Versatile access control system

US 8,429,724 B2
Filed: 04/25/2006
Issued: 04/23/2013
Est. Priority Date: 04/25/2006
Status: Active Grant

First Claim

Patent Images

1. An access control system, comprising:

multiple credential tables, each credential table associated with a corresponding proof of knowledge operation and includes one or more proof of knowledge credentials that can be proven by the associated proof of knowledge operation;

an authority table identifying a plurality of authorities, each authority associating at least one proof of knowledge operation with at least one of the multiple credential tables;

an access control element table, which identifies a plurality of access control elements, and for each access control element identifies a Boolean combination of the authorities for that access control element; and

at least one access control list, which identifies two or more access control elements by which a specific method to be executed can be authenticated.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access control system and method are provided, which include a plurality of authorities, a plurality of access control elements and an access control list. Each authority associates at least one of a plurality of proof of knowledge operations with at least one of a plurality of proof of knowledge credentials. Each access control element identifies a Boolean combination of at least one of the authorities. The access control list identifies one or more of the access control elements by which a method to be executed can be authenticated.

Citations

15 Claims

1. An access control system, comprising:
- multiple credential tables, each credential table associated with a corresponding proof of knowledge operation and includes one or more proof of knowledge credentials that can be proven by the associated proof of knowledge operation;
  
  an authority table identifying a plurality of authorities, each authority associating at least one proof of knowledge operation with at least one of the multiple credential tables;
  
  an access control element table, which identifies a plurality of access control elements, and for each access control element identifies a Boolean combination of the authorities for that access control element; and
  
  at least one access control list, which identifies two or more access control elements by which a specific method to be executed can be authenticated.
- View Dependent Claims (2, 3, 4)
- - 2. The access control system of claim 1, wherein the plurality of authorities, the plurality of access control elements and the access control list are maintained by firmware embedded within a peripheral device for which access is controlled by the system.
  - 3. The access control system of claim 1 and further comprising:
    - a method table including a plurality of methods and for each method, identifies one of a plurality of access control lists by which that method can be authenticated.
  - 4. The access control system of claim 3 wherein for each method, the method table further comprises a pointer to a program to be executed for that method.

5. An access control system comprising:
- a method table including a plurality of methods that can be executed when a request to execute a method is authenticated, the method table identifying for each method an access control list by which a method can be authenticated;
  
  an access control list including a plurality of access control elements,an access control element table, which identifies a plurality of access control elements, and for each access control element identifies a Boolean combination of more than one authority for that access control element; and
  
  an authority table including more than one authority, where each authority associates at least one authentication operation with at least one credential;
  
  a plurality credential tables, each includes one or more authentication credentials that can satisfy the associated authentication operation;
  
  wherein the request to execute the method is allowed when an authentication operation is satisfied, where the authentication operation satisfies the Boolean combination of more than one authority identified by an access control element and where the access control element is included in an access control list indicated in a method table listing the method.
- View Dependent Claims (6, 7)
- - 6. The access control system of claim 5 further comprising:
    - the plurality of credential tables, where each credential table is associated with a corresponding authentication operation and comprises the plurality of credentials that satisfy the corresponding authentication operation.
  - 7. The access control system of claim 5, wherein the credential table, the authority table and the access control element table are maintained by firmware embedded within a peripheral device for which access is controlled by the system.

8. A method comprising:
- maintaining a plurality of credentials that can satisfy an associated authentication operation;
  
  maintaining a plurality of authorities, each authority associating at least one of a plurality of authentication operations with at least one of a plurality of authentication credentials; and
  
  maintaining a plurality of access control elements, each access control element identifying a Boolean combination of at least one of the authorities, the plurality of authorities and the plurality of access control elements being maintained within a memory associated with a device for which access is controlled; and
  
  maintaining an access control list including a plurality of access control elements.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8 wherein the plurality of authorities and the plurality of access control elements are embedded at least in part within firmware of the device.
  - 10. The method of claim 8 and further comprising:
    - maintaining a credential table, which comprises a plurality of the authentication credentials that can be proven by at least one of the plurality of authentication operations.
  - 11. The method of claim 10, wherein maintaining a credential table comprises:
    - maintaining a plurality of credential tables, where each credential table is associated with a corresponding one of the plurality of authentication operations and comprises the plurality of the authentication credentials that can be proven by that authentication operation.
  - 12. The method of claim 8, wherein maintaining a plurality of authorities comprises:
    - maintaining an authority table, which identifies the plurality of authorities and for each authority, associates one of the authentication operations with one of the authentication credentials.
  - 13. The method of claim 8, wherein maintaining a plurality of access control elements comprises:
    - maintaining an access control element table, which identifies the plurality of access control elements and for each access control element identifies the Boolean combination of at least one of the authorities.
  - 14. The method of claim 8 and further comprising:
    - maintaining a method table, which identifies a plurality of methods that can be executed, and for a method identifies multiple access control elements by which that method can be authenticated.

15. A computer readable storage device comprising instructions, which when executed by a computing device cause the computing device to perform a method comprising:
- maintaining a plurality of credentials that can satisfy an associated authentication operation;
  
  maintaining a plurality of authorities, each authority associating at least one authentication operation with at least one authentication credential that defines at least one requirement for the authentication operation to be satisfied;
  
  maintaining a plurality of access control elements, each access control element identifying a Boolean combination of the authorities that can be satisfied to authenticate a method;
  
  maintaining an access control list including a plurality of access control elements, the access control list identifying multiple access control elements by which at least one method can be authenticated; and
  
  maintaining a method table to associate a method with at least one access control element, where the method is allowed to be executed when an associated access control element is satisfied.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Original Assignee
Seagate Technology LLC (Seagate Technology Holdings Plc)
Inventors
Thibadeau, Robert H.
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US11/410,702
Publication Number

US 20070250915A1
Time in Patent Office

2,555 Days
Field of Search

None
US Class Current

726/5
CPC Class Codes

H04L 2209/043   of tables, e.g. lookup, sub...

H04L 63/0869   for achieving mutual authen...

H04L 63/101   Access control lists [ACL]

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/321   involving a third party or ...

H04L 9/3218   using proof of knowledge, e...

H04L 9/50   using hash chains, e.g. blo...

Versatile access control system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Versatile access control system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links