Person-centric account-based digital signature system
First Claim
1. A method of communicating electronically over a communications medium regarding accounts, comprising the steps of:
- (a) for a first account, (i) maintaining information pertaining to the first account in an account database such that the information is retrievable based on a first unique identifier, (ii) associating a public key of a public-private key pair with the first unique identifier, (iii) generating a digital signature for an electronic message using a private key of the public-private key pair, the electronic message including an instruction and the first unique identifier, (iv) authenticating the electronic message using the public key associated with the information identified by the first unique identifier, and (v) upon the successful authentication of the electronic message, executing the instruction with respect to the first account represented by the information that is identified by the first unique identifier; and
(b) for a second account, (i) maintaining information pertaining to the second account in an account database such that the information is retrievable based on a second unique identifier, (ii) associating the same public key that is associated with the first account with the second unique identifier, (iii) generating a digital signature for an electronic message using the private key of the public-private key pair, the electronic message including an instruction and the second unique identifier, (iv) authenticating the electronic message using the public key associated with the information identified by the second unique identifier, and (v) upon the successful authentication of the electronic message, executing the instruction with respect to the second account represented by the information that is identified by the second unique identifier.
8 Assignments
0 Petitions
Accused Products
Abstract
In a method of managing a database of existing accounts (214) for account holders (202), each account holder (202) has multiple accounts with one or more account authorities (212) for use of a single device with multiple accounts, with each account of each account holder being associated with a public key of a public-private key pair of that accuont holder. A record of information pertaining to all accounts of a particular account holder is maintained in a central location by a central key authority. The information for that account includes the public keys of that account holder. The central key authority transfers information from the record for an account holder to a new account authority for which that account holder desires to establish a new account; the central key authority also receives information from account authorities for inclusion in the record centrally maintained for that account holder.
215 Citations
155 Claims
-
1. A method of communicating electronically over a communications medium regarding accounts, comprising the steps of:
-
(a) for a first account, (i) maintaining information pertaining to the first account in an account database such that the information is retrievable based on a first unique identifier, (ii) associating a public key of a public-private key pair with the first unique identifier, (iii) generating a digital signature for an electronic message using a private key of the public-private key pair, the electronic message including an instruction and the first unique identifier, (iv) authenticating the electronic message using the public key associated with the information identified by the first unique identifier, and (v) upon the successful authentication of the electronic message, executing the instruction with respect to the first account represented by the information that is identified by the first unique identifier; and
(b) for a second account, (i) maintaining information pertaining to the second account in an account database such that the information is retrievable based on a second unique identifier, (ii) associating the same public key that is associated with the first account with the second unique identifier, (iii) generating a digital signature for an electronic message using the private key of the public-private key pair, the electronic message including an instruction and the second unique identifier, (iv) authenticating the electronic message using the public key associated with the information identified by the second unique identifier, and (v) upon the successful authentication of the electronic message, executing the instruction with respect to the second account represented by the information that is identified by the second unique identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 103, 104)
-
-
34. A method of requesting an account authority to execute an instruction with regard to an account maintained by the account authority, comprising the steps of:
-
(a) for a first account, (i) composing an electronic message including, (A) an instruction regarding the first account, and (B) a first unique identifier by which a first account authority identifies the first account from accounts maintained by the first account authority, (ii) digitally signing the electronic message using a private key of a public-private key pair for which the public key is associated by the first account authority with the first account, and (iii) sending the electronic message and digital signature to the first account authority over a communications medium; and
(b) for a second account, (i) composing an electronic message including, (A) an instruction regarding the second account, and (B) a second unique identifier by which a second account authority identifies the second account from accounts maintained by the second account authority, (ii) digitally signing the electronic message using the same private key of the public-private key pair for which the same public key is associated by the second account authority with the second account, and (iii) sending the electronic message and digital signature to the second account authority over a communications medium.
-
-
35. A method of managing accounts in a database, comprising the steps of:
-
(a) recording information pertaining to each of the accounts in the database;
(b) assigning a respective unique identifier to each account such that information pertaining to each respective account is retrievable from the database based on its unique identifier, and (c) associating the same public key of a public-private key pair with a plurality of unique identifiers.
-
-
36. A device used in communicating electronically over a communications medium regarding an account, the device including,
(a) a private key of a public-private key pair; (b) a plurality of unique account identifiers, each identifying an account maintained by an account authority with which the public key of the public-private key pair is associated. - View Dependent Claims (37, 38)
- 86. A method of managing a database of a central key authority for a plurality of account holders, each account holder having at least one account associated with a public key of a public-private key pair of that account holder, comprising maintaining for each account holder a record of information pertaining to the accounts of that account holder associated with the public keys of the account holder.
-
114. A method of maintaining a Central Key Authority (CKA) database, the CKA database comprising account information of users including:
-
(a) a public key of a user device that generates digital signatures, (b) third-party account identifiers each of which identifies to a third-party an account of the user that is maintained with the third-party and that has been associated with the user'"'"'s public key by the third-party. - View Dependent Claims (115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129)
-
-
130. A system of communicating electronically over a communications medium regarding an account, comprising the steps of:
-
(a) maintaining information pertaining to the account in a database such that the information is retrievable by a unique identifier, the information including security features of a device that generates digital signatures using a private key of a public-private key pair;
(b) associating the public key of the device with the unique identifier in the database;
(c) receiving an electronic communication including the unique identifier and a digital signature for a message generated by a suspect device;
(d) authenticating the message using the public key associated with the unique;
(e) upon successful authentication of the message, identifying the security features retrievable by the unique identifier as being the security features of the genuine device; and
(f) gauging the risk that said generated digital signature was fraudulently sent based on said identified security features of the genuine device. - View Dependent Claims (131, 132, 133, 134, 135, 136, 137, 138, 139, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155)
-
-
140. A method of managing a database for identification of security features of a device that generates digital signatures, comprising the steps of:
-
(a) recording in the database for each of a plurality of devices, (i) a public key of a pair of public-private keys of the device, and (ii) information including security features of the device, the security features being associated with the public key in the database; and
(b) identifying security features from the database to a recipient of an electronic message for which a digital signature was originated utilizing a private key of the public-private key pair of a particular one of the devices, the security features being for the particular device. - View Dependent Claims (141, 142, 143, 144)
-
Specification