Methods and systems for assigning roles on a token

US 8,639,940 B2
Filed: 02/28/2007
Issued: 01/28/2014
Est. Priority Date: 02/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a client computing machine, a token comprising a first applet, a first symmetric key set associated with the first applet and a card identification number of the token;

authenticating, by the client computing machine, with the first applet on the token using the first symmetric key set to establish access to the first applet;

generating, by the client computing machine, a second symmetric key set based on a private cryptographic key and the card identification number of the token in response to authenticating with the first applet;

associating, by the client computing machine, the second symmetric key set with the first applet; and

severing, by the client computing machine, the association between the first symmetric key set with the first applet.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment relates generally to a method of assigning roles to a token. The method includes determining a first role for a first participant on a token and providing exclusive access to a first section of the token for the first participant base on the first role. The method also includes determining a second role for a second participant on the token and providing exclusive access to a second section of the token for the second participant based on the second role.

Citations

14 Claims

1. A method comprising:
- receiving, by a client computing machine, a token comprising a first applet, a first symmetric key set associated with the first applet and a card identification number of the token;
  
  authenticating, by the client computing machine, with the first applet on the token using the first symmetric key set to establish access to the first applet;
  
  generating, by the client computing machine, a second symmetric key set based on a private cryptographic key and the card identification number of the token in response to authenticating with the first applet;
  
  associating, by the client computing machine, the second symmetric key set with the first applet; and
  
  severing, by the client computing machine, the association between the first symmetric key set with the first applet.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising:
    - authenticating with the first applet on the token using the second symmetric key set; and
      
      embedding a second applet on the token in response to authenticating with the first applet.
  - 3. The method of claim 2, further comprising:
    - generating a third symmetric key set based on a second private cryptographic key;
      
      storing the third symmetric key set on the token;
      
      associating the third symmetric key set with the second applet; and
      
      forwarding, by the client computing machine, the token to a second computing machine.
  - 4. The method of claim 3, further comprising:
    - generating, by the second computing machine, a fourth symmetric key set based on a third private cryptographic key;
      
      storing the fourth symmetric key set on the token;
      
      associating the fourth symmetric key set with the second applet; and
      
      severing, by the second computing machine, the association between the third symmetric key set with the second applet.

5. A system comprising:
- an interface to receive a token comprising a first applet, a first symmetric key set that is associated with the first applet and a card identification number of the token;
  
  a processor coupled to the interface and configured toauthenticate with the first applet on the token using the first symmetric key set to establish access to the first applet;
  
  generate a second symmetric key set based on a private cryptographic key and the card identification number of the token in response to authenticating with the first applet;
  
  associate the second symmetric key set with the first applet; and
  
  severe the association between the first symmetric key set with the first applet.
- View Dependent Claims (6, 7)
- - 6. The system of claim 5 wherein the processor is further configured to:
    - authenticate with the first applet on the token using the second symmetric key set; and
      
      embed a second applet on the token in response to authenticating with the first applet.
  - 7. The system of claim 6, wherein the processor is further configured to:
    - generate a third symmetric key set based on a second private cryptographic key;
      
      store the third symmetric key set on the token;
      
      associate the third symmetric key set with the second applet; and
      
      forward the token to a computing machine.

8. A method comprising:
- storing, by a token, a first applet, a first symmetric key set associated with the first applet, and a card identification number of the token;
  
  authenticating a client computing machine by the first applet on the token based on the first symmetric key set;
  
  receiving, by the token, a second symmetric key set from the client computing machine in response to authenticating the client computing machine, wherein the second symmetric key is based on a private cryptographic key and the card identification number of the token;
  
  associating, by the token, the second symmetric key set with the first applet; and
  
  executing, by the token, a command to sever the association between the first symmetric key set with the first applet.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, the method further comprising:
    - authenticating, by the first applet on the token, the client computing machine using the second symmetric key set; and
      
      storing a second applet by the token in response to authenticating the client computing machine.
  - 10. The method of claim 9, the method further comprising:
    - receiving a third symmetric key set based on a second private cryptographic key;
      
      storing the third symmetric key set by the token;
      
      associating the third symmetric key set with the second applet.
  - 11. The method of claim 10, the method further comprising:
    - receiving a fourth symmetric key set based on a third private cryptographic key;
      
      storing the fourth symmetric key set by the token;
      
      associating the fourth key set with the second applet; and
      
      executing, by the token, a command to sever the association between the third symmetric key set with the second applet.

12. A non-transitory computer readable storage medium including instructions that, when executed by a processing system, cause the processing system to perform a method comprising:
- receiving a token comprising a first applet, a first symmetric key set that is associated with the first applet and a card identification number of the token;
  
  generating, by the processing system, a second symmetric key set based on a private cryptographic key and the card identification number of the token in response to authenticating with the first applet;
  
  associating the second symmetric key set with the first applet; and
  
  severing the association between the first symmetric key set with the first applet.
- View Dependent Claims (13, 14)
- - 13. The non-transitory computer readable storage medium of claim 12, further comprising:
    - authenticating with the first applet on the token using the second symmetric key set; and
      
      embedding a second applet on the token in response to authenticating with the first applet.
  - 14. The non-transitory computer readable storage medium of claim 13, further comprising:
    - generating a third symmetric key set based on a second private cryptographic key;
      
      storing the third symmetric key set on the token;
      
      associating the third symmetric key set with the second applet; and
      
      forwarding, by the processing system, the token to a computing machine, wherein the computing machine generates a fourth symmetric key set based on a third private cryptographic key, stores the fourth symmetric key set on the token, associates the fourth symmetric key set with the second applet, and severs the association between the third symmetric key set with the second applet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Lord, Robert, Parkinson, Steven W., Relyea, Robert
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
SCHMIDT, KARI L

Application Number

US11/680,200
Publication Number

US 20080209225A1
Time in Patent Office

2,526 Days
Field of Search

713/166, 713/169, 713/175, 713/185, 380/277, 726/20
US Class Current

713/185
CPC Class Codes

G06F 21/77 in smart cards

Methods and systems for assigning roles on a token

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for assigning roles on a token

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links