Secured centralized public key infrastructure

US 20020178354A1
Filed: 02/26/2002
Published: 11/28/2002
Est. Priority Date: 10/18/1999
Status: Active Grant

First Claim

Patent Images

1. A system for providing public key infrastructure security in a wide area computer network comprising:

a user terminal coupled to the computer network including a client system;

a private key, and a public key assigned to a user when the user registers with the system using the user terminal;

a database remote from the user terminal for securely storing the private key and the public key;

a server system remote from the user terminal and coupled to the computer network including a computer executable code for performing a cryptographic function as a user transaction data on behalf of the user.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An on-line value bearing item (VBI) printing system that includes one or more cryptographic modules and a central database is disclosed. The cryptographic modules are capable of implementing the USPS Information Based Indicia Program Postal Security Device Performance Criteria and other required VBI standards. The modules encipher the information stored in the central database for all of the on-line VBI system customers and are capable of preventing access to the database by unauthorized users. Additionally, the cryptographic module is capable of preventing unauthorized and undetected modification, including the unauthorized modification, substitution, insertion, and deletion of VBI related data and cryptographically critical security parameters.

Citations

37 Claims

1. A system for providing public key infrastructure security in a wide area computer network comprising:
- a user terminal coupled to the computer network including a client system;
  
  a private key, and a public key assigned to a user when the user registers with the system using the user terminal;
  
  a database remote from the user terminal for securely storing the private key and the public key;
  
  a server system remote from the user terminal and coupled to the computer network including a computer executable code for performing a cryptographic function as a user transaction data on behalf of the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The system of claim 1, further comprising a plurality of security device transaction data stored in the database, wherein each security device transaction data is related to a respective user.
  - 3. The system of claim 1, wherein the private key is encrypted when it is stored in the database.
  - 4. The system of claim 2, wherein a respective security device transaction data related to a user is loaded into the cryptographic device when the user requests a service.
  - 5. The system of claim 1, wherein the server system includes a cryptographic device to authenticate the identity of the user and verify that the identified user is authorized to assume a role and perform a corresponding operation.
  - 6. The system of claim 5, wherein the assumed role is a security officer role to initiate a key management function.
  - 7. The system of claim 5, wherein the assumed role is an administrator role to manage a user access control database.
  - 8. The system of claim 5, wherein the assumed role is a provider role to withdraw from a user account.
  - 9. The system of claim 5, wherein the assumed role is a user role to operate on a value bearing item.
  - 10. The system of claim 5, wherein the assumed role is a certificate authority role to allow a public key certificate to be loaded and verified.
  - 11. The system of claim 5, wherein the cryptographic device includes a computer executable code for supporting multiple concurrent users and maintaining a separation of roles and operations performed by each user.
  - 12. The system of claim 5, wherein the cryptographic device stores information about a number of last transactions in a respective internal register.
  - 13. The system of claim 12, wherein the database stores a table including the respective information about a last transaction, a verification module to compare the information saved in the device with the information saved in the database.
  - 14. The system of claim 1,further comprising a digital certificate stored in the database and assigned to a user when the user registers with the system.
  - 15. The system of claim 1, wherein the cryptographic function is digitally signing a certificate.
  - 16. The system of claim 1, wherein the cryptographic function is encrypting data.
  - 17. The system of claim 1, wherein the cryptographic function is decrypting data.
  - 18. The system of claim 1, wherein the database includes a user profile for the user.
  - 19. The system of claim 18, wherein the user profile includes username, user role, password, logon failure count, logon failure limit, logon time-out limit, account expiration, password expiration, and password period.
  - 20. The system of claim 5, wherein the cryptographic device is capable of performing one or more of Rivest, Shamir and Adleman (RSA) public key encryption, DES, Triple-DES, DSA signature, SHA-1, and Pseudo-random number generation algorithms.
  - 21. The system of claim 5, wherein the cryptographic device stores information about a number of last transactions in an internal register and compares the information saved in the register with the information saved in a memory before loading a new transaction data.

22. A method for providing public key infrastructure security in a wide area computer network comprising the steps of:
- assigning a private key and a public key certificate to a user when the user registers with the system using a user terminal coupled to the computer network;
  
  storing the private key and the public key in a database remote from the user terminal; and
  
  performing a cryptographic function as a user transaction data on behalf of the user utilizing the stored private key.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37)
- - 23. The method of claim 22, further comprising the step of storing a digital certificate and assigning the stored digital certificate to a user when the user registers with the system.
  - 24. The method of claim 22, further comprising the step of storing a plurality of security device transaction data in the database, wherein each transaction data is related to one of a plurality of users.
  - 25. The method of claim 24, further comprising the step of loading a security device transaction data related to a user into one of the one or more of cryptographic devices when the user requests to operate on a value bearing item.
  - 26. The method of claim 25, further comprising the step of verifying that the requesting user is authorized to assume a role and to perform a corresponding operation.
  - 27. The method of claim 26, wherein the assumed role is an administrator role to manage a user access control.
  - 28. The method of claim 26, wherein the assumed role is a user role to perform expected IBIP postal meter operations.
  - 29. The method of claim 26, wherein the assumed role is a certificate authority role to allow a public key certificate to be loaded and verified.
  - 30. The method of claim 26, further comprising the steps of supporting multiple concurrent operators and maintaining a separation of roles and operations performed by each operator.
  - 31. The method of claim 22, further comprising the steps of:
    - storing information about a number of last transactions in a respective internal register of each of the one or more cryptographic devices;
      
      storing a table including the information about a last transaction in the database;
      
      comparing the information saved in the respective device with the respective information saved in the database; and
      
      loading a new transaction data if the respective information stored in the device compares with the respective information stored in the database.
  - 32. The method of claim 22, wherein the cryptographic function is digitally signing a certificate.
  - 33. The method of claim 22, wherein the cryptographic function is encrypting data.
  - 34. The method of claim 22, wherein the cryptographic function is decrypting data.
  - 35. The method of claim 22, further comprising the step of storing a user profile for a plurality of users.
  - 36. The method of claim 35, wherein the user profile includes username, user role, password, logon failure count, logon failure limit, logon time-out limit, account expiration, password expiration, and password period
  - 37. The method of claim 22, wherein the cryptographic function is one or more of Rivest, Shamir and Adleman (RSA) public key encryption, DES, Triple-DES, DSA signature, SHA-1, and Pseudo-random number generation algorithms.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Auctane LLC (Stamps.com, Inc.)
Original Assignee
Stamps.com, Inc.
Inventors
Ogg, Craig L., Chow, William W.

Granted Patent

US 7,392,377 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06Q 20/382   insuring higher security of...

G06Q 30/02   Marketing; Price estimation...

G06Q 50/188   Electronic negotiation

G07B 17/0008   Communication details outsi...

G07B 17/00733   Cryptography or similar spe...

G07B 2017/00056   Client-server

G07B 2017/00064   Virtual meter, online stamp...

G07B 2017/00145   via the Internet

G07B 2017/00201   Open franking system, i.e. ...

G07B 2017/00887   using look-up tables, also ...

G07B 2017/00967   PSD [Postal Security Device...

Secured centralized public key infrastructure

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

37 Claims

Specification

Solutions

Use Cases

Quick Links

Secured centralized public key infrastructure

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

37 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links