Information storage

US 6,941,476 B2
Filed: 05/10/2001
Issued: 09/06/2005
Est. Priority Date: 05/31/2000
Status: Expired due to Term

First Claim

Patent Images

1. A distributed storage system for storing at least one credential, provided by an issuing authority relating to an identity, the system comprising:

at least one unique identity having a local store, the store of the at least one identity securely storing one or more credentials relating to the owner of the identity; and

a security certificate provided at each identity for ensuring the authenticity of the one or more credentials, the security certificate providing a secure reference to the issuer of the one or more credentials that can be used in verifying the origin of each credential, the store being accessible by parties other than the owner and being arranged so the parties other than the owner are able to read the credentials and security certificates of the owner.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed storage system for storing at least one credential (46), provided by an issuing authority and relating to an identity (42, 44), is described. The system comprises: a plurality of unique identities (42, 44) each having a local store (40). Each local store (40) securely stores credentials (46) relating to the owner of the identity (42, 44). The system also comprises one or more security certificates (66) provided at each identity (42, 44) for ensuring the authenticity of the credentials (46). The security certificates (66) provide secure references to the issuers of the credentials (46) and this can be used in verifying the origin of each credential (46). The identity can be provided a website or a mobile phone for example.

Citations

24 Claims

1. A distributed storage system for storing at least one credential, provided by an issuing authority relating to an identity, the system comprising:
- at least one unique identity having a local store, the store of the at least one identity securely storing one or more credentials relating to the owner of the identity; and
  
  a security certificate provided at each identity for ensuring the authenticity of the one or more credentials, the security certificate providing a secure reference to the issuer of the one or more credentials that can be used in verifying the origin of each credential, the store being accessible by parties other than the owner and being arranged so the parties other than the owner are able to read the credentials and security certificates of the owner.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. A system according to claim 1, wherein the at least one identity comprises a hierarchical structure.
  - 3. A system according to claim 2, wherein the at least one identity comprises at least one role, the role being a subset of the identity having its own credentials within the identity.
  - 4. A system according to claim 1, further comprising a host site, the host site having a plurality of identities and associated stores.
  - 5. A system according to claim 4, wherein the host site comprises a management module for managing data access to and from the each of the identities and their associated stores.
  - 6. A system according to claim 4, wherein the host site comprises a trusted financial institution'"'"'s a website.
  - 7. A system according to claim 1, wherein the identity or host site comprises a website.
  - 8. A system according to claim 7, wherein the identity further comprises a homepage for providing general information regarding the identity.
  - 9. A system according to claim 1, wherein the local store of the identity comprises a portable mobile device which is connectable to a telecommunications network.
  - 10. A system according to claim 1, wherein the identity is arranged to store a private key of the identity for encryption of the identity.
  - 11. A system according to claim 10, wherein the identity is arranged to store a public key of the identity for decryption of the identity.
  - 12. A system according to claim 11, wherein the public key of the identity is embedded within each credential of the identity.
  - 13. A system according to claim 1, wherein the identity is arranged to store a public key of the authority which has issued the one or more credentials to the identity.
  - 14. A system according to claim 13, wherein the public keys for each of the at least one role and the identity are stored in the appropriate store or identity.
  - 15. A system according to claim 1, wherein at least some of the credentials are arranged to be encrypted.
  - 16. A system according to claim 1, wherein the one or more credentials each refers to the corresponding security certificate.
  - 17. A system according to claim 1, wherein the security certificate comprises information describing the issuer, the identity to whom the certificate has been issued, a validity period and a list of credentials to which the certificate relates.
  - 18. A system according to claim 1, wherein the certificate is digitally signed using a private key and the certificate contains a public key for reading the digital signature.
  - 19. A system according to claim 1, wherein the identity further comprises a generator module for generating a certificate regarding the identity for use in proxying credentials to the store of a different identity.
  - 20. A system according to claim 1, wherein the identity further comprises a mailbox for receiving messages from other identities.
  - 21. A system according to claim 20, wherein the identity further comprises an authorization function module arranged to check that a request for access to the mailbox has originated from an authorized identity.

22. A method of storing credentials relating to identities provided by an issuing authority in a distributed manner, the method comprising:
- securely storing one or more credentials relating to the owner of an identity in a local store of the identity;
  
  providing a security certificate at the identity for ensuring the authenticity of the one or more credentials, the security certificate providing a secure reference to the issuer of the one or more credentials that can be used in verifying origin of each credential; and
  
  accessing the store by parties other than the owner who read the credentials and security certificates of the owner.

23. An identity of an entity for making available credentials belonging to the entity to other entities, each entity comprising:
- a local store arranged to securely hold one or more credentials relating to the entity; and
  
  a certificate processing module for reading and verifying received security certificates and creating security certificates for transmission, the security certificates providing a secure reference to the issuer of the one or more credentials that can be used in verifying the origin of each credential, the store being accessible by parties other than the owner and being arranged so the parties other than the owner are able to read the credentials and security certificates of the owner.

24. A distributed storage system for storing a plurality of credentials, the system comprising:
- a plurality of identities for making available credentials belonging to an entity to other entities, each entity comprising a local store arranged to securely hold one or more credentials relating to the entity; and
  
  a certificate processing module for reading and verifying received security certificates and creating security certificates for transmission, the security certificates providing a secure reference to the issuer of the one or more credentials that can be used in verifying the origin of each credential, the store being accessible by parties other than said entity and being arranged so entities other than said entity are able to read the credentials and security certificates of said entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Valtrus Innovations Limited (f/k/a Dolya Holdco 9 Limited) (Key Patent Innovations Limited)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Monahan, Brian Quentin, Harrison, Keith Alexander, Mont, Marco Casassa
Primary Examiner(s)
Morse, Gregory A
Assistant Examiner(s)
Tran, Ellen C

Application Number

US09/852,262
Publication Number

US 20010049786A1
Time in Patent Office

1,580 Days
Field of Search

713/201, 713/153, 713/157, 713/200, 709/225, 709/229, 380/259, 380/264, 380/282, 380/286, 705/25, 705/56, 705/64, 705/65
US Class Current

726/5
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2115   Third party

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

Information storage

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Information storage

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links