wherein the certificate revocation list is associated with an account, and wherein the certificate revocation list is stored during creation of the account.
  - 6. The method of claim 1, wherein (b) is performed if there is, in fact, a certificate revocation list stored in the non-volatile storage device prior to the attempt by the host to authenticate to the non-volatile storage device;
    - otherwise, performing the following;
      
      receiving a certificate revocation list from the host;
      
      caching the certificate revocation list received from the host; and
      
      using the cached certificate revocation list received from the host to determine if the certificate from the host is revoked.
  - 7. The method of claim 1, wherein (b) is performed if there is, in fact, a certificate revocation list stored in the non-volatile storage device prior to the attempt by the host to authenticate to the non-volatile storage device;
    - otherwise, rejecting the attempt if a certificate revocation list is not provided by the host.
  - 8. The method of claim 1, wherein the certificate revocation list comprises serial numbers of revoked certificates.

9. A non-volatile storage device comprising:
- a memory configured to store a certificate revocation list; and
  
  a controller operative to;
  
  (a) receive a certificate from the host for attempting to authenticate it to the non-volatile storage device, and(b) determine if the certificate is revoked by searching for a reference to the certificate in a certificate revocation list cached in the non-volatile storage device, wherein the certificate revocation list is cached and current prior to the non-volatile storage device receiving the certificate for attempting to authenticate the host to the non-volatile storage device.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The non-volatile storage device of claim 9, wherein the controller is further operative to:
    - reject the attempt to authenticate the host if the searching produces a reference to the certificate in the certificate revocation list.
  - 11. The non-volatile storage device of claim 9, wherein the controller is further operative to:
    - receive a certificate revocation list from the host; and
      
      if the certificate revocation list received from the host is newer than the current certificate revocation list in the non-volatile storage device and is verified by determining that the received certificate revocation list is issued by an issuer of the certificate, perform the following instead of performing (b);
      
      replace the current certificate revocation list with the newer certificate revocation list; and
      
      use the newer certificate revocation list to determine if the certificate from the host is revoked.
  - 12. The non-volatile storage device of claim 9, wherein the certificate revocation list is stored in the non-volatile storage device during manufacturing of the non-volatile storage device.
  - 13. The non-volatile storage device of claim 9, wherein the certificate revocation list is associated with an account, and wherein the certificate revocation list is stored during creation of the account.
  - 14. The non-volatile storage device of claim 9, wherein the controller is further operative to perform (b) if there is, in fact, a certificate revocation list stored in the non-volatile storage device prior to the attempt by the host to authenticate to the non-volatile storage device;
    - otherwise, the controller is further operative to;
      
      receive a certificate revocation list from the host;
      
      each the certificate revocation list received from the host; and
      
      use the cached certificate revocation list received from the host to determine if the certificate from the host is revoked.
  - 15. The non-volatile storage device of claim 9, wherein the controller is further operative to perform (b) if there is, in fact, a certificate revocation list stored in the non-volatile storage device prior to the attempt by the host to authenticate to the non-volatile storage device;
    - otherwise, the controller is operative to reject the attempt if a certificate revocation list is not provided by the host.
  - 16. The non-volatile storage device of claim 9, wherein the certificate revocation list comprises serial numbers of revoked certificates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Inventors
Holtzman, Michael, Barzilai, Ron, Shmuel, Avraham, Sela, Rotem, Lin, Jason T.

Application Number

US12/641,160
Publication Number

US 20100138652A1
Time in Patent Office

Days
Field of Search
US Class Current

713/158
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 21/805   using a security table for ...

G06F 2221/2129   Authenticate client device ...

H04L 2209/60   Digital content management,...

H04L 63/0823   using certificates cryptogr...

H04L 63/0869   for achieving mutual authen...

H04L 9/321   involving a third party or ...

H04L 9/3228   One-time or temporary data,...

H04L 9/3234   involving additional secure...

H04L 9/3265   using certificate chains, t...

H04L 9/3268   using certificate validatio...

H04L 9/3273   for mutual authentication n...

H04L 9/50   using hash chains, e.g. blo...

CONTENT CONTROL METHOD USING CERTIFICATE REVOCATION LISTS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

CONTENT CONTROL METHOD USING CERTIFICATE REVOCATION LISTS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links