US2013145442A1PendingUtilityA1

System and method for privilege delegation and control

51
Assignee: ACTIVCARDPriority: Aug 15, 2002Filed: Sep 25, 2012Published: Jun 6, 2013
Est. expiryAug 15, 2022(expired)· nominal 20-yr term from priority
Inventors:Eric Le Saint
H04L 9/3234G06F 21/445H04L 63/0853G06F 21/34H04L 63/0823H04L 9/3273
51
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

This invention provides a privilege delegation mechanism, which allows a privilege and associated control attributes to be delegated from a security token to another security token or an intelligent device such as a computer system. The privilege may be in the form of an attribute certificate, a key component of a cryptographic key, a complete cryptographic key, digital certificate, digital right, license or loyalty credits. The purpose of the delegation is to allow another security token or computer system to act as a surrogate for the security token or to access a resource which requires components from both units before access is permitted. Attributes associated with the delegated privilege control the scope and use of the privilege. The delegation may allow the surrogate to perform authentications, access data or resources included on another security token or computer system. Authentications are performed prior to transferring of the delegable privileges.

Claims

exact text as granted — not AI-modified
1 .- 42 . (canceled) 
     
     
         43 . Computer software, provided in a non-transitory computer-readable medium, that transfers a cryptographic key and its usage policies from a security token to at least a first data processing unit, the software comprising:
 executable code that performs mutual authentication between the security token and the first data processing unit by exchanging data therebetween;   executable code that transfers the key from the security token to a first data processing unit following performing mutual authentication; and   executable code that applies the key in accordance with the usage policies, wherein the key enables access to at least one resource by the first data processing unit subject to requirements prescribed in the usage policies only if the key is present in the first data processing unit and verified by at least a second data processing unit and wherein the key facilitates the at least first data processing unit to perform a function selected from the group consisting of: surrogate operations for the security token, terminal activation, personalization of an intelligent device, access to the at least one resource, and loyalty credit management.   
     
     
         44 . Computer software according to  claim 43  wherein the security token is a hardware device having the key, the usage policies, and a transfer section that transfers the key to said at least a first data processing unit. 
     
     
         45 . Computer software according to  claim 43  wherein the first data processing unit includes a key application section that applies the key in accordance with the requirements prescribed in the usage policies, 
     
     
         46 . Computer software according to  claim 43  wherein the security token includes a communications section that provides a secure messaging protocol. 
     
     
         47 . Computer software according to  claim 43  wherein the key is updateable by replacement of at least a portion of the usage policies with one or more new usage policies. 
     
     
         48 . Computer software according to  claim 43  wherein the at least a first data processing unit is an intelligent device. 
     
     
         49 . Computer software according to  claim 43  wherein said at least a first data processing unit is another security token. 
     
     
         50 . Computer software according to  claim 43  wherein said usage policies include control aspects. 
     
     
         51 . Computer software according to  claim 50  wherein the control aspects includes security policies. 
     
     
         52 . Computer software according to  claim 51  wherein the control aspects includes at least one privilege state.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.