Trusted authentication digital signature (tads) system

US 7,552,333 B2
Filed: 08/06/2001
Issued: 06/23/2009
Est. Priority Date: 08/04/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method of establishing trusted entity authentication associated with an electronic communication (EC), comprising:

(a) manufacturing a device within a secure environment, wherein manufacturing the device comprises;

(i) creating a public-private key pair before release of the device from the secure manufacturing environment,(ii) storing the private key securely within the device before release of the device from the secure manufacturing environment, and(iii) linking within the secure manufacturing environment in a secure manner the public key with other information associated with the device;

(b) after its manufacture, using the device to generate a digital signature as part of the EC, wherein generating the digital signature comprises;

(i) receiving into the device input comprising verification data of an entity,(ii) identifying within the device a current verification status out of a plurality of predefined verification statuses as a function of the input verification data and data prestored within the device, each verification status regarding an entity authentication performed by the device,(iii) independent of the verification status identified, generating the digital signature for a message as a function of said identified verification status, including modifying within the device the message as a function of said identified verification status, said generated digital signature comprising an indication of the identified verification status, and(iv) outputting from the device the digital signature for transmission as part of the EC to a recipient; and

(c) upon receipt of the EC by the recipient,(i) extracting the indication of the identified verification status from the EC and identifying the other information linked with the public key of the device by successfully authenticating the message using the public key of the device, and(ii) acting on the message in the EC based on the indication of the identified verification status included in the EC, based on the contents of the message itself, and based on said identified information linked with the public key.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Trusted entity authentication includes creating a public-private pair in a secure environment; storing the private key within a device during its manufacture in the secure environment; linking the public key with other information in the secure environment, receiving input within the device comprising verification data of an entity, identifying within the device a verification status based on the verification data and data prestored within the device; independent of the verification status identified, generating a digital signature for a message including an indication of the identified verification status using the private key; outputting the digital signature for transmission with an EC; identifying upon receipt of the EC the information linked with the public key by authenticating the message with the public key, and considering the identified information and the indicated verification status. The linked information includes device security aspects and the verification status regards entity authentication performed by the device.

265 Citations

13 Claims

1. A method of establishing trusted entity authentication associated with an electronic communication (EC), comprising:
- (a) manufacturing a device within a secure environment, wherein manufacturing the device comprises;
  
  (i) creating a public-private key pair before release of the device from the secure manufacturing environment,(ii) storing the private key securely within the device before release of the device from the secure manufacturing environment, and(iii) linking within the secure manufacturing environment in a secure manner the public key with other information associated with the device;
  
  (b) after its manufacture, using the device to generate a digital signature as part of the EC, wherein generating the digital signature comprises;
  
  (i) receiving into the device input comprising verification data of an entity,(ii) identifying within the device a current verification status out of a plurality of predefined verification statuses as a function of the input verification data and data prestored within the device, each verification status regarding an entity authentication performed by the device,(iii) independent of the verification status identified, generating the digital signature for a message as a function of said identified verification status, including modifying within the device the message as a function of said identified verification status, said generated digital signature comprising an indication of the identified verification status, and(iv) outputting from the device the digital signature for transmission as part of the EC to a recipient; and
  
  (c) upon receipt of the EC by the recipient,(i) extracting the indication of the identified verification status from the EC and identifying the other information linked with the public key of the device by successfully authenticating the message using the public key of the device, and(ii) acting on the message in the EC based on the indication of the identified verification status included in the EC, based on the contents of the message itself, and based on said identified information linked with the public key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the other information comprises a Security Profile of the manufactured device and wherein the secure manner of linking comprises recording together the public key with the Security Profile of the manufactured device and generating a digital signature therefor to collectively define a Security Certificate, the public key and Security Profile thereby being securely linked together;
    - and before the device is released from the secure environment, incorporating its Security Certificate into the device such that the Security Certificate is sent in the EC with the digital signature generated by the device.
  - 3. The method of claim 1, wherein the other information comprises a Security Profile of the manufactured device and wherein the secure manner of linking comprises recording the linked public key and the Security Profile of the manufactured device in a database and maintaining the database in an environment having a security rating at least comparable to a security level of the device.
  - 4. The method of claim 1, wherein the other information comprises a Security Profile of the manufactured device and wherein the secure manner of linking comprises generating a digital signature for a reference including the linked public key and the Security Profile of the manufactured device, publishing the reference and digital signature therefor, and maintaining the private key used in generating the digital signature for the reference in an environment having a security rating that is at least comparable to a security level of the device to which the reference pertains.
  - 5. The method of claim 1, wherein the other information comprises a Security Profile, and wherein the secure manner of linking comprises recording the public key and the Security Profile in a database of public keys linked with Security Profiles of devices, and maintaining the database in an environment having a security rating at least comparable to a security level of each device for which the public key thereof is linked.
  - 6. The method of claim 1, wherein authenticating the message using the public key of the device comprises (a) modifying data representing the message as a function of a suspected verification status of the device, (b) calculating a message digest as a function of said modified data, (c) decrypting said generated digital signature received in the EC with the public key, and (d) concluding the verification status of the device as being the suspected verification status of the device when said calculated message digest matches said decrypted digital signature.
  - 7. The method of claim 1, further comprising generating a digital signature within the device using a digital signature algorithm, and then using said generated digital signature as a random number in an application requiring a random number.
  - 8. The method of claim 7, further comprising using the digital signature as a random number to safeguard against a replay attack.
  - 9. The method of claim 7, further comprising using the digital signature to generate a session key for encrypted communications.

10. A method in which a recipient of an electronic communication (EC) authenticates an entity solely by conducting message authentication with respect to the received EC, which includes unique identifier associated with an account maintained by the recipient, a message regarding the account, and a digital signature of the message, the method comprising:
- (a) before receipt of the EC;
  
  (i) associating a public key of a public-private key pair with the unique identifier in a database maintained by the recipient, and(ii) retrieving information linked with the public key, the information identifying security aspects of a device used to generate digital signatures using the private key stored securely therein, the public-private key pair having been created within an environment of manufacture of the device and the private key having been stored within the device prior to release of the device from the environment following its manufacture; and
  
  (b) thereafter,(i) using only the digital signature from the EC and the public key associated with the account identifier to authenticate the message, and(ii) upon successful authentication of the message, acting upon the message based on;
  
  (A) said information linked with the public key, and(B) an indication included in the EC of a verification status of the device out of a plurality of predefined verification statuses, the verification status regarding an entity authentication performed by the device as a function of verification data of the entity input into the device and data prestored within the device.

11. A method in which a recipient of an electronic communication (EC) authenticates an entity solely by conducting message authentication with respect to the received EC, which includes a unique identifier associated with an account maintained by the recipient, a message regarding the account, and a digital signature of the message, the method comprising:
- (a) before receipt of the EC;
  
  (i) associating a public key of a public-private key pair with the unique identifier in a database maintained by the recipient, and(ii) retrieving information linked with the public key, the information identifying security aspects of a device used to generate digital signatures using the private key stored securely therein; and
  
  (b) thereafter,(i) using only the digital signature from the EC and the public key associated with the account identifier to authenticate the message, and(ii) upon successful authentication of the message, acting upon the message based on;
  
  (A) said information linked with the public key, and(B) an indication included in the EC of a verification status of the device out of a plurality of predefined verification statuses, the verification status regarding an entity authentication performed by the device as a function of verification data of the entity input into the device and data prestored within the device.

12. A method in which a recipient of an electronic communication (EC) authenticates an entity solely by conducting message authentication with respect to the received EC, which includes a unique identifier associated with an account maintained by the recipient, a message regarding the account, and a digital signature of the message, the method comprising:
- (a) before receipt of the EC, associating a public key of a public-private key pair with the unique identifier in a database maintained by the recipient; and
  
  thereafter(b) using only the digital signature from the EC and the public key associated with the account identifier to authenticate the message, and upon successful authentication of the message, acting upon the message based on an indication included in the EC of a verification status of the device out of a plurality of predefined verification statuses, the verification status regarding an entity authentication performed by the device as a function of verification data of the entity input into the device and data prestored within the device.

13. A method in which a recipient of an electronic communication (EC) authenticates an entity solely by conducting message authentication with respect to the received EC, which includes a unique identifier associated with an account maintained by the recipient, a message regarding the account, and a digital signature of the message, the method comprising:
- (a) before receipt of the EC;
  
  (i) associating a public key of a public-private key pair with the unique identifier in a database maintained by the recipient, and(ii) retrieving information linked with the public key, the information identifying security aspects of a device used to generate digital signatures using the private key stored securely therein, the public-private key pair having been created within an environment of manufacture of the device and the private key having been stored within the device prior to release of the device from the environment following its manufacture; and
  
  (b) thereafter,(i) using only the digital signature from the EC and the public key associated with the account identifier to authenticate the message, and(ii) upon successful authentication of the message, acting upon the message based on said information linked with the public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
First Data Corporation (Fiserv Incorporated)
Original Assignee
First Data Corporation (Fiserv Incorporated)
Inventors
Wheeler, Lynn Henry, Wheeler, Anne M.
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
GEE, JASON KAI YIN

Application Number

US10/169,954
Publication Number

US 20030014372A1
Time in Patent Office

2,878 Days
Field of Search

713/170, 713/176
US Class Current

713/176
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06Q 20/3829   involving key management

G06Q 40/02   Banking, e.g. interest calc...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/80   Wireless network architectu...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 9/3218   using proof of knowledge, e...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

Trusted authentication digital signature (tads) system

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

265 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted authentication digital signature (tads) system

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

265 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links