Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor
First Claim
1. A method of controlling access by a plurality of users to a digital memory accessible by a plurality of users, and protecting data in said digital memory, the method comprising:
- generating a list of users that have allocated private areas in said digital memory;
making said list available to users in said plurality without opening a session;
receiving a request for self-allocation from at least one of said users in said plurality for a first private area in said digital memory;
allocating by said digital memory said first private area of a plurality of private areas for storing data in said digital memory in response to said request for self-allocation of a private area by at least one of said users in said plurality, said users in said plurality being an individual or a service provider which securely requested allocation of respective private areas in said digital memory;
opening a secure session channel for said first private area, whereby allocation of said respective private areas in said digital memory can be securely requested; and
permitting said at least one of said users in said plurality access to said first private area via said secure session channel to perform read/write commands; and
allowing at least one privileged user to perform a predetermined set of operations in said respective private areas allocated in said digital memory via a privileged personal identification number without opening a session.
1 Assignment
0 Petitions
Accused Products
Abstract
A digital memory such as a memory card for mobile communication equipment, is adapted to be accessed by a plurality of users and have protected data stored therein. The memory is dynamically partitionable in private memory areas for storing data therein and has associated therewith a secrecy tool for securely allocating to the users respective private areas and permitting the users to access the respective private areas via a secure session channel to perform read/write commands in the respective private areas. Typically, the memory/card includes: a card interface controller for managing a physical communication layer between the digital memory and external host equipment, an internal memory having associated therewith a hardware lock to control access to the internal memory, a set of cryptographic modules to manage the secure session channel between the users and the digital memory, and a memory certificate for certifying a public key associated with the digital memory.
-
Citations
24 Claims
-
1. A method of controlling access by a plurality of users to a digital memory accessible by a plurality of users, and protecting data in said digital memory, the method comprising:
-
generating a list of users that have allocated private areas in said digital memory; making said list available to users in said plurality without opening a session; receiving a request for self-allocation from at least one of said users in said plurality for a first private area in said digital memory; allocating by said digital memory said first private area of a plurality of private areas for storing data in said digital memory in response to said request for self-allocation of a private area by at least one of said users in said plurality, said users in said plurality being an individual or a service provider which securely requested allocation of respective private areas in said digital memory; opening a secure session channel for said first private area, whereby allocation of said respective private areas in said digital memory can be securely requested; and permitting said at least one of said users in said plurality access to said first private area via said secure session channel to perform read/write commands; and allowing at least one privileged user to perform a predetermined set of operations in said respective private areas allocated in said digital memory via a privileged personal identification number without opening a session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A digital memory being accessible by a plurality of users and comprising protected data stored therein, said digital memory further comprising:
-
a first private area of a plurality of private areas allocated by said digital memory to at least one of said plurality of users in response to a request by said at least one of said plurality of users for self-allocation of a private area of said digital memory; and a secrecy tool configured for securely allocating respective private memory areas to said users in said plurality by opening a secure session channel, whereby allocation of said respective private areas in said digital memory can be securely requested, said users in said plurality being an individual or a service provider; a control unit permitting said at least one of said users in said plurality to access said first private area via said secure session channel to perform read/write commands in said first private area, and allowing at least one privileged user to perform a predetermined set of operations in said respective private areas allocated in said digital memory via a privileged personal identification number without opening a session, wherein said memory is configured for generating a list of the users that have allocated private areas in said digital memory and for making said list available to users in said plurality without opening a session. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A non-transitory computer-readable storage medium encoded with a computer program product, stored in the memory of at least one computer and comprising software code portions for performing a method comprising:
-
generating a list of the users that have allocated private areas in said digital memory; making said list available to users in said plurality without opening a session; receiving a request for self-allocation from at least one of said users in said plurality for a first private area in said digital memory; allocating by said digital memory said first private area of a plurality of private areas for storing data in said digital memory in response to said request for self-allocation of a private area by at least one of said users in said plurality, said users in said plurality being an individual or a service provider which securely requested allocation of respective private areas in said digital memory; opening a secure session channel for said first private area, whereby allocation of said respective private areas in said digital memory can be securely requested; and permitting said at least one of said users in said plurality access to said first private area via said secure session channel to perform read/write commands; and allowing at least one privileged user to perform a predetermined set of operations in said respective private areas allocated in said digital memory via a privileged personal identification number without opening a session.
-
Specification