摘要 |
The present invention provides a flexible, tamper-resistant authentication system, or personal authentication device (PAD), which can support applications in authentication, authorization and accounting. The PAD stores at least one public key associated with a certificate authority (CA) and receives one or more digital certificates, which may be authenticated based on the stored CA public keys. The PAD outputs a service key that, depending on the application, may be used to gain access to a controlled space, obtain permission for taking a certain action, or receive some service. The operation of the PAD and the nature of the service key may be determined by digital certificates that it receives during operation. Finally, using a stored PAD private key that is kept secret, the PAD may perform a variety of security-related tasks, including authenticating itself to a user, signing service keys that it produces, and decrypting content on received digital certificates.
|