Content control method using certificate chains

US 8,140,843 B2
Filed: 11/06/2006
Issued: 03/20/2012
Est. Priority Date: 07/07/2006
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating an entity by a storage device, the method comprising:

performing by a storage device in communication with an entity;

receiving from the entity a plurality of certificates for authenticating the entity to the storage device, the plurality of certificates being ordered and received from the entity one at a time in that order;

storing the plurality of certificates in the storage device one at a time in the order in which they are received by, except for the first one of the plurality of certificates, overwriting a previously-stored certificate after it has been verified;

verifying the plurality of certificates in the order in which they are received, wherein a first one of the plurality of certificates is verified against a root certificate;

detecting that a last one of the plurality of certificates has been verified; and

authenticating the entity to the storage device using the last one of the plurality of certificates if it has been verified.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Continuous strings of certificates in a certificate chain received by a memory device sequentially in the same order that the strings are verified. Each string except for the last may be overwritten by the next one in the sequence.

144 Citations

32 Claims

1. A method for authenticating an entity by a storage device, the method comprising:
- performing by a storage device in communication with an entity;
  
  receiving from the entity a plurality of certificates for authenticating the entity to the storage device, the plurality of certificates being ordered and received from the entity one at a time in that order;
  
  storing the plurality of certificates in the storage device one at a time in the order in which they are received by, except for the first one of the plurality of certificates, overwriting a previously-stored certificate after it has been verified;
  
  verifying the plurality of certificates in the order in which they are received, wherein a first one of the plurality of certificates is verified against a root certificate;
  
  detecting that a last one of the plurality of certificates has been verified; and
  
  authenticating the entity to the storage device using the last one of the plurality of certificates if it has been verified.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the last one of the plurality of certificates is received in a message that contains an indication of last certificate, and wherein the detecting is performed by checking for the indication.
  - 3. The method of claim 1, wherein the entity and storage device are removably connected to each other.
  - 4. The method of claim 1, further comprising sending a request to the entity for a next certificate in the plurality of certificates after receipt of each certificate except after receipt of the last certificate.
  - 5. The method of claim 1, wherein the entity comprises a host device removably connected to the storage device.
  - 6. The method of claim 1, wherein the storage device comprises a memory card.
  - 7. The method of claim 1, further comprising allocating not more memory space in the storage device than is needed for storing a largest one of the plurality of certificates.
  - 8. The method of claim 1, wherein the entity is a software application running on a host device, which is in communication with the storage device.
  - 9. The method of claim 1, wherein the entity is a software application running on a remote server connected to a host device, which is in communication with the storage device.
  - 10. The method of claim 1, wherein the entity is a software application running on a peripheral device connected to a host device, which is in communication with the storage device.
  - 11. The method of claim 1, wherein the entity is a host device in communication with the storage device.
  - 12. The method of claim 1, wherein starting from the second certificate, each certificate is verified against an immediately-prior-received certificate.
  - 13. The method of claim 1, wherein the plurality of certificates does not include the root certificate.
  - 14. The method of claim 4, further comprising receiving from the entity the next certificate in response to each request.

15. A method for mutual authentication between an entity and a storage device, the method comprising:
- (a) receiving at a storage device from an entity a first plurality of certificates for authenticating the entity to the storage device, the first plurality of certificates being ordered and received from the entity one at a time in that order;
  
  (b) storing the first plurality of certificates in the storage device one at a time in the order in which they are received by, except for the first one of the first plurality of certificates, overwriting a previously-stored certificate after it has been verified;
  
  (c) verifying at the storage device the first plurality of certificates in the order in which they are received, wherein a first one of the first plurality of certificates is verified against a root certificate;
  
  (d) detecting at the storage device that a last one of the first plurality of certificates has been verified;
  
  (e) authenticating at the storage device the entity to the storage device using the last one of the first plurality of certificates if it has been verified;
  
  (f) sending from the storage device to the entity a second plurality of certificates for authenticating the storage device to the entity, a last one of the second plurality of certificates being sent along with an indication that it is a last certificate;
  
  (g) receiving at the storage device an authentication challenge from the entity; and
  
  (h) responding at the storage device to the authentication challenge from the entity.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23)
- - 16. The method of claim 15, wherein the last one of the plurality of certificates in the first plurality of certificates is received in a message that contains an indication of last certificate, and wherein the detecting is performed by checking for the indication.
  - 17. The method of claim 15, wherein the entity and the storage device are removably connected to each other.
  - 18. The method of claim 15, further comprising sending a request to the entity for a next certificate in the first plurality of certificates after receipt of each certificate except after receipt of the last certificate.
  - 19. The method of claim 15, wherein the entity comprises a host device removably connected to the storage device.
  - 20. The method of claim 15, further comprising allocating not more memory space in the storage device than needed for storing a largest one of the first plurality certificates.
  - 21. The method of claim 15, wherein the first plurality of certificates does not include the root certificate.
  - 22. The method of claim 18, further comprising receiving from the entity the next certificate in response to each request.
  - 23. The method of claim 19, wherein the storage device comprises a memory card.

24. A storage device comprising:
- a memory storing a root certificate; and
  
  a controller in communication with the memory and operative to;
  
  receive from an entity a plurality of certificates for authenticating the entity to the storage device, the plurality of certificates being ordered and received from the entity one at a time in that order;
  
  store the plurality of certificates in the storage device one at a time in the order in which they are received by, except for the first one of the plurality of certificates, overwriting a previously-stored certificate after it has been verified;
  
  verify the plurality of certificates in the order in which they are received, wherein a first one of the plurality of certificates is verified against the root certificate stored in the memory;
  
  detect that a last one of the plurality of certificates has been verified; and
  
  authenticate the entity to the storage device using the last one of the plurality of certificates if it has been verified.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32)
- - 25. The storage device of claim 24, wherein the last one of the plurality of certificates is received in a message that contains an indication of last certificate, and wherein the controller is operative to detect that a last one of the plurality of certificates has been verified by checking for the indication.
  - 26. The storage device of claim 24, wherein the entity and the storage device are removably connected to each other.
  - 27. The storage device of claim 24, wherein the controller is further operative to send a request to the entity for a next certificate in the plurality of certificates after receipt of each certificate except after receipt of the last certificate.
  - 28. The storage device of claim 24, wherein the entity comprises a host device removably connected to the storage device.
  - 29. The storage device of claim 24, wherein the controller is further operative to allocate not more memory space in the memory than needed for storing a largest one of the plurality of certificates.
  - 30. The storage device of claim 24, wherein the plurality of certificates does not include the root certificate.
  - 31. The storage device of claim 27, wherein the controller is further operative to receive from the entity the next certificate in response to each request.
  - 32. The storage device of claim 28, wherein the storage device comprises a memory card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Inventors
Holtzman, Michael, Barzilai, Ron, Sela, Rotem, Jogand-Coulomb, Fabrice
Primary Examiner(s)
Pearson, David
Assistant Examiner(s)
HOLMES, ANGELA R

Application Number

US11/557,028
Publication Number

US 20080010450A1
Time in Patent Office

1,961 Days
Field of Search

713156-158, 707/9, 707/687, 707/694, 709/225, 709/203
US Class Current

713/157
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 9/3228   One-time or temporary data,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

Content control method using certificate chains

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

144 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Content control method using certificate chains

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

144 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links