Integrated circuit card with identity authentication table and authorization tables defining access rights based on Boolean expressions of authenticated identities
First Claim
1. An integrated circuit (IC) device comprising:
- a memory;
a processor coupled to access the memory; and
an identity authentication table stored in the memory to hold an arbitrary number of identities associated with a single IC device user, to correlate authentication protocols with individual ones of the identities and to maintain counts for the identities, individual counts specifying a number of authenticated uses of the IC device for a corresponding identity without requiring the IC device to actually authenticate the identity for each of the authenticated uses.
2 Assignments
0 Petitions
Accused Products
Abstract
This invention concerns an integrated circuit (IC) device, such as smart cards, electronic wallets, PC cards, and the like, and various methods for authenticating identities and authorizing transactions based on the authenticated identities. The IC device has a memory and a processor. The IC device maintains an identity authentication table in the memory to hold an arbitrary number of identities. The identity authentication table correlates identities with authentication protocols, so that different protocols can be used to authenticate associated identities. The identity authentication table also correlates counts with the identities. Individual counts specify a number of uses of the IC device for a corresponding identity without requiring the IC device to authenticate the identity for each use. The IC device also maintains an authentication vector in memory. The authentication vector tracks identities in the identity authentication table that are currently authenticated by the IC device. The IC device further maintains authorization tables in the memory and in association with particular files used in transactions. Each authorization table defines authorization for a particular transaction as a Boolean expression of the identities listed in the identity authentication table.
140 Citations
53 Claims
-
1. An integrated circuit (IC) device comprising:
-
a memory;
a processor coupled to access the memory; and
an identity authentication table stored in the memory to hold an arbitrary number of identities associated with a single IC device user, to correlate authentication protocols with individual ones of the identities and to maintain counts for the identities, individual counts specifying a number of authenticated uses of the IC device for a corresponding identity without requiring the IC device to actually authenticate the identity for each of the authenticated uses. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An integrated circuit (IC) device comprising:
-
a memory;
a processor coupled to access the memory; and
an identity authentication table stored in the memory to hold an arbitrary number of identities associated with a single IC device user and to correlate a count with individual ones of the identities, the count specifying a number of authenticated uses of the IC device for a corresponding identity without requiring the IC device to actually authenticate the identity for each of the authenticated uses. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. An integrated circuit (IC) device comprising:
-
a memory;
a processor coupled to access the memory; and
an authorization table stored in the memory, to hold a plurality of authenticatable identities associated with a single IC device user, that defines authorization for a particular transaction as a Boolean expression of at least two of the identities and maintains counts for the identities, individual counts specifying a number of authenticated uses of the IC device for a corresponding identity without requiring the IC device to actually authenticate the identity for each of the authenticated uses. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. An integrated circuit (IC) device comprising:
-
a memory;
a processor coupled to access the memory; and
the processor being configured, to correlate an identity with one or more of an arbitrary number of identities using an identity authentication table stored in the memory to hold the arbitrary number of identities, to correlate a count with individual ones of the identities, the count specifying a number of authenticated uses of the IC device for a corresponding identity without requiring the IC device to actually authenticate the identity for each of the authenticated uses, and, upon receipt of an instantaneous authentication command containing an operation and an identity, based on the count, to verify authentication of the identity or to authenticate the identity. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
28. A method for authenticating an identity using an integrated circuit device, comprising the following steps:
-
receiving an identity;
determining whether the identity is listed in an identity authentication table maintained on the integrated circuit device to hold an arbitrary number of identities associated with a single integrated circuit device user;
correlating a count with individual ones of the identities, the count specifying a number of authenticated uses of the integrated circuit device for a corresponding identity without requiring the integrated circuit device to actually authenticate the identity for each of the authenticated uses; and
if the identity is listed, based on the count, verifying authentication of the identity or authenticating the identity using an authentication protocol correlated with the identity in the identity authentication table. - View Dependent Claims (29, 30, 31, 32)
repeating the determining and authenticating steps to authenticate multiple identities; and
performing a transaction as a Boolean expression of the multiple authenticated identities.
-
-
33. A method for authenticating an identity using an integrated circuit device, comprising the following steps:
-
correlating identities with a count in an identity authentication table maintained on the integrated circuit device to hold an arbitrary number of identities associated with a single integrated circuit device user, wherein the count specifies a number of authenticated uses for a corresponding identity without requiring actual authentication of the identity for each of the authenticated uses;
receiving an identity; and
upon each of the authenticated uses, decrementing the count associated with the identity in the identity authentication table. - View Dependent Claims (34)
requiring actual authentication of the identity if the count is at a predetermined value; and
foregoing actual authentication of the identity if the count is not at the predetermined value.
-
-
35. A method for authorizing a transaction, comprising the following steps:
-
tracking multiple authenticated identities associating an authorization table with a particular transaction, the authorization table holding an arbitrary number of identities associated with a single user and defining a Boolean expression of the one or more authenticated identities;
performing the particular transaction in an event that the Boolean expression in the authorization table is satisfied; and
decrementing a count, the count specifying a number of authenticated uses for a corresponding identity without requiring actual authentication of the identity for each of the authenticated uses.
-
-
36. A method for authorizing a transaction using an integrated circuit device holding an arbitrary number of identities associated with a single integrated circuit device user, comprising the following steps:
-
receiving an instantaneous authentication command containing an operation and an identity;
correlating the identity with a count, the count specifying a number of authenticated uses for a corresponding identity without requiring actual authentication of the identity for each of the authenticated uses;
based on the count, verifying authentication of the identity or authenticating the identity; and
performing the operation if the identity is verified or authenticated. - View Dependent Claims (37)
determining whether the identity is listed in an identity authentication table maintained on the integrated circuit device for holding the arbitrary number of identities; and
if the identity is listed, based on the count, verifying authentication of the identity or authenticating the identity using an authentication protocol correlated with the identity in the identity authentication table.
-
-
38. A storage medium embodied in an integrated circuit device, comprising:
-
an identity authentication table to hold multiple identities associated with a single integrated circuit device user and to correlate the identities with associated authentication protocols and a count, the count specifying a number of authenticated uses for a corresponding identity without requiring actual authentication of the identity for each of the authenticated uses; and
code means for performing the following steps;
(a) receiving an identity;
(b) determining whether the identity is listed in the identity authentication table; and
(c) if the identity is listed, based on the count, verifying authentication of the identity or authenticating the identity using the authentication protocol correlated with the identity in the identity authentication table.
-
-
39. A storage medium embodied in an integrated circuit device, comprising:
-
an identity authentication table to hold multiple identities associated with a single integrated circuit device user and to correlate the identities with associated authentication protocols and a count, the count specifying a number of authenticated uses for a corresponding identity without requiring actual authentication of the identity for each of the authenticated uses; and
code means for performing the following steps;
(a) receiving an instantaneous authentication command containing an operation and an identity;
(b) based on the count, verifying authentication of the identity or authenticating the identity using the authentication protocol correlated with the identity in the identity authentication table; and
(c) performing the operation if the identity is authenticated.
-
-
40. A storage medium embodied in an integrated circuit device, comprising:
-
an identity authentication table to hold multiple identities associated with a single integrated circuit device user;
an authentication vector to track the identities in the identity authentication table that are currently authenticated;
a count, the count specifying a number of authenticated uses for a corresponding identity without requiring actual authentication of the identity for each of the authenticated uses;
an authorization table stored in the storage medium that defines authorization for a particular transaction as a Boolean expression of the identities listed in the identity authentication table; and
code means for performing the following steps;
(a) receiving a request for the particular transaction;
(b) evaluating, from the counts and the authorization table, what identities need to be authenticated to satisfy the Boolean expression and gain authorization to perform the particular transaction; and
(c) determining, from the authentication vector, whether the identities needed to satisfy the Boolean expression are currently authenticated and if so, authorizing the particular transaction.
-
-
41. An integrated circuit (IC) device comprising:
-
a memory;
a processor coupled to access the memory; and
an identity authentication table stored in the memory to hold an arbitrary number of identities associated with a single IC device user, to maintain a count for each of the identities wherein the count specifies a number of authenticated uses for each identity without requiring actual authentication of the identity for each of the authenticated uses, to correlate authentication protocols with individual ones of the identities, to hold data required by the authentication protocols, and to correlate the data required by the authentication protocols with individual ones of the identities. - View Dependent Claims (42, 43, 44, 45, 46, 47)
-
-
48. A method for authenticating an identity using an integrated circuit device, comprising the following steps:
-
receiving an identity;
determining whether the identity is listed in an identity authentication table maintained on the integrated circuit device for holding identities associated with a single integrated circuit device user;
if the identity is listed, correlating the identity with a count, the count specifying a number of authenticated uses for the identity without requiring actual authentication of the identity for each of the authenticated uses; and
if the identity is listed, based on the count, verifying authentication of the identity or authenticating the identity using an authentication protocol and data required by the authentication protocol, the authentication protocol and the data correlated with the identity in the identity authentication table. - View Dependent Claims (49, 50, 51, 52)
repeating the determining, correlating and verifying or authenticating steps to authenticate multiple identities; and
performing a transaction as a Boolean expression of the multiple authenticated identities.
-
-
53. A storage medium embodied in an integrated circuit device, comprising:
-
an identity authentication table to hold multiple identities associated with a single integrated circuit device user, to correlate the identities with associated authentication protocols, to hold data required by the authentication protocols, and to correlate the identities with the data;
a count, the count specifying a number of authenticated uses for a corresponding identity without requiring actual authentication of the identity for each of the authenticated uses; and
code means for performing the following steps;
(a) receiving an identity;
(b) determining whether the identity is listed in the identity authentication table;
(c) if the identity is listed, correlating the identity with a count; and
(d) if the identity is listed, based on the count, verifying authentication of the identity or authenticating the identity using the authentication protocol and data correlated with the identity in the identity authentication table.
-
Specification