Trusted authentication digital signature (tads) system
First Claim
1. A method of managing accounts, each account being associated with a respective public key of public-private key pair, comprising:
- (a) receiving an EC including a digital signature, (b) identifying information linked with a public key associated with one of the customer accounts by successfully authenticating a message associated with the EC using the public key, the information regarding security aspects of a device that generates digital signatures, the public key and corresponding private key having been created within an environment of manufacture of the device and the private key stored within the device prior to release of the device from the environment following its manufacture; and
(c) responding to the EC based on, (i) said identified information linked with the public key, and (ii) an indication included in the EC of a verification status out of a plurality of predefined verification statuses, the verification status regarding an entity authentication performed by the device as a function of verification data of an entity input into the device and data prestored within the device.
8 Assignments
0 Petitions
Accused Products
Abstract
Trusted entity authentication includes creating a public-private pair in a secure environment; storing the private key within a device during its manufacture in the secure environment; linking the public key with other information in the secure environment, receiving input within the device comprising verification data of an entity, identifying within the device a verification status based on the verification data and data prestored within the device; independent of the verification status identified, generating a digital signature for a message including an indication of the identified verification status using the private key; outputting the digital signature for transmission with an EC; identifying upon receipt of the EC the information linked with the public key by authenticating the message with the public key, and considering the identified information and the indicated verification status. The linked information includes device security aspects and the verification status regards entity authentication performed by the device.
326 Citations
283 Claims
-
1. A method of managing accounts, each account being associated with a respective public key of public-private key pair, comprising:
-
(a) receiving an EC including a digital signature, (b) identifying information linked with a public key associated with one of the customer accounts by successfully authenticating a message associated with the EC using the public key, the information regarding security aspects of a device that generates digital signatures, the public key and corresponding private key having been created within an environment of manufacture of the device and the private key stored within the device prior to release of the device from the environment following its manufacture; and
(c) responding to the EC based on, (i) said identified information linked with the public key, and (ii) an indication included in the EC of a verification status out of a plurality of predefined verification statuses, the verification status regarding an entity authentication performed by the device as a function of verification data of an entity input into the device and data prestored within the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 267, 268, 269, 270, 271, 272, 274, 275, 276, 277, 278, 279)
-
-
37. A method of establishing trusted entity authentication associated with an EC including a digital signature, comprising the steps of:
-
(a) for a device manufactured within a secure environment, (i) creating a public-private pair before release of the device from the secure environment, (ii) storing the private key within the device for utilization in generating a digital signature before release of the device from the secure environment, and (iii) linking within the secure environment in a secure manner the public key with other information associated with the device;
(b) within the device after its manufacture, (i) receiving input comprising verification data of an entity, (ii) identifying within the device a current verification status out of a plurality of predefined verification statuses of the device as a function of the verification data and data prestored within the device, each verification status regarding an entity authentication performed by the device, (iii) independent of the verification status identified, generating a digital signature for a message as a function of said identified verification status, including modifying within the device data representing the message as a function of said identified verification status, said generated digital signature comprising an indication of the identified verification status, and (iv) outputting from the device the digital signature for transmission with the EC to a recipient; and
(c) upon receipt of the EC by the recipient, (i) identifying the other information linked with the public key of the device by successfully authenticating the message using the public key of the device, and (ii) responding to the EC based on the indication of the verification status included in the EC and said identified information linked with the public key.
-
-
266. An electronic apparatus comprising a computer-readable medium including computer-executable instructions that perform one of the steps of the method of 1 or 37.
-
273. The method of 272, wherein said digital signature is generated using a digital signature algorithm requiring a random number, and further comprising using said received digital signature as a random number in an application requiring a random number.
-
280. A system in which a recipient of an EC authenticates an entity by solely conducting message authentication with respect to a received electronic communication that includes both a unique identifier associated with an account maintained by the recipient and a digital signature for a message regarding the account, comprising the steps of:
-
(a) before receipt of the electronic communication, (i) associating a public key of a public-private key pair with the unique identifier by the recipient, and (ii) identifying information linked with the public key, including information regarding security aspects of the device to which the private key of the public-private key pair belongs, the public key and corresponding private key having been created within an environment of manufacture of the device and the private key having been stored within the device prior to release of the device from the environment following its manufacture; and
(b) thereafter, (i) using only the digital signature in the electronic communication and the public key associated with the account identifier to the conduct message authentication, and (ii) upon successful authentication of the message, responding to the message based on, (A) said identified information linked with the public key, and (B) an indication included in the EC of a verification status of the device out of a plurality of predefined verification statuses, the verification status regarding an entity authentication performed by the device as a function of verification data of the entity input into the device and data prestored within the device.
-
-
281. A system in which a recipient of an EC authenticates an entity by solely conducting message authentication with respect to a received electronic communication that includes both a unique identifier associated with an account maintained by the recipient and a digital signature for a message regarding the account, comprising the steps of:
-
(a) before receipt of the electronic communication, (i) associating a public key of a public-private key pair with the unique identifier by the recipient, and (ii) identifying information linked with the public key, including information regarding security aspects of the device to which the private key of the public-private key pair belongs; and
(b) thereafter, (i) using only the digital signature in the electronic communication and the public key associated with the account identifier to the conduct message authentication, and (ii) upon successful authentication of the message, responding to the message based on, (A) said identified information linked with the public key, and (B) an indication included in the EC of a verification status of the device out of a plurality of predefined verification statuses, the verification status regarding an entity authentication performed by the device as a function of verification data of the entity input into the device and data prestored within the device.
-
-
282. A system in which a recipient of an EC authenticates an entity by solely conducting message authentication with respect to a received electronic communication that includes both a unique identifier associated with an account maintained by the recipient and a digital signature for a message regarding the account, comprising the steps of:
-
(a) before receipt of the electronic communication, associating a public key of a public-private key pair with the unique identifier by the recipient; and
thereafter(b) using only the digital signature in the electronic communication and the public key associated with the account identifier to conduct the message authentication, and upon successful authentication of the message, responding to the message based on an indication included in the EC of a verification status of the device out of a plurality of predefined verification statuses, the verification status regarding an entity authentication performed by the device as a function of verification data of the entity input into the device and data prestored within the device.
-
-
283. A system in which a recipient of an EC authenticates an entity by solely conducting message authentication with respect to a received electronic communication that includes both a unique identifier associated with an account maintained by the recipient and a digital signature for a message regarding the account, comprising the steps of:
-
(a) before receipt of the electronic communication, (i) associating a public key of a public-private key pair with the unique identifier by the recipient, and (ii) identifying information linked with the public key, including information regarding security aspects of the device to which the private key of the public-private key pair belongs, the public key and corresponding private key having been created within an environment of manufacture of the device and the private key having been stored within the device prior to release of the device from the environment following its manufacture; and
(b) thereafter, (i) using only the digital signature in the electronic communication and the public key associated with the account identifier to the conduct message authentication, and (ii) upon successful authentication of the message, responding to the message based on said identified information linked with the public key.
-
Specification