Managing database for reliably identifying information of device generating digital signatures

US 7,047,414 B2
Filed: 02/01/2003
Issued: 05/16/2006
Est. Priority Date: 08/04/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of,(a) maintaining the database in a secure environment, the secure environment existing outside of the device and having a security rating, (b) recording in the database for each one of a plurality of devices manufactured in a secure manufacturing environment, (i) a public key of a public-private key pair of the manufactured device, the private key being stored within the device, and (ii) a Security Profile of the manufactured device in association with the public key, wherein the Security Profile includes security features and manufacturing history of the manufactured device and wherein the Security Profile defines a security level of the manufactured device relative to other manufactured devices,

the public key and Security Profile thereby being securely linked together and wherein the security rating of the secure environment is at least comparable to the security level of the manufactured device, and (c) thereafter, when a public key linked in said step (b) successfully authenticates a digitally signed message, identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A database for reliably identifying a Security Profile of a device that generates digital signatures is managed by (a) maintaining the database in a secure environment, (b) recording in the database for each one of a plurality of devices manufactured in the secure environment, (i) a public key of a public-private key pair of the manufactured device, and in association therewith, (ii) a Security Profile of the manufactured device, the public key and Security Profile thereby being securely linked together, and (c) thereafter, when a linked public key successfully authenticates a digitally signed message, identifying the Security Profile associated with the linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message. Furthermore, a reference is communicated in a secure manner, the reference including the public key and Security Profile linked therewith for at least one of the manufactured devices.

Citations

26 Claims

1. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of,(a) maintaining the database in a secure environment, the secure environment existing outside of the device and having a security rating, (b) recording in the database for each one of a plurality of devices manufactured in a secure manufacturing environment, (i) a public key of a public-private key pair of the manufactured device, the private key being stored within the device, and (ii) a Security Profile of the manufactured device in association with the public key, wherein the Security Profile includes security features and manufacturing history of the manufactured device and wherein the Security Profile defines a security level of the manufactured device relative to other manufactured devices,
- the public key and Security Profile thereby being securely linked together and wherein the security rating of the secure environment is at least comparable to the security level of the manufactured device, and (c) thereafter, when a public key linked in said step (b) successfully authenticates a digitally signed message, identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message.
- View Dependent Claims (2, 3, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 2. The method of claim 1, wherein the Security Profile is identified by a recipient of the digitally signed message.
  - 3. The method of claim 1, wherein the Security Profile is identified to a recipient of the digitally signed message.
  - 7. The method of claims 1 or 6, further comprising the step of receiving the digitally signed message and digital signature from a recipient thereof.
  - 8. The method of claims 1 or 4, wherein the public key and Security Profile of each of the manufactured devices are retrievable from the database based on a device identifier assigned for each of the manufactured devices.
  - 9. The method of claim 8, wherein the identifier for each of the manufactured devices comprises the respective public key of the manufactured device.
  - 10. The method of claim 8, wherein the identifier for each of the manufactured devices comprises a respective serial number of each manufactured device.
  - 11. The method of claim 8, wherein the identifier for each of the manufactured devices comprises a respective account number associated with each manufactured device.
  - 12. The method of claims 1 or 4, further comprising receiving a device identifier from a recipient of a digitally signed message and comparing for a match the device identifier with device identifiers in the database to which the linked public keys and Security Profiles are indexed.
  - 13. The method of claims 1 or 6, further comprising gauging a risk that the private key was fraudulently used to digitally sign the message based at least in part on said identified Security Profile.
  - 14. The method of claims 1 or 4, wherein the Security Profile comprises security characteristics of the respective device.
  - 15. The method of claim 14, wherein the security characteristics include an algorithm used by the respective device in originating digital signatures.
  - 16. The method of claims 1 or 4, wherein the Security Profile comprises authentication capabilities of the respective device.
  - 17. The method of claim 16, wherein the authentication capabilities include whether the device performs authentication based on a Secret and authentication based on a biometric characteristic.
  - 18. The method of claims 1 or 4, wherein the security level of the manufactured device is within a range of pre-defined security levels for secure devices.
  - 19. The method of claims 1 or 4, wherein the secure environment includes multiple physical locations.
  - 20. The method of claims 1 or 6, wherein the electronic message represents a financial transaction.
  - 21. The method of claims 1 or 6, wherein the electronic message represents a legal action.
  - 22. The method of claims 1 or 6, wherein the electronic message represents a request for access to information.
  - 23. The method of claims 1 or 6, wherein the electronic message represents a request for access to a physical location.
  - 24. The method of claims 1 or 4, wherein the public-private key pair of each manufactured device is created in the respective manufactured device.
  - 25. The method of claim 24, wherein only the public key of each pair is exportable from the respective manufactured device.
  - 26. The method of claim 24, wherein the private key is not exportable from the respective manufactured device.

4. A method of managing a database for reliably identifying a Security Profile of a device that generates digital signatures, comprising the steps of,(a) maintaining the database in a secure environment, the secure environment existing outside of the device and having a security rating, (b) recording in the database for each one of a plurality of devices manufactured in a secure manufacturing environment, (i) a public key of a public-private key pair of the manufactured device, the private key being stored within the device, and (ii) a Security Profile of the manufactured device in association with the public key, wherein the Security Profile includes security features and manufacturing history of the manufactured device and wherein the Security Profile defines a security level of the manufactured device relative to other manufactured devices,
- the public key and Security Profile thereby being securely linked together and wherein the security rating of the secure environment is at least comparable to the security level of the manufactured device, and (c) communicating a reference in a secure manner, the reference including the public key and Security Profile linked therewith in said step (b) for at least one of the manufactured devices.
- View Dependent Claims (5, 6)
- - 5. The method of claim 4, wherein said communicating the reference in a secure manner comprises communicating the reference to a recipient of a digitally signed message in a manner having a security rating that is at least comparable to the security level of the manufactured device to which the reference pertains.
  - 6. The method of claim 4, further comprising successfully authenticating a digitally signed message with a said linked public key of the reference and thereby identifying the Security Profile associated with said linked public key as pertaining to the manufactured device to which belongs the private key utilized in digitally signing the message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Wheeler, Lynn Henry, Wheeler, Anne M.
Primary Examiner(s)
Zand, Kambiz

Application Number

US10/248,626
Publication Number

US 20030097562A1
Time in Patent Office

1,200 Days
Field of Search

713/155, 713/166, 713/171, 713/177, 713/200, 713/157, 713/158, 713/159, 713/176, 713/170, 380/229, 380/282, 380/285, 380/277, 705/67, 705/71, 708/135, 710/36, 711/150, 711/163, 709/229
US Class Current

713/176
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 2221/2113   Multi-level security, e.g. ...

G06Q 20/00   Payment architectures, sche...

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/0855   involving a third party

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3558   Preliminary personalisation...

G06Q 20/3674   involving authentication

G06Q 20/3676   Balancing accounts

G06Q 20/382   insuring higher security of...

G06Q 20/3821   Electronic credentials

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/388   using mutual authentication...

G06Q 20/4014   Identity check for transact...

G06Q 20/40145   Biometric identity checks

G06Q 20/403 : Solvency checks

G06Q 20/40975 : using encryption therefor

G06Q 50/188 : Electronic negotiation

G07F 7/0886 : the card reader being porta...

G07F 7/1008 : Active credit-cards provide...

G07F 7/1016 : Devices or methods for secu...

H04L 2209/42 : Anonymization, e.g. involvi...

H04L 2209/56 : Financial cryptography, e.g...

H04L 63/0428 : wherein the data content is...

H04L 63/0442 : wherein the sending and rec...

H04L 63/062 : for key distribution, e.g. ...

H04L 63/0823 : using certificates cryptogr...

H04L 63/083 : using passwords cryptograph...

H04L 63/12 : Applying verification of th...

H04L 9/321 : involving a third party or ...

H04L 9/3247 : involving digital signatures

View All

Managing database for reliably identifying information of device generating digital signatures

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Managing database for reliably identifying information of device generating digital signatures

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links