System and method for secure smartcard issuance
First Claim
Patent Images
1. A method for facilitating secure hardware token issuance and use, comprising:
- storing an only instance of a private key on the hardware token, the hardware token being adapted to prevent the private key from being exported from the hardware token;
binding the private key to a subscriber with a digital certificate;
creating a contract establishing ownership over the physical manifestation of the private key;
using the private key to create a digital signature on the hardware token.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and method are disclosed for ensuring the security and integrity of a party'"'"'s private key stored on a smartcard or other hardware token. A set of security requirements are defined for the smartcard that ensure that the card is manufactured and initialized in a secure environment and that it can withstand certain types of cryptographic and other attacks. The requirements further ensure that, at the conclusion of the initiation process, there exists only a single instance of the private key, thus decreasing the likelihood of a subsequent key compromise.
-
Citations
24 Claims
-
1. A method for facilitating secure hardware token issuance and use, comprising:
-
storing an only instance of a private key on the hardware token, the hardware token being adapted to prevent the private key from being exported from the hardware token;
binding the private key to a subscriber with a digital certificate;
creating a contract establishing ownership over the physical manifestation of the private key;
using the private key to create a digital signature on the hardware token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for facilitating secure smartcard issuance and use, comprising:
-
providing a smartcard;
generating a private key on a hardware security module not resident on the smartcard;
copying the private key into memory on the smartcard;
adapting the smartcard to prevent the private key from being exported from the smartcard; and
destroying all instances of the private key not resident in the memory on the smartcard.
-
-
19. A system for facilitating secure smartcard issuance and use, comprising:
-
a smartcard;
means for generating a private key on a hardware security module not resident on the smartcard;
means for copying the private key into memory on the smartcard;
means on the smartcard for preventing the private key from being exported from the smartcard; and
means for destroying all instances of the private key not resident in the memory on the smartcard.
-
-
20. A method for facilitating secure hardware token issuance and use, comprising:
-
providing a signing module, the signing module comprising a hardware token, the hardware token permanently storing a single instance of a private key and being adapted to sign data in connection with transactions conducted within the context of a four-corner model comprising a root entity, a first participant, a second participant, a first customer of the first participant, the first customer having possession of the hardware token, and a second customer of the second participant;
the root entity identifying a plurality of high-level security objectives relating to the hardware token, the high-level security objectives comprising;
a. It is beyond practicality to breach the confidentiality of the private key;
b. It is beyond practicality to breach the confidentiality of a PIN/passphrase stored on the hardware token;
c. It is beyond practicality to change the life-cycle status of the hardware token;
d. It is beyond practicality to breach the integrity of the counters associated with blocking and unblocking mechanisms on the hardware token;
e. It requires a high security level attack to breach the confidentiality and/or integrity of data and program structures on the hardware token;
f. It requires a high security level attack to breach the integrity of a bond between the first customer'"'"'s identity and the hardware token;
g. It requires a high security level attack to breach the integrity of root entity applications present at the hardware token; and
h. It requires a high security level attack to breach the integrity of the signing module; and
the root entity identifying a plurality of low-level requirements to address the high-level objectives. - View Dependent Claims (21, 22, 23, 24)
-
Specification