Security token sharable data and synchronization cache

US 7,032,067 B2
Filed: 12/17/2002
Issued: 04/18/2006
Est. Priority Date: 12/17/2002
Status: Active Grant

First Claim

Patent Images

1. A system for caching information retrieved from at least one hardware security token, comprising said at least one hardware security token, a security token interface application programming interface (API), a cache API and at least one memory cache, wherein:

said at least one hardware security token is in processing communications with said security token interface API and includes information retrievable by said security token interface API,said security token interface API is functionally associated with said cache API, said security token interface API including means for retrieving said information from said at least one hardware security token, means for sending said retrieved information to said cache API and means for requesting said retrieved information from said cache API, andsaid cache API is functionally associated with said at least one memory cache, said cache API including means for storing said retrieved information in said at least one memory cache, means responsive to said request by said security token interface API for locating and returning said retrieved information from said at least one memory cache to said security token interface API.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention provides a system and method for implementing a middleware caching arrangement to minimize device contention, network performance and synchronization issues associated with enterprise security token usage. The invention comprises a token API mapped to a cache API. Logic associated with the token API preferentially retrieves information from a memory cache managed by the cache API. Mechanisms are included to periodically purge the memory cache of unused information.

17 Citations

View as Search Results

24 Claims

1. A system for caching information retrieved from at least one hardware security token, comprising said at least one hardware security token, a security token interface application programming interface (API), a cache API and at least one memory cache, wherein:
- said at least one hardware security token is in processing communications with said security token interface API and includes information retrievable by said security token interface API,said security token interface API is functionally associated with said cache API, said security token interface API including means for retrieving said information from said at least one hardware security token, means for sending said retrieved information to said cache API and means for requesting said retrieved information from said cache API, andsaid cache API is functionally associated with said at least one memory cache, said cache API including means for storing said retrieved information in said at least one memory cache, means responsive to said request by said security token interface API for locating and returning said retrieved information from said at least one memory cache to said security token interface API.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system according to claim 1 wherein said security token interface API further includes logic means for first requesting retrieval of said information from said cache API before attempting to retrieve said information from said at least one hardware security token.
  - 3. The system according to claim 2 wherein said logic means further includes means to determine if said information stored in said at least one memory cache is current.
  - 4. The system according to claim 1 wherein said request includes a unique hardware security token identifier, a semantic, or a unique hardware security token identifier and a semantic.
  - 5. The system according to claim 4 wherein said security token API further includes means for associating said unique hardware security token identifier with said semantic for generating a unique reference identifier.
  - 6. The system according to claim 5 wherein said cache API further includes means for associating said unique reference identifier with a unique cache identifier.
  - 7. The system according to claim 6 wherein said unique cache identifier is further associated with said retrieved information in the form of a retrievable data record.
  - 8. The system according to claim 7 wherein said data record is retrievably stored in said at least one memory cache.
  - 9. The system according to claim 1 wherein said cache API further includes means for generating and storing a pseudo-entry if said requested information is not present in said at least one hardware security token.
  - 10. The system according to claim 9 wherein said pseudo-entry is stored in said at least one memory cache by said cache API to prevent future requests for the same type of information from attempting to be retrieved from said at least one hardware security token.
  - 11. The system according to claim 1 further including means to limit the residence time in which at least a portion of said information is stored in said at least one memory cache.
  - 12. The system according to claim 1 further including means for maintaining synchronicity with said information retrieved from said at least one hardware security token.
  - 13. The system according to claim 1 wherein said information includes digital certificates, public keys, passwords, active session counters, security token properties and configurations, security token management information, security state information and a listing of applications installed inside said at least one hardware security token.
  - 14. The system according to claim 1 wherein said at least one memory cache is maintained in a remote server.
  - 15. The system according to claim 1 wherein said at least one memory cache is maintained in a local client.
  - 16. The system according to claim 1 wherein said at least one memory cache is maintained in both a local client and remote server.
  - 17. The system according to claim 1 wherein said at least one memory cache is maintained in a plurality of local clients and remote servers.

18. A method for caching information retrieved from at least one hardware security token comprising the steps of:
- a. receiving a request for at least a portion of said information by a security token interface application programming interface (API) which is in processing communications with said hardware security token,b. referring said request for said at least a portion of said information to a cache API functionally associated to said security token interface API,c. determining if said at least a portion of said information exists in at least one memory cache associated with said cache API,d. retrieving said at least a portion of said information from said at least one memory cache if available,e. retrieving said at least a portion of said information from said hardware security token if not available in said at least one memory cache, and,f. storing said retrieved information in said at least one memory cache.
- View Dependent Claims (19, 20, 21)
- - 19. The method according to claim 18 wherein said request includes a unique identifier associated with said hardware security token and a semantic.
  - 20. The method according to claim 19 wherein said at least a portion of said information is retrieved from said at least one memory cache using a unique cache identifier associated with, both said unique hardware security token identifier and said semantic.
  - 21. The method according to claim 18 further including the steps of:
    - a. verifying if said information stored in said at least one memory cache is current,b. if not, retrieving current information from said hardware security token,c. periodically purging said cache if no requests for said at least a portion of said information are received within a predetermined time frame.

22. A computer program product embodied in a tangible form for caching information retrieved from at least one hardware security token, with instructions executable by a processor for and performing the steps of:
- a. receiving a request for at least a portion of said information by a security token interface application programming interface (API) which is in processing communications with said hardware security token,b. referring said request for said at least a portion of said information to a cache API functionally associated to said security token interface API,c. determining if said at least a portion of said information exists in at least one memory cache associated with said cache API,d. retrieving said at least a portion of said information from said at least one memory cache if available,e. retrieving said at least a portion of said information from said hardware security token if not available in said at least one memory cache,f. storing said retrieved information in said at least one memory cache.
- View Dependent Claims (23, 24)
- - 23. The computer program product according to claim 22 wherein said request includes a unique identifier associated with said hardware security token and a semantic.
  - 24. The computer program product according to claim 22 wherein said at least a portion of said information is retrieved from said at least one memory cache using a unique cache identifier associated with both said unique hardware security token identifier and said semantic.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
ActivCard Co.
Inventors
Massard, Yves
Primary Examiner(s)
Ellis, Kevin L.
Assistant Examiner(s)
Chery, Mardochee

Application Number

US10/320,678
Publication Number

US 20040117574A1
Time in Patent Office

1,218 Days
Field of Search

709/225, 707/103.R, 711/3, 711/118, 711/113, 711/163, 711/164, 711/167
US Class Current

711/113
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/77   in smart cards

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3576   Multiple memory zones on card

G07F 7/1008   Active credit-cards provide...

Security token sharable data and synchronization cache

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Security token sharable data and synchronization cache

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links