ACCOUNT-BASED DIGITAL SIGNATURE (ABDS) SYSTEM USING BIOMETRICS
First Claim
1. In an account-based digital signature system in which an account holder maintains an account with an account authority, the account being identified by a unique identifier, the account holder having a device that stores securely therein a private key of a public-private key pair and that is adapted to generate digital signatures using the private key, the account authority maintaining a database in which the public key is associated with the account of the account holder, wherein the public key is obtainable from the database based on the unique identifier, a method of authenticating a message that is purportedly sent from the account holder, comprising the steps of:
- (a) receiving an electronic communication that includes the message, the unique identifier, and a digital signature of the message, wherein the message includes a verification status, wherein the verification status is generated by the device based on a comparison of biometric verification data provided to the device with biometric verification data of the account holder prestored within the device, the verification status not disclosing (i) personally-identifying information about the account holder, (ii) the biometric verification data input into the device, or (iii) the prestored biometric verification data;
(b) based on the unique identifier from the message, obtaining the associated public key from the database;
(c) decrypting the digital signature using the public key obtained from the database to verify that the message was digitally signed using the private key and that the message received is the same message that was digitally signed; and
(d) if the digital signature successfully decrypts, acting upon the message as a function of the verification status included in the message.
7 Assignments
0 Petitions
Accused Products
Abstract
A method of authenticating a message that is purportedly sent from an account holder having a device that digitally signs messages using a unique private key includes receiving the message, a unique identifier associated with an account of the account holder maintained by an account authority, and a digital signature of the message, the message including a verification status generated by the device based on a comparison of biometric verification data provided to the device with biometric verification data of the account holder prestored within the device, verifying that the message was digitally signed using the private key, and if the digital signature successfully decrypts, acting upon the message as a function of the verification status included in the message and wherein the biometric verification data is a digital representation of a finger print, a retina scan, a facial scan, DNA, or a voice print of the account holder.
110 Citations
20 Claims
-
1. In an account-based digital signature system in which an account holder maintains an account with an account authority, the account being identified by a unique identifier, the account holder having a device that stores securely therein a private key of a public-private key pair and that is adapted to generate digital signatures using the private key, the account authority maintaining a database in which the public key is associated with the account of the account holder, wherein the public key is obtainable from the database based on the unique identifier, a method of authenticating a message that is purportedly sent from the account holder, comprising the steps of:
-
(a) receiving an electronic communication that includes the message, the unique identifier, and a digital signature of the message, wherein the message includes a verification status, wherein the verification status is generated by the device based on a comparison of biometric verification data provided to the device with biometric verification data of the account holder prestored within the device, the verification status not disclosing (i) personally-identifying information about the account holder, (ii) the biometric verification data input into the device, or (iii) the prestored biometric verification data;
(b) based on the unique identifier from the message, obtaining the associated public key from the database;
(c) decrypting the digital signature using the public key obtained from the database to verify that the message was digitally signed using the private key and that the message received is the same message that was digitally signed; and
(d) if the digital signature successfully decrypts, acting upon the message as a function of the verification status included in the message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. In an account-based digital signature system in which an account holder maintains an account with an account authority, the account being identified by a unique identifier, a method of authenticating a message regarding the account, comprising the steps of:
-
(a) providing the account holder with a device that stores securely therein a private key of a public-private key pair, the device being adapted to generate digital signatures using the private key;
(b) storing biometric data of the account holder securely within the device, the device further being adapted to generate a verification status upon request based on a comparison of biometric verification data contemporaneously provided to the device with biometric verification data of the account holder prestored within the device, the verification status not disclosing (i) personally-identifying information about the account holder, (ii) the biometric verification data input into the device, or (iii) the prestored biometric verification data;
(c) associating the public key, but not the private key, of the public-private key pair with the account of the account holder in a database maintained by the account authority, wherein the public key is obtainable from the database based on the unique identifier; and
(d) thereafter, in response to receipt of an electronic communication that includes the message, the unique identifier, and a digital signature of the message, wherein the message includes the verification status generated by the device;
(i) based on the unique identifier from the message, obtaining the associated public key from the database;
(ii) decrypting the digital signature using the public key obtained from the database to verify that the message was digitally signed using the private key and that the message received is the same message that was digitally signed; and
(iii) if the digital signature successfully decrypts, acting upon the message as a function of the verification status included in the message. - View Dependent Claims (18, 19, 20)
-
Specification