Gauging risk in electronic communications regarding accounts in ABDS system

US 7,082,533 B2
Filed: 02/01/2003
Issued: 07/25/2006
Est. Priority Date: 08/04/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method of communicating electronically over a communications medium regarding an account, comprising the steps of:

(a) maintaining information pertaining to the account in a database accessible by an authentication component, the information being retrievable based on a unique identifier, the information including security features of a genuine device that generates digital signatures using a private key of a public-private key pair, wherein the genuine device does not reside in and is not part of the authentication component and wherein the security features are indicative of the accessibility of the private key outside the genuine device;

(b) associating the public key of the genuine device with the unique identifier such that the public key is retrievable based on the unique identifier;

(c) thereafter,(i) receiving an electronic communication including the unique identifier, a message, and a digital signature of the message, the digital signature generated by a suspect device and the message comprising a request pertaining to the account;

(ii) authenticating the message using the public key associated with the unique identifier;

(iii) upon successful authentication, identifying the security features retrievable by the unique identifier as being the security features of the genuine device; and

(iv) acting upon the account in response to the request as a function of the likelihood that the digital signature generated by the suspect device was generated by the genuine device based on the security features of the genuine device.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for communicating electronically over a communications medium regarding an account includes (a) maintaining information pertaining to the account in a database such that the information is retrievable by a unique identifier, the information including security features of a device that generates digital signatures using a private key of a public-private key pair, (b) associating the public key of the device with the unique identifier in the database, (c) receiving an electronic communication including the unique identifier and a digital signature for a message generated by a suspect device (d) authenticating the message using the public key associated with the unique, (e) upon successful authentication of the message, identifying the security features retrievable by the unique identifier as being the security features of the genuine device, and (f) gauging the risk that said generated digital signature was fraudulently sent based on said identified security features of the genuine device.

138 Citations

20 Claims

1. A method of communicating electronically over a communications medium regarding an account, comprising the steps of:
- (a) maintaining information pertaining to the account in a database accessible by an authentication component, the information being retrievable based on a unique identifier, the information including security features of a genuine device that generates digital signatures using a private key of a public-private key pair, wherein the genuine device does not reside in and is not part of the authentication component and wherein the security features are indicative of the accessibility of the private key outside the genuine device;
  
  (b) associating the public key of the genuine device with the unique identifier such that the public key is retrievable based on the unique identifier;
  
  (c) thereafter,(i) receiving an electronic communication including the unique identifier, a message, and a digital signature of the message, the digital signature generated by a suspect device and the message comprising a request pertaining to the account;
  
  (ii) authenticating the message using the public key associated with the unique identifier;
  
  (iii) upon successful authentication, identifying the security features retrievable by the unique identifier as being the security features of the genuine device; and
  
  (iv) acting upon the account in response to the request as a function of the likelihood that the digital signature generated by the suspect device was generated by the genuine device based on the security features of the genuine device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the authentication component is an account authority.
  - 3. The method of claim 1, wherein the authentication component is a central key authority.
  - 4. The method of claim 1, wherein the step of maintaining the record is performed by an account authority.
  - 5. The method of claim 1, wherein the step of maintaining the record is performed by a central key authority.
  - 6. The method of claim 1, wherein the unique identifier comprises the associated public key.
  - 7. The method of claim 1, wherein the unique identifier comprises an account number.
  - 8. The method of claim 1, wherein the communications medium is open and insecure.
  - 9. The method of claim 1, wherein the communications medium comprises the Internet.
  - 10. The method of claim 1, wherein the information includes at least one of the name, address, social security number, and tax identification number of the account holder.
  - 11. The method of claim 1, wherein the information includes a current balance or an available credit for the account.
  - 12. The method of claim 1, wherein the information includes a list of associated accounts.
  - 13. The method of claim 1, wherein the security features for each of a plurality of genuine devices are indexed in the database to the public key of each respective device.
  - 14. The method of claim 1, wherein the security features for each of a plurality of genuine devices are indexed in the database to a respective unique identifier.
  - 15. The method of claim 1, wherein the step of acting upon the account is conditioned upon the request and a corresponding minimum likelihood determination that the digital signature was generated by the genuine device associated with the request.
  - 16. The method of claim 1, wherein the step of acting upon the account is conditioned upon the account and a corresponding minimum likelihood determination that the digital signature was generated by the genuine device associated with the account.

17. In a system for authenticating an account holder for access to an account of the account holder in which access to the account is controlled by an authentication component, wherein the account holder possesses a secure device that maintains therein a private key of a public-private key pair, a method comprising the steps of:
- (a) maintaining in a database information pertaining to the account, the information being retrievable based on a unique identifier of the account holder;
  
  (b) associating the public key of the public-private key pair with the account such that the public key is retrievable based on the unique identifier;
  
  (c) associating a security profile of the secure device with the account such that the security profile is retrievable based on the unique identifier, the security profile identifying security features of the secure device, the security features indicative of the privacy and uniqueness of the private key;
  
  (d) wherein the authentication component performs the steps of;
  
  (i) receiving an electronic communication including the unique identifier, a message, and a digital signature of the message, the digital signature generated by a suspect device and the message comprising a request pertaining to the account;
  
  (ii) based on the unique identifier from the electronic communication, obtaining the public key and the security profile of the secure device;
  
  (iii) using the public key obtained from the database, decrypting the digital signature to verify that the digital signature was generated using the private key of the secure device; and
  
  (iv) determining the likelihood that the digital signature generated by the suspect device was actually generated by the secure device based on the security features of the secure device; and
  
  (e) acting upon the request as a function of said determination.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17, wherein the step of acting upon the request is further conditioned upon the nature of the request and a minimum likelihood required determination associated with request.
  - 19. The method of claim 18, wherein the step of acting upon the request is conditioned upon the account and a minimum likelihood required determination associated with the account.

20. A method of communicating electronically over a communications medium regarding an account, comprising the steps of:
- (a) maintaining information pertaining to the account in a database such that the information is retrievable by a unique identifier, the information including security features of a genuine device that generates digital signatures using a private key of a public-private key pair, the security features indicative of the security of the private key of the genuine device relative to other devices capable of generating digital signatures;
  
  (b) associating the public key of the genuine device with the unique identifier in the database;
  
  (c) receiving an electronic communication including the unique identifier and a digital signature for a message generated by a suspect device;
  
  (d) authenticating the message using the public key associated with the unique identifier;
  
  (e) upon successful authentication of the message, identifying the security features retrievable by the unique identifier as being the security features of the genuine device; and
  
  (f) gauging the risk that the private key of the genuine device was compromised based on the identified security features of the genuine device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Wheeler, Lynn Henry, Wheeler, Anne M.
Primary Examiner(s)
Zand, Kambiz

Application Number

US10/248,623
Publication Number

US 20030097561A1
Time in Patent Office

1,270 Days
Field of Search

713155-157, 713/176, 380/284
US Class Current

713/155
CPC Class Codes

G06Q 20/02   involving a neutral party, ...

G06Q 20/04   Payment circuits

G06Q 20/12   specially adapted for elect...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/3823   combining multiple encrypti...

G06Q 20/3825   Use of electronic signatures

G06Q 20/3829   involving key management

G06Q 20/385   using an alias or single-us...

G06Q 20/388   using mutual authentication...

G06Q 20/4014   Identity check for transact...

G06Q 20/403   Solvency checks

G06Q 20/40975   using encryption therefor

G06Q 50/06   Energy or water supply

G07F 7/0886   the card reader being porta...

G07F 7/1008   Active credit-cards provide...

G07F 7/1016   Devices or methods for secu...

H04L 63/0428   wherein the data content is...

H04L 63/0823   using certificates cryptogr...

Gauging risk in electronic communications regarding accounts in ABDS system

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

138 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Gauging risk in electronic communications regarding accounts in ABDS system

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

138 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others