Personal authentication device and system and method thereof
First Claim
1. A personal authentication device (PAD) comprising:
- at least one storage medium storing at least one CA public key, each public key associated with a certificate authority (CA);
one or more input means for receiving one or more digital certificates, wherein the one or more digital certificates comprise at least one ticket-generation certificate including at least one service key generating program or information indicating at least one service key generating program;
a processing component forauthenticating the one or more received digital certificates using the at least one stored CA public key, andgenerating at least one service key based on the one or more authenticated digital certificates; and
an output means for outputting the at least one service key,wherein the at least one storage medium comprises at least one component for storing a PAD private key associated with the PAD and used by the PAD to authenticate the PAD to a user, andwherein the one or more input means comprises at least one component for receiving a PAD authentication request from the user;
the processing component comprises at least one component for responding to the PAD authentication request using the stored PAD private key; and
the output means comprises at least one component for outputting responses to the PAD authentication request.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a flexible, tamper-resistant authentication system, or personal authentication device (PAD), which can support applications in authentication, authorization and accounting. The PAD stores at least one public key associated with a certificate authority (CA) and receives one or more digital certificates, which may be authenticated based on the stored CA public keys. The PAD outputs a service key that, depending on the application, may be used to gain access to a controlled space, obtain permission for taking a certain action, or receive some service. The operation of the PAD and the nature of the service key may be determined by digital certificates that it receives during operation. Using a stored PAD private key that is kept secret, the PAD may perform a variety of security-related tasks, including authenticating itself to a user, signing service keys that it generates, and decrypting content on received digital certificates.
-
Citations
75 Claims
-
1. A personal authentication device (PAD) comprising:
-
at least one storage medium storing at least one CA public key, each public key associated with a certificate authority (CA); one or more input means for receiving one or more digital certificates, wherein the one or more digital certificates comprise at least one ticket-generation certificate including at least one service key generating program or information indicating at least one service key generating program; a processing component for authenticating the one or more received digital certificates using the at least one stored CA public key, and generating at least one service key based on the one or more authenticated digital certificates; and an output means for outputting the at least one service key, wherein the at least one storage medium comprises at least one component for storing a PAD private key associated with the PAD and used by the PAD to authenticate the PAD to a user, and wherein the one or more input means comprises at least one component for receiving a PAD authentication request from the user;
the processing component comprises at least one component for responding to the PAD authentication request using the stored PAD private key; and
the output means comprises at least one component for outputting responses to the PAD authentication request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
-
-
39. An authentication method comprising:
-
storing on a personal authentication device (PAD) at least one CA public key, each public key associated with a certificate authority (CA); receiving one or more digital certificates, wherein the one or more digital certificates comprise at least one ticket-generation certificate including at least one service key generating program or information indicating at least one service key generating program; authenticating the one or more received digital certificates using the at least one stored CA public key; generating at least one service key based on the one or more authenticated digital certificates; outputting the at least one service key; storing on the personal authentication device (PAD) a PAD private key associated with the PAD and used by the PAD to authenticate the PAD to a user; receiving a PAD authentication request from the user; responding to the PAD authentication request using the stored PAD private key; and outputting the response to the PAD authentication request. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75)
-
Specification