Linking public key of device to information during manufacture

US 6,983,368 B2
Filed: 08/06/2001
Issued: 01/03/2006
Est. Priority Date: 08/04/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:

(a) maintaining the database in a secure environment;

(b) recording in the database for each one of a plurality of devices manufactured in the secure environment,(i) a public key of a public-private key pair of the manufactured device, and in association therewith,(ii) a Security Profile of the manufactured device,the public key and Security Profile thereby being securely linked together; and

(c) communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices, wherein said communicating the reference in a secure manner comprises originating a digital signature for a database record of a manufactured device maintained in the database and publishing the digital signature and the database record.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method in which information pertaining to a device (104) generating digital signatures (122) is reliably identified includes manufacturing (102) devices in a secure environment (114) and for each device (104) before it is released from the secure environment: creating a public-private key pair (116, 118); storing the private key (116) within the device (104) for utilization in generating a digital signature (122) for a message (122); and linking the public key (118) to a Security Profile (120) of the device (104). The devices (104) then are released from the secure environment (114) and a digital signature (122) is received from somewhere (108) in the world (106). The message (122) is authenticated using a suspect public key (124) and the suspect public key (124) is compared with the linked public keys (118). A Security Profile (120) of the genuine device (104) to which belongs the private key (116) used in generating the digital signature (122) is identified when the public key (124) matches a linked public key (118). A risk that the message (122) is fraudulently signed is determined.

159 Citations

86 Claims

1. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
- (a) maintaining the database in a secure environment;
  
  (b) recording in the database for each one of a plurality of devices manufactured in the secure environment,(i) a public key of a public-private key pair of the manufactured device, and in association therewith,(ii) a Security Profile of the manufactured device,the public key and Security Profile thereby being securely linked together; and
  
  (c) communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices, wherein said communicating the reference in a secure manner comprises originating a digital signature for a database record of a manufactured device maintained in the database and publishing the digital signature and the database record.

2. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
- (a) maintaining the database in a secure environment;
  
  (b) recording in the database for each one of a plurality of devices manufactured in the secure environment,(i) a public key of a public-private key pair of the manufactured device, and in association therewith,(ii) a Security Profile of the manufactured device,the public key and Security Profile thereby being securely linked together; and
  
  (c) thereafter, receiving a suspect device public key from a recipient of the digitally signed message and comparing for a match the suspect device public key with the linked public keys in the database to which the Security Profiles are indexed, and when a said linked public key successfully authenticates a digitally signed message, identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message.
- View Dependent Claims (3)
- - 3. The method of claim 2, wherein the public key used to authenticate the electronic message is sent with the digital signature for the electronic message.

4. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
- (a) maintaining the database in a secure environment;
  
  (b) recording in the database for each one of a plurality of devices manufactured in the secure environment,(i) a public key of a public-private key pair of the manufactured device, and in association therewith,(ii) a Security Profile of the manufactured device,the public key and Security Profile thereby being securely linked together; and
  
  (c) receiving a suspect device public key from a recipient of the digitally signed message and comparing for a match the suspect device public key with the linked public keys in the database to which the Security Profiles are indexed, and communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices.
- View Dependent Claims (5)
- - 5. The method of claim 4, wherein the public key used to authenticate the electronic message is sent with the digital signature for the electronic message.

6. A method in which information of a device that generates digital signatures is reliably identified, comprising the steps of:
- (a) for each of a plurality of devices manufactured in an environment,(i) creating a public-private key pair within the environment,(ii) linking within the environment in a secure manner the public key with other information associated with the device, and(iii) before release of the device from the environment, storing the private key within the device for utilization in generating a digital signature for an electronic message; and
  
  (b) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the other information associated with said linked public key as pertaining to the device to which belongs the private key utilized in digitally signing the message,wherein the Security Profile of a device comprises authentication capabilities of the device, and wherein the Security Profile of a device further comprises a manufacturing history of the device.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The method of claim 6, wherein the manufacturing history includes a batch identifier of the device.
  - 8. The method of claim 6, wherein the manufacturing history includes the identity of a manufacturer of the device.
  - 9. The method of claim 6, wherein the manufacturing history includes a part number of the device.
  - 10. The method of claim 6, wherein the manufacturing history includes the date and location of manufacture of the device.
  - 11. The method of claim 6, wherein the manufacturing history includes the linked key of the device.
  - 12. The method of claim 6, wherein the manufacturing history includes a serial number of the device.
  - 13. The method of claim 12, wherein the serial number of the manufactured device comprises the public key of the device.

14. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
- (a) maintaining the database in a secure environment;
  
  (b) recording in the database for each one of a plurality of devices manufactured in the secure environment,(i) a public key of a public-private key pair of the manufactured device, and in association therewith,(ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together; and
  
  (c) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message,wherein the Security Profile of a device comprises authentication capabilities of the device, and wherein the Security Profile of a device further comprises a manufacturing history of the device.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. The method of claim 14, wherein the manufacturing history includes a batch identifier of the device.
  - 16. The method of claim 14, wherein the manufacturing history includes the identity of a manufacturer of the device.
  - 17. The method of claim 14, wherein the manufacturing history includes a part number of the device.
  - 18. The method of claim 14, wherein the manufacturing history includes the date and location of manufacture of the device.
  - 19. The method of claim 14, wherein the manufacturing history includes the linked key of the device.
  - 20. The method of claim 14, wherein the manufacturing history includes a serial number of the device.
  - 21. The method of claim 20, wherein the serial number of the manufactured device comprises the public key of the device.

22. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
- (a) maintaining the database in a secure environment;
  
  (b) recording in the database for each one of a plurality of devices manufactured in the secure environment,(i) a public key of a public-private key pair of the manufactured device, and in association therewith,(ii) a Security Profile of the manufactured device,the public key and Security Profile thereby being securely linked together; and
  
  (c) communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices,wherein the Security Profile of a device comprises authentication capabilities of the device, and wherein the Security Profile of a device further comprises a manufacturing history of the device.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
- - 23. The method of claim 22, wherein the manufacturing history includes a batch identifier of the device.
  - 24. The method of claim 22, wherein the manufacturing history includes the identity of a manufacturer of the device.
  - 25. The method of claim 22, wherein the manufacturing history includes a part number of the device.
  - 26. The method of claim 22, wherein the manufacturing history includes the date and location of manufacture of the device.
  - 27. The method of claim 22, wherein the manufacturing history includes the linked key of the device.
  - 28. The method of claim 22, wherein the manufacturing history includes a serial number of the device.
  - 29. The method of claim 28, wherein the serial number of the manufactured device comprises the public key of the device.

30. A method of providing for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
- (a) for each of a plurality of devices manufactured in a secure environment, recording together the public key with a Security Profile of the manufactured device and generating a digital signature therefor to collectively define a Security Certificate, the public key and Security Profile thereby being securely linked together; and
  
  (b) before each manufactured device is released from the secure environment, incorporating its respective Security Certificate into the manufactured device such that the Security Certificate is sent with a digital signature that is generated by the manufactured device using the private key,wherein the Security Profile of a device comprises authentication capabilities of the device, and wherein the Security Profile of a device further comprises a manufacturing history of the device.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37)
- - 31. The method of claim 30, wherein the manufacturing history includes a batch identifier of the device.
  - 32. The method of claim 30, wherein the manufacturing history includes the identity of a manufacturer of the device.
  - 33. The method of claim 30, wherein the manufacturing history includes a part number of the device.
  - 34. The method of claim 30, wherein the manufacturing history includes the date and location of manufacture of the device.
  - 35. The method of claim 30, wherein the manufacturing history includes the linked key of the device.
  - 36. The method of claim 30, wherein the manufacturing history includes a serial number of the device.
  - 37. The method of claim 36, wherein the serial number of the manufactured device comprises the public key of the device.

38. A method in which information of a device that generates digital signatures is reliably identified, comprising the steps of:
- (a) for each of a plurality of devices manufactured in an environment,(i) creating a public-private key pair within the environment,(ii) linking within the environment in a secure manner the public key with other information associated with the device, and(iii) before release of the device from the environment, storing the private key within the device for utilization in generating a digital signature for an electronic message;
  
  (b) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the other information associated with said linked public key as pertaining to the device to which belongs the private key utilized in digitally signing the message; and
  
  (c) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile.
- View Dependent Claims (39, 40, 41, 42, 43, 44, 45)
- - 39. The method of claim 38, wherein the electronic communication is sent to a recipient and then forwarded to an entity providing the monetary guarantee.
  - 40. The method of claim 38, wherein said authenticating is performed by an entity providing the monetary guarantee.
  - 41. The method of claim 38, further comprising sending a confirmation of coverage to an insured by an entity providing the monetary guarantee.
  - 42. The method of claim 41, wherein the coverage confirmation includes security features of a manufactured device.
  - 43. The method of claim 42, wherein the coverage continuation further includes an indication of the premium for the monetary guarantee.
  - 44. The method of claim 38, wherein a secure entity links together a public key and security features of each manufactured device in the secure environment, and wherein the secure entity communicates a public key of the secure entity to an entity providing the monetary guarantee for authentication of linked security features of a manufactured device.
  - 45. The method of claim 38, further charging a different premium rate for the provision of the monetary guarantee based on different Security Profiles of the devices.

46. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
- (a) maintaining the database in a secure environment;
  
  (b) recording in the database for each one of a plurality of devices manufactured in the secure environment,(i) a public key of a public-private key pair of the manufactured device, and in association therewith,(ii) a Security Profile of the manufactured device,the public key and Security Profile thereby being securely linked together;
  
  (c) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message; and
  
  (d) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile.
- View Dependent Claims (47, 48, 49, 50, 51, 52, 53)
- - 47. The method of claim 46, wherein the electronic communication is sent to a recipient and then forwarded to an entity providing the monetary guarantee.
  - 48. The method of claim 46, wherein said authenticating is performed by an entity providing the monetary guarantee.
  - 49. The method of claim 46, further comprising sending a confirmation of coverage to an insured by an entity providing the monetary guarantee.
  - 50. The method of claim 49, wherein the coverage confirmation includes security features of a manufactured device.
  - 51. The method of claim 50, wherein the coverage continuation further includes an indication of the premium for the monetary guarantee.
  - 52. The method of claim 46, wherein a secure entity links together a public key and security features of each manufactured device in the secure environment, and wherein the secure entity communicates a public key of the secure entity to an entity providing the monetary guarantee for authentication of linked security features of a manufactured device.
  - 53. The method of claim 46, further charging a different premium rate for the provision of the monetary guarantee based on different Security Profiles of the devices.

54. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
- (a) maintaining the database in a secure environment;
  
  (b) recording in the database for each one of a plurality of devices manufactured in the secure environment,(i) a public key of a public-private key pair of the manufactured device, and in association therewith,(ii) a Security Profile of the manufactured device,the public key and Security Profile thereby being securely linked together;
  
  (c) communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices;
  
  (d) successfully authenticating a digitally signed message with a said linked public key of the reference and thereby identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message; and
  
  (e) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile.
- View Dependent Claims (55, 56, 57, 58, 59, 60, 61)
- - 55. The method of claim 54, wherein the electronic communication is sent to a recipient and then forwarded to an entity providing the monetary guarantee.
  - 56. The method of claim 54, wherein said authenticating is performed by an entity providing the monetary guarantee.
  - 57. The method of claim 54, further comprising sending a confirmation of coverage to an insured by an entity providing the monetary guarantee.
  - 58. The method of claim 57, wherein the coverage confirmation includes security features of a manufactured device.
  - 59. The method of claim 58, wherein the coverage confirmation further includes an indication of the premium for the monetary guarantee.
  - 60. The method of claim 54, wherein a secure entity links together a public key and security features of each manufactured device in the secure environment, and wherein the secure entity communicates a public key of the secure entity to an entity providing the monetary guarantee for authentication of linked security features of a manufactured device.
  - 61. The method of claim 54, further charging a different premium rate for the provision of the monetary guarantee based on different Security Profiles of the devices.

62. A method of providing for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
- (a) for each of a plurality of devices manufactured in a secure environment, recording together the public key with a Security Profile of the manufactured device and generating a digital signature therefor to collectively define a Security Certificate, the public key and Security Profile thereby being securely linked together;
  
  (b) before each manufactured device is released from the secure environment, incorporating its respective Security Certificate into the manufactured device such that the Security Certificate is sent with a digital signature that is generated by the manufactured device using the private key;
  
  (c) generating a digital signature for an electronic message utilizing the private key of one of the manufactured devices;
  
  (d) sending the Security Certificate of the particular manufactured device with the digital signature for the electronic message;
  
  (e) successfully authenticating the electronic message using the public key included in the Security Certificate;
  
  (f) successfully authenticating the Security Certificate using another public key;
  
  (g) identifying security features in the Security Certificate as being the security features of the particular manufactured device to which belongs the private key utilized to generate the digital signature of the electronic message; and
  
  (h) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile.
- View Dependent Claims (63, 64, 65, 66, 67, 68, 69)
- - 63. The method of claim 62, wherein the electronic communication is sent to a recipient and then forwarded to an entity providing the monetary guarantee.
  - 64. The method of claim 62, wherein said authenticating is performed by an entity providing the monetary guarantee.
  - 65. The method of claim 62, further comprising sending a confirmation of coverage to an insured by an entity providing the monetary guarantee.
  - 66. The method of claim 65, wherein the coverage confirmation includes security features of a manufactured device.
  - 67. The method of claim 66, wherein the coverage confirmation further includes an indication of the premium for the monetary guarantee.
  - 68. The method of claim 62, wherein a secure entity links together a public key and security features of each manufactured device in the secure environment and wherein the secure entity communicates a public key of the secure entity to an entity providing the monetary guarantee for authentication of linked security features of a manufactured device.
  - 69. The method of claim 62, further charging a different premium rate for the provision of the monetary guarantee based on different Security Profiles of the devices.

70. A method in which information of a device that generates digital signatures is reliably identified, comprising the steps of:
- (a) for each of a plurality of devices manufactured in an environment,(i) creating a public-private key pair within the environment,(ii) linking within the environment in a secure manner the public key with other information associated with the device, and(iii) before release of the device from the environment, storing the private key within the device for utilization in generating a digital signature for an electronic message;
  
  (b) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the other information associated with said linked public key as pertaining to the device to which belongs the private key utilized in digitally signing the message; and
  
  (c) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile,wherein an entity providing the monetary guarantee sends a public key successfully authenticating the electronic message to a secure entity which links in the secure environment a respective public key to respective security features of each manufactured device.
- View Dependent Claims (71, 72, 73)
- - 71. The method of claim 70, wherein the secure entity compares the public key successfully authenticating the electronic message with the public keys linked to security features of the manufactured devices.
  - 72. The method of claim 71, wherein the secure entity communicates security features to the entity providing the monetary guarantee for which the public key linked thereto matches the public key successfully authenticating the electronic message.
  - 73. The method of claim 72, wherein the secure entity digitally signs the communication of the security features.

74. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of:
- (a) maintaining the database in a secure environment;
  
  (b) recording in the database for each one of a plurality of devices manufactured in the secure environment,(i) a public key of a public-private key pair of the manufactured device, and in association therewith,(ii) a Security Profile of the manufactured device,the public key and Security Profile thereby being securely linked together;
  
  (c) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message; and
  
  (d) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile,wherein an entity providing the monetary guarantee sends a public key successfully authenticating the electronic message to a secure entity which links in the secure environment a respective public key to respective security features of each manufactured device.
- View Dependent Claims (75, 76, 77)
- - 75. The method of claim 74, wherein the secure entity compares the public key successfully authenticating the electronic message with the public keys linked to security features of the manufactured devices.
  - 76. The method of claim 75, wherein the secure entity communicates security features to the entity providing the monetary guarantee for which the public key linked thereto matches the public key successfully authenticating the electronic message.
  - 77. The method of claim 76, wherein the secure entity digitally signs the communication of the security features.

78. A method in which information of a device that generates digital signatures is reliably identified, comprising the steps of:
- (a) for each of a plurality of devices manufactured in an environment,(i) creating a public-private key pair within the environment,(ii) linking within the environment in a secure manner the public key with other information associated with the device, and(iii) before release of the device from the environment, storing the private key within the device for utilization in generating a digital signature for an electronic message;
  
  (b) thereafter, when a said linked public key successfully authenticates a digitally signed message, identifying the other information associated with said linked public key as pertaining to the device to which belongs the private key utilized in digitally signing the message; and
  
  (c) further comprising the step of providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile,wherein a secure entity links a public key with security features of a manufactured device by digitally signing a reference including the public key and the security features of the manufactured device.
- View Dependent Claims (79, 80, 81)
- - 79. The method of claim 78, wherein the secure entity communicates the reference to a recipient of the electronic communication.
  - 80. The method of claim 78, wherein the secure entity communicates the reference to an entity that provides the monetary guarantee.
  - 81. The method of claim 80, wherein the entity that provides the monetary guarantee authenticates said digitally signed reference communicated by the secure entity.

82. A method of managing a database for reliably identifying a Security Profile of a device tat generates digital signatures, comprising the steps of:
- (a) maintaining the database in a secure environment;
  
  (b) recording in the database for each one of a plurality of devices manufactured in the secure environment,(i) a public key of a public-private key pair of the manufactured device, and in association therewith,(ii) a Security Profile of the manufactured device,the public key and Security Profile thereby being securely linked together;
  
  (c) communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices; and
  
  (d) providing a monetary guarantee that the digital signature for the electronic message was not fraudulently originated in exchange for a premium that is based, at least in part, upon said identified Security Profile,wherein a secure entity links a public key with security features of a manufactured device by digitally signing a reference including the public key and the security features of the manufactured device.
- View Dependent Claims (83, 84, 85)
- - 83. The method of claim 82, wherein the secure entity communicates the reference to a recipient of the electronic communication.
  - 84. The method of claim 82, wherein the secure entity communicates the reference to an entity that provides the monetary guarantee.
  - 85. The method of claim 84, wherein the entity that provides the monetary guarantee authenticates said digitally signed reference communicated by the secure entity.

86. A method of manufacturing devices that generate digital signatures such that each device may be reliably and uniquely identified, the devices being manufactured within a secure environment, comprising the steps of:
- (a) creating a public-private key pair within the secure environment;
  
  (b) storing the private key within the device against the possibility of divulgement thereof by the device; and
  
  (c) securely linking the public key with other information within the secure environment,wherein each private-public key pair is created within each device based on a random number produced by a random number generator disposed within each device, and wherein The other information comprises a manufacturing history of each device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Wheeler, Lynn Henry, Wheeler, Anne M.
Primary Examiner(s)
Zand, Kambiz

Application Number

US10/343,656
Publication Number

US 20040030901A1
Time in Patent Office

1,611 Days
Field of Search

713/156, 713/175, 713/176, 713/182
US Class Current

713/170
CPC Class Codes

G06F 21/31   User authentication

G06F 21/606   by securing the transmissio...

G06F 21/73   by creating or determining ...

G06F 2221/2129   Authenticate client device ...

G06Q 20/382   insuring higher security of...

G06Q 20/3829   involving key management

H04L 2209/56   Financial cryptography, e.g...

H04L 9/321   involving a third party or ...

H04L 9/3247   involving digital signatures

Linking public key of device to information during manufacture

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

159 Citations

86 Claims

Specification

Solutions

Use Cases

Quick Links

Linking public key of device to information during manufacture

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

159 Citations

86 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links