Integrated circuit card with situation dependent identity authentication

US 6,779,113 B1
Filed: 11/05/1999
Issued: 08/17/2004
Est. Priority Date: 11/05/1999
Status: Expired due to Fees

First Claim

Patent Images

1. An integrated circuit (IC) device comprising:

a memory;

a processor coupled to access the memory;

an authentication vector stored in the memory to track identities that are authenticated; and

a mask stored in the memory and combinable with the authentication vector to change the identities that are authenticated.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention concerns an integrated circuit (IC) device, such as smart cards, electronic wallets, PC cards, and the like, and various methods, for authenticating identities and authorizing transactions based on the authenticated identities in a situation-dependent manner. The IC device has a memory and a processor. The IC device maintains an identity authentication table in the memory to hold an arbitrary number of identities. The identity authentication table correlates identities with authentication protocols, so that different protocols can be used to authenticate associated identities. The identity authentication table also correlates counts with the identities. Individual counts specify a number of uses of the IC device for a corresponding identity without requiring the IC device to authenticate the identity for each use. The IC device also maintains an authentication vector in memory. The authentication vector tracks identities in the identity authentication table that are currently authenticated by the IC device. The IC device also maintains one or more masks that can be used to modify the authentication vector in a situation-dependent manner. The IC device further maintains authorization tables in the memory and in association with particular files used in transactions. Each authorization table defines authorization for a particular transaction as a Boolean expression of the identities listed in the identity authentication table.

100 Citations

View as Search Results

40 Claims

1. An integrated circuit (IC) device comprising:
- a memory;
  
  a processor coupled to access the memory;
  
  an authentication vector stored in the memory to track identities that are authenticated; and
  
  a mask stored in the memory and combinable with the authentication vector to change the identities that are authenticated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The integrated circuit device of claim 1, wherein the mask extends the identities that are authenticated by the authentication vector.
  - 3. The integrated circuit device of claim 1, wherein the mask restricts the identities that are authenticated by the authentication vector.
  - 4. The integrated circuit device of claim 1 further comprising a plurality of masks stored in the memory, each mask being configured to either extend or restrict the identities that are authenticated by the authentication vector.
  - 5. The integrated circuit device of claim 1 further comprising an authorization table stored in the memory that defines authorization for a particular transaction as an evaluatable expression of authenticatable identities.
  - 6. The integrated circuit device of claim 5, wherein the processor is configured to combine the mask with the authentication vector to provide an effective authentication vector and to use the effective authentication vector to evaluate the evaluatable expression of authenticatable identities for a particular transaction.
  - 7. The integrated circuit device of claim 1 embodied as a smart card.
  - 8. The integrated circuit device of claim 7, wherein the mask, when combined with the authentication vector, complies with the ISO 7816-4 standard.

9. An integrated circuit (IC) device comprising:
- a memory;
  
  a processor coupled to access the memory;
  
  an authentication vector stored in the memory to track identities that are authenticated;
  
  a mask stored in the memory and combinable with the authentication vector to change the identities that are authenticated; and
  
  an authorization table stored in the memory that defines authorization for a particular transaction as a Boolean expression of authenticatable identities.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The integrated circuit card of claim 9, wherein the processor is configured to combine the mask with the authentication vector to provide an effective authentication vector, and to use the effective authentication vector to evaluate the Boolean expression for a particular transaction.
  - 11. The integrated circuit card of claim 9, wherein the mask extends the identities that are authenticated by the authentication vector.
  - 12. The integrated circuit card of claim 9, wherein the mask restricts the identities that are authenticated by the authentication vector.
  - 13. The integrated circuit card of claim 9, further comprising a plurality of masks stored in the memory, each mask being configured to either extend or restrict the identities that are authenticated by the authentication vector.
  - 14. The integrated circuit card of claim 9, further comprising:
15. The integrated circuit card of claim 9 embodied as a smart card.

16. An integrated circuit (IC) device embodied as a smart card comprising:
- a memory;
  
  a processor coupled to access the memory; and
  
  a plurality of masks stored in the memory, each mask being usable by the processor to change authenticated identities for a particular smart card transaction.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The integrated circuit device of claim 16, further comprising a plurality of files in the memory, each file having associated therewith one or more masks.
  - 18. The integrated circuit device of claim 16, further comprising a plurality of files in the memory, each file having associated therewith a pair of masks, one of the masks being an extension mask that extends authenticated identities, and one of the masks being a restriction mask that restricts authenticated identities.
  - 19. The integrated circuit device of claim 16, wherein individual masks extend the authenticated identities.
  - 20. The integrated circuit device of claim 16, wherein individual masks restrict the authenticated identities.
  - 21. The integrated circuit device of claim 16, wherein individual masks restrict or extend the authenticated identities.
  - 22. The integrated circuit device of claim 16, wherein individual masks enable compliance with the ISO 7816-4 standard.

23. An integrated circuit (IC) device embodied as a smart card comprising:
- a memory;
  
  one or more executable programs stored in memory; and
  
  one or more masks operably associated with one or more programs, the masks being configured to temporarily modify authenticated identities when a program with which they are associated executes.
- View Dependent Claims (24)
- - 24. The integrated circuit device of claim 23, wherein the masks are configured to either extend or restrict the authenticatable identities.

25. A storage medium embodied in an integrated circuit (IC) device comprising:
- one or more executable programs; and
  
  one or more masks operably associated with one or more programs, the masks being configured to temporarily modify authenticated identities when a program with which they are associated executes.
- View Dependent Claims (26)
- - 26. The storage medium of claim 25, wherein the masks either extend or restrict the identities that are authenticated.

27. A storage medium embodied in an integrated circuit device smart card comprising:
- an authentication vector to track identities that are authenticated;
  
  a mask to change identities that are authenticated; and
  
  code for combining the mask with the authentication vector to change the identities that are tracked by the authentication vector.
- View Dependent Claims (28, 29, 30)
- - 28. The storage medium of claim 27, wherein the mask extends the identities that are authenticated.
  - 29. The storage medium of claim 27, wherein the mask restricts the identities that are authenticated.
  - 30. The storage medium of claim 27 further comprising an authorization table that defines authorization for a particular transaction as a Boolean expression of authenticatable identities, and wherein the code evaluates Boolean expressions after combining the mask with the authentication vector.

31. A method of authenticating entities using an integrated circuit device comprising:
- defining an authentication vector that tracks identities that are authenticated;
  
  temporarily modifying the authentication vector for one transaction to change the identities and provide a modified authentication vector for the one transaction;
  
  evaluating an expression with the modified authentication vector, the expression defining authorization for the particular transaction; and
  
  changing the modified authentication vector back to an authentication vector that was defined prior to said modifying.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. The method of claim 31, wherein said modifying comprises combining a mask with the authentication vector.
  - 33. The method of claim 31, wherein said modifying comprises extending the identities that are tracked by the authentication vector.
  - 34. The method of claim 31, wherein said modifying comprises restricting the identities that are tracked by the authentication vector.
  - 35. The method of claim 31, wherein said modifying comprises extending or restricting the identities that are tracked by the authentication vector.
  - 36. The method of claim 31, wherein said modifying comprises combining a mask with the authentication vector that either extends or restricts the identities that are tracked by the authentication vector.
  - 37. The method of claim 31, wherein said evaluating comprises evaluating a Boolean expression.

38. A method of authenticating entities using an integrated circuit device comprising:
- defining an authorization table that defines authorization for a particular transaction as a Boolean expression of authenticatable identities;
  
  maintaining an authentication vector that tracks identities that are authenticated;
  
  combining a mask with the authentication vector to change the identities that are authenticated; and
  
  evaluating a Boolean expression in the authorization table using the changed identities.
- View Dependent Claims (39, 40)
- - 39. The method of claim 38, wherein said combining extends the identities that are authenticated.
  - 40. The method of claim 38, wherein said combining restricts the identities that are authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Guthery, Scott B.
Primary Examiner(s)
Smithers, Matthew

Application Number

US09/434,684
Time in Patent Office

1,747 Days
Field of Search

713/172, 713/168, 713/185, 713/182, 713/201, 713/159, 713/193, 705/65, 705/67
US Class Current

713/172
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 21/40   by quorum, i.e. whereby two...

G06F 21/72   in cryptographic circuits

G06F 21/77   in smart cards

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2153   Using hardware token as a s...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3674   involving authentication

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G07F 7/1008   Active credit-cards provide...

G07F 7/1083   Counting of PIN attempts

H04L 2209/04   Masking or blinding

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0853   using an additional device,...

H04L 9/3234   involving additional secure...

Integrated circuit card with situation dependent identity authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

100 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Integrated circuit card with situation dependent identity authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

100 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links