Methods for secure restoration of personal identity credentials into electronic devices
First Claim
1. A method, comprising:
- receiving at a personal identification device a first section of a symmetric key in encrypted form, a second section of the symmetric key in encrypted form and biometric data in encrypted form from a backup storage repository separate from the personal identification device, the first section of the symmetric key being different than the second section of the symmetric key;
verifying a validity of a signature associated with the first section of the symmetric key based on a public key associated with the personal identification device; and
combining the first section of the symmetric key and the second section of the symmetric key to restore the symmetric key after the validity of the signature is verified such that the symmetric key is configured to decrypt the biometric data in encrypted form to restore the biometric data;
wherein the personal identification device is a first personal identification device, and wherein the biometric data was previously stored on a second personal identification device.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.
153 Citations
11 Claims
-
1. A method, comprising:
-
receiving at a personal identification device a first section of a symmetric key in encrypted form, a second section of the symmetric key in encrypted form and biometric data in encrypted form from a backup storage repository separate from the personal identification device, the first section of the symmetric key being different than the second section of the symmetric key; verifying a validity of a signature associated with the first section of the symmetric key based on a public key associated with the personal identification device; and combining the first section of the symmetric key and the second section of the symmetric key to restore the symmetric key after the validity of the signature is verified such that the symmetric key is configured to decrypt the biometric data in encrypted form to restore the biometric data; wherein the personal identification device is a first personal identification device, and wherein the biometric data was previously stored on a second personal identification device. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus, comprising:
-
a memory configured to store a biometric data of a user and a public key associated with a personal identification device; a processor coupled to the memory, the processor configured to verify a validity of a signature associated with a first section of a symmetric key based on the public key, the processor being configured to combine the first section of the symmetric key and a second section of the symmetric key to restore the symmetric key when the validity of the signature is verified; a biometric sensor coupled to the processor, the biometric sensor configured to receive the biometric data from the user; and a receiver coupled to the processor, the receiver configured to receive biometric data in encrypted form from a backup storage repository separate from the apparatus; wherein, the receiver is configured to receive the first section of the symmetric key in encrypted form, the second section of the symmetric key in encrypted form, the signature in encrypted form and the public key; wherein the biometric sensor is a first biometric sensor, and wherein the biometric data in encrypted form received from the backup storage repository was previously received by a second biometric sensor. - View Dependent Claims (8, 9, 10, 11)
-
Specification