Method for using a portable computing device as a smart key device
First Claim
Patent Images
1. A method for performing cryptographic functions, the method comprising:
- engaging a first removable hardware device with a first system unit;
engaging a second removable hardware device with a second system unit;
communicatively coupling the first system unit and the second system unit while the first removable hardware device is engaged with the first system unit and the second removable hardware device is engaged with the second system unit;
wherein the first system unit includes a first hardware security unit and the second system unit includes a second hardware security unit,wherein the first hardware security unit includes a first private key corresponding to a first asymmetric cryptographic key pair, a first public key corresponding to a second asymmetric cryptographic key pair, a second private key corresponding to a third asymmetric cryptographic key pair; and
a second public key corresponding to a fourth asymmetric cryptographic key pair; and
wherein the second hardware security unit contains a third private key corresponding to the second asymmetric cryptographic key pair, a third public key corresponding to the first asymmetric cryptographic key pair, a fourth private key corresponding to the fourth asymmetric cryptographic key pair, and a fourth public key corresponding to the third asymmetric cryptographic key pair;
executing a mutual authentication operation between the first hardware security unit and the first removable hardware device based upon the first and second asymmetric cryptographic key pairs, which the first system unit and the second system unit are communicatively coupled;
executing a mutual authentication operation between the second hardware security unit and the second removable hardware device based upon a fifth and sixth asymmetric cryptographic key pairs while first system unit and the second system unit are communicatively coupled;
executing a mutual authentication operation between the first hardware security unit and the second hardware security based upon the third and fourth asymmetric cryptographic key pairs while the first system unit and the second system unit are communicatively coupled; and
in response to successfully performing the mutual authentication operation between the first and second hardware security units, enabling the first system unit to invoke cryptographic functions on the first hardware security unit while the first and second system units remain communicatively coupled.
3 Assignments
0 Petitions
Accused Products
Abstract
A first data processing system, which includes a first cryptographic device, is communicatively coupled with a second data processing system, which includes a second cryptographic device. The cryptographic devices then mutually authenticate themselves. The first cryptographic device stores a private key of a first asymmetric cryptographic key pair and a public key of a second asymmetric cryptographic key pair that is associated with the second data processing system. The second cryptographic device stores a private key of the second asymmetric cryptographic key pair and a public key of the first asymmetric cryptographic key pair that is associated with the first data processing system. In response to successfully performing the mutual authentication operation between the two cryptographic systems, the first data processing system is enabled to invoke sensitive cryptographic functions on the first cryptographic device while the first data processing system remains communicatively coupled with the second data processing system.
46 Citations
7 Claims
-
1. A method for performing cryptographic functions, the method comprising:
-
engaging a first removable hardware device with a first system unit; engaging a second removable hardware device with a second system unit; communicatively coupling the first system unit and the second system unit while the first removable hardware device is engaged with the first system unit and the second removable hardware device is engaged with the second system unit; wherein the first system unit includes a first hardware security unit and the second system unit includes a second hardware security unit, wherein the first hardware security unit includes a first private key corresponding to a first asymmetric cryptographic key pair, a first public key corresponding to a second asymmetric cryptographic key pair, a second private key corresponding to a third asymmetric cryptographic key pair; and
a second public key corresponding to a fourth asymmetric cryptographic key pair; andwherein the second hardware security unit contains a third private key corresponding to the second asymmetric cryptographic key pair, a third public key corresponding to the first asymmetric cryptographic key pair, a fourth private key corresponding to the fourth asymmetric cryptographic key pair, and a fourth public key corresponding to the third asymmetric cryptographic key pair; executing a mutual authentication operation between the first hardware security unit and the first removable hardware device based upon the first and second asymmetric cryptographic key pairs, which the first system unit and the second system unit are communicatively coupled; executing a mutual authentication operation between the second hardware security unit and the second removable hardware device based upon a fifth and sixth asymmetric cryptographic key pairs while first system unit and the second system unit are communicatively coupled; executing a mutual authentication operation between the first hardware security unit and the second hardware security based upon the third and fourth asymmetric cryptographic key pairs while the first system unit and the second system unit are communicatively coupled; and in response to successfully performing the mutual authentication operation between the first and second hardware security units, enabling the first system unit to invoke cryptographic functions on the first hardware security unit while the first and second system units remain communicatively coupled. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeServiceNow Incorporated
-
Original AssigneeInternational Business Machines Corporation
-
InventorsBade, Steven A., Chao, Ching-Yun
-
Primary Examiner(s)Vu; Kimyen
-
Assistant Examiner(s)Dada; Beemnet W
-
Application NumberUS11/014,067Publication NumberTime in Patent Office1,482 DaysField of Search713/164, 713/167, 713/169, 713/172, 713/189, 713/193, 726/9, 726/20, 380/277, 380/281, 380/282, 380/285US Class Current713/169CPC Class CodesG06F 21/33 using certificatesG06F 21/34 involving the use of extern...G06F 21/445 by mutual authentication, e...H04L 2209/56 Financial cryptography, e.g...H04L 2209/805 Lightweight hardware, e.g. ...H04L 9/3265 using certificate chains, t...H04L 9/3273 for mutual authentication n...
