Control method using identity objects

US 8,639,939 B2
Filed: 11/06/2006
Issued: 01/28/2014
Est. Priority Date: 07/07/2006
Status: Active Grant

First Claim

Patent Images

1. A non-volatile memory card comprising:

housing in a shape of a card and having;

a controller;

a non-volatile memory storing a key pair comprising a private key and a public key, and a certificate for authenticating the key pair; and

an access control structure containing information usable by the controller for authenticating an entity and further information usable by the controller for determining a permission of the entity to access the key pair and certificate once the entity is authenticated by the controller;

wherein the controller is operative toauthenticate an entity to the non-volatile memory card using the access control structure; and

after the entity has been successfully authenticated;

receive data and a command to sign the data from the entity to provide proof of identity of the entity,determine a permission of the entity to access the key pair and certificate;

employ the private key to sign the data or information derived from the data, wherein the signed data or information derived from the data provides proof of identity of the entity, andsend the certificate and the signed data or information derived from the data to the entity to provide proof of identity of the entity.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An object known as an identity object comprises a public key and a private key pair and at least one certificate issued by a certificate authority that certifies that the public key of the pair is genuine. In one embodiment, this object may be used as proof of identification by using the private key to sign data provided to it or signals derived from the data. An identity object may be stored in a non-volatile memory as proof of identity, where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller.

Citations

13 Claims

1. A non-volatile memory card comprising:
- housing in a shape of a card and having;
  
  a controller;
  
  a non-volatile memory storing a key pair comprising a private key and a public key, and a certificate for authenticating the key pair; and
  
  an access control structure containing information usable by the controller for authenticating an entity and further information usable by the controller for determining a permission of the entity to access the key pair and certificate once the entity is authenticated by the controller;
  
  wherein the controller is operative toauthenticate an entity to the non-volatile memory card using the access control structure; and
  
  after the entity has been successfully authenticated;
  
  receive data and a command to sign the data from the entity to provide proof of identity of the entity,determine a permission of the entity to access the key pair and certificate;
  
  employ the private key to sign the data or information derived from the data, wherein the signed data or information derived from the data provides proof of identity of the entity, andsend the certificate and the signed data or information derived from the data to the entity to provide proof of identity of the entity.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The non-volatile memory card of claim 1, wherein the certificate is a certificate chain.
  - 3. The non-volatile memory card of claim 1, wherein the non-volatile memory comprises a flash memory.
  - 4. The non-volatile memory card of claim 1, wherein the access control structure allows only authenticated entities to access the data.
  - 5. The non-volatile memory card of claim 1, wherein the controller authenticates an entity using the access control structure and supplies to an authenticated entity the certificate to certify the public key.
  - 6. The non-volatile memory card of claim 1, wherein the entity comprises a host device removably connectable to the non-volatile memory card.

7. A method for providing proof of identity of an entity, the method comprising:
- performing the following in a non-volatile memory card comprising a housing in a shape of a card and having;
  
  (i) a controller, (ii) a non-volatile memory storing a key pair comprising a private key and a public key, and a certificate for authenticating the key pair, and (iii) an access control structure containing information usable by the controller for authenticating an entity and further information usable by the controller for determining a permission of the entity to access the key pair and certificate once the entity is authenticated by the controller;
  
  authenticating an entity to the non-volatile memory card using the access control structure; and
  
  after the entity has been successfully authenticated;
  
  receiving data and a command to sign the data from the entity to provide proof of identity of the entity,determining a permission of the entity to access the key pair and certificate;
  
  employing the private key to sign the data or information derived from the data, wherein the signed data or information derived from the data provides proof of identity of the entity, andsending the certificate and the signed data or information derived from the data to the entity to provide proof of identity of the entity.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein the method further comprises:
    - after the entity has been successfully authenticated, supplying to the entity the certificate to certify the public key;
      
      receiving data encrypted by the public key; and
      
      decrypting the data using the private key.
  - 9. The method of claim 7, wherein the certificate is a certificate chain.
  - 10. The method of claim 7, wherein the non-volatile memory comprises a flash memory.
  - 11. The method of claim 7, wherein the access control structure allows only authenticated entities to access the data.
  - 12. The method of claim 7, wherein the controller authenticates an entity using the access control structure and supplies to an authenticated entity the certificate to certify the public key.
  - 13. The method of claim 7, wherein the entity comprises a host device removably connectable to the non-volatile memory card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SanDisk Technologies LLC (Western Digital Corporation)
Original Assignee
Sandisk Technologies Incorporated (Western Digital Corporation)
Inventors
Holtzman, Michael, Barzilai, Ron, Jogand-Coulomb, Fabrice
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
Branske, Hilary

Application Number

US11/557,041
Publication Number

US 20080010455A1
Time in Patent Office

2,640 Days
Field of Search

713/182, 713/185, 713/156, 713/157, 713/173, 713/175, 726/2, 726/16, 726/17, 726/18, 726/19, 726/20, 726/21, 726/29, 380/277, 380/278, 380/279, 380/282, 380/30, 725/6, 902/26
US Class Current

713/185
CPC Class Codes

H04L 2209/603   Digital right managament [DRM]

H04L 9/3228   One-time or temporary data,...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

Control method using identity objects

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Control method using identity objects

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links