| 发明名称 | Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor | ||
| 摘要 | A digital memory such as a memory card for mobile communication equipment, is adapted to be accessed by a plurality of users and have protected data stored therein. The memory is dynamically partitionable in private memory areas for storing data therein and has associated therewith a secrecy tool for securely allocating to the users respective private areas and permitting the users to access the respective private areas via a secure session channel to perform read/write commands in the respective private areas. Typically, the memory/card includes: a card interface controller for managing a physical communication layer between the digital memory and external host equipment, an internal memory having associated therewith a hardware lock to control access to the internal memory, a set of cryptographic modules to manage the secure session channel between the users and the digital memory, and a memory certificate for certifying a public key associated with the digital memory. | ||
| 申请公布号 | US8789195(B2) | 申请公布日期 | 2014.07.22 |
| 申请号 | US200411793239 | 申请日期 | 2004.12.22 |
| 申请人 | Telecom Italia S.p.A. | 发明人 | Bianco Alberto;Colazzo Laura;Ricciato Fabio;Turolla Maura;Varriale Antonio |
| 分类号 | G06F21/00 | 主分类号 | G06F21/00 |
| 代理机构 | Finnegan, Henderson, Farabow, Garrett & Dunner, L.L.P. | 代理人 | Finnegan, Henderson, Farabow, Garrett & Dunner, L.L.P. |
| 主权项 | 1. A method of controlling access by a plurality of users to a digital memory accessible by a plurality of users, and protecting data in said digital memory, the method comprising: generating a list of users that have allocated private areas in said digital memory; making said list available to users in said plurality without opening a session; receiving a request for self-allocation from at least one of said users in said plurality for a first private area in said digital memory; allocating by said digital memory said first private area of a plurality of private areas for storing data in said digital memory in response to said request for self-allocation of a private area by at least one of said users in said plurality, said users in said plurality being an individual or a service provider which securely requested allocation of respective private areas in said digital memory; opening a secure session channel for said first private area, whereby allocation of said respective private areas in said digital memory can be securely requested; and permitting said at least one of said users in said plurality access to said first private area via said secure session channel to perform read/write commands; and allowing at least one privileged user to perform a predetermined set of operations in said respective private areas allocated in said digital memory via a privileged personal identification number without opening a session. | ||
| 地址 | Milan IT | ||