Digital Identity and Authorization for Machines with Replaceable Parts
First Claim
1. A machine, the machine comprising:
- a plurality of slots each of the slots configured to receive one or more components for implementing some functionality role of the slot in the machine;
one or more replaceable components in each of the slots wherein the components are configured to communicate or be communicated for, on behalf of a slot or the machine, to an external system or set of systems that implement rules to perform authorization or other operations based on the role of the slot in the context of the machine, and independent of the component per se; and
wherein a different derived key is used to communicate by or for each component with the external system, wherein each derived key for a component is derived from a machine proof for the machine and information identifying the slot in which the component is installed.
1 Assignment
0 Petitions
Accused Products
Abstract
A machine includes a number of slots. Each of the slots is configured to receive one or more components for implementing some functionality role of the slot in the machine. The machine further includes one or more replaceable components in each of the slots. The components are configured to communicate (or be communicated for) on behalf of a slot or the machine, to an external system(s). The external system(s) implement rules to perform authorization or other operations based on the role of the slot in the context of the machine. A different derived key is used to communicate by or for each component with the external system. Each derived key for a component is derived from a machine proof for the machine and information identifying the slot in which the component is installed.
14 Citations
20 Claims
-
1. A machine, the machine comprising:
-
a plurality of slots each of the slots configured to receive one or more components for implementing some functionality role of the slot in the machine; one or more replaceable components in each of the slots wherein the components are configured to communicate or be communicated for, on behalf of a slot or the machine, to an external system or set of systems that implement rules to perform authorization or other operations based on the role of the slot in the context of the machine, and independent of the component per se; and wherein a different derived key is used to communicate by or for each component with the external system, wherein each derived key for a component is derived from a machine proof for the machine and information identifying the slot in which the component is installed. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In a computing environment, a method of verifying a component by verifying a machine in which the component is implemented and the role of the component within the machine, the method comprising:
-
receive a request from a machine for a component to perform some function; receive a token or a key for the component in conjunction with the request; authenticate the token or key to the machine in which the component is implemented; authenticate the token or key to a particular role of the component within the machine; and based on both authenticating the token or key to the machine and authenticating the token or key to the particular role of the component within the machine, authorize the function by verifying the machine and the role, but not the specific component for the role. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for verifying a component by verifying the machine in which the component is implemented and the role of the component within the machine, the method comprising:
-
a key vault, wherein the key vault is configured to store cryptographic proof for one or more machines; one or more processors; and one or more computer-readable media, wherein the one or more computer-readable media comprise computer-executable instructions that when executed by at least one of the one or more processors cause at least one of the one or more processors to perform the following; receive a request from a machine for a component to perform some function; receive a token or a key for the component in conjunction with the request, wherein the token or key for the component is based on a machine key for the machine, stored in the key vault; receive information identifying the machine; receive information identifying a particular role of the component in the machine; authenticate the token or key to the machine in which the component is implemented by using the machine key for the machine in the key vault; authenticate the token or key to the particular role of the component within the machine; and based on both authenticating the token or key to the machine and authenticating the token or key to the particular role of the component within the machine, authorize the function by verifying the machine and the role, but not the specific component for the role. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification