System and method for creating a trusted network capable of facilitating secure open network transactions using batch credentials
First Claim
1. A method for deploying a trusted network capable of securely updating devices that allows for secure transactions over an open communications network, comprising the steps of:
- assigning a credential to a plurality of devices to be used in secure transactions over the open communications network;
storing a permanent manifest of the devices, relating each device to the credential assigned to the plurality of devices to which the device belongs;
maintaining a current list of devices approved to securely transact over the open communications network, each device being related in the current list of devices to the credential assigned to the plurality of devices to which the device belongs; and
verifying the validity of the credential associated with the plurality of devices to which each device being used in secure transactions over the open communications network belongs.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for creating a trusted network capable of facilitating secure transactions via an open network using batch credentials, such as batch PKI certificates, is presented. A certificate is bound to a group, or batch, or devices. This certificate is referenced by an activation authority upon processing a request for service by a device. Information regarding the device batch certificate is maintained in a permanent, or escrow, database. A user identity is bound to a device, as a device key is used to sign a user key created on the device in the presence of the user, and a copy of the device key is later used to decrypt the signed user key upon its transmission and receipt.
100 Citations
40 Claims
-
1. A method for deploying a trusted network capable of securely updating devices that allows for secure transactions over an open communications network, comprising the steps of:
-
assigning a credential to a plurality of devices to be used in secure transactions over the open communications network;
storing a permanent manifest of the devices, relating each device to the credential assigned to the plurality of devices to which the device belongs;
maintaining a current list of devices approved to securely transact over the open communications network, each device being related in the current list of devices to the credential assigned to the plurality of devices to which the device belongs; and
verifying the validity of the credential associated with the plurality of devices to which each device being used in secure transactions over the open communications network belongs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for binding a user'"'"'s identity to a device by creating a credential on a hardware device, comprising the steps of:
-
storing a device key pair, comprising a device public key and a device private key within a device;
generating a user key pair, comprising a user public key and a user private key, within the device;
signing the user public key using the device private key;
transmitting the signed user public key to a verification entity;
decrypting the signed user public key using a copy of the device public key retained by the verification entity. - View Dependent Claims (15, 16)
-
-
17. A method for effecting secure transactions via an open communications network, comprising the steps of:
-
assigning a credential to a plurality of devices to be used in secure transactions over the open communications network;
storing a permanent manifest relating each device of the plurality of devices to the credential assigned thereto;
maintaining a current list of devices approved to use the credential assigned to the plurality of devices, each device being related in the current list of devices to the credential assigned to the plurality of devices to which the device belongs;
performing a secure transaction via one of the devices using the credential assigned to the plurality of devices to which the device belongs;
verifying the validity of the credential of the device. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A method of associating a credential with a plurality of devices, comprising the steps of:
-
a manufacturer of the plurality of devices storing data regarding the plurality of devices;
a registration authority transmitting request data to a certification authority and requesting a credential for the plurality of devices;
the certification authority recording credential data to be associated with the plurality of devices and issuing a credential for the plurality of devices;
the certification authority providing the credential to the manufacturer; and
the manufacturer providing each of the plurality of devices having the credential associated therewith to a plurality of users. - View Dependent Claims (25, 26)
-
-
27. A method for activating a device for performing secure transactions over an open network, comprising the steps of:
-
requesting activation of service, by way of a request, on behalf of the device;
generating an indication of whether or not the request of activation of service was granted;
if the request is granted, authenticating the device; and
storing the authentication result in a user database. - View Dependent Claims (28, 29, 30)
-
-
31. A system for activation of services for a device over an open communications network, comprising:
-
an activation authority configured to request activation of a device, on behalf of the device;
a certification authority for certifying a credential of the device for which activation is requested by the activation authority;
a certification storage device for storing information regarding credentials for a plurality of devices;
a registration authority configured to request certification of a device from the certification authority;
a user database accessible to the registration authority and to the activation authority configured to store information regarding users associated with the plurality of devices; and
a device database accessible to the activation authority for maintaining information regarding the plurality of devices. - View Dependent Claims (32)
-
-
33. A system capable of securely updating devices that allow for secure transactions over an open network, comprising:
-
a manufacturer that manufactures a plurality of devices;
an activation authority configured to request activation of each of the plurality of devices;
a device certification authority configured to issue a credential for the plurality of devices;
a device registration authority for requesting a credential for the plurality of devices from the device certification authority;
a user certification authority configured to issue a credential for users of the plurality of devices;
a user registration authority for requesting a credential for the users of the plurality of devices from the user certification authority. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40)
-
Specification