SECURE PHYSICAL DISTRIBUTION OF A SECURITY TOKEN THROUGH A MOBILE TELEPHONY PROVIDER'S INFRASTRUCTURE

US 20080313457A1
Filed: 06/18/2007
Published: 12/18/2008
Est. Priority Date: 06/18/2007
Status: Active Grant

First Claim

Patent Images

1. A method for distributing public key infrastructure (PKI) certificates comprising:

receiving an electronically submitted user request for a PKI certificate from a remotely located computing device, wherein the user request is associated with a specific user;

determining one of a plurality of storefronts geographically located proximate to the specific user;

securely conveying a PKI certificate to the determined storefront along with a message indicating an identity of the specific user of the PKI certificate;

requiring a person physically present in the storefront who is attempting to pick-up the PKI certificate to produce personal identifying information; and

selectively delivering the PKI certificate at the storefront to the person present in the storefront depending upon whether the personal identifying information confirms the person is the specified user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a system and method of leveraging mobile telephone provider assets and distribution network to securely deliver security tokens, such as PKI certificates. The invention is not limited to using a mobile telephony infrastructure and other pre-existing distributions can also be used. In the invention, a user requested security token can be delivered to a storefront associated with a mobile telephone provider. The storefront can be one proximate to a requesting user. An optional activation key can also be conveyed to the requesting user. The requesting user can be required to physically travel to the storefront to receive the security token. At the storefront, an identity of the requesting user can be verified, such as through photo identification. The security token can be provided when the requesting user has been successfully verified. Use of the security token can still require activation involving the activation key.

Citations

20 Claims

1. A method for distributing public key infrastructure (PKI) certificates comprising:
- receiving an electronically submitted user request for a PKI certificate from a remotely located computing device, wherein the user request is associated with a specific user;
  
  determining one of a plurality of storefronts geographically located proximate to the specific user;
  
  securely conveying a PKI certificate to the determined storefront along with a message indicating an identity of the specific user of the PKI certificate;
  
  requiring a person physically present in the storefront who is attempting to pick-up the PKI certificate to produce personal identifying information; and
  
  selectively delivering the PKI certificate at the storefront to the person present in the storefront depending upon whether the personal identifying information confirms the person is the specified user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the storefront is a mobile telephone storefront, and wherein the specified user is a subscriber of a mobile telephony provider.
  - 3. The method of claim 2, wherein the PKI certificate is delivered to a memory space of a mobile telephone through which the specified user receives service from the mobile telephony provider, wherein the personal identifying information comprises an identifier of the mobile telephone, said method further comprising:
    - a machine present in the storefront digitally receiving the identifier from mobile phone;
      
      comparing the identifier with a recorded identifier of a telephone identified within records of the mobile telephony provider as being associated with the specific user, wherein the delivery of the PKI certificate is dependent upon the received identifier matching the recorded identifier.
  - 4. The method of claim 3, wherein the machine is a self-service kiosk present in the storefront.
  - 5. The method of claim 2, further comprising:
    - generating a personal identification number (PIN); and
      
      conveying the personal identification number (PIN) to a postal address that the mobile telephony provider has recorded for the specific user, wherein use of the delivered PKI certificate requires activation, wherein the activation requires the personal identification number (PIN) as input.
  - 6. The method of claim 5, wherein the personal identifying information comprises at least one photo identification document.
  - 7. The method of claim 1, further comprising:
    - submitting a PKI certificate request to a remotely located certificate authority; and
      
      receiving the PKI certificate from the certificate authority over a secure communication channel, wherein the received PKI certificate is the conveyed PKI certificate that is sent to the determined storefront.
  - 8. The method of claim 1, further comprising:
    - generating an activation key, wherein the PKI certificate of the delivering step requires the activation key for activation; and
      
      conveying the activation key to a postal address of the specific user.
  - 9. The method of claim 1, wherein the activation key is a personal identification number (PIN).
  - 10. The method of claim 8, wherein an entity associated with the plurality of storefronts has a pre-existing relationship with the specified user unrelated to the PKI certificate, wherein a recorded postal address for the specified user is maintained by the entity as part of the pre-existing relationship, and wherein the postal address to which the activation key is conveyed is the recorded postal address.
  - 11. The method of claim 8, wherein the plurality of storefronts are associated with a corporate entity, and wherein said plurality of storefronts comprise a plurality of storefronts geographically located in a plurality of states of the continental United States.
  - 12. The method of claim 8, further comprising:
    - activating the PKI certificate utilizing the activation key via a remotely located activation server.
  - 13. The method of claim 11, wherein subsequent use of the activated PKI certificate requires a confirmation of activation involving the activation server.

14. A PKI certificate distribution system comprising:
- a Web server configured to receive requests for PKI certificates from users via an unsecured network connection;
  
  a certificate authority server configured to generate PKI certificates;
  
  a plurality of storefronts, each comprising at least one storefront computing device; and
  
  a distribution server configured to manage the PKI certificate request, to securely obtain PKI certificates from the certificate authority server for each received request, and to securely convey the obtained PKI certificates to one of the storefront computing devices proximately located to a requesting user, and wherein requesting users are required to physically travel to the storefronts to which the PKI certificates are delivered where the requesting users are able to receive the requested PKI certificates after presenting identification information.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The distribution system of claim 14, wherein the distribution server is further configured to identify an activation key that is required for activation of the PKI certificate and to convey this activation key to a postal address of a user that requested the PKI certificate.
  - 16. The distribution system of claim 15, further comprising:
    - an authentication server configured to activate PKI certificate received from the storefronts in a de-activated state responsive to receiving a correct activation key from a user.
  - 17. The distribution system of claim 14, wherein the plurality of storefronts are storefronts of a mobile telephone service provider.
  - 18. The distribution system of claim 14, wherein the distribution server is a mobile telephony provider server, wherein the PKI certificates are only distributed to subscribers of the mobile telephone service provider, wherein subscriber specific information maintained by the mobile telephony provider is utilized to enhance security of the distribution system.

19. A method of leveraging mobile telephone provider assets to securely deliver security tokens comprising:
- distributing a user requested security token to a storefront associated with a mobile telephone provider, said storefront being a storefront proximate to a requesting user;
  
  conveying an activation key to the requesting user;
  
  requiring the requesting user to physically travel to the storefront to receive the security token;
  
  verifying an identity of the requesting user at the storefront; and
  
  providing the security token when the requesting user has been successfully verified, wherein the provided security token requires activation involving the activation key.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the security token is digitally conveyed to a memory store of a user'"'"'s mobile communication device, and wherein the security token is a PKI certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wrp IP Management, LLC
Original Assignee
International Business Machines Corporation
Inventors
ILECHKO, PAUL

Granted Patent

US 7,945,959 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/159
CPC Class Codes

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04W 12/04   Key management, e.g. using ...

H04W 12/06   Authentication

H04W 12/72   Subscriber identity

H04W 84/04   Large scale networks; Deep ...

SECURE PHYSICAL DISTRIBUTION OF A SECURITY TOKEN THROUGH A MOBILE TELEPHONY PROVIDER'S INFRASTRUCTURE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE PHYSICAL DISTRIBUTION OF A SECURITY TOKEN THROUGH A MOBILE TELEPHONY PROVIDER'S INFRASTRUCTURE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links