ABDS method utilizing security information in authenticating entity access
First Claim
Patent Images
1. A method of providing a requesting entity with access to a controlled resource, the requesting entity communicating electronically over a communications medium with an access authentication component for the controlled resource, wherein the requesting entity possesses a secure device that maintains therein a private key of a public-private key pair and wherein the secure device is adapted to generate digital signatures using the private key, comprising the steps of:
- (a) providing the requesting entity with a security account maintained in a database of the access authentication component, information in the security account being retrievable by the access authentication component based on a unique identifier of the requesting entity, the information identifying the requesting entity'"'"'s authority to access the controlled resource;
(b) associating in the database the public key of the public-private key pair with the security account such that the public key is retrievable by the access authentication component based on the unique identifier;
(c) associating a security profile of the secure device with the security account such that the security profile is retrievable by the access component based on the unique identifier, the security profile identifying security features of the secure device, the security features indicative of the relative security strength of the secure device as compared to the other devices capable of generating digital signatures;
(d) wherein the access authentication component performs the steps of;
(i) receiving the unique identifier of the requesting entity;
(ii) receiving a message and a digital signature of the message;
(iii) based on the unique identifier, obtaining the public key of the requesting entity and the security profile of the secure device;
(iv) using the public key obtained from the database, decrypting the digital signature to verify that the digital signature was generated using the private key of the secure device;
and, (e) if the digital signature verifies, granting the requesting entity with access to the controlled resource as a function of the information pertaining to the requesting entity'"'"'s authority to access the controlled resource and as a function of the relative security strength of the secure device.
8 Assignments
0 Petitions
Accused Products
Abstract
Authenticating an entity for access to a controlled resource by an access authentication component for the controlled resource includes the steps of: the requesting entity initially opening a security account with the access authentication component, with the access authentication component establishing and maintaining a record including information pertaining to the account and being retrievable based on a unique identifier for the requesting entity, and associating a public key of a public-private key pair with the record; the requesting entity originating an electronic message and generating a digital signature using a private key of the key pair, and sending the digitally signed electronic message to the access authentication component with the unique identifier; authenticating the electronic message using the public key associated with the record identified by the unique identifier; and upon successful authentication, authenticating access to the controlled resource. Security information is considered in authenticating the requesting entity.
180 Citations
23 Claims
-
1. A method of providing a requesting entity with access to a controlled resource, the requesting entity communicating electronically over a communications medium with an access authentication component for the controlled resource, wherein the requesting entity possesses a secure device that maintains therein a private key of a public-private key pair and wherein the secure device is adapted to generate digital signatures using the private key, comprising the steps of:
-
(a) providing the requesting entity with a security account maintained in a database of the access authentication component, information in the security account being retrievable by the access authentication component based on a unique identifier of the requesting entity, the information identifying the requesting entity'"'"'s authority to access the controlled resource;
(b) associating in the database the public key of the public-private key pair with the security account such that the public key is retrievable by the access authentication component based on the unique identifier;
(c) associating a security profile of the secure device with the security account such that the security profile is retrievable by the access component based on the unique identifier, the security profile identifying security features of the secure device, the security features indicative of the relative security strength of the secure device as compared to the other devices capable of generating digital signatures;
(d) wherein the access authentication component performs the steps of;
(i) receiving the unique identifier of the requesting entity;
(ii) receiving a message and a digital signature of the message;
(iii) based on the unique identifier, obtaining the public key of the requesting entity and the security profile of the secure device;
(iv) using the public key obtained from the database, decrypting the digital signature to verify that the digital signature was generated using the private key of the secure device;
and, (e) if the digital signature verifies, granting the requesting entity with access to the controlled resource as a function of the information pertaining to the requesting entity'"'"'s authority to access the controlled resource and as a function of the relative security strength of the secure device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. In a system for authenticating a requesting entity for access to a controlled resource in which access to the controlled resource is controlled by an access authentication component, wherein the requesting entity possesses a secure device that maintains therein a private key of a public-private key pair and wherein the access authentication component does not reside in and is not part of the secure device, a method comprising the steps of:
-
(a) providing the requesting entity with a security account maintained in a database, information in the security account being retrievable by the access authentication component based on a unique identifier of the requesting entity;
(b) associating the public key of the public-private key pair with the security account such that the public key is retrievable based on the unique identifier;
(c) associating a security profile of the secure device with the security account such that the security profile is retrievable based on the unique identifier, the security profile identifying security features of the secure device;
(c) generating a digital signature of a message using the private key of the secure device, the message comprising a request by the requesting entity for access to the controlled resource;
(e) transmitting over a communications medium an electronic communication to the access authentication component, the electronic communication including the unique identifier of the requesting entity, the message, and the digital signature of the message;
(f) wherein the access authentication component performs the steps of;
(i) receiving the electronic communication;
(ii) based on the unique identifier in the electronic communication, obtaining the public key of the requesting entity and the security profile of the secure device;
(iii) using the public key obtained from the record, decrypting the digital signature to verify that the digital signature was generated using the private key of the secure device; and
(iv) determining the relative likelihood that the digital signature was in fact generated by the secure device based on the security features of the secure device. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method of providing access to an entity requesting access to a controlled resource, the requesting entity communicating electronically over a communications medium with an access authentication component for the controlled resource, comprising the steps of:
-
(a) providing the requesting entity with a security account maintained in a database accessible by the access authentication component, the security account having information that is retrievable based on a unique identifier, the information pertaining to the requesting entity'"'"'s right to access the controlled resource, the information further including security features of a genuine device that generates digital signatures using a private key of a public-private key pair, wherein the genuine device does not reside in and is not part of the access authentication component;
(b) associating the public key of the genuine device with the security account such that the public key is retrievable based on the unique identifier in the database;
(c) thereafter, (i) receiving an electronic communication including the unique identifier, a message, and a digital signature of the message, the digital signature generated by a suspect device and the message comprising a request for access to the controlled resource;
(ii) obtaining the public key associated with the unique identifier received;
(iii) authenticating the message using the public key associated with the unique identifier;
(iv) upon successful authentication, identifying the security features retrievable by the unique identifier as being the security features of the genuine device; and
(v) granting the requesting entity with access to the controlled resource in response to the request as a function of the information pertaining to the requesting entity'"'"'s right to access the controlled resource and as a function of the relative likelihood that the digital signature generated by the suspect device was actually generated by the genuine device based on the security features of the genuine device. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeFirst Data Corporation (Fiserv Incorporated)
-
Original AssigneeFirst Data Corporation (Fiserv Incorporated)
-
InventorsWheeler, Lynn Henry, Wheeler, Anne M.
-
Primary Examiner(s)Zand, Kambiz
-
Application NumberUS10/248,606Publication NumberTime in Patent Office970 DaysField of Search713/175, 713/176, 713/182, 713/201, 713/161, 713/168, 713/169, 713/170, 713/180, 380/278, 380/282, 708/135, 379/93.02US Class Current713/182CPC Class CodesG06F 21/32 using biometric data, e.g. ...G06F 2221/2113 Multi-level security, e.g. ...G06Q 20/00 Payment architectures, sche...G06Q 20/02 involving a neutral party, ...G06Q 20/04 Payment circuitsG06Q 20/0855 involving a third partyG06Q 20/12 specially adapted for elect...G06Q 20/341 Active cards, i.e. cards in...G06Q 20/3558 Preliminary personalisation...G06Q 20/3674 involving authenticationG06Q 20/3676 Balancing accountsG06Q 20/382 insuring higher security of...G06Q 20/3821 Electronic credentialsG06Q 20/3823 combining multiple encrypti...G06Q 20/3825 Use of electronic signaturesG06Q 20/3829 involving key managementG06Q 20/385 using an alias or single-us...G06Q 20/388 using mutual authentication...G06Q 20/4014 Identity check for transact...G06Q 20/40145 Biometric identity checksView All
