System and method for creating a trusted network capable of facilitating secure open network transactions using batch credentials
First Claim
1. A method for deploying a trusted network capable of securely updating devices that allows for secure transactions over an open communications network, comprising the steps of:
- binding a single credential to a plurality of devices to be used in secure transactions over the open communications network;
maintaining a manifest identifying each device of the plurality of devices bound to the single credential;
where in the manifest lists the plurality of devices at the time of creation, is stored in an escrow database, and forms a list that is not altered;
maintaining a current list of devices approved to securely transact over the open communications network, each device being related in the current list of devices to the single credential bound to the plurality of devices to which the device belongs; and
before allowing any of the plurality of devices to send a message over the open communications network, determining whether the device is authenticated to be a trusted device for transacting over the open communications network by verifying the validity of the single credential bound to the device based on the manifest and the current list.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for creating a trusted network capable of facilitating secure transactions via an open network using batch credentials, such as batch PKI certificates, is presented. A certificate is bound to a group, or batch, or devices. This certificate is referenced by an activation authority upon processing a request for service by a device. Information regarding the device batch certificate is maintained in a permanent, or escrow, database. A user identity is bound to a device, as a device key is used to sign a user key created on the device in the presence of the user, and a copy of the device key is later used to decrypt the signed user key upon its transmission and receipt.
59 Citations
35 Claims
-
1. A method for deploying a trusted network capable of securely updating devices that allows for secure transactions over an open communications network, comprising the steps of:
-
binding a single credential to a plurality of devices to be used in secure transactions over the open communications network; maintaining a manifest identifying each device of the plurality of devices bound to the single credential;
where in the manifest lists the plurality of devices at the time of creation, is stored in an escrow database, and forms a list that is not altered;maintaining a current list of devices approved to securely transact over the open communications network, each device being related in the current list of devices to the single credential bound to the plurality of devices to which the device belongs; and before allowing any of the plurality of devices to send a message over the open communications network, determining whether the device is authenticated to be a trusted device for transacting over the open communications network by verifying the validity of the single credential bound to the device based on the manifest and the current list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for effecting secure transactions via an open communications network, comprising the steps of:
-
binding a single credential to a plurality of devices to be used in secure transactions over the open communications network; maintaining a manifest identifying each device of the plurality of devices bound to the single credential;
where in the manifest lists the plurality of devices at the time of creation, is stored in an escrow database, and forms a list that is not altered;maintaining a current list of devices approved to use the single credential bound to the plurality of devices, each device being related in the current list of devices to the single credential bound to the plurality of devices to which the device belongs; before allowing any of the plurality of devices to send a message over the open communications network, determining whether the device is authenticated to be a trusted device for transacting over the open communications network by verifying the validity of the single credential bound to the device based on the manifest and the current list; and performing a secure transaction via one of the devices using the single credential bound to the plurality of devices to which the device belongs. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
-
23. A method of associating a credential with a plurality of devices, comprising the steps of:
-
a manufacturer of the plurality of devices storing data regarding the plurality of devices; a registration authority transmitting request data to a certification authority and requesting a credential for the plurality of devices; the certification authority recording credential data to be associated with the plurality of devices and issuing a single credential that is associated with the plurality of devices; the certification authority providing the single credential to the manufacturer; and the manufacturer providing each of the plurality of devices having the single credential associated therewith to a plurality of users. - View Dependent Claims (24, 25)
-
-
26. A system for activation of services for a device over an open communications network, comprising:
-
an activation authority configured to request activation of a device, on behalf of the device; a certification authority for certifying a credential of the device for which activation is requested by the activation authority; a certification storage device for storing information regarding credentials for a plurality of devices; a registration authority configured to request certification of a device from the certification authority; a user database accessible to the registration authority and to the activation authority configured to store information regarding users associated with the plurality of devices; and a device database accessible to the activation authority for maintaining information regarding the plurality of devices. - View Dependent Claims (27)
-
-
28. A system capable of securely updating devices that allow for secure transactions over an open network, comprising:
-
a manufacturer that manufactures a plurality of devices; an activation authority configured to request activation of each of the plurality of devices; a device certification authority configured to issue a credential for the plurality of devices; a device registration authority for requesting a credential for the plurality of devices from the device certification authority; a user certification authority configured to issue a credential for users of the plurality of devices; a user registration authority for requesting a credential for the users of the plurality of devices from the user certification authority. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
-
Specification