Methods for secure restoration of personal identity credentials into electronic devices

US 8,055,906 B2
Filed: 08/12/2008
Issued: 11/08/2011
Est. Priority Date: 08/06/2002
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving at a personal identification device a first section of a symmetric key in encrypted form, a second section of the symmetric key in encrypted form and biometric data in encrypted form from a backup storage repository separate from the personal identification device, the first section of the symmetric key being different than the second section of the symmetric key;

verifying a validity of a signature associated with the first section of the symmetric key based on a public key associated with the personal identification device; and

combining the first section of the symmetric key and the second section of the symmetric key to restore the symmetric key after the validity of the signature is verified such that the symmetric key is configured to decrypt the biometric data in encrypted form to restore the biometric data;

wherein the personal identification device is a first personal identification device, and wherein the biometric data was previously stored on a second personal identification device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.

153 Citations

11 Claims

1. A method, comprising:
- receiving at a personal identification device a first section of a symmetric key in encrypted form, a second section of the symmetric key in encrypted form and biometric data in encrypted form from a backup storage repository separate from the personal identification device, the first section of the symmetric key being different than the second section of the symmetric key;
  
  verifying a validity of a signature associated with the first section of the symmetric key based on a public key associated with the personal identification device; and
  
  combining the first section of the symmetric key and the second section of the symmetric key to restore the symmetric key after the validity of the signature is verified such that the symmetric key is configured to decrypt the biometric data in encrypted form to restore the biometric data;
  
  wherein the personal identification device is a first personal identification device, and wherein the biometric data was previously stored on a second personal identification device.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - before the verifying, receiving at the personal identification device the signature in encrypted form and the public key.
  - 3. The method of claim 1, further comprising:
    - before the verifying, sending the signature in encrypted form to a party; and
      
      receiving the signature associated with the first section of the symmetric key and decrypted by the party based on a party private key, the party private key being associated with the party.
  - 4. The method of claim 1, further comprising:
    - before the combining, decrypting the second section of the symmetric key in encrypted form based on a user-selected identifier to produce the second section of the symmetric key.
  - 5. The method of claim 1, further comprising:
    - before the combining, sending the first section of the symmetric key in encrypted form to a party; and
      
      receiving the first section of the symmetric key decrypted by the party based on a party private key, the party private key being associated with the party.
  - 6. The method of claim 1, further comprising:
    - after the combining, decrypting the biometric data in encrypted form based on the symmetric key to produce the biometric data.

7. An apparatus, comprising:
- a memory configured to store a biometric data of a user and a public key associated with a personal identification device;
  
  a processor coupled to the memory, the processor configured to verify a validity of a signature associated with a first section of a symmetric key based on the public key, the processor being configured to combine the first section of the symmetric key and a second section of the symmetric key to restore the symmetric key when the validity of the signature is verified;
  
  a biometric sensor coupled to the processor, the biometric sensor configured to receive the biometric data from the user; and
  
  a receiver coupled to the processor, the receiver configured to receive biometric data in encrypted form from a backup storage repository separate from the apparatus;
  
  wherein, the receiver is configured to receive the first section of the symmetric key in encrypted form, the second section of the symmetric key in encrypted form, the signature in encrypted form and the public key;
  
  wherein the biometric sensor is a first biometric sensor, and wherein the biometric data in encrypted form received from the backup storage repository was previously received by a second biometric sensor.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The apparatus of claim 7, further comprising:
    - a transmitter coupled to the processor, the processor configured to send the signature in encrypted form to a party via the transmitter, the receiver configured to receive the signature associated with the first section of the symmetric key decrypted by the party based on a party private key, the party private key being associated with the party.
  - 9. The apparatus of claim 7, wherein:
    - the processor is configured to decrypt the second section of the symmetric key in encrypted form based on a user-selected identifier to produce the second section of the symmetric key.
  - 10. The apparatus of claim 7, further comprising:
    - a transmitter coupled to the processor, the processor configured to send the first section of the symmetric key in encrypted form to a party via the transmitter, the receiver configured to receive the first section of the symmetric key decrypted by the party based on a party private key, the party private key being associated with the party.
  - 11. The apparatus of claim 7, wherein:
    - the processor is configured to decrypt biometric data in decrypted form based on the symmetric key to produce the biometric data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Privaris, Inc.
Inventors
Johnson, Barry W., Abdallah, David S.
Primary Examiner(s)
Gergiso; Techane

Application Number

US12/190,064
Publication Number

US 20090037746A1
Time in Patent Office

1,183 Days
Field of Search

713/182, 713/186, 726/16, 382/115, 340/5.52
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06Q 20/40145   Biometric identity checks

G06V 40/10   Human or animal bodies, e.g...

H04L 63/06   for supporting key manageme...

H04L 63/0861   using biometrical features,...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Methods for secure restoration of personal identity credentials into electronic devices

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

153 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Methods for secure restoration of personal identity credentials into electronic devices

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

153 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links