Reliably identifying information of device generating digital signatures

US 6,915,430 B2
Filed: 02/01/2003
Issued: 07/05/2005
Est. Priority Date: 08/04/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method in which information of a device that generates digital signatures is reliably identified, comprising the steps of,(a) for each of a plurality of devices manufactured in a secure manufacturing environment, (i) creating, within the secure manufacturing environment, a public-private key pair, (ii) linking, within the secure manufacturing environment, the public key with other information associated with the device, wherein the other information comprises at least one of security features and manufacturing history of the device and wherein the other information defines a relative security level of the device, and (iii) before release of the device from the secure manufacturing environment, storing the private key within the device for utilization in generating a digital signature for an electronic message, (b) recording the linked public key and other information in a database and maintaining the database in a secure environment having a security rating at least comparable to the security level of the device for which the public key thereof is linked, (c) thereafter, when a public key linked in step (a)(ii) successfully authenticates a digitally signed message outside of the secure manufacturing environment, identifying from the database the other information to which the public key was linked in step (a)(ii) as pertaining to the device to which belongs the private key utilized in digitally signing the message without use of a digital certificate.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Information of a device that generates digital signatures is reliably identified by (a) for each of a plurality of devices manufactured in an environment, (i) creating a public-private key pair within the environment, (ii) linking within the environment in a secure manner the public key with other information associated with the device, and (iii) before release of the device from the environment, storing the private key within the device for generating a digital signature for an electronic message, and (b) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the other information associated with said linked public key as pertaining to the device to which belongs the private key utilized in digitally signing the message. Manufacturing the devices includes creating a public-private key pair within the secure environment, and storing the private key within the device against the possibility of divulgement thereof by the device.

158 Citations

29 Claims

1. A method in which information of a device that generates digital signatures is reliably identified, comprising the steps of,(a) for each of a plurality of devices manufactured in a secure manufacturing environment, (i) creating, within the secure manufacturing environment, a public-private key pair, (ii) linking, within the secure manufacturing environment, the public key with other information associated with the device, wherein the other information comprises at least one of security features and manufacturing history of the device and wherein the other information defines a relative security level of the device, and (iii) before release of the device from the secure manufacturing environment, storing the private key within the device for utilization in generating a digital signature for an electronic message, (b) recording the linked public key and other information in a database and maintaining the database in a secure environment having a security rating at least comparable to the security level of the device for which the public key thereof is linked, (c) thereafter, when a public key linked in step (a)(ii) successfully authenticates a digitally signed message outside of the secure manufacturing environment, identifying from the database the other information to which the public key was linked in step (a)(ii) as pertaining to the device to which belongs the private key utilized in digitally signing the message without use of a digital certificate.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the other information is identified by a recipient of the digitally signed message.
  - 3. The method of claim 1, wherein the other information is identified to a recipient of the digitally signed message.
  - 4. The method of claim 1, further comprising gauging a risk that the private key was fraudulently used to digitally sign the message based at least in part on said identified other information of step (b).
  - 5. The method of claim 1, wherein, for each device, the other information comprises security characteristics of the device.
  - 6. The method of claim 5, wherein the security characteristics of a respective manufactured device include an algorithm used by the device in originating digital signatures.
  - 7. The method of claim 1, wherein, for each device, the other information comprises authentication capabilities of the device.
  - 8. The method of claim 7, wherein the authentication capabilities include whether the device performs authentication based on a Secret and authentication based on a biometric characteristic.
  - 9. The method of claim 1, wherein, for each device, the other information comprises all of the security features of the device.
  - 10. The method of claim 1, wherein the secure environment includes multiple physical locations.
  - 11. The method of claim 1, wherein the electronic message represents a financial transaction.
  - 12. The method of claim 1, wherein the electronic message represents a legal action.
  - 13. The method of claim 1, wherein the electronic message represents a request for access to information.
  - 14. The method of claim 1, wherein the electronic message represents a request for access to a physical location.
  - 15. The method of claim 1, wherein, for each of the plurality of manufactured devices, the public-private key pair is generated within each respective device.
  - 16. The method of claim 15, wherein only the public key of each pair is exportable from the respective device.
  - 17. The method of claim 15, wherein the private key is not exportable from the respective device.

18. A method of manufacturing devices that generate digital signatures such that each device may be reliably and uniquely identified without use of a digital certificate, the devices being manufactured within a secure manufacturing environment, comprising the steps of, for each respective device:
- (a) creating, within the secure manufacturing environment, a public-private key pair, (b) before release of the device from the secure manufacturing environment, storing the private key within the device for utilization in generating a digital signature for an electronic message, the private key being stored within the device against the possibility of divulgement thereof by the device, (c) securely linking, within the secure manufacturing environment, the public key with other information, wherein the other information comprises at least one of security features and manufacturing history of the device and wherein the other information defines a relative security level of the device, and (d) recording the linked public key and other information in a database and maintaining the database in a secure environment having a security rating at least comparable to the security level of the device for which the public key thereof is linked.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The method of claim 18, wherein the public-private key pair is created within the device based on a random number produced by a random number generator disposed within the device.
  - 20. The method of claim 19, wherein the random number generator is a high quality random number generator.
  - 21. The method of claim 19, wherein only the public key is exportable from the device.
  - 22. The method of claim 19, wherein each digital signature generated by each device is a random number.
  - 23. The method of claim 18, wherein the other information comprises security characteristics of the device.
  - 24. The method of claim 18, further comprising identifying a particular manufactured device by authenticating a message using one of said linked public keys, a digital signature for the message having been generated by the particular manufactured device.

25. A method in which information of a device that generates digital signatures is reliably identified, comprising the steps of:
- (a) for each of a plurality of devices manufactured in a secure manufacturing environment, before release of the device from the secure manufacturing environment;
  
  (i) creating a public-private key pair;
  
  (ii) storing the private key within the device for utilization in generating digital signatures for electronic messages; and
  
  (iii) linking the public key with other information associated with the device, wherein the other information defines a relative security level of the device;
  
  (b) for each of the plurality of devices manufactured in the secure manufacturing environment;
  
  (i) originating a digital signature for a reference, the reference including the public key and the other information of the device, the digital signature for the reference generated by a private key of a Secure Entity;
  
  (ii) publishing the reference and digital signature therefor, and;
  
  (iii) maintaining the private key of the Secure Entity in a secure environment outside of the device, wherein the secure environment has a security rating that is at least comparable to the security level of the device to which the reference pertains; and
  
  (c) thereafter, when a public key linked in step (a)(iii) successfully authenticates a digitally signed message, identifying the other information to which the public key was linked in step (a)(iii) as pertaining to the device to which belongs the private key utilized in digitally signing the message based on a successful authentication of the reference.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The method of claim 25 wherein the other information comprises at least one of security features and manufacturing history of the device.
  - 27. The method of claim 25 wherein the Secure Entity is the manufacturer of the device.
  - 28. The method of claim 25 wherein the Secure Entity is not the manufacturer of the device.
  - 29. The method of claim 25, wherein the secure environment includes multiple physical locations.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Wheeler, Lynn Henry, Wheeler, Anne M.
Primary Examiner(s)
Barrón, Gilberto
Assistant Examiner(s)
Zand, Kambiz

Application Number

US10/248,625
Publication Number

US 20030097569A1
Time in Patent Office

885 Days
Field of Search

713155-157, 713/175, 713/176, 713/170, 380/282
US Class Current

713/170
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2113   Multi-level security, e.g. ...

G06Q 20/00   Payment architectures, sche...

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3558   Preliminary personalisation...

G06Q 20/3674   involving authentication

G06Q 20/3676   Balancing accounts

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/388   using mutual authentication...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G06Q 20/403 : Solvency checks

G06Q 20/40975 : using encryption therefor

G06Q 50/188 : Electronic negotiation

G07F 7/0886 : the card reader being porta...

G07F 7/1008 : Active credit-cards provide...

G07F 7/1016 : Devices or methods for secu...

H04L 2209/42 : Anonymization, e.g. involvi...

H04L 2209/56 : Financial cryptography, e.g...

H04L 63/0428 : wherein the data content is...

H04L 63/0442 : wherein the sending and rec...

H04L 63/062 : for key distribution, e.g. ...

H04L 63/0823 : using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/12 : Applying verification of th...

H04L 9/321 : involving a third party or ...

H04L 9/3247 : involving digital signatures

View All

Reliably identifying information of device generating digital signatures

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

158 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Reliably identifying information of device generating digital signatures

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

158 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links