Central key authority (CKA) database for user accounts in ABDS system

US 6,959,381 B2
Filed: 02/01/2003
Issued: 10/25/2005
Est. Priority Date: 08/04/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of maintaining a CKA computer database by a Central Key Authority (CKA) on behalf of a plurality of users having accounts linked with one or more public keys of the users (“

PuK-linked accounts”

) wherein one or more PuK-linked accounts are maintained by one or more respective third parties, comprising the steps of, for a respective user;

(a) storing in the CKA computer database a public key of a public-private key pair, the public key associated with a user device of a respective user, the user device configured to generate digital signatures using a private key of the public-private key pair, the private key maintained securely within the user device;

(b) associating in the CKA computer database a security profile of the user device with the public key;

(c) associating in the CKA computer database one or more third-party account identifiers with the public key, each account identifier associated with a respective PuK-linked account of the respective user maintained by one of the respective third parties;

(d) associating a unique CKA account identifier with each public key stored in the CKA computer database; and

(e) updating PuK-linked accounts of the respective user with a new public-key of the respective user, wherein each PuK-linked account is maintained by different third parties, comprising the further steps of;

(i) receiving a request Electronic Communication (“

EC”

), the request EC including one of the unique CKA account identifiers and a message including the new public key and a digital signature of the message;

(ii) authenticating the message using the public key associated with the unique CKA account identifier from the request EC and obtained from the CKA computer database; and

(iii) upon successful authentication of the message, sending a response EC to each of the different third parties, the response EC including the new public key and the third-party account identifier for the respective different third parties maintained in the CKA computer database and associated with the unique CKA account identifier.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Central Key Authority (CKA) database includes PuK-linked account information of users, wherein the PuK-linked account information maintained in the database for each user includes, (a) a public key of a user device that generates digital signatures, (b) information securely linked with the public key of the device within a secure environment of the manufacture of the device, and (c) third-party account identifiers each of which identifies to a third-party an account of the user that is maintained with the third-party and that has been associated with the user'"'"'s public key by the third-party.

155 Citations

27 Claims

1. A method of maintaining a CKA computer database by a Central Key Authority (CKA) on behalf of a plurality of users having accounts linked with one or more public keys of the users (“
- PuK-linked accounts”
  
  ) wherein one or more PuK-linked accounts are maintained by one or more respective third parties, comprising the steps of, for a respective user;
  
  (a) storing in the CKA computer database a public key of a public-private key pair, the public key associated with a user device of a respective user, the user device configured to generate digital signatures using a private key of the public-private key pair, the private key maintained securely within the user device;
  
  (b) associating in the CKA computer database a security profile of the user device with the public key;
  
  (c) associating in the CKA computer database one or more third-party account identifiers with the public key, each account identifier associated with a respective PuK-linked account of the respective user maintained by one of the respective third parties;
  
  (d) associating a unique CKA account identifier with each public key stored in the CKA computer database; and
  
  (e) updating PuK-linked accounts of the respective user with a new public-key of the respective user, wherein each PuK-linked account is maintained by different third parties, comprising the further steps of;
  
  (i) receiving a request Electronic Communication (“
  
  EC”
  
  ), the request EC including one of the unique CKA account identifiers and a message including the new public key and a digital signature of the message;
  
  (ii) authenticating the message using the public key associated with the unique CKA account identifier from the request EC and obtained from the CKA computer database; and
  
  (iii) upon successful authentication of the message, sending a response EC to each of the different third parties, the response EC including the new public key and the third-party account identifier for the respective different third parties maintained in the CKA computer database and associated with the unique CKA account identifier.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further comprising digitally signing the response EC.
  - 3. The method of claim 1, further comprising sending the request EC to the different third-parties.

4. A computer-readable medium having a plurality of data fields stored on the medium and representing a plurality of data structures, wherein each data structure is stored in a computer database of a Central Key Authority (CKA), comprising:
- (a) a public key of a public-private key pair, the public key associated with a user device of an account holder, wherein the user device generates digital signatures using a private key of the public-private key pair, wherein the private key is maintained securely within the user device and wherein the computer database of the CKA is not contained in the user device; and
  
  (b) at least one third-party account identifier, each account identifier identifying an account of the account holder that is maintained with a respective account authority, wherein the account authority is distinct and separate from the CKA and wherein the public key of the user device has been previously associated with the account of the account holder by the respective account authority.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 5. The computer-readable medium of claim 4 further comprising additional information, the additional information including at least one of:
    - (i) the identity of the respective account authority, (ii) security features of the user device, (iii) manufacturing history of the user device, and (iv) user-specific information of the account holder.
  - 6. The computer-readable medium of claim 4 further comprising additional information, the additional information including (i) user-specific information and (ii) authentication techniques used to verify the user-specific information.
  - 7. The computer-readable medium of claim 4 further comprising additional information, the additional information including user-specific information wherein the user-specific information is verified.
  - 8. The computer-readable medium of claim 5, wherein the public key and the security features of the user device are obtained from a Secure Entity.
  - 9. The computer-readable medium of claim 5, further comprising a unique CKA account identifier such that the public key, the at least one third-party account identifier, and the additional information are retrievable from the CKA computer database based on the CKA account identifier.
  - 10. The computer-readable medium of claim 9, wherein the public key is the CKA account identifier.
  - 11. The computer-readable medium of claim 7, wherein the user-specific information includes the name and address of the account holder.
  - 12. The computer-readable medium of claim 7, wherein the user-specific information includes the age and gender of the account holder.
  - 13. The computer-readable medium of claim 5 wherein the security features of the user device are indicative of the uniqueness of the private key stored therein.
  - 14. The computer-readable medium of claim 5, wherein the security features of the user device are indicative of a likelihood that the private key of the user device has been compromised.

15. A method of maintaining a CKA computer database on behalf of a plurality of account holders, each respective account holder having a user device, the CKA computer database being maintained by a Central Key Authority (CKA) and wherein the CKA computer database is not contained in any of the user devices, comprising the steps of:
- for each respective account holder;
  
  (a) storing in the CKA database a public key of a public-private key pair, wherein the user device of the respective account holder generates digital signatures using a private key of the public-private key pair, wherein the private key is maintained securely within the respective user device; and
  
  (b) associating in the CKA database at least one third-party account identifier with the public key, each account identifier identifying an account of the respective account holder that is maintained with a respective account authority, wherein the respective account authority is distinct and separate from the CKA and wherein the public key of the user device has been previously associated with the account of the respective account holder by the respective account authority.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 16. The method of claim 15, further comprising the step of (c) associating in the CKA database additional information with the public key, wherein the additional information includes at least one of:
    - (i) the identity of the respective account authority, (ii) security features of the user device, (iii) manufacturing history of the user device, and (iv) user-specific information of the account holder.
  - 17. The method of claim 16, wherein the additional information is retrievable from the CKA computer database based on the at least one third-party account identifier.
  - 18. The method of claim 16, wherein the additional information is retrievable by the CKA.
  - 19. The method of claim 16, wherein the additional information is retrievable by the respective account holder.
  - 20. The method of claim 16, wherein the additional information is retrievable by the respective account authority.
  - 21. The method of claim 16, wherein the security features and manufacturing history of the user device are indicative of the uniqueness of the private key stored therein.
  - 22. The method of claim 16, wherein the security features and manufacturing history of the user device are indicative of a likelihood that the private key of the user device has been compromised.
  - 23. The method of claim 16, further comprising establishing a new account on behalf of the respective account holder with a new account authority by electronically communicating the public key and additional information to the new account authority.
  - 24. The method of claim 23, wherein the public key and additional information are communicated to the new account authority upon request by the respective account holder.
  - 25. The method of claim 23, wherein the public key and additional information are communicated to the new account authority upon request by the new account authority.
  - 26. The method of claim 16, further comprising associating a unique CKA account identifier with each public key stored in the CKA computer database.
  - 27. The method of claim 16, wherein the security features of the user device are linked in the CKA computer database with the public key during the manufacture process of the user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Wheeler, Lynn Henry, Wheeler, Anne M.
Primary Examiner(s)
Zand, Kambiz

Application Number

US10/248,629
Publication Number

US 20030097565A1
Time in Patent Office

997 Days
Field of Search

713155-159, 713/170, 713/176, 713/200, 380/282, 380/285, 705/64, 705/67, 705/71, 705/57, 708/135, 710/36, 711/150, 711/163, 709/229
US Class Current

713/155
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2113   Multi-level security, e.g. ...

G06Q 20/00   Payment architectures, sche...

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3558   Preliminary personalisation...

G06Q 20/3674   involving authentication

G06Q 20/3676   Balancing accounts

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/388   using mutual authentication...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G06Q 20/403 : Solvency checks

G06Q 20/40975 : using encryption therefor

G06Q 50/188 : Electronic negotiation

G07F 7/0886 : the card reader being porta...

G07F 7/1008 : Active credit-cards provide...

G07F 7/1016 : Devices or methods for secu...

H04L 2209/42 : Anonymization, e.g. involvi...

H04L 2209/56 : Financial cryptography, e.g...

H04L 63/0428 : wherein the data content is...

H04L 63/0442 : wherein the sending and rec...

H04L 63/062 : for key distribution, e.g. ...

H04L 63/0823 : using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/12 : Applying verification of th...

H04L 9/321 : involving a third party or ...

H04L 9/3247 : involving digital signatures

View All

Central key authority (CKA) database for user accounts in ABDS system

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

155 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Central key authority (CKA) database for user accounts in ABDS system

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links