Control method using identity objects
First Claim
Patent Images
1. A non-volatile memory card comprising:
- housing in a shape of a card and having;
a controller;
a non-volatile memory storing a key pair comprising a private key and a public key, and a certificate for authenticating the key pair; and
an access control structure containing information usable by the controller for authenticating an entity and further information usable by the controller for determining a permission of the entity to access the key pair and certificate once the entity is authenticated by the controller;
wherein the controller is operative toauthenticate an entity to the non-volatile memory card using the access control structure; and
after the entity has been successfully authenticated;
receive data and a command to sign the data from the entity to provide proof of identity of the entity,determine a permission of the entity to access the key pair and certificate;
employ the private key to sign the data or information derived from the data, wherein the signed data or information derived from the data provides proof of identity of the entity, andsend the certificate and the signed data or information derived from the data to the entity to provide proof of identity of the entity.
3 Assignments
0 Petitions
Accused Products
Abstract
An object known as an identity object comprises a public key and a private key pair and at least one certificate issued by a certificate authority that certifies that the public key of the pair is genuine. In one embodiment, this object may be used as proof of identification by using the private key to sign data provided to it or signals derived from the data. An identity object may be stored in a non-volatile memory as proof of identity, where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller.
-
Citations
13 Claims
-
1. A non-volatile memory card comprising:
housing in a shape of a card and having; a controller; a non-volatile memory storing a key pair comprising a private key and a public key, and a certificate for authenticating the key pair; and an access control structure containing information usable by the controller for authenticating an entity and further information usable by the controller for determining a permission of the entity to access the key pair and certificate once the entity is authenticated by the controller; wherein the controller is operative to authenticate an entity to the non-volatile memory card using the access control structure; and after the entity has been successfully authenticated; receive data and a command to sign the data from the entity to provide proof of identity of the entity, determine a permission of the entity to access the key pair and certificate; employ the private key to sign the data or information derived from the data, wherein the signed data or information derived from the data provides proof of identity of the entity, and send the certificate and the signed data or information derived from the data to the entity to provide proof of identity of the entity. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A method for providing proof of identity of an entity, the method comprising:
performing the following in a non-volatile memory card comprising a housing in a shape of a card and having;
(i) a controller, (ii) a non-volatile memory storing a key pair comprising a private key and a public key, and a certificate for authenticating the key pair, and (iii) an access control structure containing information usable by the controller for authenticating an entity and further information usable by the controller for determining a permission of the entity to access the key pair and certificate once the entity is authenticated by the controller;authenticating an entity to the non-volatile memory card using the access control structure; and after the entity has been successfully authenticated; receiving data and a command to sign the data from the entity to provide proof of identity of the entity, determining a permission of the entity to access the key pair and certificate; employing the private key to sign the data or information derived from the data, wherein the signed data or information derived from the data provides proof of identity of the entity, and sending the certificate and the signed data or information derived from the data to the entity to provide proof of identity of the entity. - View Dependent Claims (8, 9, 10, 11, 12, 13)
Specification