Scalable certificate validation and simplified PKI management

US 8,732,457 B2
Filed: 03/20/2002
Issued: 05/20/2014
Est. Priority Date: 10/02/1995
Status: Expired due to Fees

First Claim

Patent Images

1. A method of accessing a door, comprising:

providing a card with previously-verified data that includes a digital signature;

causing the card to receive a proof of access rights to the door for a specified time interval, wherein the specified time interval includes at least some time after a time that the previously-verified data was verified, and wherein the proof is unverified and separate from the previously-verified data, wherein the unverified proof does not include an associated digital signature;

causing the card to be presented to a mechanism of the door at a current time, the mechanism being local to the door;

causing the mechanism to locally verify the proof without verification of the proof from any other party; and

causing the door to open if the proof is verified and the current time is within the specified time interval.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Managing a digital certificate includes a landlord providing a digital certificate, a secure hardware device generating a series of n hash values, the secure hardware device providing an nth hash value to the landlord, wherein other hash values are not readily available to the landlord, the landlord placing the nth hash value in the certificate, the landlord digitally verifying the certificate containing the nth hash value to obtain a digitally signed certificate, a tenant obtaining the digitally signed certificate, the tenant obtaining the n hash values and the tenant managing the certificate by periodically issuing a previous hash value in the series of n hash values in response to the certificate being valid when the previous hash value is issued.

171 Citations

42 Claims

1. A method of accessing a door, comprising:
- providing a card with previously-verified data that includes a digital signature;
  
  causing the card to receive a proof of access rights to the door for a specified time interval, wherein the specified time interval includes at least some time after a time that the previously-verified data was verified, and wherein the proof is unverified and separate from the previously-verified data, wherein the unverified proof does not include an associated digital signature;
  
  causing the card to be presented to a mechanism of the door at a current time, the mechanism being local to the door;
  
  causing the mechanism to locally verify the proof without verification of the proof from any other party; and
  
  causing the door to open if the proof is verified and the current time is within the specified time interval.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. A method according to claim 1, wherein the card receives the proof from a wired card device.
  - 3. A method according to claim 1, wherein the card is contactless.
  - 4. A method according to claim 1, wherein the card is at least one of:
    - a cellular phone and a PDA.
  - 5. A method according to claim 1, wherein the card receives the proof via the Internet.
  - 6. A method according to claim 1, wherein the card receives the proof wirelessly.
  - 7. A method according to claim 1, wherein the card receives the proof from a relying party during a prior interaction.
  - 8. A method according to claim 7, wherein the relying party queried for and received the proof from a responder.
  - 9. A method according to claim 1, wherein the previously-verified data includes a digital certificate.
  - 10. A method according to claim 9, wherein the digital signature is relative to a public key certified within the digital certificate contained in the card.
  - 11. A method according to claim 10, wherein the card presents to the mechanism of the door both the proof and the certificate.
  - 12. A method according to claim 10, wherein a public key certified within the certificate is obtained by iterating a one-way hash function.
  - 13. A method according to claim 10, wherein the access rights are selected from the group consisting of:
    - granted, suspended, re-granted, re-suspended or revoked keeping the same certificate.
  - 14. A method according to claim 13, wherein the proof is one of a plurality of proofs relative to a plurality of access rights.
  - 15. A method according to claim 1, wherein the specified time interval is one day.
  - 16. A method according to claim 1, wherein the access rights are selected from the group consisting of:
    - granted, suspended, re-granted, re-suspended or revoked.
  - 17. A method according to claim 16, wherein the proof is one of a plurality of proofs relative to a plurality of access rights.
  - 18. A method according to claim 17, wherein a single authority manages the plurality of access rights.
  - 19. A method according to claim 17, wherein the plurality of access rights are independently managed by a plurality of authorities.
  - 20. A method according to claim 1, wherein the proof is one of a plurality of proofs relative to a plurality of access rights.
  - 21. A method according to claim 1, wherein locally verifying the proof includes performing a one-way function on the proof to yield result data within the mechanism that locally verifies the proof.

22. A method of issuing a card to a user for accessing a door, comprising:
- verifying that the user is entitled to access rights to the door;
  
  providing the card with previously-verified data that includes a digital signature; and
  
  if the user is entitled to access rights to the door, causing the card to receive a proof of access rights to the door for a specified time interval, wherein the proof is unverified and separate from the previously-verified data, wherein the unverified proof does not include an associated digital signature, wherein the specified time interval includes at least some time after a time that the previously-verified data was verified, and wherein, in response to the card being presented to a mechanism of the door at a current time, the mechanism being local to the door, and without verification of the proof from any other party, the mechanism locally verifies the proof and causes the door to open if the proof is verified and the current time is within the specified time interval.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. A method according to claim 22, wherein the card receives the proof from a wired card device.
  - 24. A method according to claim 22, wherein the card is contactless.
  - 25. A method according to claim 22, wherein the card is at least one of:
    - a cellular phone and a PDA.
  - 26. A method according to claim 22, wherein the card receives the proof via the Internet.
  - 27. A method according to claim 22, wherein the card receives the proof wirelessly.
  - 28. A method according to claim 22, wherein the card receives the proof from a relying party during a prior interaction.
  - 29. A method according to claim 22, wherein locally verifying the proof includes performing a one-way function on the proof to yield result data within the mechanism that locally verifies the proof.

30. A method of granting access to a door, comprising:
- providing previously-verified data that includes a digital signature;
  
  locally verifying a proof provided to a mechanism of the door at a current time, the mechanism being local to the door, and without verification of the proof from any other party, wherein the proof is unverified and separate from the previously-verified data, wherein the unverified proof does not include an associated digital signature, wherein the proof indicates access rights to the door for a specified time interval, and wherein the specified time interval includes at least some time after a time that the previously-verified data was verified; and
  
  causing the door to open if the proof is verified and the current time is within the specified time interval.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 31. A method according to claim 30, wherein the digital signature is relative to a public key certified within a digital certificate.
  - 32. A method according to claim 31, wherein the mechanism of the door is presented with both the proof and the certificate.
  - 33. A method according to claim 31, wherein a public key certified within the certificate is obtained by iterating a one-way hash function.
  - 34. A method according to claim 30, wherein the specified time interval is one day.
  - 35. A method according to claim 30, wherein the access rights are selected from the group consisting of:
    - granted, suspended, re-granted, re-suspended or revoked.
  - 36. A method according to claim 35, wherein the proof is one of a plurality of proofs relative to a plurality of access rights.
  - 37. A method according to claim 36, wherein a single authority manages the plurality of access rights.
  - 38. A method according to claim 36, wherein the plurality of access rights are independently managed by a plurality of authorities.
  - 39. A method according to claim 30, wherein the access rights are selected from the group consisting of:
    - granted, suspended, re-granted, re-suspended or revoked keeping the same certificate.
  - 40. A method according to claim 39, wherein the proof is one of a plurality of proofs relative to a plurality of access rights.
  - 41. A method according to claim 30, wherein the proof is one of a plurality of proofs relative to a plurality of access rights.
  - 42. A method according to claim 30, wherein locally verifying the proof includes performing a one-way function on the proof to yield result data within the mechanism that locally verifies the proof.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Assa Abloy AB
Original Assignee
Assa Abloy AB
Inventors
Micali, Silvio
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Pan, Joseph

Application Number

US10/103,541
Publication Number

US 20020165824A1
Time in Patent Office

4,444 Days
Field of Search

713/1, 713/2, 713/188, 713/194, 713/156, 713/158, 380/200, 380/201, 380/255, 380/277, 726/2, 726/17, 726/20, 340/426.28
US Class Current

713/156
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/3821   Electronic credentials

G06Q 20/38215   Use of certificates or encr...

G06Q 20/3827   Use of message hashing

G06Q 20/3829   involving key management

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 9/007   involving hierarchical stru...

H04L 9/3066   involving algebraic varieti...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3268   using certificate validatio...

H04L 9/50   using hash chains, e.g. blo...

Scalable certificate validation and simplified PKI management

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

171 Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

Scalable certificate validation and simplified PKI management

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

171 Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links