Electronic-monetary system

US 20030070080A1
Filed: 05/13/2002
Published: 04/10/2003
Est. Priority Date: 11/15/1991
Status: Active Grant

First Claim

Patent Images

1. A method for certifying a device, said method comprising:

providing a certifying authority with an authority public key known to said device;

generating a device key pair for said device, said device key pair including a device private key and a device public key which are stored in a memory;

exporting said device public key to said certifying authority;

enabling said certifying authority to perform a verification that said device public key emerged from said device, and that said device was not attacked by a tampering phenomenon, and whereupon said verification being successful said certifying authority certifying that said device is in an untampered state;

regenerating a new device key pair in response to a predetermined event; and

digitally signing data comprising a device public key of the new device key pair with the device private key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An improved monetary system using electronic media to exchange economic value securely and reliably is disclosed. The system provides a complete monetary system having electronic money that is interchangeable with conventional paper money. Also disclosed is a system for open electronic commerce having a customer trusted agent securely communicating with a first money module, and a merchant trusted agent securely communicating with a second money module. Both trusted agents are capable of establishing a first cryptographically secure session, and both money modules are capable of establishing a second cryptographically secure session. The merchant trusted agent transfers electronic merchandise to the customer trusted agent, and the first money module transfers electronic money to the second money module. The money modules inform their trusted agents of the successful completion of payment, and the customer may use the purchased electronic merchandise.

Citations

101 Claims

1. A method for certifying a device, said method comprising:
- providing a certifying authority with an authority public key known to said device;
  
  generating a device key pair for said device, said device key pair including a device private key and a device public key which are stored in a memory;
  
  exporting said device public key to said certifying authority;
  
  enabling said certifying authority to perform a verification that said device public key emerged from said device, and that said device was not attacked by a tampering phenomenon, and whereupon said verification being successful said certifying authority certifying that said device is in an untampered state;
  
  regenerating a new device key pair in response to a predetermined event; and
  
  digitally signing data comprising a device public key of the new device key pair with the device private key.

2. A device having an input and an output, said device comprising:
- a memory;
  
  a certifying authority having an authority public key known to said device;
  
  a key pair generator which generates a device key pair for said device, said device key pair includes a device private key and a device public key which are stored in said memory, said device key pair generator is capable of exporting said device public key via said output to said certifying authority such that said certifying authority is enabled to perform a verification that said device public key emerged from said device, and that said device was not attacked by a tampering phenomenon, and whereupon said verification being successful said certifying authority is able to certify that said device is in an untampered state, wherein said device key pair generator regenerates a new key pair in response to a predetermined event; and
  
  a transition certificate which certifies an authenticity of said new key pair.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 3. A device as recited in claim 2, wherein said untampered state is certified by said certifying authority by:
    - signing a first certificate with said authority private key, said first certificate includes said device public key and at least one identifying property of said device; and
      
      issuing said first certificate which becomes available to a third party for use in establishing that said device is in said untampered state.
  - 4. A device as recited in claim 2, wherein said certifying authority is a manufacturer of said device.
  - 5. A device as recited in claim 2, wherein said device key pair is generated using an internal source of non-deterministic randomness.
  - 6. A device as recited in claim 2, wherein said device key pair is generated using an internal random number generator.
  - 7. A device as recited in claim 2, wherein said device key pair generator regenerates a new key pair in response to a predetermined event.
  - 8. A device as recited in claim 2, wherein said device has a chain of transition certificates, and said transition certificate is added to said chain of transition certificates.
  - 9. A device as recited in claim 2, wherein the secure device is issued a first certificate that has a finite life, and said recertification is performed at predetermined intervals prior to an end of said finite life.
  - 10. A device as recited in claim 9, wherein said device uses said device private key to sign said transition certificate which asserts a change from said public key to a new public key.
  - 11. A device as recited in claim 10, wherein said transition certificates are shown to be rooted in said first certificate so as to maintain said untampered state.
  - 12. A device as recited in claim 11, further comprising a recertifier for enabling said certifying authority to recertify said device.

13. A device comprising:
- a certifying authority;
  
  a first key pair generator for generating a public key made available to a plurality of third party users, and for generating a private key retained in said memory, a certification circuit for exporting said public key to said certifying authority such as to enable said certifying authority to verify said public key, to certify that said public key emerged from said device, and to certify that said device is untampered; and
  
  a key pair regenerator for forming a new key pair, upon an occurrence of a predetermined event, where said key pair includes a new public key and a new private key.

14. A method for a certifying authority to certify an untampered state of a device, said method comprising:
- a certifying authority having an authority public key known to said device;
  
  generating a device key pair for said device, said device key pair including a device private key and a device public key which are stored in said memory;
  
  exporting said device public key to said certifying authority;
  
  enabling said certifying authority to perform a verification that said device public key emerged from said device, and that said device was not attacked by a tampering phenomenon, and whereupon said verification being successful said certifying authority certifying that said device is in an untampered state;
  
  regenerating a new key pair in response to a predetermined event; and
  
  generating a transition certificate certifying authenticity of said new key pair.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. A method as in claim 14, wherein said certifying authority is a manufacture of the device.
  - 16. A method as in claim 14, wherein said step of generating is performed internal to said device.
  - 17. A method as in claim 16, wherein said step of generating is performed by a random key pair generator.
  - 18. A method as in claim 14, further comprising ensuring that said device certificate is available to a user to whom the device wishes to be authenticated.
  - 19. A method as in claim 18, wherein said step of ensuring is implemented by the certifying authority sending said certificate to the device.
  - 20. A method as in claim 19, further comprising said device authenticating that said certificate came from said certifying authority.
  - 21. A method as in claim 20, wherein said step of authenticating is implemented using a secret key authenticating technique.

22. A device having an input and an output, said device comprising:
- a memory;
  
  a tamper circuit coupled to said memory and being responsive to a tampering phenomenon, such that a certifying authority can determine an occurrence of said phenomenon, said certifying authority having an authority public key known to said device;
  
  a key pair generator which generates a device key pair for said device, said device key pair includes a device private key and a device public key which are stored in said memory, said device key pair generator is capable of exporting said device public key via said output to said certifying authority such that said certifying authority is enabled to perform a verification that said device public key emerged from said device, and that said device was not attacked by said tampering phenomenon, and whereupon said verification being successful said certifying authority is able to certify that said device is in an untampered state, wherein said device key pair generator regenerates a new key pair in response to a predetermined event; and
  
  wherein said device digitally signs a public key of the new key pair using the device private key of the device key pair.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 23. A device as recited in claim 22, wherein said untampered state is certified by said certifying authority by:
    - signing a first certificate with said authority private key, said first certificate includes said device public key and at least one identifying property of said device; and
      
      issuing said first certificate which becomes available to a third party for use in establishing that said device is in said untarnpered state.
  - 24. A device as recited in claim 22, wherein said certifying authority is a manufacturer of said device.
  - 25. A device as recited in claim 22, wherein said device key pair is generated using an internal source of non-deterministic randomness.
  - 26. A device as recited in claim 22, wherein said device key pair is generated using an internal random number generator.
  - 27. A device as recited in claim 22, wherein said device key pair generator regenerates a new key pair in response to a predetermined event.
  - 28. A device as recited in claim 22, wherein said device has a chain of transition certificates, and said transition certificate is added to said chain of transition certificates.
  - 29. A device as recited in claim 22, wherein the secure device is issued a first certificate that has a finite life, and said recertification is performed at predetermined intervals prior to an end of said finite life.
  - 30. A device as recited in claim 29, wherein said device uses said device private key to sign said transition certificate which asserts a change from said public key to a new public key.
  - 31. A device as recited in claim 30, wherein said transition certificates are shown to be rooted in said first certificate so as to maintain said untampered state.
  - 32. A device as recited in claim 22, further comprising a recertifier for enabling said certifying authority to recertify said device.

33. A method for a certifying authority to certify an untampered state of a device, said method comprising:
- providing a tamper circuit being responsive to a tampering phenomenon;
  
  a certifying authority determining an occurrence of said phenomenon, said certifying authority having an authority public key known to said device;
  
  generating a device key pair for said device, said device key pair including a device private key and a device public key which are stored in said memory;
  
  exporting said device public key to said certifying authority;
  
  enabling said certifying authority to perform a verification that said device public key emerged from said device, and that said device was not attacked by said tampering phenomenon, and whereupon said verification being successful said certifying authority certifying that said device is in an untampered state;
  
  regenerating a new key pair in response to a predetermined event; and
  
  digitally signing a public key of the new key pair using the device private key of the device key pair.
- View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
- - 34. A method as in claim 33, wherein said certifying authority is a manufacture of the device.
  - 35. A method as in claim 33, wherein said step of generating is performed internal to said device.
  - 36. A method as in claim 35, wherein said step of generating is performed by a random key pair generator.
  - 37. A method as in claim 33, further comprising ensuring that said device certificate is available to a user to whom the device wishes to be authenticated.
  - 38. A method as in claim 37, wherein said step of ensuring is implemented by the certifying authority sending said certificate to the device.
  - 39. A method as in claim 37, further comprising said device authenticating that said certificate came from said certifying authority.
  - 40. A method as in claim 39, wherein said step of authenticating is implemented using a secret key authenticating technique.

41. A device having an input and an output, said device comprising:
- a memory;
  
  said certifying authority having an authority public key known to said device;
  
  a key pair generator which generates a device key pair for said device, said device key pair includes a device private key and a device public key which are stored in said memory, said device key pair generator is capable of exporting said device public key via said output to said certifying authority such that said certifying authority is enabled to perform a verification that said device public key emerged from said device, wherein said device key pair generator regenerates a new key pair in response to a predetermined event; and
  
  wherein said device digitally signs a public key of the new key pair using the device private key of the device key pair.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51)
- - 42. A device as recited in claim 41, wherein said untampered state is certified by said certifying authority by:
    - signing a first certificate with said authority private key, said first certificate includes said device public key and at least one identifying property of said device; and
      
      issuing said first certificate which becomes available to a third party for use in establishing that said device i s in said untampered state.
  - 43. A device as recited in claim 41, wherein said certifying authority is a manufacturer of said device.
  - 44. A device as recited in claim 41, wherein said device key pair is generated using an internal source of non-deterministic randomness.
  - 45. A device as recited in claim 41, wherein said device key pair is generated using an internal random number generator.
  - 46. A device as recited in claim 41, wherein said device key pair generator regenerates a new key pair in response to a predetermined event.
  - 47. A device as recited in claim 41, wherein said device has a chain of transition certificates, and said transition certificate is added to said chain of transition certificates.
  - 48. A device as recited in claim 41, wherein the secure device is issued a first certificate that has a finite life, and said recertification is performed at predetermined intervals prior to an end of said finite life.
  - 49. A device as recited in claim 48, wherein said device uses said device private key to sign said transition certificate which asserts a change from said public key to a new public key.
  - 50. A device as recited in claim 49, wherein said transition certificates are shown to be rooted in said first certificate so as to maintain said untampered state.
  - 51. A device as recited in claim 41, further comprising a recertifier for enabling said certifying authority to recertify said device.

52. A device comprising:
- a tamper responsive circuit;
  
  a certifying authority;
  
  a first key pair generator for generating a public key made available to a plurality of third party users, and for generating a private key retained in said memory;
  
  a certification circuit for exporting said public key to said certifying authority such as to enable said certifying authority to verify said public key, to certify that said public key emerged from said device, and to certify that said device is untampered; and
  
  a key pair regenerator for forming a new key pair, upon an occurrence of a predetermined event, where said key pair includes a new public key and a new private key.

53. A method for a certifying authority to certify an untampered state of a device, said method comprising:
- a certifying authority having an authority public key known to said device;
  
  generating a device key pair for said device, said device key pair including a device private key and a device public key which are stored in said memory;
  
  exporting said device public key to said certifying authority;
  
  enabling said certifying authority to perform a verification that said device public key emerged from said device, regenerating a new key pair in response to a predetermined event; and
  
  digitally signing a public key of the new key pair using the device private key of the device key pair.
- View Dependent Claims (54, 55, 56, 57, 58, 59, 60)
- - 54. A method as in claim 53, wherein said certifying authority is a manufacture of the device.
  - 55. A method as in claim 53, wherein said step of generating is performed internal to said device.
  - 56. A method as in claim 55, wherein said step of generating is performed by a random key pair generator.
  - 57. A method as in claim 53, further comprising ensuring that said device certificate is available to a user to whom the device wishes to be authenticated.
  - 58. A method as in claim 57, wherein said step of ensuring is implemented by the certifying authority sending said certificate to the device.
  - 59. A method as in claim 58, further comprising said device authenticating that said certificate came from said certifying authority.
  - 60. A method as in claim 59, wherein said step of authenticating is implemented using a secret key authenticating technique.

61. A device having an input and an output, said device comprising:
- a memory;
  
  a tamper circuit coupled to said memory and being responsive to a tampering phenomenon, such that a certifying authority can determine an occurrence of said phenomenon, said certifying authority having an authority public key known to said device;
  
  a key pair generator which generates a device key pair for said device, said device key pair includes a device private key and a device public key which are stored in said memory, said device key pair generator is capable of exporting said device public key via said output to said certifying authority such that said certifying authority is enabled to perform a verification that said device public key emerged from said device, and that said device was not attacked by said tampering phenomenon, and whereupon said verification being successful said certifying authority is able to certify that said device is in an untampered state, wherein said device key pair generator regenerates a new key pair in response to a predetermined event; and
  
  a transition certificate which certifies an authenticity of said new key pair.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76)
- - 62. A device as recited in claim 61, wherein said untampered state is certified by said certifying authority by:
    - signing a first certificate with said authority private key, said first certificate includes said device public key and at least one identifying property of said device; and
      
      issuing said first certificate which becomes available to a third party for use in establishing that said device is in said untampered state.
  - 63. A device as recited in claim 61, wherein said certifying authority is a manufacturer of said device.
  - 64. A device as recited in claim 61, wherein said device key pair is generated using an internal source of non-deterministic randomness.
  - 65. A device as recited in claim 61, further comprising a verifier for outputting a proof of its being in said untampered state, by exhibiting a knowledge of said device key pair.
  - 66. A device as recited in claim 61, wherein said device key pair generator regenerates a new key pair in response to a predetermined event.
  - 67. A device as recited in claim 61, wherein said device has a chain of transition certificates, and said transition certificate is added to said chain of transition certificates.
  - 68. A device as recited in claim 61, further comprising a zeroizing circuit capable of erasing a portion of said memory upon said tamper circuit detecting an occurrence of said tampering phenomenon.
  - 69. A device as recited in claim 68, wherein said memory includes all non-volatile memory in said device.
  - 70. A device as recited in claim 61, further comprising a recertifier for enabling said certifying authority to authenticate said untampered state, provide a recertification of said untampered state, and attest to said public key.
  - 71. A device as recited in claim 70, wherein said first certificate has a finite life, and said recertification is performed at predetermined intervals prior to an end of said finite life.
  - 72. A device as recited in claim 61, wherein said device uses said device private key to sign said transition certificate which asserts a change from said public key to a new public key.
  - 73. A apparatus as recited in claim 72, wherein said transition certificates are shown to be rooted in said first certificate so as to maintain said untampered state.
  - 74. A device as recited in claim 73, further comprising a recertifier for enabling said certifying authority to recertify said device.
  - 75. A device as recited in claim 74, wherein said recertifier authenticates said untampered state, provides a recertification of said untampered state, and attests to said public key.
  - 76. A device as recited in claim 61, wherein said tampering phenomenon is such as to cause the device to undergo an action that triggers tamper-response zeroization.

77. A device having a memory which includes data required to be erased upon a tampering attempt, said device comprising:
- a tamper responsive circuit having an enabling capability;
  
  a certifying authority;
  
  an initialization circuit wherein said certifying authority enables said tamper responsive circuit using said enabling capability;
  
  a first key pair generator for generating a public key made available to a plurality of third party users, and for generating a private key retained in said memory;
  
  a certification circuit for exporting said public key to said certifying authority such as to enable said certifying authority to verify said public key, to certify that said public key emerged from said device, and to certify that said device is untampered; and
  
  a key pair regenerator for forming a new key pair, upon an occurrence of a predetermined event, where said key pair includes a new public key and a new private key.
- View Dependent Claims (78, 79, 80, 81, 82)
- - 78. A device as in claim 77, further comprises a recertifier for exporting said new public key to said certifying authority such as to enable said certifying authority to verify said new public key and certify that said new public key emerged from said device and that said device is untampered.
  - 79. A device as in claim 77, wherein at least a portion of said memory is zeroized upon said tamper responsive circuit detecting a tampering event.
  - 80. A device as in claim 79, wherein said device further comprises a memory disaster protection circuit for stopping an attacker from impersonating said device.
  - 81. A device as in claim 79, further comprising a re-initialization circuit for reinitializing said device to an operative state following said device being zeroized in response to said tampering event.
  - 82. A device as in claim 79, wherein said reinitialization circuit employs symmetric keys.

83. A method for a certifying authority to certify an untampered state of a device, said method comprising:
- providing a tamper circuit being responsive to a tampering phenomenon;
  
  a certifying authority determining an occurrence of said phenomenon, said certifying authority having an authority public key known to said device;
  
  generating a device key pair for said device, said device key pair including a device private key and a device public key which are stored in said memory;
  
  exporting said device public key to said certifying authority;
  
  enabling said certifying authority to perform a verification that said device public key emerged from said device, and that said device was not attacked by said tampering phenomenon, and whereupon said verification being successful said certifying authority certifying that said device is in an untampered state;
  
  regenerating a new key pair in response to a predetermined event; and
  
  generating a transition certificate certifying authenticity of said new key pair.
- View Dependent Claims (84, 85, 86, 87, 88, 89, 90)
- - 84. A method as in claim 83, wherein said certifying authority is a manufacturer of the device.
  - 85. A method as in claim 83, wherein said step of generating is performed internal to said device.
  - 86. A method as in claim 85, wherein said step of generating is performed by a random key pair generator.
  - 87. A method as in claim 83, further comprising ensuring that said device certificate is available to a user to whom the device wishes to be authenticated.
  - 88. A method as in claim 87, wherein said step of ensuring is implemented by the certifying authority sending said certificate to the device.
  - 89. A method as in claim 88, further comprising said device authenticating that said certificate came from said certifying authority.
  - 90. A method as in claim 89, wherein said step of authenticating is implemented using a secret key authenticating technique.

91. A method for certifying a device, comprising:
- generating a first key pair for said device, said first key pair including a first private key and a first public key;
  
  exporting said first public key to a certifying authority;
  
  said certifying authority certifying said device; and
  
  generating a second key pair in response to a predetermined event, the second key pair including a second private key and a second public key.

92. A method for certifying a device, comprising:
- generating a first key pair for said device, said first key pair including a first private key and a first public key;
  
  exporting said first public key to a certifying authority;
  
  said certifying authority certifying said device;
  
  generating a second key pair in response to a predetermined event, the second key pair including a second private key and a second public key; and
  
  digitally signing data comprising the second public key with the first private key.
- View Dependent Claims (93, 94, 95, 96, 97, 98, 99, 100, 101)
- - 93. A method as recited in claim 92, wherein said certifying is provided by:
    - signing a first certificate with an authority private key, said first certificate includes said first public key and at least one identifying property of said device; and
      
      issuing said first certificate which becomes available to a third party for use in establishing that said device is in said untampered state.
  - 94. The method as recited in claim 92, wherein said certifying authority is a manufacturer of said device.
  - 95. The method as recited in claim 92, wherein said first and second device key pairs are generated using an internal source of non-deterministic randomness.
  - 96. The method as recited in claim 92, wherein said first and second device key pairs are generated using an internal random number generator.
  - 97. The method as recited in claim 92, wherein said device has a chain of transition certificates, and a transition certificate is added to said chain of transition certificates.
  - 98. The method as recited in claim 97, wherein said transition certificates are shown to be rooted in said first certificate so as to maintain said untampered state.
  - 99. The method as recited in claim 92, wherein the device is issued a first certificate that has a finite life, and recertification is performed at predetermined intervals prior to an end of said finite life.
  - 100. The method as recited in claim 99, wherein said device uses said second private key to sign a transition certificate which asserts a change from said first public key to said second public key.
  - 101. The method as recited in claim 92, further comprising a recertifier for enabling said certifying authority to recertify said device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citibank NA (Citigroup Incorporated)
Original Assignee
Citibank NA (Citigroup Incorporated)
Inventors
Rosen, Sholom S.

Granted Patent

US 7,269,256 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/187
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/06   Private payment circuits, e...

G06Q 20/10   specially adapted for elect...

G06Q 20/12   specially adapted for elect...

G06Q 20/26   Debit schemes, e.g. "pay now"

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/381   Currency conversion

G06Q 30/06   Buying, selling or leasing ...

G06Q 40/02   Banking, e.g. interest calc...

G07F 17/16   for devices exhibiting adve...

G07F 19/211   Software architecture withi...

G07F 7/082   Features insuring the integ...

G07F 7/0866   by active credit-cards adap...

G07F 7/1008   Active credit-cards provide...

Electronic-monetary system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

101 Claims

Specification

Solutions

Use Cases

Quick Links

Electronic-monetary system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

101 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links