Anytime validation tokens
First Claim
1. A method comprising:
- receiving, by a validation server computer having one or more microprocessors and operated by a trusted entity, a registration request from a token manufacturer;
determining, by the validation server computer, that the token manufacturer is approved to be a trusted token manufacturer;
generating, by the validation server computer, a token manufacturer key for the trusted token manufacturer,sending, by the validation server computer, a registration response message including the token manufacturer key and an indication of an algorithm for generating approved serial numbers to the trusted token manufacturer;
generating, by a computer of the trusted token manufacturer, a token serial number using the algorithm;
generating, by the computer of the trusted token manufacturer, a token specific key and signing the token specific key with the token manufacturer key;
storing, by the computer of the trusted token manufacturer, token specific information including the token specific key and the token serial number in a token;
receiving, by the validation server computer, a validation request to validate the token before the token is activated for first time use in a transaction, the validation request including the token serial number and a challenge message, the challenge message signed with an authentication key derived at least in part from the token serial number, the authentication key being distinct from the token specific key;
validating, by the validation server computer, the token at least in part by deriving the authentication key from the token serial number and verifying the challenge message signature with the derived authentication key;
generating, by the validation server computer, a replacement key from a master key, the replacement key being distinct from the token specific key and the authentication key; and
activating, by the validation server computer, the token for first time use, wherein activating the token comprises, at least in part, replacing the token specific key from the token manufacturer stored in the token with the replacement key generated from the master key at least in part by establishing, by the validation server computer, a secure communication session directly with the token through a network and providing the replacement key generated from the master key.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and method for producing, validating, and registering authentic verification tokens are disclosed. Such systems and methods include generating verification token specific key pairs. The key pairs can be signed by a verification token manufacturer master key or public key certificate for an additional level of authenticity. Related methods and systems for authenticating and registering authorized verification token manufacturers are also disclosed. Once a verification token manufacturer is authenticated, it can be assigned a manufacturer-specific key pair or certificate and in some cases, a predetermined set of serial numbers to assign to the verification tokens it produces. Each serial number can be used to generate a verification token specific key pair specific to the associated verification token. One component of the verification token key pair can be stored to the verification token. Optionally, the component of the verification token key pair stored to the verification token can be signed by the manufacturer specific master key or certificate and stored a verification token public certificate.
-
Citations
15 Claims
-
1. A method comprising:
-
receiving, by a validation server computer having one or more microprocessors and operated by a trusted entity, a registration request from a token manufacturer; determining, by the validation server computer, that the token manufacturer is approved to be a trusted token manufacturer; generating, by the validation server computer, a token manufacturer key for the trusted token manufacturer, sending, by the validation server computer, a registration response message including the token manufacturer key and an indication of an algorithm for generating approved serial numbers to the trusted token manufacturer; generating, by a computer of the trusted token manufacturer, a token serial number using the algorithm; generating, by the computer of the trusted token manufacturer, a token specific key and signing the token specific key with the token manufacturer key; storing, by the computer of the trusted token manufacturer, token specific information including the token specific key and the token serial number in a token; receiving, by the validation server computer, a validation request to validate the token before the token is activated for first time use in a transaction, the validation request including the token serial number and a challenge message, the challenge message signed with an authentication key derived at least in part from the token serial number, the authentication key being distinct from the token specific key; validating, by the validation server computer, the token at least in part by deriving the authentication key from the token serial number and verifying the challenge message signature with the derived authentication key; generating, by the validation server computer, a replacement key from a master key, the replacement key being distinct from the token specific key and the authentication key; and activating, by the validation server computer, the token for first time use, wherein activating the token comprises, at least in part, replacing the token specific key from the token manufacturer stored in the token with the replacement key generated from the master key at least in part by establishing, by the validation server computer, a secure communication session directly with the token through a network and providing the replacement key generated from the master key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
Specification