Uniform framework for security tokens
First Claim
1. A uniform security applications architecture for deployment in a security token comprising:
- a plurality of security applications functionally coupled to a shareable interface; and
a security domain control services application operatively coupled to a runtime operating environment and including said sharable interface, one or more security policies associated with each of said plurality of security applications and control means for controlling said plurality of security applications by enforcement of said one or more security policies.
1 Assignment
0 Petitions
Accused Products
Abstract
This invention provides a security token architecture which supports modular security application installations without loss of existing data or requiring the reinstallation of existing applications served by the security application modules. The architecture is compliant with the international standard ISO/IEC 7816-4, “Information technology—Identification tokens—Integrated circuit(s) tokens with contacts—Part 4: Interindustry commands for interchange.” An application is integrated into a security domain which serves as a centralized security applications programming interface between one or more token service applications and a series of security application modules. The API provides a more uniform security application interface which improves overall interoperability of the modular security applications and simplifies security application development. The API provides a separate shareable interface which facilitates changes in security applications without disruption of existing application dependencies and allows customization of security properties associated with the installed security applications.
107 Citations
62 Claims
-
1. A uniform security applications architecture for deployment in a security token comprising:
-
a plurality of security applications functionally coupled to a shareable interface; and
a security domain control services application operatively coupled to a runtime operating environment and including said sharable interface, one or more security policies associated with each of said plurality of security applications and control means for controlling said plurality of security applications by enforcement of said one or more security policies. - View Dependent Claims (3, 4, 5, 11, 12, 13)
-
-
2. A uniform security applications architecture for deployment in a security token comprising:
-
a plurality of security applications functionally coupled to a security domain control services application through a shareable interface, one or more security policies readable by said security domain control services application and associated with each of said plurality of security applications, and said security domain control services application operatively coupled to a runtime operating environment and including control means for reading and controlling said plurality of security applications by enforcement of said one or more security policies.
-
-
6. A uniform security applications architecture for deployment in a security token comprising:
-
a security domain control services application functionally coupled to a plurality of security applications through a shareable interface, said security domain control services application including at least one registry and a predefined architecture associated with said shareable interface;
said at least one registry including a plurality of security parameters associated with each of said plurality of security applications; and
at least one of said plurality of security applications executable to manipulate said plurality of security parameters, wherein manipulation of said plurality of security parameters facilitates at least the addition, replacement or removal of any of said plurality of security applications without disruption of said predefined architecture. - View Dependent Claims (7, 8, 9, 10, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 54, 55, 56, 57, 58)
-
-
32. A method for functionally installing a security application inside a security token comprising the steps of:
-
a. functionally receiving a security domain control services application downloadable, b. receiving a security application downloadable, c. registering said security application downloadable with said security domain control services application downloadable, d. configuring one or more security policies for said security application downloadable, and e. setting at one or more security states for said security application downloadable. - View Dependent Claims (33, 34)
-
-
35. A method for initializing a security application functionally installed inside a security token comprising the steps of:
-
a. performing an authentication in accordance with one or more associated security control methods, and b. setting an authentication state. - View Dependent Claims (36, 37, 38)
-
-
39. A method for using a security application functionally installed inside a security token comprising the steps of:
-
a. executing a security application, b. verifying that said security application is enabled, c. verifying that a functional control element of said security application is enabled, d. retrieving one or more security policies associated with said security application, and e. validating said one or more security policies.
-
-
40. A computer program product embodied in a tangible form readable by a processor having executable instructions stored thereon for installing a security application, said executable instructions comprising:
-
a. causing a security domain control services application downloadable to be received by a security token, b. causing a security application downloadable to be received by said security token, c. causing said security application downloadable to be registered with said security domain control services application downloadable, d. causing configuration parameters of one or more security policies to be established in a registry for said security application downloadable, and e. causing one or more security states to be set for said security application downloadable. - View Dependent Claims (41)
-
-
42. A computer program product embodied in a tangible form readable by a processor having executable instructions stored thereon for initializing a security application, said executable instructions comprising:
-
a. causing an authentication to be performed an in accordance with one or more associated security control methods, and b. causing an authentication state to be set. - View Dependent Claims (43, 44, 45)
-
-
46. A computer program product embodied in a tangible form readable by a processor having executable instructions stored thereon for causing execution of a security application, said executable instructions comprising:
-
a. causing an execution of a security application, b. causing an enablement verification of said security application, c. causing an enablement verification of a functional control element associated with said security application, d. causing a retrieval of one or more security policies associated with said security application, and e. causing a validation of said one or more security policies.
-
-
47. A uniform security applications architecture for deployment in a security token comprising:
-
a security domain control services application including control means for controlling at least one functional aspect of a security application, a set of security policies having a functional relationship to said security application and readable by said security domain control services application, wherein said set of security policies are read by said control means for controlling said at least one functional aspect of a security application.
-
-
48. A uniform security applications architecture for deployment in a security token comprising:
-
a security domain control services application including control means for controlling at least one functional aspect of a security application and a sharable interface functionally linked to at least one security application, a set of security policies having a functional relationship to said at least one security application and readable by said security domain control services application, wherein said set of security policies are read by said control means for controlling said link to said sharable interface.
-
-
49. A uniform security applications architecture for deployment in a security token comprising:
a security domain control services application including a sharable interface and install means for installing at least one security application, wherein said install means includes means for performing an operation which functionally links said at least one security application to said sharable interface. - View Dependent Claims (53)
-
50. A uniform security applications architecture for deployment in a security token comprising:
a security domain control services application including a sharable interface and uninstall means for uninstalling at least one security application, wherein said uninstall means includes means for performing an operation which functionally unlinks said at least one security application from said sharable interface.
-
51. A uniform security application architecture for deployment in a security token comprising:
a security domain control services application including a sharable interface, a registry and install means for installing at least one security application, wherein said install means includes means for performing an operation which functionally links said at least one security application to said sharable interface and registers said security application in said registry.
-
52. A uniform security applications architecture for deployment in a security token comprising:
a security domain control services application including a sharable interface, a registry and uninstall means for uninstalling at least one security application, wherein said uninstall means includes means for performing an operation which functionally unlinks said at least one security application from said sharable interface and unregisters said security application from said registry.
-
59. A uniform security applications architecture for deployment in a security token comprising:
-
a set of security policies readable by a security domain control services application, wherein said set of security policies includes prerequisite information associated with a token services application for performing a token service;
said token services application having a functional relationship to said security domain control services application, said token services application including means for;
receiving a request for services, sending a permissive request to perform said token service to said security domain control services application, receiving a determinative response from said security domain control services application determinative for performance of said token service, and performing a token service in accordance with at least a portion of said set of security policies. said security domain control services application including means for;
receiving said permissive request sent from said token services application, determining applicable security policies for said permissive request, enforcing said set of security policies, and returning said determinative response to said token services application. - View Dependent Claims (60, 61, 62)
-
Specification