Trusted signature with key access permissions

US 7,853,793 B2
Filed: 05/03/2004
Issued: 12/14/2010
Est. Priority Date: 05/03/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A non-transitory computer-readable medium having computer-readable instructions stored thereon that, upon execution by a processor, cause the processor to:

determine a hash value corresponding to information;

determine, based on a permission policy, whether an application associated with the information has permission to access at least one private key of a plurality of private keys, wherein the plurality of private keys are stored in a hierarchical namespace structure, and further wherein a single permission class of the permission policy is used to control access to the plurality of private keys within different parts of the hierarchical namespace structure; and

if the application has permission to access the private key, generate a digital signature with the private key, wherein the digital signature is based at least in part on the hash value.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Devices, methods, and computer code products are disclosed in which access to private keys required to create digital signatures for delimited information is controlled by permissions in the device. The permissions can be used to check the identity of an application to determine if the application has access to a digital key and permission to generate a digital signature.

Citations

17 Claims

1. A non-transitory computer-readable medium having computer-readable instructions stored thereon that, upon execution by a processor, cause the processor to:
- determine a hash value corresponding to information;
  
  determine, based on a permission policy, whether an application associated with the information has permission to access at least one private key of a plurality of private keys, wherein the plurality of private keys are stored in a hierarchical namespace structure, and further wherein a single permission class of the permission policy is used to control access to the plurality of private keys within different parts of the hierarchical namespace structure; and
  
  if the application has permission to access the private key, generate a digital signature with the private key, wherein the digital signature is based at least in part on the hash value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the plurality of private keys are stored on a smart card.
  - 3. The non-transitory computer-readable medium of claim 1, wherein the application is configured to present the information to a user through a user interface for delimiting.
  - 4. The non-transitory computer-readable medium of claim 1, wherein the processor is further caused to receive an identity of the application and compare the identity to the permission policy to determine whether the application has permission to access the private key.
  - 5. The non-transitory computer-readable medium of claim 1, wherein a second private key is stored at a second location and further wherein a second permission policy is used to control access to the second private key.
  - 6. The non-transitory computer-readable medium of claim 1, wherein the permission policy includes an identity of the application.
  - 7. The non-transitory computer-readable medium of claim 1, wherein the permission policy is established by an owner of the private key.
  - 8. The non-transitory computer-readable medium of claim 1, wherein the permission policy comprises an instance of a class of permission policies.

9. A method for generating a digital signature, the method comprising:
- calculating a hash value corresponding to information;
  
  determining, based on a permission policy, whether an application associated with the information has permission to access a private key of a plurality of private keys, wherein the plurality of private keys are stored in a hierarchical namespace structure, and further wherein a single permission class of the permission policy is used to control access to the plurality of private keys within different parts of the hierarchical namespace structure; and
  
  if the application has permission to access the private key, using the private key to generate a digital signature based at least in part on the hash value.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method of claim 9, wherein determining whether the application has access to the private key is based at least in part on an identity of the application.
  - 11. The method of claim 9, further comprising providing the digital signature to the application.
  - 12. The method of claim 9, wherein the digital signature is generated by a cryptographic algorithm.
  - 13. The method of claim 9, further comprising determining, based on a second permission policy, whether the application has access to a second private key.
  - 14. The method of claim 9, further comprising providing the hash value and a key identifier corresponding to the private key to a cryptographic algorithm, wherein the cryptographic algorithm is used to generate the digital signature.
  - 15. The method of claim 9, further comprising employing a dedicated device manager to administer the permission policy, wherein the dedicated device manager is independent of the application.
  - 16. The method of claim 9, further comprising employing a security model to administer the permission policy, wherein the security model uses an identity of the application to determine whether the application has access to the private key.
  - 17. The method of claim 9, wherein determining whether the application has permission to access the private key is performed remotely.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ThinkLogix, LLC (Ascend Innovation Management, LLC)
Original Assignee
Spyder Navigations LLC (Intellectual Ventures LLC)
Inventors
Cofta, Piotr, Immonen, Olli
Primary Examiner(s)
Dinh; Minh

Application Number

US10/838,642
Publication Number

US 20050246539A1
Time in Patent Office

2,416 Days
Field of Search

None
US Class Current

713/176
CPC Class Codes

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

Trusted signature with key access permissions

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted signature with key access permissions

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links