System and method for self-identifying a portable information device to a computing unit

US 5,781,723 A
Filed: 06/03/1996
Issued: 07/14/1998
Est. Priority Date: 06/03/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for conducting a transaction between an electronic portable information device and a communicating agent, the portable information device having processing capabilities, memory, and an I/O interface, the portable information device further having a device class tag stored thereon which is indicative of a type of the portable information device, the method comprising the following steps:

forming an output string at the portable information device, the output string including at least a portion that is a result of a mathematical function involving the device class tag in which the device class tag is computationally difficult to deduce from the result;

exporting the output string from the portable information device to the communicating agent; and

identifying the type of the portable information device using the exported output string.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes a portable information device and a computing unit, and is architected to enable the portable information device to identify its type and properties to the computing unit. The portable information device has a processor and a memory. The memory stores a device class tag which is indicative of a type of the portable information device. When communication is established between the portable information device and the computing unit, the portable information device sends an initial message which includes a result of a mathematical operation involving the device class tag. The mathematical operation renders it computationally difficult or infeasible to deduce the device class tag from the result so that the device class tag is not exposed from the portable information device. The result might be a hash value of the device class tag which is derived using a hashing function, or data that has been signed using the device class tag as a private signing key. The computing unit uses the tag-related portion of the message to identify the type of the portable information device. The computing unit has access to a record which correlates the hash value or complementary device class public signing key (i.e., the complementary version of the device class tag when used as a private signing key) with the type of device, as well as with the device'"'"'s security properties and operating attributes. The computing unit cross-references the hash value or device class public signing key to determine the device type. The computing unit can be a certifying authority which issues a certificate confirming the identity and type of portable information device. The certificate is stored on the portable information device and presented thereafter to all communicating agents to identify the device type and attributes for transactions.

346 Citations

38 Claims

1. A method for conducting a transaction between an electronic portable information device and a communicating agent, the portable information device having processing capabilities, memory, and an I/O interface, the portable information device further having a device class tag stored thereon which is indicative of a type of the portable information device, the method comprising the following steps:
- forming an output string at the portable information device, the output string including at least a portion that is a result of a mathematical function involving the device class tag in which the device class tag is computationally difficult to deduce from the result;
  
  exporting the output string from the portable information device to the communicating agent; and
  
  identifying the type of the portable information device using the exported output string.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as recited in claim 1 wherein the forming step comprises the step of digitally signing a string using a cryptographic signing function in which the device class tag is a cryptographic signing key.
  - 3. A method as recited in claim 1 wherein the forming step comprises the steps of computing a hash value of the device class tag according to a hashing function and including the hash value or a function thereof as part of the output string.
  - 4. A method as recited in claim 1 further comprising the step of determining security properties associated with the identified type of the portable information device using the exported output string.
  - 5. A method as recited in claim 1 further comprising the step of determining operating attributes associated with the identified type of the portable information device using the exported output string.
  - 6. A method as recited in claim 1 wherein:
    - the forming step comprises the step of digitally signing a string using the device class tag as a device class private signing key of a device class public/private signing pair;
      
      the method further comprising the step of correlating a corresponding device class public signing key of the device class public/private signing pair with the type of the portable information device so that determination of the device class public signing key to unsign the output string leads to identification of the type of the portable information device.
  - 7. A method as recited in claim 1 wherein the communicating agent is a certifying authority, and further comprising the step of issuing a certificate from the certifying authority that contains, or is indicative of, the type of portable information device.

8. A method for producing a self-identifying portable infornation device, the portable information device having processing capabilities and memory, the method comprising the following steps:
- creating a device class tag, the device class tag having a complementary value which can be mathematically derived from the device class tag in a manner which renders the device class tag computationally difficult to deduce from the complementary value;
  
  electronically storing the device class tag in the memory of the portable information device; and
  
  correlating the complementary value with a type of the portable information device so that knowledge of the complementary value leads to identification of the type of the portable information device.
- View Dependent Claims (9, 10, 11, 12)
- - 9. A method as recited in claim 8 wherein the device class tag is a private signing key and the complementary value is a corresponding public signing key.
  - 10. A method as recited in claim 8 wherein the complementary value is a hash value resulting from transforming the device class tag according to a hashing function.
  - 11. A method as recited in claim 8 wherein the storing step comprises permanently embedding the device class tag in the portable information device.
  - 12. A method as recited in claim 8 further comprising distributing a list of correlated complementary values and types of portable information devices.

13. A method for identifying a type of portable information device, the portable information device having processing capabilities, memory, and an I/O interface, the portable information device further having a private device class signing key stored thereon which is indicative of a type of the portable information device, the method comprising the following steps:
- receiving a signed message from the portable information device, the message having been digitally signed using the private device class signing key on the portable information device;
  
  ascertaining a public signing key that is complementary to the private device class signing key and effective to unsign the message;
  
  using the public signing key to identify the type of the portable information device;
  
  determining security properties associated with the identified portable information device; and
  
  determining operating attributes associated with the identified portable information device.
- View Dependent Claims (14, 15, 16, 17)
- - 14. A method as recited in claim 13 further comprising the additional steps:
    - correlating a group of possible public signing keys with associated types of portable information devices; and
      
      cross-referencing the ascertained public signing key to determine the type of portable information device.
  - 15. A method as recited in claim 13 further comprising the step of determining whether to conduct a transaction with the identified type of portable information device.
  - 16. A computer programmed to perform the steps of the method recited in claim 13.
  - 17. A computer-readable memory which directs a computer to perform the steps of the method recited in claim 13.

18. A method for identifying a type of portable information device, the portable information device having processing capabilities, memory, and an I/O interface, the portable information device further having a private device class tag stored thereon which is indicative of a type of the portable information device, the method comprising the following steps:
- receiving a hash value from the portable information device, the hash value being a result of transforming the device class tag according to a hashing function;
  
  determining the type of the portable information device from the received hash value;
  
  determining security properties associated with the identified portable information device; and
  
  determining operating attributes associated with the identified portable information device.
- View Dependent Claims (19, 20, 21, 22)
- - 19. A method as recited in claim 18 further comprising the additional steps:
    - correlating hash values with associated types of portable information devices; and
      
      cross-referencing the received hash value to determine the type of portable information device.
  - 20. A method as recited in claim 18 further comprising the step of determining whether to conduct a transaction with the identified portable information device.
  - 21. An electronic portable information device programmed to perform the steps of the method recited in claim 18.
  - 22. A computer-readable memory which directs a computer to perform the steps of the method recited in claim 18.

23. A method in which a portable information device identifies itself to a communicating agent, the portable information device having processing capabilities, memory, and an IO interface, the portable information device further having a device class tag stored thereon which is indicative of a type of the portable information device, the method comprising the following steps:
- generating an identification packet;
  
  including as part of the identification packet a result of a mathematical function involving the device class tag in which the device class tag is computationally difficult to deduce from the result; and
  
  outputting the identification packet to the communicating agent.
- View Dependent Claims (24, 25, 26, 27)
- - 24. A method as recited in claim 23 further comprising the following steps:
    - generating a public/private key pair;
      
      digitally signing the public key using the device class tag as a device class private signing key; and
      
      including the signed public key as part of the identification packet.
  - 25. A method as recited in claim 23 further comprising the step of computing a hash value of the device class tag and including the hash value as part of the identification packet.
  - 26. An electronic portable information device programmed to perform the steps of the method recited in claim 23.
  - 27. A computer-readable memory which directs a computer to perform the steps of the method recited in claim 23.

28. A method for registering a portable information device at a certifying authority, the portable information device having processing capabilities, memory, and an I/O interface, the portable information device further having a private device class signing key stored thereon, the certifying authority having access to a record which correlates public device class signing keys with various types of portable information devices, the method comprising the following steps:
- generating a pair of public and private keys at the portable information device;
  
  digitally signing the public key, at the portable information device, using the private device class signing key stored thereon;
  
  submitting the signed public key as part of a request to the certifying authority;
  
  receiving the signed public key at the certifying authority;
  
  ascertaining a corresponding public class device signing key that is complementary to the private device class signing key and is effective to unsign the message; and
  
  referencing the record using the ascertained public class device signing key to identify the type of the portable information device.
- View Dependent Claims (29, 30)
- - 29. A method as recited in claim 28 further comprising the step of sending the public class device signing key as part of the request.
  - 30. A method as recited in claim 28 further comprising the step of issuing a certificate from the certifying authority which contains, or is indicative of, the type of portable information device.

31. A system comprising:
- a computing unit;
  
  a portable information device having a processor and a memory, the memory storing a device class tag and data, the device class tag being indicative of a type of the portable information device;
  
  the portable information device being configured to output a message, at least a portion of the message being a result of a mathematical operation involving the device class tag in which the device class tag is computationally difficult to deduce from the result; and
  
  the computing unit being configured to use the portion of message to identify the type of the portable information device.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. A system as recited in claim 31 wherein:
    - the device class tag is a device class private signing key of a device class public/private signing pair; and
      
      the portable information device is configured to digitally sign at least part of the message using the device class private signing key.
  - 33. A system as recited in claim 32 wherein:
    - the computing unit has access to a group of device class public signing keys which are complementary of various device class private signing keys that are stored on different types of portable information devices, the device class public signing keys being correlated to the types of portable information devices; and
      
      the computing unit is configured to try various ones of the device class public signing keys from the group to find a device class public signing key which is complementary to the device class private signing key stored on the portable information device.
  - 34. A system as recited in claim 33 wherein the computing unit is configured to cross-reference the type of portable information device from the public device class signing key that is complementary to the to the device class private signing key stored on the portable information device.
  - 35. A system as recited in claim 31 wherein the portable information device is configured to compute a hash value of the device class tag, and output the hash value as said portion of the message.
  - 36. A system as recited in claim 35 wherein:
    - the computing unit has access to a group of hash values which are correlated with types of portable information devices; and
      
      the computing unit is configured to cross-reference the hash value received in the message to identify the type of portable information device.
  - 37. A system as recited in claim 31 wherein the computing unit is a certifying authority and is configured to issue a certificate which contains, or is indicative of, the type of portable information device.

38. A tamper-resistant portable information device comprising:
- a memory to store a device class private signing key indicative of a type of the portable information device; and
  
  a processor to generate an identification packet that is output to a communicating agent external to the portable information device, the processor being configured to perform at least one of the following tasks (1) sign at least a portion of the identification packet using the device class private signing key, or (2) compute a hash value of the device class private signing key and include the hash value as part of the identification packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Benaloh, Josh, Yee, Bennet
Primary Examiner(s)
Decady, Albert

Application Number

US08/657,354
Time in Patent Office

771 Days
Field of Search

395/186, 395/187.01, 395/188.01, 380/23, 380/24, 380/25, 380/4
US Class Current

726/20
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 2211/008   Public Key, Asymmetric Key,...

G06F 2221/2107   File encryption

G06F 9/4411   Configuring for operating w...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/4097   using mutual authentication...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

System and method for self-identifying a portable information device to a computing unit

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

346 Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for self-identifying a portable information device to a computing unit

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

346 Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links