Cryptographic security method and electronic devices suitable therefor

US 7,225,337 B2
Filed: 05/23/2003
Issued: 05/29/2007
Est. Priority Date: 05/24/2002
Status: Active Grant

First Claim

Patent Images

1. A portable, electronic security module, comprising:

an electronic data storage device,a secret private customer key and a public customer key stored in the electronic data storage device as a first digital key pair,a signature module configured to generate a digital customer signature from object data to be signed using the secret private customer key,a secret private key of a security provider and a public key of the security provider stored in the electronic data storage device as a second digital key pair, anda certification module, installed in the signature module, and configured to generate a digital signature certificate from the digital customer signature using the secret private key of the security provider.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A portable electronic security module including an electronic data storage device, a secret private customer key and a public customer key stored in the electronic data storage device as a first digital key pair, a signature module configured to generate a digital customer signature from object data to be signed using the secret private customer key, a secret private key of a security provider and a public key of the security provider stored in the electronic data storage device as a second digital key pair, and a certification module, installed in the signature module, and configured to generate a digital signature certificate from the digital customer signature using the secret private key of the security provider.

Citations

24 Claims

1. A portable, electronic security module, comprising:
- an electronic data storage device,a secret private customer key and a public customer key stored in the electronic data storage device as a first digital key pair,a signature module configured to generate a digital customer signature from object data to be signed using the secret private customer key,a secret private key of a security provider and a public key of the security provider stored in the electronic data storage device as a second digital key pair, anda certification module, installed in the signature module, and configured to generate a digital signature certificate from the digital customer signature using the secret private key of the security provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The electronic security module according to claim 1, further comprising a customer identification stored in the electronic data storage device, wherein the certification module is configured to generate the signature certificate using additionally the customer identification.
  - 3. The electronic security module according to claim 1, further comprising personal customer attributes stored in the electronic data storage device, wherein the certification module is configured to generate the signature certificate using additionally the customer attributes.
  - 4. The electronic security module according to claim 3, further comprising an attribute updating module configured to receive attribute updating instructions and to update the customer attributes based on received attribute updating instructions.
  - 5. The electronic security module according to claim 1, further comprising a time determining module configured to determine current time data, wherein the certification module is configured to generate the signature certificate using additionally the determined time data.
  - 6. The electronic security module according to claim 1, wherein the signature module is configured to generate the digital customer signature from a first fingerprint of the object data to be signed, and wherein the certification module is configured to generate the signature certificate using additionally the first fingerprint, when generating the signature certificate the certification module generates a second fingerprint from the data to be used for the generation of the signature certificate, the certification module generates a digital certificate signature from the generated second fingerprint using the secret private key of the security provider, and the certification module forms the signature certificate from the generated certificate signature and from the generated second fingerprint.
  - 7. The electronic security module according to claim 1, further comprising a key administration module configured to receive key administration instructions and to activate, deactivate, and update the keys stored in the electronic data storage device based on received key administration instructions.
  - 8. The electronic security module according to claim 1, wherein the electronic security module is a SIM card.

9. An electronic device, comprising:
- a first electronic security module including a first electronic data storage device,a secret private customer key and a public customer key stored in the first electronic data storage device as a first digital key pair,a signature module, installed in the first security module, and configured to generate, using the private customer key, a digital customer signature from object data to be signed,a second electronic security module including a second electronic data storage device,a second digital key pair, stored in the second electronic data storage device, and including a public key of a security provider and a secret private key of the security provider,an authentication module, installed in the second security module, and configured to authenticate the public customer key,a verification module, installed in the second security module, and configured to receive the customer signature, to receive the object data configured to generate the customer signature, and to verify the customer signature using the authenticated public customer key and the received object data configured to generate the customer signature, anda certification module, installed in the second security module, and configured to generate a digital signature certificate from the verified customer signature using the private key of the security provider.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The electronic device according to claim 9, wherein the second security module comprises a customer identification stored in the second electronic data storage device, and the certification module is configured to generate the signature certificate using additionally the customer identification.
  - 11. The electronic device according to claim 9, wherein the second security module comprises personal customer attributes stored in the second electronic data storage device, and the certification module is configured to generate the signature certificate using additionally the customer attributes.
  - 12. The electronic device according to claim 11, wherein the second security module comprises an attribute updating module configured to receive attribute updating instructions and to update the customer attributes based on received attribute updating instructions.
  - 13. The electronic device according to claim 9, further comprising a time determining module configured to determine current time data, wherein the certification module is configured to generate the signature certificate using additionally the determined time data.
  - 14. The electronic device according to claim 9, wherein the signature module is configured to generate the digital customer signature from a first fingerprint of the object data to be signed, and wherein the certification module is configured to generate the signature certificate using additionally the first fingerprint, when generating the signature certificate the certification module generates a second fingerprint from the data configured to generate the signature certificate, the certification module generates a digital certificate signature from the generated second fingerprint using the secret private key of the security provider, and the certification module forms the signature certificate from the generated certificate signature and from the generated second fingerprint.
  - 15. The electronic device according to claim 9, wherein the second security module comprises a key administration module configured to receive key administration instructions and to activate, deactivate, and update the keys stored in the electronic device based on received key administration instructions.
  - 16. The electronic device according to claim 9, wherein at least one of the two security modules is a portable module configured to be connected to the electronic device.

17. A cryptographic security method, comprising the steps of:
- storing a secret private customer key and a public customer key as a first digital key pair in an electronic device,generating in the electronic device, using the private customer key, a digital customer signature from object data to be signed,storing a secret private key of a security provider and a public key of the security provider as a second digital key pair in the electronic device, andgenerating in the electronic device a digital signature certificate from the customer signature using the private key of the security provider.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The security method according to claim 17, wherein the public customer key is authenticated in the electronic device before generation of the digital signature certificate, and the customer signature is verified using the authenticated public customer key and the object data configured to generate the customer signature.
  - 19. The security method according to claim 17, wherein a customer identification is stored in the electronic device, and the signature certificate is generated using additionally the customer identification.
  - 20. The security method according to claim 17, wherein personal customer attributes are stored in the electronic device, and the signature certificate is generated using additionally the customer attributes.
  - 21. The security method according to claim 20, wherein attribute updating instructions are received in the electronic device, and the customer attributes are updated based on received attribute updating instructions.
  - 22. The security method according to claim 17, wherein current time data is determined in the electronic device, and the signature certificate is generated using additionally the determined time data.
  - 23. The security method according to claim 17, wherein the digital customer signature is generated from a first fingerprint of the object data to be signed, the signature certificate is generated using additionally the first fingerprint, when generating the signature certificate a second fingerprint is generated from the data configured to generate the signature certificate, a digital certificate signature is generated from the generated second fingerprint using the secret private key of the security provider, and the signature certificate is formed from the generated certificate signature and from the generated second fingerprint.
  - 24. The security method according to claim 17, wherein key administration instructions are received in the electronic device, and the keys stored in the electronic device are activated, deactivated or updated based on received key administration instructions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VL Collective IP, LLC (VideoLabs, Inc.)
Original Assignee
Swisscom Mobile AG (Government of Switzerland)
Inventors
Baessler, Felix
Primary Examiner(s)
Vu; Kim
Assistant Examiner(s)
SHAN, APRIL YING

Application Number

US10/443,783
Publication Number

US 20030221104A1
Time in Patent Office

1,467 Days
Field of Search

713/175, 713/176, 713156-158
US Class Current

713/175
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Cryptographic security method and electronic devices suitable therefor

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic security method and electronic devices suitable therefor

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links