Methods for secure enrollment and backup of personal identity credentials into electronic devices

US 8,407,480 B2
Filed: 08/15/2011
Issued: 03/26/2013
Est. Priority Date: 08/06/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

receiving at a personal identification device a public key associated with a party before biometric data associated with enrollment is received;

sending a personal identification device public key from the personal identification device to the party before biometric data associated with enrollment is received, the personal identification device public key being associated with the personal identification device;

receiving at the personal identification device a digital certificate from the party based, at least in part, on the personal identification device public key before biometric data associated with enrollment is received; and

disabling functionality within the personal identification device before biometric data associated with enrollment is received except that the personal identification device is in a wait state associated with future enrollment.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for securely enrolling personal identity credentials into personal identification devices. The system of the invention comprises the manufacturer of the device and an enrollment authority. The manufacturer is responsible for recording serial numbers or another unique identifier for each device that it produces, along with a self-generated public key for each device. The enrollment authority is recognized by the manufacturer or another suitable institution as capable of validating an individual before enrolling him into the device. The enrollment authority maintains and operates the appropriate equipment for enrollment, and provides its approval of the enrollment. The methods described herein discuss post-manufacturing, enrollment, backup, and recovery processes for the device.

164 Citations

22 Claims

1. A method, comprising:
- receiving at a personal identification device a public key associated with a party before biometric data associated with enrollment is received;
  
  sending a personal identification device public key from the personal identification device to the party before biometric data associated with enrollment is received, the personal identification device public key being associated with the personal identification device;
  
  receiving at the personal identification device a digital certificate from the party based, at least in part, on the personal identification device public key before biometric data associated with enrollment is received; and
  
  disabling functionality within the personal identification device before biometric data associated with enrollment is received except that the personal identification device is in a wait state associated with future enrollment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the sending includes sending the personal identification device public key and an identifier uniquely associated with the personal identification device from the personal identification device to the party after the receiving the public key associated with the party.
  - 3. The method of claim 1, wherein the receiving the digital certificate from the party is based on the personal identification device public key and an identifier uniquely associated with the personal identification device.
  - 4. The method of claim 1, wherein the personal identification device public key is associated with an asymmetric key pair including the personal identification device public key and a personal identification device private key.
  - 5. The method of claim 1, further comprising producing the personal identification device public key at the personal identification device.
  - 6. The method of claim 1, further comprising receiving at the personal identification device an identifier uniquely associated with the personal identification device from the party.
  - 7. The method of claim 1, wherein the digital certificate includes the public key associated with the party.
  - 8. The method of claim 1, wherein the party is a manufacturer of the personal identification device and separate from an enrollment party authorized to enable enrollment of the biometric data at the personal identification device.
  - 9. The method of claim 1, wherein the party is a first party, the personal identification device being configured to enroll the biometric data from a second party different from the first party after the receiving at the personal identification device the digital certificate.
  - 10. The method of claim 1, wherein the digital certificate includes data associated with the personal identification device.

11. A method, comprising:
- sending a public key associated with a party to a personal identification device;
  
  receiving a personal identification device public key from the personal identification device, the personal identification device public key being produced by the personal identification device;
  
  producing a digital certificate based on the personal identification device public key and an identifier, the producing being before enrollment of biometric data, the identifier being uniquely associated with the personal identification device; and
  
  sending the digital certificate to the personal identification device such that functionality of the personal identification device is disabled before enrollment of biometric data except that the personal identification device is configured to send the digital certificate to an enrollment party during future enrollment.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, wherein the producing of the digital certificate is based, at least in part, on the public key associated with the party.
  - 13. The method of claim 11, wherein the party is a first party, the receiving and the producing being performed by the first party, the method further comprising:
    - receiving at the first party a digital certificate uniquely associated with a second party different from the first party;
      
      adding a public key of the first party to the digital certificate associated with the second party; and
      
      sending the digital certificate associated with the second party from the first party to the second party.
  - 14. The method of claim 11, wherein the digital certificate includes the public key associated with the party.
  - 15. The method of claim 11, further comprising producing at the party an asymmetric key pair uniquely associated with the party.
  - 16. The method of claim 11, wherein the party is a manufacturer of the personal identification device and separate from the enrollment party authorized to enable enrollment of the biometric data at the personal identification device.
  - 17. The method of claim 11, wherein the personal identification device is configured to enroll biometric data from the enrollment party after the sending the digital certificate.
  - 18. The method of claim 11, wherein the producing the digital certificate is based on data associated with the personal identification device.

19. A method, comprising:
- sending an encryption identifier associated with a party to a personal identification device during pre-enrollment;
  
  producing a digital signature based, at least in part, on the encryption identifier, the encryption identifier and the digital signature collectively configured to enable verification of the party by the personal identification device when the encryption identifier and digital signature is received at the personal identification device; and
  
  sending the digital signature to the personal identification device during pre-enrollment such that functionality of the personal identification device is disabled before enrollment of biometric data except that the personal identification device is in a wait state associated with future enrollment.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19, wherein the party is a manufacturer of the personal identification device.
  - 21. The method of claim 19, wherein the digital signature includes data associated with the personal identification device.
  - 22. The method of claim 19, wherein:
    - the encryption identifier is a public key associated with the party; and
      
      the receiving the digital signature includes receiving a digital certificate including the digital signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Privaris, Inc.
Inventors
Abdallah, David S., Johnson, Barry W.
Primary Examiner(s)
Gergiso, Techane

Application Number

US13/210,022
Publication Number

US 20110302423A1
Time in Patent Office

589 Days
Field of Search

713/186, 380259-266, 382/115, 340/5.8
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06Q 20/40145   Biometric identity checks

G06V 40/10   Human or animal bodies, e.g...

H04L 63/06   for supporting key manageme...

H04L 63/0861   using biometrical features,...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Methods for secure enrollment and backup of personal identity credentials into electronic devices

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

164 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Methods for secure enrollment and backup of personal identity credentials into electronic devices

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

164 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links