Security systems and methods applicable to an electronic monetary system

US 6,868,408 B1
Filed: 05/09/2000
Issued: 03/15/2005
Est. Priority Date: 04/28/1994
Status: Expired due to Fees

First Claim

Patent Images

1. A method for an electronic module to sign-on to a network having a network server that links said electronic module to a security server, comprising the steps of:

said electronic module sending its certificate to said network server;

said network server generating a random key and a random verification number, and sending an encrypted message including said certificate, said random key, and said random verification number to said security server;

said security server decrypting said encrypted message, storing said random key and random verification number, and verifying the validity of said certificate;

said security server establishing a secure communication session with said electronic module;

said security server sending updated security information, that is digitally signed by a cryptographic key of said security server, to said electronic module;

said electronic module verifying the validity of said digitally signed updated security information, and updating stored security information with said updated security information;

said security server sending said random key, and said random verification number to said electronic module, and ending said secure communication session;

said electronic module generating a destination message by encrypting said random verification number and a destination with said random key, and sending said destination message to said network server;

said network server decrypting said message and verifying said random verification number; and

said network server establishing a link to said destination.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic-monetary system having (1) banks or financial institutions that are coupled to a money generator device for generating and issuing to subscribing customers electronic money including electronic currency backed by demand deposits and electronic credit authorizations; (2) correspondent banks that accept and distribute the electronic money; (3) a plurality of transaction devices that are used by subscribers for storing electronic money, for performing money transactions with the on-line systems of the participating banks or for exchanging electronic money with other like transaction devices in off-line transactions; (4) teller devices, associated with the issuing and correspondent banks, for process handling and interfacing the transaction devices to the issuing and correspondent banks, and for interfacing between the issuing and correspondent banks themselves; (5) a clearing bank for balancing the electronic money accounts of the different issuing banks; (6) a data communications network for providing communications services to all components of the system; and (7) a security arrangement for maintaining the integrity of the system, and for detecting counterfeiting and tampering within the system. This system includes a customer service module which handles lost money claims and links accounts to money modules for providing bank access.

226 Citations

40 Claims

1. A method for an electronic module to sign-on to a network having a network server that links said electronic module to a security server, comprising the steps of:
- said electronic module sending its certificate to said network server;
  
  said network server generating a random key and a random verification number, and sending an encrypted message including said certificate, said random key, and said random verification number to said security server;
  
  said security server decrypting said encrypted message, storing said random key and random verification number, and verifying the validity of said certificate;
  
  said security server establishing a secure communication session with said electronic module;
  
  said security server sending updated security information, that is digitally signed by a cryptographic key of said security server, to said electronic module;
  
  said electronic module verifying the validity of said digitally signed updated security information, and updating stored security information with said updated security information;
  
  said security server sending said random key, and said random verification number to said electronic module, and ending said secure communication session;
  
  said electronic module generating a destination message by encrypting said random verification number and a destination with said random key, and sending said destination message to said network server;
  
  said network server decrypting said message and verifying said random verification number; and
  
  said network server establishing a link to said destination.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein said electronic module is a transaction module, a customer service module, a money generator module, a trusted agent, or a teller module.
  - 3. The method according to claim 1, further comprising the steps of:
    - said electronic module sending its date and time information to said security server;
      
      said security server checking said date and time information to determine if it is outside of an acceptable predetermined parameter; and
      
      said security server, where said date and time information is outside said acceptable predetermined parameter, sending a new date and time to said electronic module in order to synchronize said electronic module.
  - 4. The method according to claim 1, wherein said encrypted message between said network server and said security server is provided using a local symmetric key stored in said network server and in said security server.
  - 5. The method according to claim 1, wherein said updated security information includes an updated list of bad electronic module and security server identification numbers, an updated public key list, and an updated key length.
  - 6. The method according to claim 1, wherein said step of said security server establishing a secure communication session with said electronic module includes a public key exchange protocol to provide a session key common to said security server and said electronic module.
  - 7. The method according to claim 1, further comprising the step of said security server recertifying said certificate.
  - 8. The method according to claim 7, wherein said step of recertifying occurs in response to said security server sending a recertification request message to said electronic module.
  - 9. The method according to claim 1, wherein said certificate includes an expiration time.
  - 10. The method according to claim 9, wherein further comprising the step of said security server recertifying said certificate in response to said electronic module determining that said certificate has expired.

11. A system, comprising:
- at least one primary security server;
  
  a plurality of secondary security servers that each stores a unique security server certificate digitally signed by said primary security server; and
  
  a plurality of tamper-proof electronic modules, each having a memory that stores a unique module certificate that is digitally signed by one of said secondary security servers, and each having a processor (1) operative to provide a cryptographically secure channel with and to validate the module certificate of any arbitrary other one of said tamper-proof electronic modules independent of interaction with said at least one primary security server and independent of interaction with said secondary security servers and independent of interaction with a trusted third party certificate authority and independent of interaction with a key directory external to and accessible by the plurality of tamper-proof electronic modules, and (2) operative to provide a cryptographically secure channel with and to validate the security server certificate of any arbitrary one of said secondary security servers independent of interaction with said at least one primary security server and independent of interaction with a trusted third party certificate authority and independent of interaction with a key directory external to and accessible by the plurality of tamper-proof electronic modules.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 12. The system according to claim 11, wherein said security server certificate is validated upon said secondary security server interacting with said electronic modules or with said at least one primary security server, and wherein said module certificate is validated upon said electronic module interacting with other of said electronic modules or with said security servers.
  - 13. The system according to claim 11, wherein each of said electronic modules selectively establishes a secure communication channel with another of said electronic modules or with one of said secondary security servers independent of accessing a certificate directory.
  - 14. The system according to claim 11, wherein each of said at least one primary security server has a primary private key and an associated primary public key, and said electronic modules and said secondary security servers store the primary public key for each of said at least one primary security server.
  - 15. The system according to claim 14, wherein each of said electronic modules has a module private key and an associated module public key, each of said secondary security servers has a secondary private key and an associated secondary public key, and wherein said at least one primary security server selectively communicates to said secondary security servers a message to invoke a change in the length of the associated secondary public keys and the associated module public keys.
  - 16. The system according to claim 14, wherein an additional primary security server may be implemented in the system such that the additional primary security server has a second primary public key that may be longer than the length of said primary public keys of the at least one primary security server.
  - 17. The system according to claim 11, wherein upon manufacturing said secondary security servers, the secondary security servers are certified by said at least one primary security server, and wherein upon manufacturing said electronic modules, the electronic modules are certified by said secondary security servers, the certification of said electronic modules being independent of interaction with said at least one primary security server.
  - 18. The system according to claim 11, wherein said module certificates and said security server certificates have expiration times, and wherein said electronic modules are adapted not to transact with other electronic modules or secondary security servers having expired certificates.
  - 19. The system according to claim 11, wherein each of said plurality of electronic modules, said primary security server, and each of said plurality of secondary security servers have a unique identifier indicative of server type or electronic module type.
  - 20. The system according to claim 19, wherein said electronic module type includes a transaction module, a customer service module, a money generator module, and a teller module, and wherein said server type includes said primary security server and said secondary security servers.
  - 21. The system according to claim 19, wherein each said server type and each said electronic module type is associated with a unique range of a type variable, and wherein each said unique identifier maps to a value of said type variable within said unique range assigned to said server type or electronic module type according to a mapping mechanism securely stored in each said electronic module, each said secondary server, and said primary server.
  - 22. The system according to claim 21, wherein each said unique identifier is a unique integer value less than a predetermined prime number, and wherein said value of said type variable is generated according to raising a primitive root of said prime number to a power of said unique identifier under modulo arithmetic over said predetermined prime number, and wherein each of said plurality of electronic modules, said primary security server, and each of said plurality of secondary security servers securely stores said primitive root and said prime number.
  - 23. The system according to claim 11, wherein said primary security server maintains a list of said unique identifiers for bad electronic modules and bad secondary security servers, and wherein said list is provided to said secondary security servers and to said electronic modules.
  - 24. The system according to claim 11, wherein said security server certificate is encrypted by said primary security server, and said module certificate is encrypted by said secondary security server.
  - 25. The system according to claim 24, wherein said security server certificate comprises:
    - a first and second data field encrypted with the private key of said primary security server, wherein said first data field includes a unique identifier of said secondary security server, a public key of said security server, and an expiration time of said security server certificate, and wherein said second data field includes said first data field digitally signed by said primary security server; and
      
      a third data field including a unique identifier of said primary security server.
  - 26. The system according to claim 25, wherein said unique identifier of said primary security server is encrypted.
  - 27. The system according to claim 24, wherein said module certificate comprises:
    - a first and second data field encrypted with a secondary security server'"'"'s private key, wherein said first data field includes a unique identifier of said electronic module, a public key of said electronic module, and an expiration date of said module certificate, and wherein said second data field includes said first data field digitally signed by said secondary security server; and
      
      a third data field including said security server certificate.
  - 28. The system according to claim 21, wherein said primary security server and said secondary security servers share a common symmetric key which is periodically changed using public-key key exchange.
  - 29. The system according to claim 21, wherein said primary security server selectively commands global recertification for said security server certificates and said module certificates.

30. A system, comprising:
- a plurality of security servers;
  
  a plurality of tamper-proofelectronic modules each having a unique module certificate that is digitally signed by one of said security servers; and
  
  wherein said module certificate is validated upon said electronic module interacting with other of said electronic modules or with said security servers; and
  
  wherein said plurality of security servers selectively command global recertification for said module certificates, requiring every electronic module that interacts with one of said security servers to recertify said module certificate.

31. An electronic module, comprising:
- a memory that stores a unique module certificate that is digitally signed by a secondary security server that stores a unique secondary security server certificate that is digitally signed by a primary security server that is precluded from interaction with the electronic module; and
  
  a processor operative in validating a unique module certificate of another arbitrary electronic module, independently of interaction with the secondary security server and independently of interaction with the primary security server and independently of interaction with a trusted third party certificate authority and independently of interaction with a key directory external to and accessible by the plurality of tamper-proof electronic modules.
- View Dependent Claims (32)
- - 32. The system according to claim 31, wherein said electronic module selectively establishes a secure communication channel with another electronic module or with said secondary security server independent of accessing a certificate directory.

33. A security server system that provides for secure communication between electronic modules that are clients of the security server system, the security server system comprising:
- a primary security server;
  
  a plurality of secondary security servers that each stores a unique security server certificate digitally signed by said primary security server, and that digitally sign a unique module certificate for each of a plurality of tamper-proofelectronic modules that each have a memory that stores its said unique module certificate that is digitally signed by one of said secondary security servers; and
  
  wherein, any arbitrary one of the tamper-proof electronic modules validates the unique module certificate of another arbitrary electronic module, independently of interaction with the plurality of secondary security servers and independently of interaction with the primary security server and independently of interaction with a trusted third party certificate authority and independently of interaction with a key directory external to and accessible by the plurality of tamper-proof electronic modules.
- View Dependent Claims (34, 35, 36)
- - 34. The system according to claim 33, wherein each of said electronic modules has a module private key and an associated module public key, each of said secondary security servers has a secondary private key and an associated secondary public key, and wherein said primary security server selectively communicates to said secondary security servers a message to invoke a change in the length of the associated secondary public keys and the associated module public keys.
  - 35. The system according to claim 33, wherein an additional primary security server may be implemented in the system such that the additional primary security server has a second primary public key that may be longer than the length of said primary public keys of the at least one primary security server.
  - 36. The system according to claim 33, wherein said primary security server selectively commands global recertification for said security server certificates and said module certificates.

37. A method for maintaining security in a network with which each of a plurality of electronic modules selectively communicate, each of the electronic modules having a unique module certificate and being capable of selectively communicating or transacting information with another electronic module, said method comprising:
- providing at least one primary security server, each primary security server having a public key and an associated private key;
  
  providing a plurality of secondary security servers, each having a respective security certificate digitally signed by one of the primary security server private keys, and wherein said unique module certificate is digitally signed by one of said secondary security servers;
  
  providing a communications hierarchy such that said primary security servers cannot directly communicate or transact information with said electronic modules, and said secondary security servers selectively communicate with at least one of said electronic modules and at least one of said primary security servers;
  
  one or more of said at least one primary security servers maintaining a list that identifies electronic modules and security servers that should be prevented from transacting information with other electronic modules and the secondary security servers, and communicating said list to the other of said primary security servers, said primary security servers communicating said list to said secondary security servers; and
  
  communicating said list from a given one of the secondary security servers to a given one of said electronic modules when the given electronic module signs on to said network.
- View Dependent Claims (38, 39, 40)
- - 38. The method according to claim 37, wherein said unique module certificate has an expiration time, and further comprising limiting or preventing said electronic modules from transacting information with another electronic module that has an expired module certificate.
  - 39. The method according to claim 38, further comprising requiring electronic modules having expired certificates to sign on to said network in order to obtain recertification.
  - 40. The method according to claim 38, wherein said security certificate has an expiration time, and further comprising limiting or preventing said electronic modules from transacting information with a given said security server that has an expired security certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Original Assignee
Citibank (South Dakota) NA (Citigroup Incorporated)
Inventors
Rosen, Sholom S.
Primary Examiner(s)
Elisca, Pierre E

Application Number

US09/567,156
Time in Patent Office

1,771 Days
Field of Search

713/156, 713/168, 713/171, 713/173, 713/175, 713/182, 713/194, 713/200, 713/201, 380/228, 380/232, 380/239, 380/259, 380/255, 380/260, 705/41, 705/17, 705/62, 705/64, 705/18, 705/21, 705/50, 902/2, 902/26, 340/825.31, 340/825.34
US Class Current

705/64
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/06   Private payment circuits, e...

G06Q 20/10   specially adapted for elect...

G06Q 20/12   specially adapted for elect...

G06Q 20/26   Debit schemes, e.g. "pay now"

G06Q 20/382   insuring higher security of...

G06Q 30/06   Buying, selling or leasing ...

G07F 17/16   for devices exhibiting adve...

G07F 7/0866   by active credit-cards adap...

Security systems and methods applicable to an electronic monetary system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

226 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

Security systems and methods applicable to an electronic monetary system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

226 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links