Linking public key of device to information during manufacture
First Claim
1. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
- (a) maintaining the database in a secure environment;
(b) recording in the database for each one of a plurality of devices manufactured in the secure environment,(i) a public key of a public-private key pair of the manufactured device, and in association therewith,(ii) a Security Profile of the manufactured device,the public key and Security Profile thereby being securely linked together; and
(c) communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices, wherein said communicating the reference in a secure manner comprises originating a digital signature for a database record of a manufactured device maintained in the database and publishing the digital signature and the database record.
8 Assignments
0 Petitions
Accused Products
Abstract
A method in which information pertaining to a device (104) generating digital signatures (122) is reliably identified includes manufacturing (102) devices in a secure environment (114) and for each device (104) before it is released from the secure environment: creating a public-private key pair (116, 118); storing the private key (116) within the device (104) for utilization in generating a digital signature (122) for a message (122); and linking the public key (118) to a Security Profile (120) of the device (104). The devices (104) then are released from the secure environment (114) and a digital signature (122) is received from somewhere (108) in the world (106). The message (122) is authenticated using a suspect public key (124) and the suspect public key (124) is compared with the linked public keys (118). A Security Profile (120) of the genuine device (104) to which belongs the private key (116) used in generating the digital signature (122) is identified when the public key (124) matches a linked public key (118). A risk that the message (122) is fraudulently signed is determined.
159 Citations
86 Claims
-
1. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
-
(a) maintaining the database in a secure environment; (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together; and (c) communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices, wherein said communicating the reference in a secure manner comprises originating a digital signature for a database record of a manufactured device maintained in the database and publishing the digital signature and the database record.
-
-
2. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
-
(a) maintaining the database in a secure environment; (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together; and (c) thereafter, receiving a suspect device public key from a recipient of the digitally signed message and comparing for a match the suspect device public key with the linked public keys in the database to which the Security Profiles are indexed, and when a said linked public key successfully authenticates a digitally signed message, identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message. - View Dependent Claims (3)
-
-
4. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
-
(a) maintaining the database in a secure environment; (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together; and (c) receiving a suspect device public key from a recipient of the digitally signed message and comparing for a match the suspect device public key with the linked public keys in the database to which the Security Profiles are indexed, and communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices. - View Dependent Claims (5)
-
-
6. A method in which information of a device that generates digital signatures is reliably identified, comprising the steps of:
-
(a) for each of a plurality of devices manufactured in an environment, (i) creating a public-private key pair within the environment, (ii) linking within the environment in a secure manner the public key with other information associated with the device, and (iii) before release of the device from the environment, storing the private key within the device for utilization in generating a digital signature for an electronic message; and (b) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the other information associated with said linked public key as pertaining to the device to which belongs the private key utilized in digitally signing the message, wherein the Security Profile of a device comprises authentication capabilities of the device, and wherein the Security Profile of a device further comprises a manufacturing history of the device. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
-
(a) maintaining the database in a secure environment; (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together; and (c) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message, wherein the Security Profile of a device comprises authentication capabilities of the device, and wherein the Security Profile of a device further comprises a manufacturing history of the device. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
-
(a) maintaining the database in a secure environment; (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together; and (c) communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices, wherein the Security Profile of a device comprises authentication capabilities of the device, and wherein the Security Profile of a device further comprises a manufacturing history of the device. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
-
30. A method of providing for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
-
(a) for each of a plurality of devices manufactured in a secure environment, recording together the public key with a Security Profile of the manufactured device and generating a digital signature therefor to collectively define a Security Certificate, the public key and Security Profile thereby being securely linked together; and (b) before each manufactured device is released from the secure environment, incorporating its respective Security Certificate into the manufactured device such that the Security Certificate is sent with a digital signature that is generated by the manufactured device using the private key, wherein the Security Profile of a device comprises authentication capabilities of the device, and wherein the Security Profile of a device further comprises a manufacturing history of the device. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37)
-
-
38. A method in which information of a device that generates digital signatures is reliably identified, comprising the steps of:
-
(a) for each of a plurality of devices manufactured in an environment, (i) creating a public-private key pair within the environment, (ii) linking within the environment in a secure manner the public key with other information associated with the device, and (iii) before release of the device from the environment, storing the private key within the device for utilization in generating a digital signature for an electronic message; (b) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the other information associated with said linked public key as pertaining to the device to which belongs the private key utilized in digitally signing the message; and (c) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45)
-
-
46. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
-
(a) maintaining the database in a secure environment; (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together; (c) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message; and (d) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53)
-
-
54. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
-
(a) maintaining the database in a secure environment; (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together; (c) communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices; (d) successfully authenticating a digitally signed message with a said linked public key of the reference and thereby identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message; and (e) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile. - View Dependent Claims (55, 56, 57, 58, 59, 60, 61)
-
-
62. A method of providing for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
-
(a) for each of a plurality of devices manufactured in a secure environment, recording together the public key with a Security Profile of the manufactured device and generating a digital signature therefor to collectively define a Security Certificate, the public key and Security Profile thereby being securely linked together; (b) before each manufactured device is released from the secure environment, incorporating its respective Security Certificate into the manufactured device such that the Security Certificate is sent with a digital signature that is generated by the manufactured device using the private key; (c) generating a digital signature for an electronic message utilizing the private key of one of the manufactured devices; (d) sending the Security Certificate of the particular manufactured device with the digital signature for the electronic message; (e) successfully authenticating the electronic message using the public key included in the Security Certificate; (f) successfully authenticating the Security Certificate using another public key; (g) identifying security features in the Security Certificate as being the security features of the particular manufactured device to which belongs the private key utilized to generate the digital signature of the electronic message; and (h) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile. - View Dependent Claims (63, 64, 65, 66, 67, 68, 69)
-
-
70. A method in which information of a device that generates digital signatures is reliably identified, comprising the steps of:
-
(a) for each of a plurality of devices manufactured in an environment, (i) creating a public-private key pair within the environment, (ii) linking within the environment in a secure manner the public key with other information associated with the device, and (iii) before release of the device from the environment, storing the private key within the device for utilization in generating a digital signature for an electronic message; (b) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the other information associated with said linked public key as pertaining to the device to which belongs the private key utilized in digitally signing the message; and (c) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile, wherein an entity providing the monetary guarantee sends a public key successfully authenticating the electronic message to a secure entity which links in the secure environment a respective public key to respective security features of each manufactured device. - View Dependent Claims (71, 72, 73)
-
-
74. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
-
(a) maintaining the database in a secure environment; (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together; (c) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message; and (d) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile, wherein an entity providing the monetary guarantee sends a public key successfully authenticating the electronic message to a secure entity which links in the secure environment a respective public key to respective security features of each manufactured device. - View Dependent Claims (75, 76, 77)
-
-
78. A method in which information of a device that generates digital signatures is reliably identified, comprising the steps of:
-
(a) for each of a plurality of devices manufactured in an environment, (i) creating a public-private key pair within the environment, (ii) linking within the environment in a secure manner the public key with other information associated with the device, and (iii) before release of the device from the environment, storing the private key within the device for utilization in generating a digital signature for an electronic message; (b) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the other information associated with said linked public key as pertaining to the device to which belongs the private key utilized in digitally signing the message; and (c) further comprising the step of providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile, wherein a secure entity links a public key with security features of a manufactured device by digitally signing a reference including the public key and the security features of the manufactured device. - View Dependent Claims (79, 80, 81)
-
-
82. A method of managing a database for reliably identifying a Security Profile of a device tat generates digital signatures, comprising the steps of:
-
(a) maintaining the database in a secure environment; (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together; (c) communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices; and (d) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile, wherein a secure entity links a public key with security features of a manufactured device by digitally signing a reference including the public key and the security features of the manufactured device. - View Dependent Claims (83, 84, 85)
-
-
86. A method of manufacturing devices that generate digital signatures such that each device may be reliably and uniquely identified, the devices being manufactured within a secure environment, comprising the steps of:
-
(a) creating a public-private key pair within the secure environment; (b) storing the private key within the device against the possibility of divulgement thereof by the device; and (c) securely linking the public key with other information within the secure environment, wherein each private-public key pair is created within each device based on a random number produced by a random number generator disposed within each device, and wherein The other information comprises a manufacturing history of each device.
-
Specification