Content control method using certificate chains
First Claim
Patent Images
1. A method for authenticating an entity by a storage device, the method comprising:
- performing by a storage device in communication with an entity;
receiving from the entity a plurality of certificates for authenticating the entity to the storage device, the plurality of certificates being ordered and received from the entity one at a time in that order;
storing the plurality of certificates in the storage device one at a time in the order in which they are received by, except for the first one of the plurality of certificates, overwriting a previously-stored certificate after it has been verified;
verifying the plurality of certificates in the order in which they are received, wherein a first one of the plurality of certificates is verified against a root certificate;
detecting that a last one of the plurality of certificates has been verified; and
authenticating the entity to the storage device using the last one of the plurality of certificates if it has been verified.
3 Assignments
0 Petitions
Accused Products
Abstract
Continuous strings of certificates in a certificate chain received by a memory device sequentially in the same order that the strings are verified. Each string except for the last may be overwritten by the next one in the sequence.
144 Citations
32 Claims
-
1. A method for authenticating an entity by a storage device, the method comprising:
-
performing by a storage device in communication with an entity; receiving from the entity a plurality of certificates for authenticating the entity to the storage device, the plurality of certificates being ordered and received from the entity one at a time in that order; storing the plurality of certificates in the storage device one at a time in the order in which they are received by, except for the first one of the plurality of certificates, overwriting a previously-stored certificate after it has been verified; verifying the plurality of certificates in the order in which they are received, wherein a first one of the plurality of certificates is verified against a root certificate;
detecting that a last one of the plurality of certificates has been verified; andauthenticating the entity to the storage device using the last one of the plurality of certificates if it has been verified. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for mutual authentication between an entity and a storage device, the method comprising:
-
(a) receiving at a storage device from an entity a first plurality of certificates for authenticating the entity to the storage device, the first plurality of certificates being ordered and received from the entity one at a time in that order; (b) storing the first plurality of certificates in the storage device one at a time in the order in which they are received by, except for the first one of the first plurality of certificates, overwriting a previously-stored certificate after it has been verified; (c) verifying at the storage device the first plurality of certificates in the order in which they are received, wherein a first one of the first plurality of certificates is verified against a root certificate; (d) detecting at the storage device that a last one of the first plurality of certificates has been verified; (e) authenticating at the storage device the entity to the storage device using the last one of the first plurality of certificates if it has been verified; (f) sending from the storage device to the entity a second plurality of certificates for authenticating the storage device to the entity, a last one of the second plurality of certificates being sent along with an indication that it is a last certificate; (g) receiving at the storage device an authentication challenge from the entity; and (h) responding at the storage device to the authentication challenge from the entity. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A storage device comprising:
-
a memory storing a root certificate; and a controller in communication with the memory and operative to; receive from an entity a plurality of certificates for authenticating the entity to the storage device, the plurality of certificates being ordered and received from the entity one at a time in that order; store the plurality of certificates in the storage device one at a time in the order in which they are received by, except for the first one of the plurality of certificates, overwriting a previously-stored certificate after it has been verified; verify the plurality of certificates in the order in which they are received, wherein a first one of the plurality of certificates is verified against the root certificate stored in the memory; detect that a last one of the plurality of certificates has been verified; and authenticate the entity to the storage device using the last one of the plurality of certificates if it has been verified. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
-
Specification