Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones

US 20130061055A1
Filed: 10/25/2012
Published: 03/07/2013
Est. Priority Date: 11/08/2007
Status: Abandoned Application

First Claim

Patent Images

1. A computerized method for creating a virtual smartcard, resident in network storage, for an individual based on a physical credential applicable to the individual, the method comprising:

receiving, over a communications network, credential data derived from the physical credential;

receiving, over the communications network, authentication data pertinent to the individual; and

creating a virtual smartcard for the individual by storing the credential data in association with the authentication data in the network storage, so that the credential data of the virtual smartcard can be accessed by a networking device operated by the individual, over the communications network, upon communication of the authentication data pertinent to the individual,wherein the network storage also stores credential data of other individuals in association with authentication data pertinent to the other individuals, so that the credential data of each other individual may be accessed by a networking device operated by such other individual, over the communications network, upon communication of the authentication data pertinent to such other individual.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A virtual smartcard and methods for creating the same are provided. A virtual smartcard is a set of computer-implemented processes, associated with an individual, which simulate the behavior of a physical smartcard or other authentication token containing a hardware security module. In one embodiment, a computer receives credential data derived from the physical credential and authentication data pertinent to the individual such as a biometric imprint, and creates a virtual smartcard by storing the credential data in association with the authentication data in a network storage. The credential data may later be used for identification and encryption purposes upon the individual providing the authentication data to the network storage, even if the physical credential itself has been lost. Thus, the virtual smartcard provides a network-based method for backing up a passport, driver'"'"'s license, credit card, public transportation card, or other such identification card or device.

130 Citations

16 Claims

1. A computerized method for creating a virtual smartcard, resident in network storage, for an individual based on a physical credential applicable to the individual, the method comprising:
- receiving, over a communications network, credential data derived from the physical credential;
  
  receiving, over the communications network, authentication data pertinent to the individual; and
  
  creating a virtual smartcard for the individual by storing the credential data in association with the authentication data in the network storage, so that the credential data of the virtual smartcard can be accessed by a networking device operated by the individual, over the communications network, upon communication of the authentication data pertinent to the individual,wherein the network storage also stores credential data of other individuals in association with authentication data pertinent to the other individuals, so that the credential data of each other individual may be accessed by a networking device operated by such other individual, over the communications network, upon communication of the authentication data pertinent to such other individual.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein the physical credential is selected from the group consisting of a passport, a birth certificate, a Transportation Worker Identification Credential (TWIC), a smartcard, a driver'"'"'s license, a pilot'"'"'s certificate, an identification card, an organization membership card, an insurance card, a credit card, a debit card, a store discount card, a public transportation card, and a library card.
  - 3. The method according to claim 1, wherein the authentication data are selected from the group consisting of:
    - a physical authentication token, biometric data and a secret known only to the individual, or a combination of these.
  - 4. The method according to claim 1, wherein the credential data derived from the physical credential include a private key stored within a physical smartcard of the individual.
  - 5. The method according to claim 4, wherein the virtual smartcard has a set of public and private keys different from those of the physical smartcard to which it is associated.
  - 6. The method according to claim 5, wherein the set of public and private keys of the virtual smartcard enable it to simulate a cryptographic function of the physical smartcard.
  - 7. The method according to claim 1, wherein the network storage comprises a federated storage network of a data service provider.
  - 8. The method according to claim 1, wherein the networking device operated by the individual is a smart phone, a personal digital assistant, or a laptop computer.

9. A computerized method for creating a virtual smartcard, resident in network storage, for an individual based on a physical smartcard in a mobile electronic device of the individual, the physical smartcard having a hardware security module that performs cryptographic operations, the physical smartcard storing a private cryptographic key for use in a public/private encryption system, the method comprising:
- receiving from the mobile electronic device, over a communications network, the private cryptographic key;
  
  receiving from the mobile electronic device, over the communications network, authentication data pertinent to the individual; and
  
  creating a virtual smartcard for the individual by storing the private cryptographic key in association with the authentication data in the network storage, the virtual smartcard being configured to simulate the cryptographic operations of the hardware security module of the physical smartcard, so that a cryptographic operation requiring use of the private cryptographic key may be accessed by a networking device operated by the individual, over the communications network, only upon communication of the authentication data pertinent to the individual; and
  
  wherein the network storage also stores credential data of other individuals in association with authentication data pertinent to the other individuals, so that the credential data of each other individual may be accessed by a networking device operated by such other individual, over the communications network, upon communication of the authentication data pertinent to such other individual.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method according to claim 9, wherein the authentication data are selected from the group consisting of:
    - a physical authentication token, biometric data and a secret known only to the individual, or a combination of these.
  - 11. The method according to claim 9, wherein the credential data derived from the physical credential include a private key generated within a physical smartcard of the individual.
  - 12. The method according to claim 11, wherein the virtual smartcard has a set of public and private keys different from those of the physical smartcard to which it is associated.
  - 13. The method according to claim 12, wherein the set of public and private keys of the virtual smartcard enable it to simulate a cryptographic function of the physical smartcard.
  - 14. The method according to claim 9, wherein the network storage comprises a federated storage network of a data service provider.
  - 15. The method according to claim 9, wherein the mobile electronic device is a smart phone, a personal digital assistant, or a laptop computer.
  - 16. The method according to claim 9, wherein the cryptographic operation requiring use of the private cryptographic key includes decrypting time-critical communications, decrypting messages previously stored in an encrypted form, or authenticating the individual'"'"'s identity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
InferSpect, LLC
Original Assignee
SurlDx, Inc.
Inventors
Schibuk, Norman

Application Number

US13/660,573
Publication Number

US 20130061055A1
Time in Patent Office

Days
Field of Search
US Class Current

713/172
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06Q 20/223   based on the use of peer-to...

G06Q 20/322   Aspects of commerce using m...

G06Q 20/389   Keeping log of transactions...

G06Q 20/40   Authorisation, e.g. identif...

G06Q 20/4014   Identity check for transact...

G06Q 20/425   using two different network...

G07C 9/22   in combination with an iden...

H04L 63/0442   wherein the sending and rec...

H04L 63/0823   using certificates cryptogr...

Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

130 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

130 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others