Gauging risk in electronic communications regarding accounts in ABDS system
First Claim
1. A method of communicating electronically over a communications medium regarding an account, comprising the steps of:
- (a) maintaining information pertaining to the account in a database accessible by an authentication component, the information being retrievable based on a unique identifier, the information including security features of a genuine device that generates digital signatures using a private key of a public-private key pair, wherein the genuine device does not reside in and is not part of the authentication component and wherein the security features are indicative of the accessibility of the private key outside the genuine device;
(b) associating the public key of the genuine device with the unique identifier such that the public key is retrievable based on the unique identifier;
(c) thereafter,(i) receiving an electronic communication including the unique identifier, a message, and a digital signature of the message, the digital signature generated by a suspect device and the message comprising a request pertaining to the account;
(ii) authenticating the message using the public key associated with the unique identifier;
(iii) upon successful authentication, identifying the security features retrievable by the unique identifier as being the security features of the genuine device; and
(iv) acting upon the account in response to the request as a function of the likelihood that the digital signature generated by the suspect device was generated by the genuine device based on the security features of the genuine device.
8 Assignments
0 Petitions
Accused Products
Abstract
A system for communicating electronically over a communications medium regarding an account includes (a) maintaining information pertaining to the account in a database such that the information is retrievable by a unique identifier, the information including security features of a device that generates digital signatures using a private key of a public-private key pair, (b) associating the public key of the device with the unique identifier in the database, (c) receiving an electronic communication including the unique identifier and a digital signature for a message generated by a suspect device (d) authenticating the message using the public key associated with the unique, (e) upon successful authentication of the message, identifying the security features retrievable by the unique identifier as being the security features of the genuine device, and (f) gauging the risk that said generated digital signature was fraudulently sent based on said identified security features of the genuine device.
138 Citations
20 Claims
-
1. A method of communicating electronically over a communications medium regarding an account, comprising the steps of:
-
(a) maintaining information pertaining to the account in a database accessible by an authentication component, the information being retrievable based on a unique identifier, the information including security features of a genuine device that generates digital signatures using a private key of a public-private key pair, wherein the genuine device does not reside in and is not part of the authentication component and wherein the security features are indicative of the accessibility of the private key outside the genuine device; (b) associating the public key of the genuine device with the unique identifier such that the public key is retrievable based on the unique identifier; (c) thereafter, (i) receiving an electronic communication including the unique identifier, a message, and a digital signature of the message, the digital signature generated by a suspect device and the message comprising a request pertaining to the account; (ii) authenticating the message using the public key associated with the unique identifier; (iii) upon successful authentication, identifying the security features retrievable by the unique identifier as being the security features of the genuine device; and (iv) acting upon the account in response to the request as a function of the likelihood that the digital signature generated by the suspect device was generated by the genuine device based on the security features of the genuine device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. In a system for authenticating an account holder for access to an account of the account holder in which access to the account is controlled by an authentication component, wherein the account holder possesses a secure device that maintains therein a private key of a public-private key pair, a method comprising the steps of:
-
(a) maintaining in a database information pertaining to the account, the information being retrievable based on a unique identifier of the account holder; (b) associating the public key of the public-private key pair with the account such that the public key is retrievable based on the unique identifier; (c) associating a security profile of the secure device with the account such that the security profile is retrievable based on the unique identifier, the security profile identifying security features of the secure device, the security features indicative of the privacy and uniqueness of the private key; (d) wherein the authentication component performs the steps of; (i) receiving an electronic communication including the unique identifier, a message, and a digital signature of the message, the digital signature generated by a suspect device and the message comprising a request pertaining to the account; (ii) based on the unique identifier from the electronic communication, obtaining the public key and the security profile of the secure device; (iii) using the public key obtained from the database, decrypting the digital signature to verify that the digital signature was generated using the private key of the secure device; and (iv) determining the likelihood that the digital signature generated by the suspect device was actually generated by the secure device based on the security features of the secure device; and (e) acting upon the request as a function of said determination. - View Dependent Claims (18, 19)
-
-
20. A method of communicating electronically over a communications medium regarding an account, comprising the steps of:
-
(a) maintaining information pertaining to the account in a database such that the information is retrievable by a unique identifier, the information including security features of a genuine device that generates digital signatures using a private key of a public-private key pair, the security features indicative of the security of the private key of the genuine device relative to other devices capable of generating digital signatures; (b) associating the public key of the genuine device with the unique identifier in the database; (c) receiving an electronic communication including the unique identifier and a digital signature for a message generated by a suspect device; (d) authenticating the message using the public key associated with the unique identifier; (e) upon successful authentication of the message, identifying the security features retrievable by the unique identifier as being the security features of the genuine device; and (f) gauging the risk that the private key of the genuine device was compromised based on the identified security features of the genuine device.
-
Specification