Secure Identity Binding (SIB)

US 20100303230A1
Filed: 03/05/2010
Published: 12/02/2010
Est. Priority Date: 05/29/2009
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a tag having a machine readable tag identifier (Tag ID) configured to be read by a reader; and

a device to be identified by the tag, wherein;

the device is configured to communicate with the reader;

the device has access to a secure Tag ID; and

the device communicates a verification to the reader if the machine readable Tag ID communicated to the device from the reader matches the secure Tag ID.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes a tag having a machine readable tag identifier (Tag ID) configured to be read by a reader; and a device to be identified by the tag, in which: the device is configured to communicate with the reader; the device has access to a secure Tag ID; and the device communicates a verification to the reader if the machine readable Tag ID communicated to the device from the reader matches the secure Tag ID. A method includes: reading a Tag ID from a tag attached to a device; communicating the Tag ID read from the tag to the device; comparing a secure Tag ID of the device to the Tag ID read from the tag; and responding with a “match” or “no-match” message from the device, according to which the device is either trusted or not trusted as being identified by the Tag ID. A method of verifying a trusted agent (TA) on a device includes: storing a digital signature of the TA in a secure vault of the device; and verifying the TA by verifying the digital signature of the TA each time the TA is used.

Citations

20 Claims

1. A system comprising:
- a tag having a machine readable tag identifier (Tag ID) configured to be read by a reader; and
  
  a device to be identified by the tag, wherein;
  
  the device is configured to communicate with the reader;
  
  the device has access to a secure Tag ID; and
  
  the device communicates a verification to the reader if the machine readable Tag ID communicated to the device from the reader matches the secure Tag ID.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein:
    - the device further comprises a secure vault, andthe secure Tag ID is the machine readable Tag ID which has been read and stored in the secure vault of the device.
  - 3. The system of claim 1, wherein:
    - the secure Tag ID is the machine readable Tag ID which has been read and stored in a financial service provider (FSP) infrastructure; and
      
      the FSP communicates identifying information about the device to the reader if the machine readable Tag ID communicated to the device from the reader matches the secure Tag ID.
  - 4. The system of claim 1, further comprising:
    - a secure vault included in the device;
      
      a trusted agent (TA) included in the device;
      
      a digital signature of the TA, wherein;
      
      the digital signature is stored in the secure vault; and
      
      a hash of a public key is stored in the secure vault, wherein;
      
      the hash is used to verify the public key; and
      
      the public key is used for verifying the digital signature; and
      
      a software component V for verifying the digital signature, wherein the V is stored in the secure vault.
  - 5. The system of claim 1, further comprising:
    - a trusted agent (TA) included in the device; and
      
      a trusted entity, wherein;
      
      the trusted entity has a public key;
      
      the trusted entity provides a digital signature for the TA, the digital signature verifiable using the public key of the trusted entity.
  - 6. The system of claim 1, further comprising:
    - a secure vault included in the device, wherein;
      
      the secure Tag ID is protected by the secure vault;
      
      a trusted agent (TA) included in the device;
      
      a digital signature of the TA provided by a trusted entity, wherein;
      
      the digital signature of the TA is stored in the secure vault;
      
      the trusted entity has a public key;
      
      the trusted entity provides a digital signature for the TA, the digital signature verifiable using the public key of the trusted entity;
      
      a hash of the public key, wherein;
      
      the hash of the public key is stored in the secure vault;
      
      the hash is used to verify the public key; and
      
      the public key is used for verifying the digital signature; and
      
      a software component V for verifying the digital signature, wherein;
      
      the V is stored in the secure vault; and
      
      the TA has access to the secure Tag ID if and only if V verifies the digital signature of the TA.
  - 7. The system of claim 1, wherein the tag is incorporated in the device.

8. A method comprising:
- reading a Tag ID from a tag that is attached to a device;
  
  communicating to the device the Tag ID that was read from the tag;
  
  comparing a secure Tag ID belonging to the device to the Tag ID read from the tag; and
  
  responding;
  
  with a “
  
  match”
  
  message from the device if the comparison finds a match, wherein the device is trusted as being identified by the Tag ID; and
  
  with a “
  
  no-match”
  
  message from the device if the comparison does not find a match, wherein the device is not trusted as being identified by the Tag ID.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. The method of claim 8, further comprising:
    - verifying the integrity of a trusted agent (TA); and
      
      using the TA to store the Tag ID read from the tag in a secure vault of the device.
  - 10. The method of claim 8, further comprising:
    - storing the Tag ID read from the tag in a financial service provider (FSP) infrastructure; and
      
      communicating identifying information about the device if the Tag ID read from the tag and communicated to the device matches the Tag ID stored in the FSP infrastructure.
  - 11. The method of claim 8, further comprising:
    - putting a trusted agent (TA) on the device;
      
      storing a digital signature of the TA in a secure vault of the device, wherein the digital signature is verifiable using a public key;
      
      storing a software component V in the secure vault; and
      
      verifying the TA by executing V to verify the digital signature using the public key.
  - 12. The method of claim 8, further comprising:
    - putting a trusted agent (TA) on the device;
      
      storing a digital signature of the TA in a secure vault of the device, wherein the digital signature is verifiable using a public key;
      
      storing a hash of the public key in the secure vault′
      
      storing a software component V in the secure vault; and
      
      verifying the TA by;
      
      verifying the public key by calculating the hash of the public key and comparing to the hash of the public key stored in the secure vault; and
      
      executing V to and verify the digital signature using the verified public key.
  - 13. The method of claim 8, further comprising:
    - putting a trusted agent (TA) on the device; and
      
      wherein;
      
      the communicating comprises communicating the Tag ID to the TA; and
      
      the TA is verified before comparing the secure Tag ID of the device to the Tag ID read from the tag.
  - 14. The method of claim 8, further comprising:
    - if the comparison does not find a match, responding by putting the device on a hold state.
  - 15. The method of claim 8, further comprising:
    - associating the tag having the Tag ID to the device so that the tag remains in physical proximity to the device.

16. A method of verifying a trusted agent (TA) on a device, the method comprising:
- storing a digital signature of the TA in a secure vault of the device; and
  
  verifying the TA by verifying the digital signature of the TA each time the TA is used.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, further comprising:
    - calculating a first hash function of the TA; and
      
      wherein;
      
      the digital signature of the TA comprises a digital signature of the first hash function of the TA.
  - 18. The method of claim 16, wherein:
    - the digital signature of the TA is provided by a trusted entity having a public key;
      
      a second hash function of the public key is calculated and stored in the secure vault of the device; and
      
      verifying the TA comprises verifying the public key by calculating the second hash function of the public key and comparing to the second hash function of the public key stored in the secure vault.
  - 19. The method of claim 16, further comprising:
    - storing a software component V in the secure vault of the device, and wherein;
      
      verifying the TA comprises executing V on the digital signature of a first hash function of the TA using a public key provided from a trusted entity, wherein a second hash function of the public key stored in the secure vault is used to verify the public key.
  - 20. The method of claim 19, wherein:
    - V returns an indication whether or not the TA is to be trusted, andTA is executed if and only if V has indicated that the TA is to be trusted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
eBay Inc.
Inventors
Nahari, Hadi, Taveau, Sebastien

Granted Patent

US 9,135,424 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/30
CPC Class Codes

G06F 21/35   communicating wirelessly

G06Q 20/02   involving a neutral party, ...

G06Q 20/32   using wireless devices

G06Q 20/3552   Downloading or loading of p...

G06Q 20/382   insuring higher security of...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/405   Establishing or using trans...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/805   Lightweight hardware, e.g. ...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

Secure Identity Binding (SIB)

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Identity Binding (SIB)

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links