Linking public key of device to information during manufacture
First Claim
1. A method in which information of a device that generates digital signatures is reliably identified, comprising the steps of:
- (a) for each of a plurality of devices manufactured in an environment, (i) creating a public-private key pair within the environment, (ii) linking within the environment in a secure manner the public key with other information associated with the device, and (iii) before release of the device from the environment, storing the private key within the device for utilization in generating a digital signature for an electronic message; and
(b) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the other information associated with said linked public key as pertaining to the device to which belongs the private key utilized in digitally signing the message.
8 Assignments
0 Petitions
Accused Products
Abstract
A method in which information pertaining to a device (104) generating digital signatures (122) is reliably identified includes manufacturing (102) devices in a secure environment (114) and for each device (104) before it is released from the secure environment: creating a public-private key pair (116, 118); storing the private key (116) within the device (104) for utilization in generating a digital signature (122) for a message (122); and linking the public key (118) to a Security Profile (120) of the device (104). The devices (104) then are released from the secure environment (114) and a digital signature (122) is received from somewhere (108) in the world (106). The message (122) is authenticated using a suspect public key (124) and the suspect public key (124) is compared with the linked 114 public keys (118). A Security Profile (120) of the genuine device (104) to which belongs the private key (116) used in generating the digital signature (122) is identified when the public key (124) matches a linked public key (118). A risk that the message (122) is fraudulently signed is determined.
153 Citations
90 Claims
-
1. A method in which information of a device that generates digital signatures is reliably identified, comprising the steps of:
-
(a) for each of a plurality of devices manufactured in an environment, (i) creating a public-private key pair within the environment, (ii) linking within the environment in a secure manner the public key with other information associated with the device, and (iii) before release of the device from the environment, storing the private key within the device for utilization in generating a digital signature for an electronic message; and
(b) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the other information associated with said linked public key as pertaining to the device to which belongs the private key utilized in digitally signing the message. - View Dependent Claims (2, 3, 4, 5, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63)
-
-
6. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of
(a) maintaining the database in a secure environment; -
(b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together; and
(c) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message. - View Dependent Claims (7, 8, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
9. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
-
(a) maintaining the database in a secure environment, (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together; and
(c) communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices. - View Dependent Claims (10, 11, 12, 13)
-
-
22. A method of providing for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
-
(a) for each of a plurality of devices manufactured in a secure environment, recording together the public key with a Security Profile of the manufactured device and generating a digital signature therefor to collectively define a Security Certificate, the public key and Security Profile thereby being securely linked together; and
(b) before each manufactured device is released from the secure environment, incorporating its respective Security Certificate into the manufactured device such that the Security Certificate is sent with a digital signature that is generated by the manufactured device using the private key. - View Dependent Claims (23, 24, 39)
-
-
64. A method of establishing an initial PuK-linked account database, comprising the steps of:
-
(a) maintaining the database in a secure environment;
(b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and m association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being linked together, (c) distributing the manufactured devices from the secure environment to a plurality of users; and
(d) identifying the database records of said distributed devices as the initial PuK-linked account database of the users. - View Dependent Claims (65, 66, 67, 68, 69, 70, 71, 72)
-
-
73. A method of establishing an initial PuK-linked account database record of a user with each one of a plurality of third-parties, comprising the steps of:
-
(a) manufacturing devices in a secure environment;
(b) for each manufactured device, (i) generating a pair of keys used in asymmetric cryptography, (ii) before it is released from the secure environment, storing one of the keys within the manufactured device for utilization in generating a digital signature for an electronic message, (iii) recording the other key and other information in a secure database maintained within the secure environment;
(c) distributing one of the manufactured devices from the secure environment to the user; and
(d) identifying the database record of said distributed manufactured device to each one of the third-parties as the initial PuK-linked account database record of the user. - View Dependent Claims (74, 75, 76, 77, 78, 79, 80, 81, 82, 83)
-
-
84. A method of manufacturing devices that generate digital signatures such that each device may be reliably and uniquely identified, the devices being manufactured within a secure environment, comprising the steps of:
-
(a) creating a public-private key pair within the secure environment;
(b) storing the private key within the device against the possibility of divulgement thereof by the device; and
(c) securely linking the public key with other information within the secure environment. - View Dependent Claims (85, 86, 87, 88, 89, 90)
-
Specification