发明名称 |
Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor |
摘要 |
A digital memory such as a memory card for mobile communication equipment, is adapted to be accessed by a plurality of users and have protected data stored therein. The memory is dynamically partitionable in private memory areas for storing data therein and has associated therewith a secrecy tool for securely allocating to the users respective private areas and permitting the users to access the respective private areas via a secure session channel to perform read/write commands in the respective private areas. Typically, the memory/card includes: a card interface controller for managing a physical communication layer between the digital memory and external host equipment, an internal memory having associated therewith a hardware lock to control access to the internal memory, a set of cryptographic modules to manage the secure session channel between the users and the digital memory, and a memory certificate for certifying a public key associated with the digital memory. |
申请公布号 |
US8789195(B2) |
申请公布日期 |
2014.07.22 |
申请号 |
US200411793239 |
申请日期 |
2004.12.22 |
申请人 |
Telecom Italia S.p.A. |
发明人 |
Bianco Alberto;Colazzo Laura;Ricciato Fabio;Turolla Maura;Varriale Antonio |
分类号 |
G06F21/00 |
主分类号 |
G06F21/00 |
代理机构 |
Finnegan, Henderson, Farabow, Garrett & Dunner, L.L.P. |
代理人 |
Finnegan, Henderson, Farabow, Garrett & Dunner, L.L.P. |
主权项 |
1. A method of controlling access by a plurality of users to a digital memory accessible by a plurality of users, and protecting data in said digital memory, the method comprising:
generating a list of users that have allocated private areas in said digital memory; making said list available to users in said plurality without opening a session; receiving a request for self-allocation from at least one of said users in said plurality for a first private area in said digital memory; allocating by said digital memory said first private area of a plurality of private areas for storing data in said digital memory in response to said request for self-allocation of a private area by at least one of said users in said plurality, said users in said plurality being an individual or a service provider which securely requested allocation of respective private areas in said digital memory; opening a secure session channel for said first private area, whereby allocation of said respective private areas in said digital memory can be securely requested; and permitting said at least one of said users in said plurality access to said first private area via said secure session channel to perform read/write commands; and allowing at least one privileged user to perform a predetermined set of operations in said respective private areas allocated in said digital memory via a privileged personal identification number without opening a session. |
地址 |
Milan IT |