Security systems and methods applicable to an electronic monetary system
First Claim
1. A method for an electronic module to sign-on to a network having a network server that links said electronic module to a security server, comprising the steps of:
- said electronic module sending its certificate to said network server;
said network server generating a random key and a random verification number, and sending an encrypted message including said certificate, said random key, and said random verification number to said security server;
said security server decrypting said encrypted message, storing said random key and random verification number, and verifying the validity of said certificate;
said security server establishing a secure communication session with said electronic module;
said security server sending updated security information, that is digitally signed by a cryptographic key of said security server, to said electronic module;
said electronic module verifying the validity of said digitally signed updated security information, and updating stored security information with said updated security information;
said security server sending said random key, and said random verification number to said electronic module, and ending said secure communication session;
said electronic module generating a destination message by encrypting said random verification number and a destination with said random key, and sending said destination message to said network server;
said network server decrypting said message and verifying said random verification number; and
said network server establishing a link to said destination.
1 Assignment
0 Petitions
Accused Products
Abstract
An electronic-monetary system having (1) banks or financial institutions that are coupled to a money generator device for generating and issuing to subscribing customers electronic money including electronic currency backed by demand deposits and electronic credit authorizations; (2) correspondent banks that accept and distribute the electronic money; (3) a plurality of transaction devices that are used by subscribers for storing electronic money, for performing money transactions with the on-line systems of the participating banks or for exchanging electronic money with other like transaction devices in off-line transactions; (4) teller devices, associated with the issuing and correspondent banks, for process handling and interfacing the transaction devices to the issuing and correspondent banks, and for interfacing between the issuing and correspondent banks themselves; (5) a clearing bank for balancing the electronic money accounts of the different issuing banks; (6) a data communications network for providing communications services to all components of the system; and (7) a security arrangement for maintaining the integrity of the system, and for detecting counterfeiting and tampering within the system. This system includes a customer service module which handles lost money claims and links accounts to money modules for providing bank access.
-
Citations
40 Claims
-
1. A method for an electronic module to sign-on to a network having a network server that links said electronic module to a security server, comprising the steps of:
-
said electronic module sending its certificate to said network server;
said network server generating a random key and a random verification number, and sending an encrypted message including said certificate, said random key, and said random verification number to said security server;
said security server decrypting said encrypted message, storing said random key and random verification number, and verifying the validity of said certificate;
said security server establishing a secure communication session with said electronic module;
said security server sending updated security information, that is digitally signed by a cryptographic key of said security server, to said electronic module;
said electronic module verifying the validity of said digitally signed updated security information, and updating stored security information with said updated security information;
said security server sending said random key, and said random verification number to said electronic module, and ending said secure communication session;
said electronic module generating a destination message by encrypting said random verification number and a destination with said random key, and sending said destination message to said network server;
said network server decrypting said message and verifying said random verification number; and
said network server establishing a link to said destination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system, comprising:
-
at least one primary security server;
a plurality of secondary security servers that each stores a unique security server certificate digitally signed by said primary security server; and
a plurality of tamper-proof electronic modules, each having a memory that stores a unique module certificate that is digitally signed by one of said secondary security servers, and each having a processor (1) operative to provide a cryptographically secure channel with and to validate the module certificate of any arbitrary other one of said tamper-proof electronic modules independent of interaction with said at least one primary security server and independent of interaction with said secondary security servers and independent of interaction with a trusted third party certificate authority and independent of interaction with a key directory external to and accessible by the plurality of tamper-proof electronic modules, and (2) operative to provide a cryptographically secure channel with and to validate the security server certificate of any arbitrary one of said secondary security servers independent of interaction with said at least one primary security server and independent of interaction with a trusted third party certificate authority and independent of interaction with a key directory external to and accessible by the plurality of tamper-proof electronic modules. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A system, comprising:
-
a plurality of security servers;
a plurality of tamper-proofelectronic modules each having a unique module certificate that is digitally signed by one of said security servers; and
wherein said module certificate is validated upon said electronic module interacting with other of said electronic modules or with said security servers; and
wherein said plurality of security servers selectively command global recertification for said module certificates, requiring every electronic module that interacts with one of said security servers to recertify said module certificate.
-
-
31. An electronic module, comprising:
-
a memory that stores a unique module certificate that is digitally signed by a secondary security server that stores a unique secondary security server certificate that is digitally signed by a primary security server that is precluded from interaction with the electronic module; and
a processor operative in validating a unique module certificate of another arbitrary electronic module, independently of interaction with the secondary security server and independently of interaction with the primary security server and independently of interaction with a trusted third party certificate authority and independently of interaction with a key directory external to and accessible by the plurality of tamper-proof electronic modules. - View Dependent Claims (32)
-
-
33. A security server system that provides for secure communication between electronic modules that are clients of the security server system, the security server system comprising:
-
a primary security server;
a plurality of secondary security servers that each stores a unique security server certificate digitally signed by said primary security server, and that digitally sign a unique module certificate for each of a plurality of tamper-proofelectronic modules that each have a memory that stores its said unique module certificate that is digitally signed by one of said secondary security servers; and
wherein, any arbitrary one of the tamper-proof electronic modules validates the unique module certificate of another arbitrary electronic module, independently of interaction with the plurality of secondary security servers and independently of interaction with the primary security server and independently of interaction with a trusted third party certificate authority and independently of interaction with a key directory external to and accessible by the plurality of tamper-proof electronic modules. - View Dependent Claims (34, 35, 36)
-
-
37. A method for maintaining security in a network with which each of a plurality of electronic modules selectively communicate, each of the electronic modules having a unique module certificate and being capable of selectively communicating or transacting information with another electronic module, said method comprising:
-
providing at least one primary security server, each primary security server having a public key and an associated private key;
providing a plurality of secondary security servers, each having a respective security certificate digitally signed by one of the primary security server private keys, and wherein said unique module certificate is digitally signed by one of said secondary security servers;
providing a communications hierarchy such that said primary security servers cannot directly communicate or transact information with said electronic modules, and said secondary security servers selectively communicate with at least one of said electronic modules and at least one of said primary security servers;
one or more of said at least one primary security servers maintaining a list that identifies electronic modules and security servers that should be prevented from transacting information with other electronic modules and the secondary security servers, and communicating said list to the other of said primary security servers, said primary security servers communicating said list to said secondary security servers; and
communicating said list from a given one of the secondary security servers to a given one of said electronic modules when the given electronic module signs on to said network. - View Dependent Claims (38, 39, 40)
-
Specification